[proxmark3-svn] / client / cmdlft55xx.c

//-----------------------------------------------------------------------------\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
// at your option, any later version. See the LICENSE.txt file for the text of\r
// the license.\r
//-----------------------------------------------------------------------------\r
// Low frequency T55xx commands\r
//-----------------------------------------------------------------------------\r
\r
#include <stdio.h>\r
#include <string.h>\r
#include <inttypes.h>\r
#include <time.h>\r
#include "proxmark3.h"\r
#include "ui.h"\r
#include "graph.h"\r
#include "cmdmain.h"\r
#include "cmdparser.h"\r
#include "cmddata.h"\r
#include "cmdlf.h"\r
#include "cmdlft55xx.h"\r
#include "util.h"\r
#include "data.h"\r
#include "lfdemod.h"\r
#include "../common/crc.h"\r
#include "../common/iso14443crc.h"\r
#include "cmdhf14a.h"\r
\r
#define T55x7_CONFIGURATION_BLOCK 0x00\r
#define T55x7_PAGE0 0x00\r
#define T55x7_PAGE1 0x01\r
#define REGULAR_READ_MODE_BLOCK 0xFF\r
\r
// Default configuration\r
t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
\r
t55xx_conf_block_t Get_t55xx_Config(){\r
	return config;\r
}\r
void Set_t55xx_Config(t55xx_conf_block_t conf){\r
	config = conf;\r
}\r
\r
int usage_t55xx_config(){\r
	PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>] [Q5]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("       h                        This help");\r
	PrintAndLog("       b <8|16|32|40|50|64|100|128>  Set bitrate");\r
	PrintAndLog("       d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa>  Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");\r
	PrintAndLog("       i [1]                         Invert data signal, defaults to normal");\r
	PrintAndLog("       o [offset]                    Set offset, where data should start decode in bitstream");\r
	PrintAndLog("       Q5                            Set as Q5(T5555) chip instead of T55x7");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx config d FSK          - FSK demodulation");\r
	PrintAndLog("      lf t55xx config d FSK i 1      - FSK demodulation, inverse data");\r
	PrintAndLog("      lf t55xx config d FSK i 1 o 3  - FSK demodulation, inverse data, offset=3,start from position 3 to decode data");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_read(){\r
	PrintAndLog("Usage:  lf t55xx read [b <block>] [p <password>] <override_safety> <page1>");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     b <block>    - block number to read. Between 0-7");\r
	PrintAndLog("     p <password> - OPTIONAL password (8 hex characters)");\r
	PrintAndLog("     o            - OPTIONAL override safety check");\r
	PrintAndLog("     1            - OPTIONAL read Page 1 instead of Page 0");\r
	PrintAndLog("     ****WARNING****");\r
	PrintAndLog("     Use of read with password on a tag not configured for a pwd");\r
	PrintAndLog("     can damage the tag");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx read b 0              - read data from block 0");\r
	PrintAndLog("      lf t55xx read b 0 p feedbeef   - read data from block 0 password feedbeef");\r
	PrintAndLog("      lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_write(){\r
	PrintAndLog("Usage:  lf t55xx wr [b <block>] [d <data>] [p <password>] [1]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     b <block>    - block number to write. Between 0-7");\r
	PrintAndLog("     d <data>     - 4 bytes of data to write (8 hex characters)");\r
	PrintAndLog("     p <password> - OPTIONAL password 4bytes (8 hex characters)");\r
	PrintAndLog("     1            - OPTIONAL write Page 1 instead of Page 0");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx wr b 3 d 11223344            - write 11223344 to block 3");\r
	PrintAndLog("      lf t55xx wr b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_trace() {\r
	PrintAndLog("Usage:  lf t55xx trace [1]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     [graph buffer data]  - if set, use Graphbuffer otherwise read data from tag.");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx trace");\r
	PrintAndLog("      lf t55xx trace 1");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_info() {\r
	PrintAndLog("Usage:  lf t55xx info [1]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     [graph buffer data]  - if set, use Graphbuffer otherwise read data from tag.");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx info");\r
	PrintAndLog("      lf t55xx info 1");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_dump(){\r
	PrintAndLog("Usage:  lf t55xx dump <password> [o]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     <password>  - OPTIONAL password 4bytes (8 hex symbols)");\r
	PrintAndLog("     o           - OPTIONAL override, force pwd read despite danger to card");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx dump");\r
	PrintAndLog("      lf t55xx dump feedbeef o");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_detect(){\r
	PrintAndLog("Usage:  lf t55xx detect [1] [p <password>]");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     1             - if set, use Graphbuffer otherwise read data from tag.");\r
	PrintAndLog("     p <password>  - OPTIONAL password (8 hex characters)");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
	PrintAndLog("      lf t55xx detect");\r
	PrintAndLog("      lf t55xx detect 1");\r
	PrintAndLog("      lf t55xx detect p 11223344");\r
	PrintAndLog("");\r
	return 0;\r
}\r
int usage_t55xx_wakup(){\r
	PrintAndLog("Usage:  lf t55xx wakeup [h] p <password>");\r
	PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards.");\r
	PrintAndLog("Options:");\r
	PrintAndLog("     h             - this help");\r
	PrintAndLog("     p <password>  - password 4bytes (8 hex symbols)");\r
	PrintAndLog("");\r
	PrintAndLog("Examples:");\r
		PrintAndLog("      lf t55xx wakeup p 11223344  - send wakeup password");\r
	return 0;\r
}\r
\r
static int CmdHelp(const char *Cmd);\r
\r
void printT5xxHeader(uint8_t page){\r
	PrintAndLog("Reading Page %d:", page);	\r
	PrintAndLog("blk | hex data | binary");\r
	PrintAndLog("----+----------+---------------------------------");	\r
}\r
\r
int CmdT55xxSetConfig(const char *Cmd) {\r
\r
	uint8_t offset = 0;\r
	char modulation[5] = {0x00};\r
	char tmp = 0x00;\r
	uint8_t bitRate = 0;\r
	uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};\r
	uint8_t cmdp = 0;\r
	config.Q5 = FALSE;\r
	bool errors = FALSE;\r
	while(param_getchar(Cmd, cmdp) != 0x00 && !errors)\r
	{\r
		tmp = param_getchar(Cmd, cmdp);\r
		switch(tmp)\r
		{\r
		case 'h':\r
		case 'H':\r
			return usage_t55xx_config();\r
		case 'b':\r
			errors |= param_getdec(Cmd, cmdp+1, &bitRate);\r
			if ( !errors){\r
				uint8_t i = 0;\r
				for (; i < 9; i++){\r
					if (rates[i]==bitRate) {\r
						config.bitrate = i;\r
						break;\r
					}\r
				}\r
				if (i==9) errors = TRUE;\r
			}\r
			cmdp+=2;\r
			break;\r
		case 'd':\r
			param_getstr(Cmd, cmdp+1, modulation);\r
			cmdp += 2;\r
\r
			if ( strcmp(modulation, "FSK" ) == 0) {\r
				config.modulation = DEMOD_FSK;\r
			} else if ( strcmp(modulation, "FSK1" ) == 0) {\r
				config.modulation = DEMOD_FSK1;\r
				config.inverted=1;\r
			} else if ( strcmp(modulation, "FSK1a" ) == 0) {\r
				config.modulation = DEMOD_FSK1a;\r
				config.inverted=0;\r
			} else if ( strcmp(modulation, "FSK2" ) == 0) {\r
				config.modulation = DEMOD_FSK2;\r
				config.inverted=0;\r
			} else if ( strcmp(modulation, "FSK2a" ) == 0) {\r
				config.modulation = DEMOD_FSK2a;\r
				config.inverted=1;\r
			} else if ( strcmp(modulation, "ASK" ) == 0) {\r
				config.modulation = DEMOD_ASK;\r
			} else if ( strcmp(modulation, "NRZ" ) == 0) {\r
				config.modulation = DEMOD_NRZ;\r
			} else if ( strcmp(modulation, "PSK1" ) == 0) {\r
				config.modulation = DEMOD_PSK1;\r
			} else if ( strcmp(modulation, "PSK2" ) == 0) {\r
				config.modulation = DEMOD_PSK2;\r
			} else if ( strcmp(modulation, "PSK3" ) == 0) {\r
				config.modulation = DEMOD_PSK3;\r
			} else if ( strcmp(modulation, "BIa" ) == 0) {\r
				config.modulation = DEMOD_BIa;\r
				config.inverted=1;\r
			} else if ( strcmp(modulation, "BI" ) == 0) {\r
				config.modulation = DEMOD_BI;\r
				config.inverted=0;\r
			} else {\r
				PrintAndLog("Unknown modulation '%s'", modulation);\r
				errors = TRUE;\r
			}\r
			break;\r
		case 'i':\r
			config.inverted = param_getchar(Cmd,cmdp+1) == '1';\r
			cmdp+=2;\r
			break;\r
		case 'o':\r
			errors |= param_getdec(Cmd, cmdp+1, &offset);\r
			if ( !errors )\r
				config.offset = offset;\r
			cmdp+=2;\r
			break;\r
		case 'Q':\r
		case 'q':		\r
			config.Q5 = TRUE;\r
			cmdp++;\r
			break;\r
		default:\r
			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
			errors = TRUE;\r
			break;\r
		}\r
	}\r
\r
	// No args\r
	if (cmdp == 0) return printConfiguration( config );\r
\r
	//Validations\r
	if (errors) return usage_t55xx_config();\r
\r
	config.block0 = 0;\r
	return printConfiguration ( config );\r
}\r
\r
int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){\r
	//Password mode\r
	if ( usepwd ) {\r
		// try reading the config block and verify that PWD bit is set before doing this!\r
		if ( !override ) {\r
			if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0 ) ) return 0;\r
			if ( !tryDetectModulation() ) {\r
				PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
				return 0;\r
			} else {\r
				PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");	\r
				usepwd = false;\r
				page1 = false;\r
			}\r
		} else {\r
			PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
		}\r
	}\r
\r
	if (!AquireData(page1, block, usepwd, password) )	return 0;\r
	if (!DecodeT55xxBlock()) return 0;\r
\r
	char blk[10]={0};\r
	sprintf(blk,"%d", block);\r
	printT55xxBlock(blk);	\r
	return 1;\r
}\r
\r
int CmdT55xxReadBlock(const char *Cmd) {\r
	uint8_t block = REGULAR_READ_MODE_BLOCK;\r
	uint32_t password = 0; //default to blank Block 7\r
	bool usepwd = false;\r
	bool override = false;\r
	bool page1 = false;\r
	bool errors = false;\r
	uint8_t cmdp = 0;\r
	while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
		switch(param_getchar(Cmd, cmdp)) {\r
		case 'h':\r
		case 'H':\r
			return usage_t55xx_read();\r
		case 'b':\r
		case 'B':\r
			errors |= param_getdec(Cmd, cmdp+1, &block);\r
			cmdp += 2;\r
			break;\r
		case 'o':\r
		case 'O':\r
			override = true;\r
			cmdp++;\r
			break;\r
		case 'p':\r
		case 'P':\r
			password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
			usepwd = true;\r
			cmdp += 2;\r
			break;\r
		case '1':\r
			page1 = true;\r
			cmdp++;\r
			break;\r
		default:\r
			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
			errors = true;\r
			break;\r
		}\r
	}\r
	if (errors) return usage_t55xx_read();\r
\r
	if (block > 7 && block != REGULAR_READ_MODE_BLOCK	) {\r
		PrintAndLog("Block must be between 0 and 7");\r
		return 0;\r
	}\r
\r
	printT5xxHeader(page1);\r
	return T55xxReadBlock(block, page1, usepwd, override, password);\r
}\r
\r
bool DecodeT55xxBlock(){\r
	\r
	char buf[30] = {0x00};\r
	char *cmdStr = buf;\r
	int ans = 0;\r
	uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};\r
	DemodBufferLen = 0x00;\r
\r
	switch( config.modulation ){\r
		case DEMOD_FSK:\r
			snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );\r
			ans = FSKrawDemod(cmdStr, FALSE);\r
			break;\r
		case DEMOD_FSK1:\r
		case DEMOD_FSK1a:\r
			snprintf(cmdStr, sizeof(buf),"%d %d 8 5", bitRate[config.bitrate], config.inverted );\r
			ans = FSKrawDemod(cmdStr, FALSE);\r
			break;\r
		case DEMOD_FSK2:\r
		case DEMOD_FSK2a:\r
			snprintf(cmdStr, sizeof(buf),"%d %d 10 8", bitRate[config.bitrate], config.inverted );\r
			ans = FSKrawDemod(cmdStr, FALSE);\r
			break;\r
		case DEMOD_ASK:\r
			snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
			ans = ASKDemod(cmdStr, FALSE, FALSE, 1);\r
			break;\r
		case DEMOD_PSK1:\r
			// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
			CmdLtrim("160");\r
			snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );\r
			ans = PSKDemod(cmdStr, FALSE);\r
			break;\r
		case DEMOD_PSK2: //inverted won't affect this\r
		case DEMOD_PSK3: //not fully implemented\r
			// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
			CmdLtrim("160");\r
			snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );\r
			ans = PSKDemod(cmdStr, FALSE);\r
			psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
			break;\r
		case DEMOD_NRZ:\r
			snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
			ans = NRZrawDemod(cmdStr, FALSE);\r
			break;\r
		case DEMOD_BI:\r
		case DEMOD_BIa:\r
			snprintf(cmdStr, sizeof(buf),"0 %d %d 1", bitRate[config.bitrate], config.inverted );\r
			ans = ASKbiphaseDemod(cmdStr, FALSE);\r
			break;\r
		default:\r
			return FALSE;\r
	}\r
	return (bool) ans;\r
}\r
\r
int CmdT55xxDetect(const char *Cmd){\r
	bool errors = FALSE;\r
	bool useGB = FALSE;\r
	bool usepwd = FALSE;\r
	uint32_t password = 0;\r
	uint8_t cmdp = 0;\r
\r
	while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
		switch(param_getchar(Cmd, cmdp)) {\r
		case 'h':\r
		case 'H':\r
			return usage_t55xx_detect();\r
		case 'p':\r
		case 'P':\r
			password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
			usepwd = TRUE;\r
			cmdp += 2;\r
			break;\r
		case '1':\r
			// use Graphbuffer data\r
			useGB = TRUE;\r
			cmdp++;\r
			break;\r
		default:\r
			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
			errors = true;\r
			break;\r
		}\r
	}\r
	if (errors) return usage_t55xx_detect();\r
	\r
	if ( !useGB) {\r
		if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password) )\r
			return 0;\r
	}\r
	\r
	if ( !tryDetectModulation() )\r
		PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");\r
\r
	return 1;\r
}\r
\r
// detect configuration?\r
bool tryDetectModulation(){\r
	uint8_t hits = 0;\r
	t55xx_conf_block_t tests[15];\r
	int bitRate=0;\r
	uint8_t fc1 = 0, fc2 = 0, clk=0;\r
	save_restoreGB(1);\r
\r
	if (GetFskClock("", FALSE, FALSE)){ \r
		fskClocks(&fc1, &fc2, &clk, FALSE);\r
		if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
			tests[hits].modulation = DEMOD_FSK;\r
			if (fc1==8 && fc2 == 5)\r
				tests[hits].modulation = DEMOD_FSK1a;\r
 			else if (fc1==10 && fc2 == 8)\r
				tests[hits].modulation = DEMOD_FSK2;\r
			tests[hits].bitrate = bitRate;\r
			tests[hits].inverted = FALSE;\r
			tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
			++hits;\r
		}\r
		if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
			tests[hits].modulation = DEMOD_FSK;\r
			if (fc1 == 8 && fc2 == 5)\r
				tests[hits].modulation = DEMOD_FSK1;\r
			else if (fc1 == 10 && fc2 == 8)\r
				tests[hits].modulation = DEMOD_FSK2a;\r
\r
			tests[hits].bitrate = bitRate;\r
			tests[hits].inverted = TRUE;\r
			tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
			++hits;\r
		}\r
	} else {\r
		clk = GetAskClock("", FALSE, FALSE);\r
		if (clk>0) {\r
			if ( ASKDemod("0 0 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_ASK;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = FALSE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
			if ( ASKDemod("0 1 1", FALSE, FALSE, 1)  && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_ASK;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = TRUE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
			if ( ASKbiphaseDemod("0 0 0 2", FALSE) && test(DEMOD_BI, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {\r
				tests[hits].modulation = DEMOD_BI;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = FALSE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
			if ( ASKbiphaseDemod("0 0 1 2", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {\r
				tests[hits].modulation = DEMOD_BIa;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = TRUE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
		}\r
		//undo trim from ask\r
		save_restoreGB(0);\r
		clk = GetNrzClock("", FALSE, FALSE);\r
		if (clk>0) {\r
			if ( NRZrawDemod("0 0 1", FALSE)  && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_NRZ;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = FALSE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
\r
			if ( NRZrawDemod("0 1 1", FALSE)  && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_NRZ;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = TRUE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
		}\r
		\r
		//undo trim from nrz\r
		save_restoreGB(0);\r
		// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
		CmdLtrim("160");\r
		clk = GetPskClock("", FALSE, FALSE);\r
		if (clk>0) {\r
			if ( PSKDemod("0 0 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_PSK1;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = FALSE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
			if ( PSKDemod("0 1 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
				tests[hits].modulation = DEMOD_PSK1;\r
				tests[hits].bitrate = bitRate;\r
				tests[hits].inverted = TRUE;\r
				tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
				++hits;\r
			}\r
			// PSK2 - needs a call to psk1TOpsk2.\r
			if ( PSKDemod("0 0 6", FALSE)) {\r
				psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
				if (test(DEMOD_PSK2, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
					tests[hits].modulation = DEMOD_PSK2;\r
					tests[hits].bitrate = bitRate;\r
					tests[hits].inverted = FALSE;\r
					tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
					++hits;\r
				}\r
			} // inverse waves does not affect this demod\r
			// PSK3 - needs a call to psk1TOpsk2.\r
			if ( PSKDemod("0 0 6", FALSE)) {\r
				psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
				if (test(DEMOD_PSK3, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
					tests[hits].modulation = DEMOD_PSK3;\r
					tests[hits].bitrate = bitRate;\r
					tests[hits].inverted = FALSE;\r
					tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
					++hits;\r
				}\r
			} // inverse waves does not affect this demod\r
		}\r
	}	\r
	save_restoreGB(0);	\r
	if ( hits == 1) {\r
		config.modulation = tests[0].modulation;\r
		config.bitrate = tests[0].bitrate;\r
		config.inverted = tests[0].inverted;\r
		config.offset = tests[0].offset;\r
		config.block0 = tests[0].block0;\r
		printConfiguration( config );\r
		return TRUE;\r
	}\r
	\r
	if ( hits > 1) {\r
		PrintAndLog("Found [%d] possible matches for modulation.",hits);\r
		for(int i=0; i<hits; ++i){\r
			PrintAndLog("--[%d]---------------", i+1);\r
			printConfiguration( tests[i] );\r
		}\r
	}\r
	return FALSE;\r
}\r
\r
bool testModulation(uint8_t mode, uint8_t modread){\r
	switch( mode ){\r
		case DEMOD_FSK:\r
			if (modread >= DEMOD_FSK1 && modread <= DEMOD_FSK2a) return TRUE;\r
			break;\r
		case DEMOD_ASK:\r
			if (modread == DEMOD_ASK) return TRUE;\r
			break;\r
		case DEMOD_PSK1:\r
			if (modread == DEMOD_PSK1) return TRUE;\r
			break;\r
		case DEMOD_PSK2:\r
			if (modread == DEMOD_PSK2) return TRUE;\r
			break;\r
		case DEMOD_PSK3:\r
			if (modread == DEMOD_PSK3) return TRUE;\r
			break;\r
		case DEMOD_NRZ:\r
			if (modread == DEMOD_NRZ) return TRUE;\r
			break;\r
		case DEMOD_BI:\r
			if (modread == DEMOD_BI) return TRUE;\r
			break;\r
		case DEMOD_BIa:\r
			if (modread == DEMOD_BIa) return TRUE;\r
			break;		\r
		default:\r
			return FALSE;\r
	}\r
	return FALSE;\r
}\r
\r
bool testQ5Modulation(uint8_t	mode, uint8_t	modread){\r
	switch( mode ){\r
		case DEMOD_FSK:\r
			if (modread >= 4 && modread <= 5) return TRUE;\r
			break;\r
		case DEMOD_ASK:\r
			if (modread == 0) return TRUE;\r
			break;\r
		case DEMOD_PSK1:\r
			if (modread == 1) return TRUE;\r
			break;\r
		case DEMOD_PSK2:\r
			if (modread == 2) return TRUE;\r
			break;\r
		case DEMOD_PSK3:\r
			if (modread == 3) return TRUE;\r
			break;\r
		case DEMOD_NRZ:\r
			if (modread == 7) return TRUE;\r
			break;\r
		case DEMOD_BI:\r
			if (modread == 6) return TRUE;\r
			break;\r
		default:\r
			return FALSE;\r
	}\r
	return FALSE;\r
}\r
\r
bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t	clk){\r
\r
	if ( DemodBufferLen < 64 ) return FALSE;\r
	uint8_t si = 0;\r
	for (uint8_t idx = 28; idx < 64; idx++){\r
		si = idx;\r
		if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;\r
\r
		uint8_t safer     = PackBits(si, 4, DemodBuffer); si += 4;     //master key\r
		uint8_t resv      = PackBits(si, 8, DemodBuffer); si += 8;\r
		// 2nibble must be zeroed.\r
		if (safer != 0x6) continue;\r
		if ( resv > 0x00) continue;\r
		//uint8_t	pageSel   = PackBits(si, 1, DemodBuffer); si += 1;\r
		//uint8_t fastWrite = PackBits(si, 1, DemodBuffer); si += 1;\r
		si += 1+1;\r
		int bitRate       = PackBits(si, 5, DemodBuffer)*2 + 2; si += 5;     //bit rate\r
		if (bitRate > 128 || bitRate < 8) continue;\r
\r
		//uint8_t AOR       = PackBits(si, 1, DemodBuffer); si += 1;   \r
		//uint8_t PWD       = PackBits(si, 1, DemodBuffer); si += 1; \r
		//uint8_t pskcr     = PackBits(si, 2, DemodBuffer); si += 2;  //could check psk cr\r
		//uint8_t inverse   = PackBits(si, 1, DemodBuffer); si += 1;\r
		si += 1+1+2+1;\r
		uint8_t modread   = PackBits(si, 3, DemodBuffer); si += 3;\r
		uint8_t maxBlk    = PackBits(si, 3, DemodBuffer); si += 3;\r
		//uint8_t ST        = PackBits(si, 1, DemodBuffer); si += 1;\r
		if (maxBlk == 0) continue;\r
		//test modulation\r
		if (!testQ5Modulation(mode, modread)) continue;\r
		if (bitRate != clk) continue;\r
		*fndBitRate = bitRate;\r
		*offset = idx;\r
\r
		return TRUE;\r
	}\r
	return FALSE;\r
}\r
\r
bool testBitRate(uint8_t readRate, uint8_t clk){\r
	uint8_t expected[] = {8, 16, 32, 40, 50, 64, 100, 128};\r
	if (expected[readRate] == clk)\r
		return true;\r
\r
	return false;\r
}\r
\r
bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5){\r
\r
	if ( DemodBufferLen < 64 ) return FALSE;\r
	uint8_t si = 0;\r
	for (uint8_t idx = 28; idx < 64; idx++){\r
		si = idx;\r
		if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;\r
\r
		uint8_t safer    = PackBits(si, 4, DemodBuffer); si += 4;     //master key\r
		uint8_t resv     = PackBits(si, 4, DemodBuffer); si += 4;     //was 7 & +=7+3 //should be only 4 bits if extended mode\r
		// 2nibble must be zeroed.\r
		// moved test to here, since this gets most faults first.\r
		if ( resv > 0x00) continue;\r
\r
		uint8_t xtRate   = PackBits(si, 3, DemodBuffer); si += 3;     //extended mode part of rate\r
		int bitRate      = PackBits(si, 3, DemodBuffer); si += 3;     //bit rate\r
		if (bitRate > 7) continue;\r
		uint8_t extend   = PackBits(si, 1, DemodBuffer); si += 1;     //bit 15 extended mode\r
		uint8_t modread  = PackBits(si, 5, DemodBuffer); si += 5+2+1; \r
		//uint8_t pskcr   = PackBits(si, 2, DemodBuffer); si += 2+1;  //could check psk cr\r
		uint8_t nml01    = PackBits(si, 1, DemodBuffer); si += 1+5;   //bit 24, 30, 31 could be tested for 0 if not extended mode\r
		uint8_t nml02    = PackBits(si, 2, DemodBuffer); si += 2;\r
		\r
		//if extended mode\r
		bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;\r
\r
		if (!extMode){\r
			if (nml01 || nml02 || xtRate) continue;\r
		}\r
		//test modulation\r
		if (!testModulation(mode, modread)) continue;\r
		if (!testBitRate(bitRate, clk)) continue;\r
		*fndBitRate = bitRate;\r
		*offset = idx;\r
		*Q5 = FALSE;\r
		return TRUE;\r
	}\r
	if (testQ5(mode, offset, fndBitRate, clk)) {\r
		*Q5 = TRUE;\r
		return TRUE;\r
	}\r
	return FALSE;\r
}\r
\r
void printT55xxBlock(const char *blockNum){\r
	\r
	uint8_t i = config.offset;\r
	uint8_t endpos = 32 + i;\r
	uint32_t blockData = 0;\r
	uint8_t bits[64] = {0x00};\r
\r
	if ( !DemodBufferLen) return;\r
\r
	if ( endpos > DemodBufferLen){\r
		PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);\r
		return;\r
	}\r
\r
	for (; i < endpos; ++i)\r
		bits[i - config.offset]=DemodBuffer[i];\r
\r
	blockData = PackBits(0, 32, bits);\r
\r
	PrintAndLog("  %s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));\r
}\r
\r
int special(const char *Cmd) {\r
	uint32_t blockData = 0;\r
	uint8_t bits[32] = {0x00};\r
\r
	PrintAndLog("OFFSET | DATA       | BINARY");\r
	PrintAndLog("----------------------------------------------------");\r
	int i,j = 0;\r
	for (; j < 64; ++j){\r
		\r
		for (i = 0; i < 32; ++i)\r
			bits[i]=DemodBuffer[j+i];\r
	\r
		blockData = PackBits(0, 32, bits);\r
		\r
		PrintAndLog("    %02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32));	\r
	}\r
	return 0;\r
}\r
\r
int printConfiguration( t55xx_conf_block_t b){\r
	PrintAndLog("Chip Type  : %s", (b.Q5) ? "T5555(Q5)" : "T55x7");\r
	PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );\r
	PrintAndLog("Bit Rate   : %s", GetBitRateStr(b.bitrate) );\r
	PrintAndLog("Inverted   : %s", (b.inverted) ? "Yes" : "No" );\r
	PrintAndLog("Offset     : %d", b.offset);\r
	PrintAndLog("Block0     : 0x%08X", b.block0);\r
	PrintAndLog("");\r
	return 0;\r
}\r
\r
int CmdT55xxWakeUp(const char *Cmd) {\r
	uint32_t password = 0;\r
	uint8_t cmdp = 0;\r
	bool errors = true;\r
	while(param_getchar(Cmd, cmdp) != 0x00) {\r
		switch(param_getchar(Cmd, cmdp)) {\r
		case 'h':\r
		case 'H':\r
			return usage_t55xx_wakup();\r
		case 'p':\r
		case 'P':\r
			password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);\r
			cmdp += 2;\r
			errors = false;\r
			break;\r
		default:\r
			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
			errors = true;\r
			break;\r
		}\r
	}\r
	if (errors) return usage_t55xx_wakup();\r
\r
	UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
	clearCommandBuffer();\r
	SendCommand(&c);\r
	PrintAndLog("Wake up command sent. Try read now");\r
	return 0;\r
}\r
\r
int CmdT55xxWriteBlock(const char *Cmd) {\r
	uint8_t block = 0xFF; //default to invalid block\r
	uint32_t data = 0; //default to blank Block \r
	uint32_t password = 0; //default to blank Block 7\r
	bool usepwd = false;\r
	bool page1 = false;	\r
	bool gotdata = false;\r
	bool errors = false;\r
	uint8_t cmdp = 0;\r
	while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
		switch(param_getchar(Cmd, cmdp)) {\r
		case 'h':\r
		case 'H':\r
			return usage_t55xx_write();\r
		case 'b':\r
		case 'B':\r
			errors |= param_getdec(Cmd, cmdp+1, &block);\r
			cmdp += 2;\r
			break;\r
		case 'd':\r
		case 'D':\r
			data = param_get32ex(Cmd, cmdp+1, 0, 16);\r
			gotdata	= true;\r
			cmdp += 2;\r
			break;\r
		case 'p':\r
		case 'P':\r
			password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
			usepwd = true;\r
			cmdp += 2;\r
			break;\r
		case '1':\r
			page1 = true;\r
			cmdp++;\r
			break;\r
		default:\r
			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
			errors = true;\r
			break;\r
		}\r
	}\r
	if (errors || !gotdata) return usage_t55xx_write();\r
\r
	if (block > 7) {\r
		PrintAndLog("Block number must be between 0 and 7");\r
		return 0;\r
	}\r
	\r
	UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};\r
	UsbCommand resp;\r
 	c.d.asBytes[0] = (page1) ? 0x2 : 0; \r
\r
	char pwdStr[16] = {0};\r
	snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password);\r
\r
	PrintAndLog("Writing page %d  block: %02d  data: 0x%08X %s", page1, block, data,  (usepwd) ? pwdStr : "" );\r
\r
	//Password mode\r
	if (usepwd) {\r
		c.arg[2] = password;\r
		c.d.asBytes[0] |= 0x1; \r
	}\r
	clearCommandBuffer();\r
	SendCommand(&c);\r
	if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
		PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
		return 0;\r
	}\r
	return 1;\r
}\r
\r
int CmdT55xxReadTrace(const char *Cmd) {\r
	char cmdp = param_getchar(Cmd, 0);\r
	bool pwdmode = false;\r
	uint32_t password = 0;\r
	if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') \r
		return usage_t55xx_trace();\r
\r
	if (strlen(Cmd)==0)\r
		if ( !AquireData( T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )\r
			return 0;\r
	\r
	if (!DecodeT55xxBlock()) return 0;\r
\r
	if ( !DemodBufferLen) return 0;\r
\r
	RepaintGraphWindow();\r
	uint8_t repeat = 0;\r
	if (config.offset > 5) \r
		repeat = 32;\r
	uint8_t si = config.offset+repeat;\r
	uint32_t bl1     = PackBits(si, 32, DemodBuffer);\r
	uint32_t bl2     = PackBits(si+32, 32, DemodBuffer);\r
	\r
	uint32_t acl     = PackBits(si, 8,  DemodBuffer); si += 8;\r
	uint32_t mfc     = PackBits(si, 8,  DemodBuffer); si += 8;\r
	uint32_t cid     = PackBits(si, 5,  DemodBuffer); si += 5;\r
	uint32_t icr     = PackBits(si, 3,  DemodBuffer); si += 3;\r
	uint32_t year    = PackBits(si, 4,  DemodBuffer); si += 4;\r
	uint32_t quarter = PackBits(si, 2,  DemodBuffer); si += 2;\r
	uint32_t lotid   = PackBits(si, 14, DemodBuffer); si += 14;\r
	uint32_t wafer   = PackBits(si, 5,  DemodBuffer); si += 5;\r
	uint32_t dw      = PackBits(si, 15, DemodBuffer); \r
	\r
	time_t t = time(NULL);\r
	struct tm tm = *localtime(&t);\r
	if ( year > tm.tm_year-110)\r
		year += 2000;\r
	else\r
		year += 2010;\r
\r
	if (config.Q5) PrintAndLog("*** Warning *** Info read off a Q5 will not work as expected");\r
	if ( acl != 0xE0 ) {\r
		PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");\r
		return 0;\r
	}\r
	PrintAndLog("");\r
	PrintAndLog("-- T55xx Trace Information ----------------------------------");\r
	PrintAndLog("-------------------------------------------------------------");\r
	PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1)  : 0x%02X (%d)", acl, acl);\r
	PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6)    : 0x%02X (%d) - %s", mfc, mfc, getTagInfo(mfc));\r
	PrintAndLog(" CID                                     : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid));\r
	PrintAndLog(" ICR IC Revision                         : %d",icr );\r
	PrintAndLog(" Manufactured");\r
	PrintAndLog("     Year/Quarter : %d/%d",year, quarter);\r
	PrintAndLog("     Lot ID       : %d", lotid );\r
	PrintAndLog("     Wafer number : %d", wafer);\r
	PrintAndLog("     Die Number   : %d", dw);\r
	PrintAndLog("-------------------------------------------------------------");\r
	PrintAndLog(" Raw Data - Page 1");\r
	PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat,32) );\r
	PrintAndLog("     Block 2  : 0x%08X  %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );\r
	PrintAndLog("-------------------------------------------------------------");\r
\r
	/*\r
	TRACE - BLOCK O\r
		Bits	Definition								HEX\r
		1-8		ACL Allocation class (ISO/IEC 15963-1)	0xE0 \r
		9-16	MFC Manufacturer ID (ISO/IEC 7816-6)	0x15 Atmel Corporation\r
		17-21	CID										0x1 = Atmel ATA5577M1  0x2 = Atmel ATA5577M2 \r
		22-24	ICR IC revision\r
		25-28	YEAR (BCD encoded) 						9 (= 2009)\r
		29-30	QUARTER									1,2,3,4 \r
		31-32	LOT ID\r
	\r
	TRACE - BLOCK 1\r
		1-12	LOT ID  \r
		13-17	Wafer number\r
		18-32	DW,  die number sequential\r
	*/\r
	\r
  return 0;\r
}\r
\r
int CmdT55xxInfo(const char *Cmd){\r
	/*\r
		Page 0 Block 0 Configuration data.\r
		Normal mode\r
		Extended mode\r
	*/\r
	bool pwdmode = false;\r
	uint32_t password = 0;\r
	char cmdp = param_getchar(Cmd, 0);\r
\r
	if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')\r
		return usage_t55xx_info();\r
	\r
	if (strlen(Cmd)==0)\r
		if ( !AquireData( T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password ) )\r
			return 1;\r
\r
	if (!DecodeT55xxBlock()) return 1;\r
\r
	if ( DemodBufferLen < 32) return 1;\r
\r
	uint8_t si = config.offset;\r
	uint32_t bl0      = PackBits(si, 32, DemodBuffer);\r
	\r
	uint32_t safer    = PackBits(si, 4, DemodBuffer); si += 4;	\r
	uint32_t resv     = PackBits(si, 7, DemodBuffer); si += 7;\r
	uint32_t dbr      = PackBits(si, 3, DemodBuffer); si += 3;\r
	uint32_t extend   = PackBits(si, 1, DemodBuffer); si += 1;\r
	uint32_t datamod  = PackBits(si, 5, DemodBuffer); si += 5;\r
	uint32_t pskcf    = PackBits(si, 2, DemodBuffer); si += 2;\r
	uint32_t aor      = PackBits(si, 1, DemodBuffer); si += 1;	\r
	uint32_t otp      = PackBits(si, 1, DemodBuffer); si += 1;	\r
	uint32_t maxblk   = PackBits(si, 3, DemodBuffer); si += 3;\r
	uint32_t pwd      = PackBits(si, 1, DemodBuffer); si += 1;	\r
	uint32_t sst      = PackBits(si, 1, DemodBuffer); si += 1;	\r
	uint32_t fw       = PackBits(si, 1, DemodBuffer); si += 1;\r
	uint32_t inv      = PackBits(si, 1, DemodBuffer); si += 1;	\r
	uint32_t por      = PackBits(si, 1, DemodBuffer); si += 1;\r
	if (config.Q5) PrintAndLog("*** Warning *** Config Info read off a Q5 will not display as expected");\r
	PrintAndLog("");\r
	PrintAndLog("-- T55xx Configuration & Tag Information --------------------");\r
	PrintAndLog("-------------------------------------------------------------");\r
	PrintAndLog(" Safer key                 : %s", GetSaferStr(safer));\r
	PrintAndLog(" reserved                  : %d", resv);\r
	PrintAndLog(" Data bit rate             : %s", GetBitRateStr(dbr));\r
	PrintAndLog(" eXtended mode             : %s", (extend) ? "Yes - Warning":"No");\r
	PrintAndLog(" Modulation                : %s", GetModulationStr(datamod));\r
	PrintAndLog(" PSK clock frequency       : %d", pskcf);\r
	PrintAndLog(" AOR - Answer on Request   : %s", (aor) ? "Yes":"No");\r
	PrintAndLog(" OTP - One Time Pad        : %s", (otp) ? "Yes - Warning":"No" );\r
	PrintAndLog(" Max block                 : %d", maxblk);\r
	PrintAndLog(" Password mode             : %s", (pwd) ? "Yes":"No");\r
	PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");\r
	PrintAndLog(" Fast Write                : %s", (fw)  ? "Yes":"No");\r
	PrintAndLog(" Inverse data              : %s", (inv) ? "Yes":"No");\r
	PrintAndLog(" POR-Delay                 : %s", (por) ? "Yes":"No");\r
	PrintAndLog("-------------------------------------------------------------");\r
	PrintAndLog(" Raw Data - Page 0");\r
	PrintAndLog("     Block 0  : 0x%08X  %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );\r
	PrintAndLog("-------------------------------------------------------------");\r
	\r
	return 0;\r
}\r
\r
int CmdT55xxDump(const char *Cmd){\r
\r
	uint32_t password = 0;\r
	char cmdp = param_getchar(Cmd, 0);\r
	bool override = false;\r
	if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();\r
\r
	bool usepwd = ( strlen(Cmd) > 0);	\r
	if ( usepwd ){\r
		password = param_get32ex(Cmd, 0, 0, 16);\r
		if (param_getchar(Cmd, 1) =='o' )\r
			override = true;\r
	}\r
	\r
	printT5xxHeader(0);\r
	for ( uint8_t i = 0; i <8; ++i)\r
		T55xxReadBlock(i, 0, usepwd, override, password);\r
\r
	printT5xxHeader(1);\r
	for ( uint8_t	i = 0; i<4; i++)\r
		T55xxReadBlock(i, 1, usepwd, override, password);		\r
\r
	return 1;\r
}\r
\r
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){\r
	// arg0 bitmodes:\r
	// bit0 = pwdmode\r
	// bit1 = page to read from\r
	uint8_t arg0 = (page<<1) | pwdmode;\r
	UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};\r
\r
	clearCommandBuffer();\r
	SendCommand(&c);\r
	if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
		PrintAndLog("command execution time out");\r
		return 0;\r
	}\r
\r
	uint8_t got[12000];\r
	GetFromBigBuf(got,sizeof(got),0);\r
	WaitForResponse(CMD_ACK,NULL);\r
	setGraphBuf(got, sizeof(got));\r
	return 1;\r
}\r
\r
char * GetBitRateStr(uint32_t id){\r
 	static char buf[25];\r
\r
	char *retStr = buf;\r
		switch (id){\r
		case 0: \r
			snprintf(retStr,sizeof(buf),"%d - RF/8",id);\r
			break;\r
		case 1:\r
			snprintf(retStr,sizeof(buf),"%d - RF/16",id);\r
			break;\r
		case 2:		\r
			snprintf(retStr,sizeof(buf),"%d - RF/32",id);\r
			break;\r
		case 3:\r
			snprintf(retStr,sizeof(buf),"%d - RF/40",id);\r
			break;\r
		case 4:\r
			snprintf(retStr,sizeof(buf),"%d - RF/50",id);\r
			break;\r
		case 5:\r
			snprintf(retStr,sizeof(buf),"%d - RF/64",id);\r
			break;\r
		case 6:\r
			snprintf(retStr,sizeof(buf),"%d - RF/100",id);\r
			break;\r
		case 7:\r
			snprintf(retStr,sizeof(buf),"%d - RF/128",id);\r
			break;\r
		default:\r
			snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);\r
			break;\r
		}\r
\r
	return buf;\r
}\r
\r
char * GetSaferStr(uint32_t id){\r
	static char buf[40];\r
	char *retStr = buf;\r
	\r
	snprintf(retStr,sizeof(buf),"%d",id);\r
	if (id == 6) {\r
		snprintf(retStr,sizeof(buf),"%d - passwd",id);\r
	}\r
	if (id == 9 ){\r
		snprintf(retStr,sizeof(buf),"%d - testmode",id);\r
	}\r
	\r
	return buf;\r
}\r
\r
char * GetModulationStr( uint32_t id){\r
	static char buf[60];\r
	char *retStr = buf;\r
	\r
	switch (id){\r
		case 0: \r
			snprintf(retStr,sizeof(buf),"%d - DIRECT (ASK/NRZ)",id);\r
			break;\r
		case 1:\r
			snprintf(retStr,sizeof(buf),"%d - PSK 1 phase change when input changes",id);\r
			break;\r
		case 2:		\r
			snprintf(retStr,sizeof(buf),"%d - PSK 2 phase change on bitclk if input high",id);\r
			break;\r
		case 3:\r
			snprintf(retStr,sizeof(buf),"%d - PSK 3 phase change on rising edge of input",id);\r
			break;\r
		case 4:\r
			snprintf(retStr,sizeof(buf),"%d - FSK 1 RF/8  RF/5",id);\r
			break;\r
		case 5:\r
			snprintf(retStr,sizeof(buf),"%d - FSK 2 RF/8  RF/10",id);\r
			break;\r
		case 6:\r
			snprintf(retStr,sizeof(buf),"%d - FSK 1a RF/5  RF/8",id);\r
			break;\r
		case 7:\r
			snprintf(retStr,sizeof(buf),"%d - FSK 2a RF/10  RF/8",id);\r
			break;\r
		case 8:\r
			snprintf(retStr,sizeof(buf),"%d - Manchester",id);\r
			break;\r
		case 16:\r
			snprintf(retStr,sizeof(buf),"%d - Biphase",id);\r
			break;\r
		case 0x18:\r
			snprintf(retStr,sizeof(buf),"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);\r
			break;\r
		case 17:\r
			snprintf(retStr,sizeof(buf),"%d - Reserved",id);\r
			break;\r
		default:\r
			snprintf(retStr,sizeof(buf),"0x%02X (Unknown)",id);\r
			break;\r
		}\r
	return buf;\r
}\r
\r
char * GetModelStrFromCID(uint32_t cid){\r
		\r
	static char buf[10];\r
	char *retStr = buf;\r
	\r
	if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");\r
	if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2");	\r
	return buf;\r
}\r
\r
char * GetSelectedModulationStr( uint8_t id){\r
\r
	static char buf[20];\r
	char *retStr = buf;\r
\r
	switch (id){\r
		case DEMOD_FSK:\r
			snprintf(retStr,sizeof(buf),"FSK");\r
			break;\r
		case DEMOD_FSK1:\r
			snprintf(retStr,sizeof(buf),"FSK1");\r
			break;\r
		case DEMOD_FSK1a:\r
			snprintf(retStr,sizeof(buf),"FSK1a");\r
			break;\r
		case DEMOD_FSK2:\r
			snprintf(retStr,sizeof(buf),"FSK2");\r
			break;\r
		case DEMOD_FSK2a:\r
			snprintf(retStr,sizeof(buf),"FSK2a");\r
			break;\r
		case DEMOD_ASK:		\r
			snprintf(retStr,sizeof(buf),"ASK");\r
			break;\r
		case DEMOD_NRZ:\r
			snprintf(retStr,sizeof(buf),"DIRECT/NRZ");\r
			break;\r
		case DEMOD_PSK1:\r
			snprintf(retStr,sizeof(buf),"PSK1");\r
			break;\r
		case DEMOD_PSK2:\r
			snprintf(retStr,sizeof(buf),"PSK2");\r
			break;\r
		case DEMOD_PSK3:\r
			snprintf(retStr,sizeof(buf),"PSK3");\r
			break;\r
		case DEMOD_BI:\r
			snprintf(retStr,sizeof(buf),"BIPHASE");\r
			break;\r
		case DEMOD_BIa:\r
			snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)");\r
			break;\r
		default:\r
			snprintf(retStr,sizeof(buf),"(Unknown)");\r
			break;\r
		}\r
	return buf;\r
}\r
\r
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){\r
	\r
	int i = start;\r
	int j = len-1;\r
\r
	if (len > 32) return 0;\r
\r
	uint32_t tmp = 0;\r
	for (; j >= 0; --j, ++i)\r
		tmp	|= bits[i] << j;\r
\r
	return tmp;\r
}\r
\r
int CmdResetRead(const char *Cmd) {\r
	UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
\r
	clearCommandBuffer();\r
	SendCommand(&c);\r
	if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
		PrintAndLog("command execution time out");\r
		return 0;\r
	}\r
\r
	uint8_t got[BIGBUF_SIZE-1];\r
	GetFromBigBuf(got,sizeof(got),0);\r
	WaitForResponse(CMD_ACK,NULL);\r
	setGraphBuf(got, sizeof(got));\r
	return 1;\r
}\r
\r
int CmdT55xxWipe(const char *Cmd) {\r
	char writeData[20] = {0};\r
	char *ptrData = writeData;\r
\r
	PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
\r
	//try with the default password to reset block 0  (with a pwd should work even if pwd bit not set)\r
	snprintf(ptrData,sizeof(writeData),"b 0 d 00088040 p 0");\r
\r
	if (!CmdT55xxWriteBlock(ptrData))\r
		PrintAndLog("Error writing blk 0");\r
\r
	for (uint8_t blk = 1; blk<8; blk++) {\r
		snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);\r
		if (!CmdT55xxWriteBlock(ptrData))\r
			PrintAndLog("Error writing blk %d", blk);\r
\r
		memset(writeData, sizeof(writeData), 0x00);\r
	}\r
	return 0;\r
}\r
\r
static command_t CommandTable[] = {\r
  {"help",     CmdHelp,           1, "This help"},\r
  {"config",   CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},\r
  {"detect",   CmdT55xxDetect,    1, "[1] Try detecting the tag modulation from reading the configuration block."},\r
  {"read",     CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]"},\r
  {"resetread",CmdResetRead,      0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"},\r
  {"write",    CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data. Optional [p password], [page1]"},\r
  {"trace",    CmdT55xxReadTrace, 1, "[1] Show T55x7 traceability data (page 1/ blk 0-1)"},\r
  {"info",     CmdT55xxInfo,      1, "[1] Show T55x7 configuration data (page 0/ blk 0)"},\r
  {"dump",     CmdT55xxDump,      0, "[password] [o] Dump T55xx card block 0-7. Optional [password], [override]"},\r
  {"special",  special,           0, "Show block changes with 64 different offsets"},\r
  {"wakeup",   CmdT55xxWakeUp,    0, "Send AOR wakeup command"},\r
  {"wipe",     CmdT55xxWipe,      0, "Wipe a T55xx tag and set defaults (will destroy any data on tag)"},\r
  {NULL, NULL, 0, NULL}\r
};\r
\r
int CmdLFT55XX(const char *Cmd) {\r
  CmdsParse(CommandTable, Cmd);\r
  return 0;\r
}\r
\r
int CmdHelp(const char *Cmd) {\r
  CmdsHelp(CommandTable);\r
  return 0;\r
}\r