]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlft55xx.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ADD: @marshmellow's fixes to awid, viking and T55x7
[proxmark3-svn] / client / cmdlft55xx.c
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency T55xx commands
8 //-----------------------------------------------------------------------------
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <inttypes.h>
13 #include <time.h>
14 #include "proxmark3.h"
15 #include "ui.h"
16 #include "graph.h"
17 #include "cmdmain.h"
18 #include "cmdparser.h"
19 #include "cmddata.h"
20 #include "cmdlf.h"
21 #include "cmdlft55xx.h"
22 #include "util.h"
23 #include "data.h"
24 #include "lfdemod.h"
25 #include "../common/crc.h"
26 #include "../common/iso14443crc.h"
27 #include "cmdhf14a.h"
28
29 #define T55x7_CONFIGURATION_BLOCK 0x00
30 #define T55x7_PAGE0 0x00
31 #define T55x7_PAGE1 0x01
32 #define T55x7_PWD 0x00000010
33 #define REGULAR_READ_MODE_BLOCK 0xFF
34
35 // Default configuration
36 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };
37
38 t55xx_conf_block_t Get_t55xx_Config(){
39 return config;
40 }
41 void Set_t55xx_Config(t55xx_conf_block_t conf){
42 config = conf;
43 }
44
45 int usage_t55xx_config(){
46 PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>] [Q5]");
47 PrintAndLog("Options:");
48 PrintAndLog(" h This help");
49 PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate");
50 PrintAndLog(" d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");
51 PrintAndLog(" i [1] Invert data signal, defaults to normal");
52 PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");
53 PrintAndLog(" Q5 Set as Q5(T5555) chip instead of T55x7");
54 PrintAndLog("");
55 PrintAndLog("Examples:");
56 PrintAndLog(" lf t55xx config d FSK - FSK demodulation");
57 PrintAndLog(" lf t55xx config d FSK i 1 - FSK demodulation, inverse data");
58 PrintAndLog(" lf t55xx config d FSK i 1 o 3 - FSK demodulation, inverse data, offset=3,start from position 3 to decode data");
59 PrintAndLog("");
60 return 0;
61 }
62 int usage_t55xx_read(){
63 PrintAndLog("Usage: lf t55xx read [b <block>] [p <password>] <override_safety> <page1>");
64 PrintAndLog("Options:");
65 PrintAndLog(" b <block> - block number to read. Between 0-7");
66 PrintAndLog(" p <password> - OPTIONAL password (8 hex characters)");
67 PrintAndLog(" o - OPTIONAL override safety check");
68 PrintAndLog(" 1 - OPTIONAL read Page 1 instead of Page 0");
69 PrintAndLog(" ****WARNING****");
70 PrintAndLog(" Use of read with password on a tag not configured for a pwd");
71 PrintAndLog(" can damage the tag");
72 PrintAndLog("");
73 PrintAndLog("Examples:");
74 PrintAndLog(" lf t55xx read b 0 - read data from block 0");
75 PrintAndLog(" lf t55xx read b 0 p feedbeef - read data from block 0 password feedbeef");
76 PrintAndLog(" lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check");
77 PrintAndLog("");
78 return 0;
79 }
80 int usage_t55xx_write(){
81 PrintAndLog("Usage: lf t55xx wr [b <block>] [d <data>] [p <password>] [1]");
82 PrintAndLog("Options:");
83 PrintAndLog(" b <block> - block number to write. Between 0-7");
84 PrintAndLog(" d <data> - 4 bytes of data to write (8 hex characters)");
85 PrintAndLog(" p <password> - OPTIONAL password 4bytes (8 hex characters)");
86 PrintAndLog(" 1 - OPTIONAL write Page 1 instead of Page 0");
87 PrintAndLog("");
88 PrintAndLog("Examples:");
89 PrintAndLog(" lf t55xx write b 3 d 11223344 - write 11223344 to block 3");
90 PrintAndLog(" lf t55xx write b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");
91 PrintAndLog("");
92 return 0;
93 }
94 int usage_t55xx_trace() {
95 PrintAndLog("Usage: lf t55xx trace [1]");
96 PrintAndLog("Options:");
97 PrintAndLog(" [graph buffer data] - if set, use Graphbuffer otherwise read data from tag.");
98 PrintAndLog("");
99 PrintAndLog("Examples:");
100 PrintAndLog(" lf t55xx trace");
101 PrintAndLog(" lf t55xx trace 1");
102 PrintAndLog("");
103 return 0;
104 }
105 int usage_t55xx_info() {
106 PrintAndLog("Usage: lf t55xx info [1]");
107 PrintAndLog("Options:");
108 PrintAndLog(" [graph buffer data] - if set, use Graphbuffer otherwise read data from tag.");
109 PrintAndLog("");
110 PrintAndLog("Examples:");
111 PrintAndLog(" lf t55xx info");
112 PrintAndLog(" lf t55xx info 1");
113 PrintAndLog("");
114 return 0;
115 }
116 int usage_t55xx_dump(){
117 PrintAndLog("Usage: lf t55xx dump <password> [o]");
118 PrintAndLog("Options:");
119 PrintAndLog(" <password> - OPTIONAL password 4bytes (8 hex symbols)");
120 PrintAndLog(" o - OPTIONAL override, force pwd read despite danger to card");
121 PrintAndLog("");
122 PrintAndLog("Examples:");
123 PrintAndLog(" lf t55xx dump");
124 PrintAndLog(" lf t55xx dump feedbeef o");
125 PrintAndLog("");
126 return 0;
127 }
128 int usage_t55xx_detect(){
129 PrintAndLog("Usage: lf t55xx detect [1] [p <password>]");
130 PrintAndLog("Options:");
131 PrintAndLog(" 1 - if set, use Graphbuffer otherwise read data from tag.");
132 PrintAndLog(" p <password> - OPTIONAL password (8 hex characters)");
133 PrintAndLog("");
134 PrintAndLog("Examples:");
135 PrintAndLog(" lf t55xx detect");
136 PrintAndLog(" lf t55xx detect 1");
137 PrintAndLog(" lf t55xx detect 11223344");
138 PrintAndLog("");
139 return 0;
140 }
141 int usage_t55xx_wakup(){
142 PrintAndLog("Usage: lf t55xx wakeup [h] p <password>");
143 PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards.");
144 PrintAndLog("Options:");
145 PrintAndLog(" h - this help");
146 PrintAndLog(" p <password> - password 4bytes (8 hex symbols)");
147 PrintAndLog("");
148 PrintAndLog("Examples:");
149 PrintAndLog(" lf t55xx wakeup p 11223344 - send wakeup password");
150 return 0;
151 }
152
153 static int CmdHelp(const char *Cmd);
154
155 void printT5xxHeader(uint8_t page){
156 PrintAndLog("Reading Page %d:", page);
157 PrintAndLog("blk | hex data | binary");
158 PrintAndLog("----+----------+---------------------------------");
159 }
160
161 int CmdT55xxSetConfig(const char *Cmd) {
162
163 uint8_t offset = 0;
164 char modulation[5] = {0x00};
165 char tmp = 0x00;
166 uint8_t bitRate = 0;
167 uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};
168 uint8_t cmdp = 0;
169 config.Q5 = FALSE;
170 bool errors = FALSE;
171 while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
172 {
173 tmp = param_getchar(Cmd, cmdp);
174 switch(tmp)
175 {
176 case 'h':
177 case 'H':
178 return usage_t55xx_config();
179 case 'b':
180 errors |= param_getdec(Cmd, cmdp+1, &bitRate);
181 if ( !errors){
182 uint8_t i = 0;
183 for (; i < 9; i++){
184 if (rates[i]==bitRate) {
185 config.bitrate = i;
186 break;
187 }
188 }
189 if (i==9) errors = TRUE;
190 }
191 cmdp+=2;
192 break;
193 case 'd':
194 param_getstr(Cmd, cmdp+1, modulation);
195 cmdp += 2;
196
197 if ( strcmp(modulation, "FSK" ) == 0) {
198 config.modulation = DEMOD_FSK;
199 } else if ( strcmp(modulation, "FSK1" ) == 0) {
200 config.modulation = DEMOD_FSK1;
201 config.inverted=1;
202 } else if ( strcmp(modulation, "FSK1a" ) == 0) {
203 config.modulation = DEMOD_FSK1a;
204 config.inverted=0;
205 } else if ( strcmp(modulation, "FSK2" ) == 0) {
206 config.modulation = DEMOD_FSK2;
207 config.inverted=0;
208 } else if ( strcmp(modulation, "FSK2a" ) == 0) {
209 config.modulation = DEMOD_FSK2a;
210 config.inverted=1;
211 } else if ( strcmp(modulation, "ASK" ) == 0) {
212 config.modulation = DEMOD_ASK;
213 } else if ( strcmp(modulation, "NRZ" ) == 0) {
214 config.modulation = DEMOD_NRZ;
215 } else if ( strcmp(modulation, "PSK1" ) == 0) {
216 config.modulation = DEMOD_PSK1;
217 } else if ( strcmp(modulation, "PSK2" ) == 0) {
218 config.modulation = DEMOD_PSK2;
219 } else if ( strcmp(modulation, "PSK3" ) == 0) {
220 config.modulation = DEMOD_PSK3;
221 } else if ( strcmp(modulation, "BIa" ) == 0) {
222 config.modulation = DEMOD_BIa;
223 config.inverted=1;
224 } else if ( strcmp(modulation, "BI" ) == 0) {
225 config.modulation = DEMOD_BI;
226 config.inverted=0;
227 } else {
228 PrintAndLog("Unknown modulation '%s'", modulation);
229 errors = TRUE;
230 }
231 break;
232 case 'i':
233 config.inverted = param_getchar(Cmd,cmdp+1) == '1';
234 cmdp+=2;
235 break;
236 case 'o':
237 errors |= param_getdec(Cmd, cmdp+1, &offset);
238 if ( !errors )
239 config.offset = offset;
240 cmdp+=2;
241 break;
242 case 'Q':
243 case 'q':
244 config.Q5 = TRUE;
245 cmdp++;
246 break;
247 default:
248 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
249 errors = TRUE;
250 break;
251 }
252 }
253
254 // No args
255 if (cmdp == 0) return printConfiguration( config );
256
257 //Validations
258 if (errors) return usage_t55xx_config();
259
260 config.block0 = 0;
261 return printConfiguration ( config );
262 }
263
264 int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){
265 //Password mode
266 if ( usepwd ) {
267 // try reading the config block and verify that PWD bit is set before doing this!
268 if ( !override ) {
269
270 if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0 ) ) return 0;
271
272 if ( !tryDetectModulation() ) {
273 PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
274 return 0;
275 } else {
276 PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");
277 usepwd = false;
278 page1 = false;
279 }
280 } else {
281 PrintAndLog("Safety Check Overriden - proceeding despite risk");
282 }
283 }
284
285 if (!AquireData(page1, block, usepwd, password) ) return 0;
286 if (!DecodeT55xxBlock()) return 0;
287
288 char blk[10]={0};
289 sprintf(blk,"%02d", block);
290 printT55xxBlock(blk);
291 return 1;
292 }
293
294 int CmdT55xxReadBlock(const char *Cmd) {
295 uint8_t block = REGULAR_READ_MODE_BLOCK;
296 uint32_t password = 0; //default to blank Block 7
297 bool usepwd = false;
298 bool override = false;
299 bool page1 = false;
300 bool errors = false;
301 uint8_t cmdp = 0;
302 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
303 switch(param_getchar(Cmd, cmdp)) {
304 case 'h':
305 case 'H':
306 return usage_t55xx_read();
307 case 'b':
308 case 'B':
309 errors |= param_getdec(Cmd, cmdp+1, &block);
310 cmdp += 2;
311 break;
312 case 'o':
313 case 'O':
314 override = TRUE;
315 cmdp++;
316 break;
317 case 'p':
318 case 'P':
319 password = param_get32ex(Cmd, cmdp+1, 0, 16);
320 usepwd = true;
321 cmdp += 2;
322 break;
323 case '1':
324 page1 = true;
325 cmdp++;
326 break;
327 default:
328 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
329 errors = true;
330 break;
331 }
332 }
333 if (errors) return usage_t55xx_read();
334
335 if (block > 7 && block != REGULAR_READ_MODE_BLOCK ) {
336 PrintAndLog("Block must be between 0 and 7");
337 return 0;
338 }
339
340 printT5xxHeader(page1);
341 return T55xxReadBlock(block, page1, usepwd, override, password);
342 }
343
344 bool DecodeT55xxBlock(){
345
346 char buf[30] = {0x00};
347 char *cmdStr = buf;
348 int ans = 0;
349 uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
350 DemodBufferLen = 0x00;
351
352 switch( config.modulation ){
353 case DEMOD_FSK:
354 snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );
355 ans = FSKrawDemod(cmdStr, FALSE);
356 break;
357 case DEMOD_FSK1:
358 case DEMOD_FSK1a:
359 snprintf(cmdStr, sizeof(buf),"%d %d 8 5", bitRate[config.bitrate], config.inverted );
360 ans = FSKrawDemod(cmdStr, FALSE);
361 break;
362 case DEMOD_FSK2:
363 case DEMOD_FSK2a:
364 snprintf(cmdStr, sizeof(buf),"%d %d 10 8", bitRate[config.bitrate], config.inverted );
365 ans = FSKrawDemod(cmdStr, FALSE);
366 break;
367 case DEMOD_ASK:
368 snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
369 ans = ASKDemod(cmdStr, FALSE, FALSE, 1);
370 break;
371 case DEMOD_PSK1:
372 // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
373 CmdLtrim("160");
374 snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );
375 ans = PSKDemod(cmdStr, FALSE);
376 break;
377 case DEMOD_PSK2: //inverted won't affect this
378 case DEMOD_PSK3: //not fully implemented
379 // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
380 CmdLtrim("160");
381 snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );
382 ans = PSKDemod(cmdStr, FALSE);
383 psk1TOpsk2(DemodBuffer, DemodBufferLen);
384 break;
385 case DEMOD_NRZ:
386 snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
387 ans = NRZrawDemod(cmdStr, FALSE);
388 break;
389 case DEMOD_BI:
390 case DEMOD_BIa:
391 snprintf(cmdStr, sizeof(buf),"0 %d %d 1", bitRate[config.bitrate], config.inverted );
392 ans = ASKbiphaseDemod(cmdStr, FALSE);
393 break;
394 default:
395 return FALSE;
396 }
397 return (bool) ans;
398 }
399
400 int CmdT55xxDetect(const char *Cmd){
401
402 bool errors = FALSE;
403 bool useGB = FALSE;
404 bool usepwd = FALSE;
405 uint32_t password = 0;
406 uint8_t cmdp = 0;
407
408 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
409 switch(param_getchar(Cmd, cmdp)) {
410 case 'h':
411 case 'H':
412 return usage_t55xx_detect();
413 case 'p':
414 case 'P':
415 password = param_get32ex(Cmd, cmdp+1, 0, 16);
416 usepwd = TRUE;
417 cmdp += 2;
418 break;
419 case '1':
420 // use Graphbuffer data
421 useGB = TRUE;
422 cmdp++;
423 break;
424 default:
425 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
426 errors = true;
427 break;
428 }
429 }
430 if (errors) return usage_t55xx_detect();
431
432 if ( !useGB) {
433 if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password) )
434 return 0;
435 }
436
437 if ( !tryDetectModulation() )
438 PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
439
440 return 1;
441 }
442
443 // detect configuration?
444 bool tryDetectModulation(){
445 uint8_t hits = 0;
446 t55xx_conf_block_t tests[15];
447 int bitRate=0;
448 uint8_t fc1 = 0, fc2 = 0, clk=0;
449 save_restoreGB(1);
450
451 if (GetFskClock("", FALSE, FALSE)){
452 fskClocks(&fc1, &fc2, &clk, FALSE);
453 if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){
454 tests[hits].modulation = DEMOD_FSK;
455 if (fc1==8 && fc2 == 5)
456 tests[hits].modulation = DEMOD_FSK1a;
457 else if (fc1==10 && fc2 == 8)
458 tests[hits].modulation = DEMOD_FSK2;
459 tests[hits].bitrate = bitRate;
460 tests[hits].inverted = FALSE;
461 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
462 ++hits;
463 }
464 if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
465 tests[hits].modulation = DEMOD_FSK;
466 if (fc1 == 8 && fc2 == 5)
467 tests[hits].modulation = DEMOD_FSK1;
468 else if (fc1 == 10 && fc2 == 8)
469 tests[hits].modulation = DEMOD_FSK2a;
470
471 tests[hits].bitrate = bitRate;
472 tests[hits].inverted = TRUE;
473 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
474 ++hits;
475 }
476 } else {
477 clk = GetAskClock("", FALSE, FALSE);
478 if (clk>0) {
479 if ( ASKDemod("0 0 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
480 tests[hits].modulation = DEMOD_ASK;
481 tests[hits].bitrate = bitRate;
482 tests[hits].inverted = FALSE;
483 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
484 ++hits;
485 }
486 if ( ASKDemod("0 1 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
487 tests[hits].modulation = DEMOD_ASK;
488 tests[hits].bitrate = bitRate;
489 tests[hits].inverted = TRUE;
490 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
491 ++hits;
492 }
493 if ( ASKbiphaseDemod("0 0 0 2", FALSE) && test(DEMOD_BI, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {
494 tests[hits].modulation = DEMOD_BI;
495 tests[hits].bitrate = bitRate;
496 tests[hits].inverted = FALSE;
497 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
498 ++hits;
499 }
500 if ( ASKbiphaseDemod("0 0 1 2", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {
501 tests[hits].modulation = DEMOD_BIa;
502 tests[hits].bitrate = bitRate;
503 tests[hits].inverted = TRUE;
504 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
505 ++hits;
506 }
507 }
508 //undo trim from ask
509 save_restoreGB(0);
510 clk = GetNrzClock("", FALSE, FALSE);
511 if (clk>0) {
512 if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
513 tests[hits].modulation = DEMOD_NRZ;
514 tests[hits].bitrate = bitRate;
515 tests[hits].inverted = FALSE;
516 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
517 ++hits;
518 }
519
520 if ( NRZrawDemod("0 1 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
521 tests[hits].modulation = DEMOD_NRZ;
522 tests[hits].bitrate = bitRate;
523 tests[hits].inverted = TRUE;
524 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
525 ++hits;
526 }
527 }
528
529 //undo trim from nrz
530 save_restoreGB(0);
531 // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
532 CmdLtrim("160");
533 clk = GetPskClock("", FALSE, FALSE);
534 if (clk>0) {
535 if ( PSKDemod("0 0 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
536 tests[hits].modulation = DEMOD_PSK1;
537 tests[hits].bitrate = bitRate;
538 tests[hits].inverted = FALSE;
539 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
540 ++hits;
541 }
542 if ( PSKDemod("0 1 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
543 tests[hits].modulation = DEMOD_PSK1;
544 tests[hits].bitrate = bitRate;
545 tests[hits].inverted = TRUE;
546 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
547 ++hits;
548 }
549 // PSK2 - needs a call to psk1TOpsk2.
550 if ( PSKDemod("0 0 6", FALSE)) {
551 psk1TOpsk2(DemodBuffer, DemodBufferLen);
552 if (test(DEMOD_PSK2, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){
553 tests[hits].modulation = DEMOD_PSK2;
554 tests[hits].bitrate = bitRate;
555 tests[hits].inverted = FALSE;
556 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
557 ++hits;
558 }
559 } // inverse waves does not affect this demod
560 // PSK3 - needs a call to psk1TOpsk2.
561 if ( PSKDemod("0 0 6", FALSE)) {
562 psk1TOpsk2(DemodBuffer, DemodBufferLen);
563 if (test(DEMOD_PSK3, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){
564 tests[hits].modulation = DEMOD_PSK3;
565 tests[hits].bitrate = bitRate;
566 tests[hits].inverted = FALSE;
567 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
568 ++hits;
569 }
570 } // inverse waves does not affect this demod
571 }
572 }
573 save_restoreGB(0);
574 if ( hits == 1) {
575 config.modulation = tests[0].modulation;
576 config.bitrate = tests[0].bitrate;
577 config.inverted = tests[0].inverted;
578 config.offset = tests[0].offset;
579 config.block0 = tests[0].block0;
580 printConfiguration( config );
581 return TRUE;
582 }
583
584 if ( hits > 1) {
585 PrintAndLog("Found [%d] possible matches for modulation.",hits);
586 for(int i=0; i<hits; ++i){
587 PrintAndLog("--[%d]---------------", i+1);
588 printConfiguration( tests[i] );
589 }
590 }
591 return FALSE;
592 }
593
594 bool testModulation(uint8_t mode, uint8_t modread){
595 switch( mode ){
596 case DEMOD_FSK:
597 if (modread >= DEMOD_FSK1 && modread <= DEMOD_FSK2a) return TRUE;
598 break;
599 case DEMOD_ASK:
600 if (modread == DEMOD_ASK) return TRUE;
601 break;
602 case DEMOD_PSK1:
603 if (modread == DEMOD_PSK1) return TRUE;
604 break;
605 case DEMOD_PSK2:
606 if (modread == DEMOD_PSK2) return TRUE;
607 break;
608 case DEMOD_PSK3:
609 if (modread == DEMOD_PSK3) return TRUE;
610 break;
611 case DEMOD_NRZ:
612 if (modread == DEMOD_NRZ) return TRUE;
613 break;
614 case DEMOD_BI:
615 if (modread == DEMOD_BI) return TRUE;
616 break;
617 case DEMOD_BIa:
618 if (modread == DEMOD_BIa) return TRUE;
619 break;
620 default:
621 return FALSE;
622 }
623 return FALSE;
624 }
625
626 bool testQ5Modulation(uint8_t mode, uint8_t modread){
627 switch( mode ){
628 case DEMOD_FSK:
629 if (modread >= 4 && modread <= 5) return TRUE;
630 break;
631 case DEMOD_ASK:
632 if (modread == 0) return TRUE;
633 break;
634 case DEMOD_PSK1:
635 if (modread == 1) return TRUE;
636 break;
637 case DEMOD_PSK2:
638 if (modread == 2) return TRUE;
639 break;
640 case DEMOD_PSK3:
641 if (modread == 3) return TRUE;
642 break;
643 case DEMOD_NRZ:
644 if (modread == 7) return TRUE;
645 break;
646 case DEMOD_BI:
647 if (modread == 6) return TRUE;
648 break;
649 default:
650 return FALSE;
651 }
652 return FALSE;
653 }
654
655 bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk){
656
657 if ( DemodBufferLen < 64 ) return FALSE;
658 uint8_t si = 0;
659 for (uint8_t idx = 28; idx < 64; idx++){
660 si = idx;
661 if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;
662
663 uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
664 uint8_t resv = PackBits(si, 8, DemodBuffer); si += 8;
665 // 2nibble must be zeroed.
666 if (safer != 0x6) continue;
667 if ( resv > 0x00) continue;
668 //uint8_t pageSel = PackBits(si, 1, DemodBuffer); si += 1;
669 //uint8_t fastWrite = PackBits(si, 1, DemodBuffer); si += 1;
670 si += 1+1;
671 int bitRate = PackBits(si, 5, DemodBuffer)*2 + 2; si += 5; //bit rate
672 if (bitRate > 128 || bitRate < 8) continue;
673
674 //uint8_t AOR = PackBits(si, 1, DemodBuffer); si += 1;
675 //uint8_t PWD = PackBits(si, 1, DemodBuffer); si += 1;
676 //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2; //could check psk cr
677 //uint8_t inverse = PackBits(si, 1, DemodBuffer); si += 1;
678 si += 1+1+2+1;
679 uint8_t modread = PackBits(si, 3, DemodBuffer); si += 3;
680 uint8_t maxBlk = PackBits(si, 3, DemodBuffer); si += 3;
681 //uint8_t ST = PackBits(si, 1, DemodBuffer); si += 1;
682 if (maxBlk == 0) continue;
683 //test modulation
684 if (!testQ5Modulation(mode, modread)) continue;
685 if (bitRate != clk) continue;
686 *fndBitRate = bitRate;
687 *offset = idx;
688
689 return TRUE;
690 }
691 return FALSE;
692 }
693
694 bool testBitRate(uint8_t readRate, uint8_t clk){
695 uint8_t expected[] = {8, 16, 32, 40, 50, 64, 100, 128};
696 if (expected[readRate] == clk)
697 return true;
698
699 return false;
700 }
701
702 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5){
703
704 if ( DemodBufferLen < 64 ) return FALSE;
705 uint8_t si = 0;
706 for (uint8_t idx = 28; idx < 64; idx++){
707 si = idx;
708 if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;
709
710 uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
711 uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode
712 // 2nibble must be zeroed.
713 // moved test to here, since this gets most faults first.
714 if ( resv > 0x00) continue;
715
716 uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //extended mode part of rate
717 int bitRate = PackBits(si, 3, DemodBuffer); si += 3; //bit rate
718 if (bitRate > 7) continue;
719 uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode
720 uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1;
721 //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //could check psk cr
722 uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode
723 uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;
724
725 //if extended mode
726 bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;
727
728 if (!extMode){
729 if (nml01 || nml02 || xtRate) continue;
730 }
731 //test modulation
732 if (!testModulation(mode, modread)) continue;
733 if (!testBitRate(bitRate, clk)) continue;
734 *fndBitRate = bitRate;
735 *offset = idx;
736 *Q5 = FALSE;
737 return TRUE;
738 }
739 if (testQ5(mode, offset, fndBitRate, clk)) {
740 *Q5 = TRUE;
741 return TRUE;
742 }
743 return FALSE;
744 }
745
746 void printT55xxBlock(const char *blockNum){
747
748 uint8_t i = config.offset;
749 uint8_t endpos = 32 + i;
750 uint32_t blockData = 0;
751 uint8_t bits[64] = {0x00};
752
753 if ( !DemodBufferLen) return;
754
755 if ( endpos > DemodBufferLen){
756 PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);
757 return;
758 }
759
760 for (; i < endpos; ++i)
761 bits[i - config.offset] = DemodBuffer[i];
762
763 blockData = PackBits(0, 32, bits);
764
765 PrintAndLog(" %s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));
766 }
767
768 int special(const char *Cmd) {
769 uint32_t blockData = 0;
770 uint8_t bits[32] = {0x00};
771
772 PrintAndLog("OFFSET | DATA | BINARY");
773 PrintAndLog("----------------------------------------------------");
774 int i,j = 0;
775 for (; j < 64; ++j){
776
777 for (i = 0; i < 32; ++i)
778 bits[i]=DemodBuffer[j+i];
779
780 blockData = PackBits(0, 32, bits);
781
782 PrintAndLog("%02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32));
783 }
784 return 0;
785 }
786
787 int printConfiguration( t55xx_conf_block_t b){
788 PrintAndLog("Chip Type : %s", (b.Q5) ? "T5555(Q5)" : "T55x7");
789 PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
790 PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );
791 PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );
792 PrintAndLog("Offset : %d", b.offset);
793 PrintAndLog("Block0 : 0x%08X", b.block0);
794 PrintAndLog("");
795 return 0;
796 }
797
798 int CmdT55xxWakeUp(const char *Cmd) {
799 uint32_t password = 0;
800 uint8_t cmdp = 0;
801 bool errors = false;
802 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
803 switch(param_getchar(Cmd, cmdp)) {
804 case 'h':
805 case 'H':
806 return usage_t55xx_wakup();
807 case 'p':
808 case 'P':
809 password = param_get32ex(Cmd, cmdp+1, 0, 16);
810 cmdp += 2;
811 errors = false;
812 break;
813 default:
814 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
815 errors = true;
816 break;
817 }
818 }
819 if (errors) return usage_t55xx_wakup();
820
821 UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
822 clearCommandBuffer();
823 SendCommand(&c);
824 PrintAndLog("Wake up command sent. Try read now");
825 return 0;
826 }
827
828 int CmdT55xxWriteBlock(const char *Cmd) {
829 uint8_t block = 0xFF; //default to invalid block
830 uint32_t data = 0; //default to blank Block
831 uint32_t password = 0; //default to blank Block 7
832 bool usepwd = false;
833 bool page1 = false;
834 bool gotdata = false;
835 bool errors = false;
836 uint8_t cmdp = 0;
837 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
838 switch(param_getchar(Cmd, cmdp)) {
839 case 'h':
840 case 'H':
841 return usage_t55xx_write();
842 case 'b':
843 case 'B':
844 errors |= param_getdec(Cmd, cmdp+1, &block);
845 cmdp += 2;
846 break;
847 case 'd':
848 case 'D':
849 data = param_get32ex(Cmd, cmdp+1, 0, 16);
850 gotdata = true;
851 cmdp += 2;
852 break;
853 case 'p':
854 case 'P':
855 password = param_get32ex(Cmd, cmdp+1, 0, 16);
856 usepwd = true;
857 cmdp += 2;
858 break;
859 case '1':
860 page1 = true;
861 cmdp++;
862 break;
863 default:
864 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
865 errors = true;
866 break;
867 }
868 }
869 if (errors || !gotdata) return usage_t55xx_write();
870
871 if (block > 7) {
872 PrintAndLog("Block number must be between 0 and 7");
873 return 0;
874 }
875
876 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
877 UsbCommand resp;
878 c.d.asBytes[0] = (page1) ? 0x2 : 0;
879
880 char pwdStr[16] = {0};
881 snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password);
882
883 PrintAndLog("Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : "" );
884
885 //Password mode
886 if (usepwd) {
887 c.arg[2] = password;
888 c.d.asBytes[0] |= 0x1;
889 }
890 clearCommandBuffer();
891 SendCommand(&c);
892 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
893 PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");
894 return 0;
895 }
896 return 1;
897 }
898
899 int CmdT55xxReadTrace(const char *Cmd) {
900 char cmdp = param_getchar(Cmd, 0);
901 bool pwdmode = false;
902 uint32_t password = 0;
903 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();
904
905 if (strlen(Cmd)==0)
906 if ( !AquireData( T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )
907 return 0;
908
909 if (!DecodeT55xxBlock()) return 0;
910
911 if ( !DemodBufferLen) return 0;
912
913 RepaintGraphWindow();
914 uint8_t repeat = 0;
915 if (config.offset > 5)
916 repeat = 32;
917 uint8_t si = config.offset+repeat;
918 uint32_t bl1 = PackBits(si, 32, DemodBuffer);
919 uint32_t bl2 = PackBits(si+32, 32, DemodBuffer);
920
921 uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;
922 uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;
923 uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5;
924 uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3;
925 uint32_t year = PackBits(si, 4, DemodBuffer); si += 4;
926 uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;
927 uint32_t lotid = PackBits(si, 14, DemodBuffer); si += 14;
928 uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5;
929 uint32_t dw = PackBits(si, 15, DemodBuffer);
930
931 time_t t = time(NULL);
932 struct tm tm = *localtime(&t);
933 if ( year > tm.tm_year-110)
934 year += 2000;
935 else
936 year += 2010;
937
938 if (config.Q5) PrintAndLog("*** Warning *** Info read off a Q5 will not work as expected");
939 if ( acl != 0xE0 ) {
940 PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
941 return 0;
942 }
943 PrintAndLog("");
944 PrintAndLog("-- T55xx Trace Information ----------------------------------");
945 PrintAndLog("-------------------------------------------------------------");
946 PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl);
947 PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d) - %s", mfc, mfc, getTagInfo(mfc));
948 PrintAndLog(" CID : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid));
949 PrintAndLog(" ICR IC Revision : %d",icr );
950 PrintAndLog(" Manufactured");
951 PrintAndLog(" Year/Quarter : %d/%d",year, quarter);
952 PrintAndLog(" Lot ID : %d", lotid );
953 PrintAndLog(" Wafer number : %d", wafer);
954 PrintAndLog(" Die Number : %d", dw);
955 PrintAndLog("-------------------------------------------------------------");
956 PrintAndLog(" Raw Data - Page 1");
957 PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat,32) );
958 PrintAndLog(" Block 2 : 0x%08X %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
959 PrintAndLog("-------------------------------------------------------------");
960
961 /*
962 TRACE - BLOCK O
963 Bits Definition HEX
964 1-8 ACL Allocation class (ISO/IEC 15963-1) 0xE0
965 9-16 MFC Manufacturer ID (ISO/IEC 7816-6) 0x15 Atmel Corporation
966 17-21 CID 0x1 = Atmel ATA5577M1 0x2 = Atmel ATA5577M2
967 22-24 ICR IC revision
968 25-28 YEAR (BCD encoded) 9 (= 2009)
969 29-30 QUARTER 1,2,3,4
970 31-32 LOT ID
971
972 TRACE - BLOCK 1
973 1-12 LOT ID
974 13-17 Wafer number
975 18-32 DW, die number sequential
976 */
977
978 return 0;
979 }
980
981 int CmdT55xxInfo(const char *Cmd){
982 /*
983 Page 0 Block 0 Configuration data.
984 Normal mode
985 Extended mode
986 */
987 bool pwdmode = false;
988 uint32_t password = 0;
989 char cmdp = param_getchar(Cmd, 0);
990
991 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();
992
993 if (strlen(Cmd)==0)
994 if ( !AquireData( T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password ) )
995 return 1;
996
997 if (!DecodeT55xxBlock()) return 1;
998
999 if ( DemodBufferLen < 32) return 1;
1000
1001 uint8_t si = config.offset;
1002 uint32_t bl0 = PackBits(si, 32, DemodBuffer);
1003
1004 uint32_t safer = PackBits(si, 4, DemodBuffer); si += 4;
1005 uint32_t resv = PackBits(si, 7, DemodBuffer); si += 7;
1006 uint32_t dbr = PackBits(si, 3, DemodBuffer); si += 3;
1007 uint32_t extend = PackBits(si, 1, DemodBuffer); si += 1;
1008 uint32_t datamod = PackBits(si, 5, DemodBuffer); si += 5;
1009 uint32_t pskcf = PackBits(si, 2, DemodBuffer); si += 2;
1010 uint32_t aor = PackBits(si, 1, DemodBuffer); si += 1;
1011 uint32_t otp = PackBits(si, 1, DemodBuffer); si += 1;
1012 uint32_t maxblk = PackBits(si, 3, DemodBuffer); si += 3;
1013 uint32_t pwd = PackBits(si, 1, DemodBuffer); si += 1;
1014 uint32_t sst = PackBits(si, 1, DemodBuffer); si += 1;
1015 uint32_t fw = PackBits(si, 1, DemodBuffer); si += 1;
1016 uint32_t inv = PackBits(si, 1, DemodBuffer); si += 1;
1017 uint32_t por = PackBits(si, 1, DemodBuffer); si += 1;
1018 if (config.Q5) PrintAndLog("*** Warning *** Config Info read off a Q5 will not display as expected");
1019 PrintAndLog("");
1020 PrintAndLog("-- T55xx Configuration & Tag Information --------------------");
1021 PrintAndLog("-------------------------------------------------------------");
1022 PrintAndLog(" Safer key : %s", GetSaferStr(safer));
1023 PrintAndLog(" reserved : %d", resv);
1024 PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr));
1025 PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No");
1026 PrintAndLog(" Modulation : %s", GetModulationStr(datamod));
1027 PrintAndLog(" PSK clock frequency : %d", pskcf);
1028 PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No");
1029 PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" );
1030 PrintAndLog(" Max block : %d", maxblk);
1031 PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No");
1032 PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");
1033 PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No");
1034 PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No");
1035 PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No");
1036 PrintAndLog("-------------------------------------------------------------");
1037 PrintAndLog(" Raw Data - Page 0");
1038 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );
1039 PrintAndLog("-------------------------------------------------------------");
1040
1041 return 0;
1042 }
1043
1044 int CmdT55xxDump(const char *Cmd){
1045
1046 uint32_t password = 0;
1047 bool override = false;
1048 char cmdp = param_getchar(Cmd, 0);
1049 if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();
1050
1051 bool usepwd = ( strlen(Cmd) > 0);
1052 if ( usepwd ){
1053 password = param_get32ex(Cmd, 0, 0, 16);
1054 if (param_getchar(Cmd, 1) =='o' )
1055 override = true;
1056 }
1057
1058 printT5xxHeader(0);
1059 for ( uint8_t i = 0; i < 8; ++i)
1060 T55xxReadBlock(i, 0, usepwd, override, password);
1061
1062 printT5xxHeader(1);
1063 for ( uint8_t i = 0; i < 4; i++)
1064 T55xxReadBlock(i, 1, usepwd, override, password);
1065
1066 return 1;
1067 }
1068
1069 int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
1070 // arg0 bitmodes:
1071 // bit0 = pwdmode
1072 // bit1 = page to read from
1073 uint8_t arg0 = (page<<1) | pwdmode;
1074 UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};
1075
1076 clearCommandBuffer();
1077 SendCommand(&c);
1078 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
1079 PrintAndLog("command execution time out");
1080 return 0;
1081 }
1082
1083 uint8_t got[12000];
1084 GetFromBigBuf(got,sizeof(got),0);
1085 WaitForResponse(CMD_ACK,NULL);
1086 setGraphBuf(got, sizeof(got));
1087 return 1;
1088 }
1089
1090 char * GetBitRateStr(uint32_t id){
1091 static char buf[25];
1092
1093 char *retStr = buf;
1094 switch (id){
1095 case 0:
1096 snprintf(retStr,sizeof(buf),"%d - RF/8",id);
1097 break;
1098 case 1:
1099 snprintf(retStr,sizeof(buf),"%d - RF/16",id);
1100 break;
1101 case 2:
1102 snprintf(retStr,sizeof(buf),"%d - RF/32",id);
1103 break;
1104 case 3:
1105 snprintf(retStr,sizeof(buf),"%d - RF/40",id);
1106 break;
1107 case 4:
1108 snprintf(retStr,sizeof(buf),"%d - RF/50",id);
1109 break;
1110 case 5:
1111 snprintf(retStr,sizeof(buf),"%d - RF/64",id);
1112 break;
1113 case 6:
1114 snprintf(retStr,sizeof(buf),"%d - RF/100",id);
1115 break;
1116 case 7:
1117 snprintf(retStr,sizeof(buf),"%d - RF/128",id);
1118 break;
1119 default:
1120 snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);
1121 break;
1122 }
1123
1124 return buf;
1125 }
1126
1127 char * GetSaferStr(uint32_t id){
1128 static char buf[40];
1129 char *retStr = buf;
1130
1131 snprintf(retStr,sizeof(buf),"%d",id);
1132 if (id == 6) {
1133 snprintf(retStr,sizeof(buf),"%d - passwd",id);
1134 }
1135 if (id == 9 ){
1136 snprintf(retStr,sizeof(buf),"%d - testmode",id);
1137 }
1138
1139 return buf;
1140 }
1141
1142 char * GetModulationStr( uint32_t id){
1143 static char buf[60];
1144 char *retStr = buf;
1145
1146 switch (id){
1147 case 0:
1148 snprintf(retStr,sizeof(buf),"%d - DIRECT (ASK/NRZ)",id);
1149 break;
1150 case 1:
1151 snprintf(retStr,sizeof(buf),"%d - PSK 1 phase change when input changes",id);
1152 break;
1153 case 2:
1154 snprintf(retStr,sizeof(buf),"%d - PSK 2 phase change on bitclk if input high",id);
1155 break;
1156 case 3:
1157 snprintf(retStr,sizeof(buf),"%d - PSK 3 phase change on rising edge of input",id);
1158 break;
1159 case 4:
1160 snprintf(retStr,sizeof(buf),"%d - FSK 1 RF/8 RF/5",id);
1161 break;
1162 case 5:
1163 snprintf(retStr,sizeof(buf),"%d - FSK 2 RF/8 RF/10",id);
1164 break;
1165 case 6:
1166 snprintf(retStr,sizeof(buf),"%d - FSK 1a RF/5 RF/8",id);
1167 break;
1168 case 7:
1169 snprintf(retStr,sizeof(buf),"%d - FSK 2a RF/10 RF/8",id);
1170 break;
1171 case 8:
1172 snprintf(retStr,sizeof(buf),"%d - Manchester",id);
1173 break;
1174 case 16:
1175 snprintf(retStr,sizeof(buf),"%d - Biphase",id);
1176 break;
1177 case 0x18:
1178 snprintf(retStr,sizeof(buf),"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);
1179 break;
1180 case 17:
1181 snprintf(retStr,sizeof(buf),"%d - Reserved",id);
1182 break;
1183 default:
1184 snprintf(retStr,sizeof(buf),"0x%02X (Unknown)",id);
1185 break;
1186 }
1187 return buf;
1188 }
1189
1190 char * GetModelStrFromCID(uint32_t cid){
1191
1192 static char buf[10];
1193 char *retStr = buf;
1194
1195 if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");
1196 if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2");
1197 return buf;
1198 }
1199
1200 char * GetSelectedModulationStr( uint8_t id){
1201
1202 static char buf[20];
1203 char *retStr = buf;
1204
1205 switch (id){
1206 case DEMOD_FSK:
1207 snprintf(retStr,sizeof(buf),"FSK");
1208 break;
1209 case DEMOD_FSK1:
1210 snprintf(retStr,sizeof(buf),"FSK1");
1211 break;
1212 case DEMOD_FSK1a:
1213 snprintf(retStr,sizeof(buf),"FSK1a");
1214 break;
1215 case DEMOD_FSK2:
1216 snprintf(retStr,sizeof(buf),"FSK2");
1217 break;
1218 case DEMOD_FSK2a:
1219 snprintf(retStr,sizeof(buf),"FSK2a");
1220 break;
1221 case DEMOD_ASK:
1222 snprintf(retStr,sizeof(buf),"ASK");
1223 break;
1224 case DEMOD_NRZ:
1225 snprintf(retStr,sizeof(buf),"DIRECT/NRZ");
1226 break;
1227 case DEMOD_PSK1:
1228 snprintf(retStr,sizeof(buf),"PSK1");
1229 break;
1230 case DEMOD_PSK2:
1231 snprintf(retStr,sizeof(buf),"PSK2");
1232 break;
1233 case DEMOD_PSK3:
1234 snprintf(retStr,sizeof(buf),"PSK3");
1235 break;
1236 case DEMOD_BI:
1237 snprintf(retStr,sizeof(buf),"BIPHASE");
1238 break;
1239 case DEMOD_BIa:
1240 snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)");
1241 break;
1242 default:
1243 snprintf(retStr,sizeof(buf),"(Unknown)");
1244 break;
1245 }
1246 return buf;
1247 }
1248
1249 void t55x7_create_config_block( int tagtype ){
1250
1251 /*
1252 T55X7_DEFAULT_CONFIG_BLOCK, T55X7_RAW_CONFIG_BLOCK
1253 T55X7_EM_UNIQUE_CONFIG_BLOCK, T55X7_FDXB_CONFIG_BLOCK,
1254 T55X7_FDXB_CONFIG_BLOCK, T55X7_HID_26_CONFIG_BLOCK, T55X7_INDALA_64_CONFIG_BLOCK, T55X7_INDALA_224_CONFIG_BLOCK
1255 T55X7_GUARDPROXII_CONFIG_BLOCK, T55X7_VIKING_CONFIG_BLOCK, T55X7_NORALYS_CONFIG_BLOCK, T55X7_IOPROX_CONFIG_BLOCK
1256 */
1257 static char buf[60];
1258 char *retStr = buf;
1259
1260 switch (tagtype){
1261 case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break;
1262 case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break;
1263 default:
1264 break;
1265 }
1266 PrintAndLog(buf);
1267 }
1268
1269 int CmdResetRead(const char *Cmd) {
1270 UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};
1271
1272 clearCommandBuffer();
1273 SendCommand(&c);
1274 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
1275 PrintAndLog("command execution time out");
1276 return 0;
1277 }
1278
1279 uint8_t got[BIGBUF_SIZE-1];
1280 GetFromBigBuf(got,sizeof(got),0);
1281 WaitForResponse(CMD_ACK,NULL);
1282 setGraphBuf(got, sizeof(got));
1283 return 1;
1284 }
1285
1286 int CmdT55xxWipe(const char *Cmd) {
1287 char writeData[20] = {0};
1288 char *ptrData = writeData;
1289
1290 PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");
1291
1292 //try with the default password to reset block 0 (with a pwd should work even if pwd bit not set)
1293 snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");
1294
1295 if (!CmdT55xxWriteBlock(ptrData))
1296 PrintAndLog("Error writing blk 0");
1297
1298 for (uint8_t blk = 1; blk<8; blk++) {
1299
1300 snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);
1301
1302 if (!CmdT55xxWriteBlock(ptrData))
1303 PrintAndLog("Error writing blk %d", blk);
1304
1305 memset(writeData, sizeof(writeData), 0x00);
1306 }
1307 return 0;
1308 }
1309
1310 static command_t CommandTable[] = {
1311 {"help", CmdHelp, 1, "This help"},
1312 {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
1313 {"detect", CmdT55xxDetect, 1, "[1] Try detecting the tag modulation from reading the configuration block."},
1314 {"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]"},
1315 {"resetread",CmdResetRead, 0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"},
1316 {"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data. Optional [p password], [page1]"},
1317 {"trace", CmdT55xxReadTrace, 1, "[1] Show T55x7 traceability data (page 1/ blk 0-1)"},
1318 {"info", CmdT55xxInfo, 1, "[1] Show T55x7 configuration data (page 0/ blk 0)"},
1319 {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. Optional [password], [override]"},
1320 {"special", special, 0, "Show block changes with 64 different offsets"},
1321 {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
1322 {"wipe", CmdT55xxWipe, 0, "Wipe a T55xx tag and set defaults (will destroy any data on tag)"},
1323 {NULL, NULL, 0, NULL}
1324 };
1325
1326 int CmdLFT55XX(const char *Cmd) {
1327 CmdsParse(CommandTable, Cmd);
1328 return 0;
1329 }
1330
1331 int CmdHelp(const char *Cmd) {
1332 CmdsHelp(CommandTable);
1333 return 0;
1334 }
Proxmark3 GIT tracking
Impressum, Datenschutz