]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlft55xx.c
projects / proxmark3-svn / blob
? search:


b060bdee83b94aaa829b06b43a31ccff51b1d3e1
[proxmark3-svn] / client / cmdlft55xx.c
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency T55xx commands
8 //-----------------------------------------------------------------------------
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <inttypes.h>
13 #include "proxmark3.h"
14 #include "ui.h"
15 #include "graph.h"
16 #include "cmdmain.h"
17 #include "cmdparser.h"
18 #include "cmddata.h"
19 #include "cmdlf.h"
20 #include "cmdlft55xx.h"
21 #include "util.h"
22 #include "data.h"
23 #include "lfdemod.h"
24
25 #define LF_TRACE_BUFF_SIZE 20000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
26 #define LF_BITSSTREAM_LEN 1000 // more then 1000 bits shouldn't happend.. 8block * 4 bytes * 8bits =
27
28 int usage_t55xx_rd(){
29 PrintAndLog("Usage: lf t55xx rd <block> <password>");
30 PrintAndLog(" <block>, block number to read. Between 0-7");
31 PrintAndLog(" <password>, OPTIONAL password (8 hex characters)");
32 PrintAndLog("");
33 PrintAndLog(" sample: lf t55xx rd 0 = try reading data from block 0");
34 PrintAndLog(" : lf t55xx rd 0 feedbeef = try reading data from block 0 using password");
35 PrintAndLog("");
36 return 0;
37 }
38 int usage_t55xx_wr(){
39 PrintAndLog("Usage: lf t55xx wr <block> <data> [password]");
40 PrintAndLog(" <block>, block number to read. Between 0-7");
41 PrintAndLog(" <data>, 4 bytes of data to write (8 hex characters)");
42 PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex characters)");
43 PrintAndLog("");
44 PrintAndLog(" sample: lf t55xx wd 3 11223344 = try writing data 11223344 to block 3");
45 PrintAndLog(" : lf t55xx wd 3 11223344 feedbeef = try writing data 11223344 to block 3 using password feedbeef");
46 PrintAndLog("");
47 return 0;
48 }
49 int usage_t55xx_trace() {
50 PrintAndLog("Usage: lf t55xx trace [graph buffer data]");
51 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
52 PrintAndLog("");
53 PrintAndLog(" sample: lf t55xx trace");
54 PrintAndLog(" : lf t55xx trace 1");
55 PrintAndLog("");
56 return 0;
57 }
58 int usage_t55xx_info() {
59 PrintAndLog("Usage: lf t55xx info [graph buffer data]");
60 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
61 PrintAndLog("");
62 PrintAndLog(" sample: lf t55xx info");
63 PrintAndLog(" : lf t55xx info 1");
64 PrintAndLog("");
65 return 0;
66 }
67 int usage_t55xx_dump(){
68 PrintAndLog("Usage: lf t55xx dump <password>");
69 PrintAndLog(" <password>, OPTIONAL password 4bytes (8 hex characters)");
70 PrintAndLog("");
71 PrintAndLog(" sample: lf t55xx dump");
72 PrintAndLog(" : lf t55xx dump feedbeef");
73 PrintAndLog("");
74 return 0;
75 }
76
77 static int CmdHelp(const char *Cmd);
78
79 /*
80 FSK1 / FSK1a
81 size = fskdemod(dest, size, 32, 0, 8, 10); // fsk1 RF/32
82 size = fskdemod(dest, size, 32, 1, 8, 10); // fsk1a RF/32
83
84 FSK2 / FSK2a
85 size = fskdemod(dest, size, 32, 0, 10, 8); // fsk2 RF/32
86 size = fskdemod(dest, size, 32, 1, 10, 8); // fsk2a RF/32
87 size = fskdemod(dest, size, 50, 1, 10, 8); // fsk2a RF/50
88 size = fskdemod(dest, size, 64, 1, 10, 8); // FSK2a RF/64
89
90 */
91
92 int CmdReadBlk(const char *Cmd)
93 {
94 int invert = 0;
95 int clk = 0;
96 int block = -1;
97 int password = 0xFFFFFFFF; //default to blank Block 7
98 int errCnt;
99 size_t bitlen;
100 int maxErr = 100;
101 //uint8_t askAmp = 0;
102 uint32_t blockData;
103 uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0x00};
104
105
106 char cmdp = param_getchar(Cmd, 0);
107 if (cmdp == 'h' || cmdp == 'H') {
108 usage_t55xx_rd();
109 return 0;
110 }
111
112 int res = sscanf(Cmd, "%d %x", &block, &password);
113
114 if ( res < 1 || res > 2 ){
115 usage_t55xx_rd();
116 return 1;
117 }
118
119 if ((block < 0) | (block > 7)) {
120 PrintAndLog("Block must be between 0 and 7");
121 return 1;
122 }
123
124 UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, 0}};
125 c.d.asBytes[0] = 0x0;
126
127 //Password mode
128 if ( res == 2 ) {
129 c.arg[2] = password;
130 c.d.asBytes[0] = 0x1;
131 }
132
133 SendCommand(&c);
134 if ( !WaitForResponseTimeout(CMD_ACK,NULL,1500) ) {
135 PrintAndLog("command execution time out");
136 return 2;
137 }
138
139 CmdSamples("12000");
140
141 bitlen = getFromGraphBuf(bits);
142
143 //errCnt = askrawdemod(bits, &bitlen, &clk, &invert, maxErr, askAmp);
144 errCnt = askmandemod(bits, &bitlen, &clk, &invert, maxErr);
145
146 //throw away static - allow 1 and -1 (in case of threshold command first)
147 if ( errCnt == -1 || bitlen < 16 ){
148 PrintAndLog("no data found");
149 if (g_debugMode)
150 PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
151 return 3;
152 }
153 if (g_debugMode)
154 PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d", clk, invert, bitlen);
155
156 //move bits back to DemodBuffer
157 setDemodBuf(bits, bitlen, 0);
158 printBitStream(bits,bitlen);
159
160 // bits has the manchester encoded data.
161 errCnt = manrawdecode(bits, &bitlen);
162 if ( errCnt == -1 || bitlen < 16 ){
163 PrintAndLog("no data found");
164 if (g_debugMode)
165 PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
166 return 4;
167 }
168
169 blockData = PackBits(1, 32, bits);
170
171 if ( block < 0)
172 PrintAndLog(" Decoded : 0x%08X %s", blockData, sprint_bin(bits+1,32) );
173 else
174 PrintAndLog(" Block %d : 0x%08X %s", block, blockData, sprint_bin(bits+1,32) );
175
176 return 0;
177 }
178
179 int CmdWriteBlk(const char *Cmd)
180 {
181 int block = 8; //default to invalid block
182 int data = 0xFFFFFFFF; //default to blank Block
183 int password = 0xFFFFFFFF; //default to blank Block 7
184
185 char cmdp = param_getchar(Cmd, 0);
186 if (cmdp == 'h' || cmdp == 'H') {
187 usage_t55xx_wr();
188 return 0;
189 }
190
191 int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);
192
193 if ( res < 2 || res > 3) {
194 usage_t55xx_wr();
195 return 1;
196 }
197
198 if (block > 7) {
199 PrintAndLog("Block must be between 0 and 7");
200 return 1;
201 }
202
203 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
204 c.d.asBytes[0] = 0x0;
205
206 if (res == 2) {
207 PrintAndLog("Writing block %d data %08X", block, data);
208 } else {
209 //Password mode
210 c.arg[2] = password;
211 c.d.asBytes[0] = 0x1;
212 PrintAndLog("Writing block %d data %08X password %08X", block, data, password);
213 }
214
215 SendCommand(&c);
216 return 0;
217 }
218
219 int CmdReadTrace(const char *Cmd)
220 {
221 int invert = 0;
222 int clk = 0;
223 int errCnt;
224 size_t bitlen;
225 int maxErr = 100;
226 uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0x00};
227
228 char cmdp = param_getchar(Cmd, 0);
229
230 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {
231 usage_t55xx_trace();
232 return 0;
233 }
234
235 if ( strlen(Cmd)==0){
236
237 UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}};
238 SendCommand(&c);
239 WaitForResponse(CMD_ACK, NULL);
240
241 CmdSamples("12000");
242 }
243
244 bitlen = getFromGraphBuf(bits);
245
246 //errCnt = askrawdemod(bits, &bitlen, &clk, &invert, maxErr, askAmp);
247 errCnt = askmandemod(bits, &bitlen, &clk, &invert, maxErr);
248
249 //throw away static - allow 1 and -1 (in case of threshold command first)
250 if ( errCnt == -1 || bitlen < 16 ){
251 PrintAndLog("no data found");
252 if (g_debugMode)
253 PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
254 return 3;
255 }
256 if (g_debugMode)
257 PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d", clk, invert, bitlen);
258
259 //move bits back to DemodBuffer
260 setDemodBuf(bits, bitlen, 0);
261
262 // bits has the manchester encoded data.
263 errCnt = manrawdecode(bits, &bitlen);
264 if ( errCnt == -1 || bitlen < 16 ){
265 PrintAndLog("no data found");
266 if (g_debugMode)
267 PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
268 return 4;
269 }
270
271 RepaintGraphWindow();
272
273 uint8_t si = 5;
274 uint32_t bl0 = PackBits(si, 32, bits);
275 uint32_t bl1 = PackBits(si+32, 32, bits);
276
277 uint32_t acl = PackBits(si, 8, bits); si += 8;
278 uint32_t mfc = PackBits(si, 8, bits); si += 8;
279 uint32_t cid = PackBits(si, 5, bits); si += 5;
280 uint32_t icr = PackBits(si, 3, bits); si += 3;
281 uint32_t year = PackBits(si, 4, bits); si += 4;
282 uint32_t quarter = PackBits(si, 2, bits); si += 2;
283 uint32_t lotid = PackBits(si, 12, bits); si += 12;
284 uint32_t wafer = PackBits(si, 5, bits); si += 5;
285 uint32_t dw = PackBits(si, 15, bits);
286
287 PrintAndLog("");
288 PrintAndLog("-- T55xx Trace Information ----------------------------------");
289 PrintAndLog("-------------------------------------------------------------");
290 PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl);
291 PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d)", mfc, mfc);
292 PrintAndLog(" CID : 0x%02X (%d)", cid, cid);
293 PrintAndLog(" ICR IC Revision : %d",icr );
294 PrintAndLog(" Manufactured");
295 PrintAndLog(" Year/Quarter : %d/%d",2000+year, quarter );
296 PrintAndLog(" Lot ID : %d", lotid );
297 PrintAndLog(" Wafer number : %d", wafer);
298 PrintAndLog(" Die Number : %d", dw);
299 PrintAndLog("-------------------------------------------------------------");
300 PrintAndLog(" Raw Data - Page 1");
301 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(bits+5,32) );
302 PrintAndLog(" Block 0 : 0x%08X %s", bl1, sprint_bin(bits+37,32) );
303 PrintAndLog("-------------------------------------------------------------");
304 /*
305 TRACE - BLOCK O
306 Bits Definition HEX
307 1-8 ACL Allocation class (ISO/IEC 15963-1) 0xE0
308 9-16 MFC Manufacturer ID (ISO/IEC 7816-6) 0x15 Atmel Corporation
309 17-21 CID 0x1 = Atmel ATA5577M1 0x2 = Atmel ATA5577M2
310 22-24 ICR IC revision
311 25-28 YEAR (BCD encoded) 9 (= 2009)
312 29-30 QUARTER 1,2,3,4
313 31-32 LOT ID
314
315 TRACE - BLOCK 1
316 1-12 LOT ID
317 13-17 Wafer number
318 18-32 DW, die number sequential
319 */
320
321 return 0;
322 }
323
324 int CmdInfo(const char *Cmd){
325 /*
326 Page 0 Block 0 Configuration data.
327 Normal mode
328 Extended mode
329 */
330 char cmdp = param_getchar(Cmd, 0);
331
332 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {
333 usage_t55xx_info();
334 return 0;
335 } else {
336 CmdReadBlk("0");
337 }
338
339 uint8_t bits[LF_BITSSTREAM_LEN] = {0x00};
340
341 manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bits, LF_BITSSTREAM_LEN);
342
343 uint8_t si = 5;
344 uint32_t bl0 = PackBits(si, 32, bits);
345
346 uint32_t safer = PackBits(si, 4, bits); si += 4;
347 uint32_t resv = PackBits(si, 7, bits); si += 7;
348 uint32_t dbr = PackBits(si, 3, bits); si += 3;
349 uint32_t extend = PackBits(si, 1, bits); si += 1;
350 uint32_t datamodulation = PackBits(si, 5, bits); si += 5;
351 uint32_t pskcf = PackBits(si, 2, bits); si += 2;
352 uint32_t aor = PackBits(si, 1, bits); si += 1;
353 uint32_t otp = PackBits(si, 1, bits); si += 1;
354 uint32_t maxblk = PackBits(si, 3, bits); si += 3;
355 uint32_t pwd = PackBits(si, 1, bits); si += 1;
356 uint32_t sst = PackBits(si, 1, bits); si += 1;
357 uint32_t fw = PackBits(si, 1, bits); si += 1;
358 uint32_t inv = PackBits(si, 1, bits); si += 1;
359 uint32_t por = PackBits(si, 1, bits); si += 1;
360
361 PrintAndLog("");
362 PrintAndLog("-- T55xx Configuration & Tag Information --------------------");
363 PrintAndLog("-------------------------------------------------------------");
364 PrintAndLog(" Safer key : %s", GetSaferStr(safer));
365 PrintAndLog(" reserved : %d", resv);
366 PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr));
367 PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No");
368 PrintAndLog(" Modulation : %s", GetModulationStr(datamodulation) );
369 PrintAndLog(" PSK clock freq : %d", pskcf);
370 PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No");
371 PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" );
372 PrintAndLog(" Max block : %d", maxblk);
373 PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No");
374 PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");
375 PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No");
376 PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No");
377 PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No");
378 PrintAndLog("-------------------------------------------------------------");
379 PrintAndLog(" Raw Data - Page 0");
380 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(bits+5,32) );
381 PrintAndLog("-------------------------------------------------------------");
382
383 return 0;
384 }
385
386 int CmdDump(const char *Cmd){
387
388 char s[20] = {0x00};
389 uint8_t pwd[4] = {0x00};
390
391 char cmdp = param_getchar(Cmd, 0);
392 if ( cmdp == 'h' || cmdp == 'H') {
393 usage_t55xx_dump();
394 return 0;
395 }
396
397 bool hasPwd = ( strlen(Cmd) > 0);
398 if ( hasPwd ){
399 if (param_gethex(Cmd, 0, pwd, 8)) {
400 PrintAndLog("password must include 8 HEX symbols");
401 return 1;
402 }
403 }
404
405 for ( int i = 0; i <8; ++i){
406 memset(s,0,sizeof(s));
407 if ( hasPwd ) {
408 sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);
409 } else {
410 sprintf(s,"%d", i);
411 }
412 CmdReadBlk(s);
413 }
414 return 0;
415 }
416
417 int CmdIceFsk(const char *Cmd){
418
419 if (!HasGraphData()) return 0;
420
421 iceFsk3(GraphBuffer, LF_TRACE_BUFF_SIZE);
422 RepaintGraphWindow();
423 return 0;
424 }
425 int CmdIceManchester(const char *Cmd){
426 ManchesterDemod( -1);
427 return 0;
428 }
429 int ManchesterDemod(int blockNum){
430
431 if (!HasGraphData()) return 0;
432
433 uint8_t sizebyte = 32;
434 // the value 5 was selected during empirical studies of the decoded data. Some signal noise to skip.
435 uint8_t offset = 5;
436 uint32_t blockData;
437 uint8_t bits[LF_BITSSTREAM_LEN] = {0x00};
438 uint8_t * bitstream = bits;
439
440 manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bits, LF_BITSSTREAM_LEN);
441 blockData = PackBits(offset, sizebyte, bits);
442
443 if ( blockNum < 0)
444 PrintAndLog(" Decoded : 0x%08X %s", blockData, sprint_bin(bitstream+offset,sizebyte) );
445 else
446 PrintAndLog(" Block %d : 0x%08X %s", blockNum, blockData, sprint_bin(bitstream+offset,sizebyte) );
447
448 return 0;
449 }
450
451 char * GetBitRateStr(uint32_t id){
452 static char buf[40];
453 char *retStr = buf;
454 switch (id){
455 case 0:
456 sprintf(retStr,"%d - RF/8",id);
457 break;
458 case 1:
459 sprintf(retStr,"%d - RF/16",id);
460 break;
461 case 2:
462 sprintf(retStr,"%d - RF/32",id);
463 break;
464 case 3:
465 sprintf(retStr,"%d - RF/40",id);
466 break;
467 case 4:
468 sprintf(retStr,"%d - RF/50",id);
469 break;
470 case 5:
471 sprintf(retStr,"%d - RF/64",id);
472 break;
473 case 6:
474 sprintf(retStr,"%d - RF/100",id);
475 break;
476 case 7:
477 sprintf(retStr,"%d - RF/128",id);
478 break;
479 default:
480 sprintf(retStr,"%d - (Unknown)",id);
481 break;
482 }
483
484 return buf;
485 }
486
487 char * GetSaferStr(uint32_t id){
488 static char buf[40];
489 char *retStr = buf;
490
491 sprintf(retStr,"%d",id);
492 if (id == 6) {
493 sprintf(retStr,"%d - pasdwd",id);
494 }
495 if (id == 9 ){
496 sprintf(retStr,"%d - testmode ",id);
497 }
498
499 return buf;
500 }
501 char * GetModulationStr( uint32_t id){
502 static char buf[40];
503 char *retStr = buf;
504
505 switch (id){
506 case 0:
507 sprintf(retStr,"%d - DIRECT (ASK/NRZ)",id);
508 break;
509 case 1:
510 sprintf(retStr,"%d - PSK 1 phase change when input changes",id);
511 break;
512 case 2:
513 sprintf(retStr,"%d - PSK 2 phase change on bitclk if input high",id);
514 break;
515 case 3:
516 sprintf(retStr,"%d - PSK 3 phase change on rising edge of input",id);
517 break;
518 case 4:
519 sprintf(retStr,"%d - FSK 1 RF/8 RF/5",id);
520 break;
521 case 5:
522 sprintf(retStr,"%d - FSK 2 RF/8 RF/10",id);
523 break;
524 case 6:
525 sprintf(retStr,"%d - FSK 1a RF/5 RF/8",id);
526 break;
527 case 7:
528 sprintf(retStr,"%d - FSK 2a RF/10 RF/8",id);
529 break;
530 case 8:
531 sprintf(retStr,"%d - Manschester",id);
532 break;
533 case 16:
534 sprintf(retStr,"%d - Biphase",id);
535 break;
536 case 17:
537 sprintf(retStr,"%d - Reserved",id);
538 break;
539 default:
540 sprintf(retStr,"0x%02X (Unknown)",id);
541 break;
542 }
543 return buf;
544 }
545
546
547 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
548
549 int i = start;
550 int j = len-1;
551 if (len > 32) {
552 return 0;
553 }
554 uint32_t tmp = 0;
555 for (; j >= 0; --j, ++i){
556 tmp |= bits[i] << j;
557 }
558 return tmp;
559 }
560
561 static command_t CommandTable[] =
562 {
563 {"help", CmdHelp, 1, "This help"},
564 {"rd", CmdReadBlk, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
565 {"wr", CmdWriteBlk, 0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},
566 {"trace", CmdReadTrace, 0, "[1] Read T55xx traceability data (page 1/ blk 0-1)"},
567 {"info", CmdInfo, 0, "[1] Read T55xx configuration data (page 0/ blk 0)"},
568 {"dump", CmdDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"},
569 {"man", CmdIceManchester, 0, "Manchester demod (with SST)"},
570 {NULL, NULL, 0, NULL}
571 };
572
573 int CmdLFT55XX(const char *Cmd)
574 {
575 CmdsParse(CommandTable, Cmd);
576 return 0;
577 }
578
579 int CmdHelp(const char *Cmd)
580 {
581 CmdsHelp(CommandTable);
582 return 0;
583 }
Proxmark3 GIT tracking
Impressum, Datenschutz