int usage_t55xx_bruteforce(){\r
PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");\r
PrintAndLog(" password must be 4 bytes (8 hex symbols)");\r
+ PrintAndLog("This command uses A) bruteforce to scan a number range");\r
+ PrintAndLog(" B) a dictionary attack");\r
PrintAndLog("Options:");\r
PrintAndLog(" h - this help");\r
PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>");\r
PrintAndLog("");\r
PrintAndLog("Examples:");\r
PrintAndLog(" lf t55xx bruteforce aaaaaaaa bbbbbbbb");\r
- PrintAndLog(" lf t55xx bruteforce i mykeys.dic");\r
+ PrintAndLog(" lf t55xx bruteforce i default_pwd.dic");\r
PrintAndLog("");\r
return 0;\r
}\r
ans = ASKDemod(cmdStr, FALSE, FALSE, 1);\r
break;\r
case DEMOD_PSK1:\r
- // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ // skip first 16 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
CmdLtrim("160");\r
snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );\r
ans = PSKDemod(cmdStr, FALSE);\r
+ save_restoreGB(0);\r
break;\r
case DEMOD_PSK2: //inverted won't affect this\r
case DEMOD_PSK3: //not fully implemented\r
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
CmdLtrim("160");\r
snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );\r
ans = PSKDemod(cmdStr, FALSE);\r
psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
+ save_restoreGB(1);\r
break;\r
case DEMOD_NRZ:\r
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
\r
if (!DecodeT55xxBlock()) return 1;\r
\r
+ // too little space to start with\r
if ( DemodBufferLen < 32) return 1;\r
\r
+ // \r
+ PrintAndLog("Offset+32 ==%d\n DemodLen == %d", config.offset + 32,DemodBufferLen );\r
+ \r
+\r
+ \r
uint8_t si = config.offset;\r
uint32_t bl0 = PackBits(si, 32, DemodBuffer);\r
\r
if (!CmdT55xxWriteBlock(ptrData)) \r
PrintAndLog("Error writing blk %d", blk);\r
\r
- memset(writeData, sizeof(writeData), 0x00);\r
+ memset(writeData,0x00, sizeof(writeData));\r
}\r
return 0;\r
}\r
PrintAndLog("No keys found in file");\r
return 1;\r
}\r
+ PrintAndLog("Loaded %d keys", keycnt);\r
\r
// loop\r
- uint32_t testpwd = 0x00;\r
+ uint64_t testpwd = 0x00;\r
for (uint16_t c = 0; c < keycnt; ++c ) {\r
\r
- testpwd = bytes_to_num(keyBlock + 4*keycnt, 4);\r
+ if (ukbhit()) {\r
+ getchar();\r
+ printf("\naborted via keyboard!\n");\r
+ return 0;\r
+ }\r
+ \r
+ testpwd = bytes_to_num(keyBlock + 4*c, 4);\r
+\r
+ PrintAndLog("Testing %08X", testpwd);\r
+ \r
+ \r
+ if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
+ PrintAndLog("Aquireing data from device failed. Quitting");\r
+ return 0;\r
+ }\r
\r
- AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd);\r
found = tryDetectModulation();\r
- \r
+\r
if ( found ) {\r
- PrintAndLog("Found valid password:[%08X]", testpwd);\r
+ PrintAndLog("Found valid password: [%08X]", testpwd);\r
return 0;\r
} \r
}\r
+ PrintAndLog("Password NOT found.");\r
+ return 0;\r
}\r
\r
+ // Try to read Block 7, first :)\r
\r
+ // incremental pwd range search\r
start_password = param_get32ex(Cmd, 0, 0, 16);\r
end_password = param_get32ex(Cmd, 1, 0, 16);\r
\r
if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
\r
- PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
+ PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
\r
uint32_t i = start_password;\r
\r
while ((!found) && (i <= end_password)){\r
\r
- AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i);\r
+ printf(".");\r
+ fflush(stdout);\r
+ if (ukbhit()) {\r
+ getchar();\r
+ printf("\naborted via keyboard!\n");\r
+ return 0;\r
+ }\r
+ \r
+ if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
+ PrintAndLog("Aquireing data from device failed. Quitting");\r
+ return 0;\r
+ }\r
found = tryDetectModulation();\r
\r
- if (found)\r
- break;\r
- \r
- if ((i % 0x100) == 0) printf("[%08x], ",i);\r
-\r
+ if (found) break;\r
i++;\r
}\r
\r
if (found)\r
PrintAndLog("Found valid password: [%08x]", i);\r
else\r
- PrintAndLog("Password NOT found. Last tried: [%08x]", i);\r
+ PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
return 0;\r
}\r
\r
projects / proxmark3-svn / blobdiff