#include <stdio.h>\r
#include <string.h>\r
#include <inttypes.h>\r
-#include <time.h>\r
+//#include <time.h>\r
#include "proxmark3.h"\r
#include "ui.h"\r
#include "graph.h"\r
#include "util.h"\r
#include "data.h"\r
#include "lfdemod.h"\r
-#include "../common/crc.h"\r
-#include "../common/iso14443crc.h"\r
#include "cmdhf14a.h"\r
\r
#define T55x7_CONFIGURATION_BLOCK 0x00\r
PrintAndLog("");\r
return 0;\r
}\r
-\r
+int usage_t55xx_wipe(){\r
+ PrintAndLog("Usage: lf t55xx wipe [h] [Q5]");\r
+ PrintAndLog("This commands wipes a tag, fills blocks 1-7 with zeros and a default configuration block");\r
+ PrintAndLog("Options:");\r
+ PrintAndLog(" h - this help");\r
+ PrintAndLog(" Q5 - indicates to use the T555 (Q5) default configuration block");\r
+ PrintAndLog("");\r
+ PrintAndLog("Examples:");\r
+ PrintAndLog(" lf t55xx wipe - wipes a t55x7 tag, config block 0x000880E0");\r
+ PrintAndLog(" lf t55xx wipe Q5 - wipes a t5555 Q5 tag, config block 0x6001F004");\r
+ return 0;\r
+}\r
static int CmdHelp(const char *Cmd);\r
\r
void printT5xxHeader(uint8_t page){\r
switch (tagtype){\r
case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break;\r
case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break;\r
- //case 2: snprintf(retStr, sizeof(buf),"%08X - Q5 Default", Q5_DEFAULT_CONFIG_BLOCK); break;\r
+ case 2: snprintf(retStr, sizeof(buf),"%08X - T5555 Q5 Default", T5555_DEFAULT_CONFIG_BLOCK); break;\r
default:\r
break;\r
}\r
int CmdT55xxWipe(const char *Cmd) {\r
char writeData[20] = {0};\r
char *ptrData = writeData;\r
- \r
+ char cmdp = param_getchar(Cmd, 0); \r
+ if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_wipe();\r
+\r
+ bool Q5 = (cmdp == 'q' || cmdp == 'Q');\r
+\r
+ // Try with the default password to reset block 0\r
+ // With a pwd should work even if pwd bit not set\r
PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
+ \r
+ if ( Q5 ){\r
+ snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0");\r
+ } else {\r
+ snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
+ }\r
\r
- //try with the default password to reset block 0 (with a pwd should work even if pwd bit not set)\r
- snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
- \r
- if (!CmdT55xxWriteBlock(ptrData))\r
- PrintAndLog("Error writing blk 0");\r
+ if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0");\r
\r
for (uint8_t blk = 1; blk<8; blk++) {\r
\r
snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);\r
\r
- if (!CmdT55xxWriteBlock(ptrData)) \r
- PrintAndLog("Error writing blk %d", blk);\r
+ if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk %d", blk);\r
\r
memset(writeData,0x00, sizeof(writeData));\r
}\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
uint8_t stKeyBlock = 20;\r
- uint8_t *keyBlock = NULL, *p;\r
+ uint8_t *keyBlock = NULL, *p = NULL;\r
keyBlock = calloc(stKeyBlock, 6);\r
if (keyBlock == NULL) return 1;\r
\r
bool found = false;\r
\r
char cmdp = param_getchar(Cmd, 0);\r
- if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
+ if (cmdp == 'h' || cmdp == 'H') {\r
+ free(keyBlock);\r
+ return usage_t55xx_bruteforce();\r
+ }\r
\r
if (cmdp == 'i' || cmdp == 'I') {\r
\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defaultKeys");\r
free(keyBlock);\r
+ fclose(f);\r
return 2;\r
}\r
keyBlock = p;\r
\r
if (keycnt == 0) {\r
PrintAndLog("No keys found in file");\r
+ free(keyBlock);\r
return 1;\r
}\r
PrintAndLog("Loaded %d keys", keycnt);\r
if (ukbhit()) {\r
getchar();\r
printf("\naborted via keyboard!\n");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
\r
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
\r
if ( found ) {\r
PrintAndLog("Found valid password: [%08X]", testpwd);\r
+ free(keyBlock);\r
return 0;\r
} \r
}\r
PrintAndLog("Password NOT found.");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
start_password = param_get32ex(Cmd, 0, 0, 16);\r
end_password = param_get32ex(Cmd, 1, 0, 16);\r
\r
- if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
+ if ( start_password >= end_password ) {\r
+ free(keyBlock);\r
+ return usage_t55xx_bruteforce();\r
+ }\r
\r
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
\r
if (ukbhit()) {\r
getchar();\r
printf("\naborted via keyboard!\n");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
+ free(keyBlock);\r
return 0;\r
}\r
found = tryDetectModulation();\r
PrintAndLog("Found valid password: [%08x]", i);\r
else\r
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
+\r
+ free(keyBlock);\r
return 0;\r
}\r
\r