]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdlft55xx.c
CHG: Tried to unfold some loops inside ARM/crypto1 imp. It can't hurt, feels stabil.
[proxmark3-svn] / client / cmdlft55xx.c
index fc76e8983bc4ae195ec34d9fdf539b3912ee1c70..e10b24d054781dafe9c036a0d034c852b56b3cd6 100644 (file)
@@ -10,7 +10,7 @@
 #include <stdio.h>\r
 #include <string.h>\r
 #include <inttypes.h>\r
-#include <time.h>\r
+//#include <time.h>\r
 #include "proxmark3.h"\r
 #include "ui.h"\r
 #include "graph.h"\r
@@ -22,8 +22,6 @@
 #include "util.h"\r
 #include "data.h"\r
 #include "lfdemod.h"\r
-#include "../common/crc.h"\r
-#include "../common/iso14443crc.h"\r
 #include "cmdhf14a.h"\r
 \r
 #define T55x7_CONFIGURATION_BLOCK 0x00\r
@@ -166,7 +164,18 @@ int usage_t55xx_bruteforce(){
     PrintAndLog("");\r
     return 0;\r
 }\r
-\r
+int usage_t55xx_wipe(){\r
+       PrintAndLog("Usage:  lf t55xx wipe [h] [Q5]");\r
+       PrintAndLog("This commands wipes a tag, fills blocks 1-7 with zeros and a default configuration block");\r
+       PrintAndLog("Options:");\r
+       PrintAndLog("     h     - this help");\r
+    PrintAndLog("     Q5       - indicates to use the T555 (Q5) default configuration block");\r
+    PrintAndLog("");\r
+       PrintAndLog("Examples:");\r
+    PrintAndLog("      lf t55xx wipe   -  wipes a t55x7 tag,    config block 0x000880E0");\r
+       PrintAndLog("      lf t55xx wipe Q5 -  wipes a t5555 Q5 tag, config block 0x6001F004");\r
+       return 0;\r
+}\r
 static int CmdHelp(const char *Cmd);\r
 \r
 void printT5xxHeader(uint8_t page){\r
@@ -1307,7 +1316,7 @@ void t55x7_create_config_block( int tagtype ){
        switch (tagtype){\r
                case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break;\r
                case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break;\r
-               //case 2: snprintf(retStr, sizeof(buf),"%08X - Q5 Default", Q5_DEFAULT_CONFIG_BLOCK); break;\r
+               case 2: snprintf(retStr, sizeof(buf),"%08X - T5555 Q5 Default", T5555_DEFAULT_CONFIG_BLOCK); break;\r
                default:\r
                        break;\r
        }\r
@@ -1334,21 +1343,28 @@ int CmdResetRead(const char *Cmd) {
 int CmdT55xxWipe(const char *Cmd) {\r
        char writeData[20] = {0};\r
        char *ptrData = writeData;\r
-       \r
+       char cmdp = param_getchar(Cmd, 0);      \r
+       if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_wipe();\r
+\r
+       bool Q5 = (cmdp == 'q' || cmdp == 'Q');\r
+\r
+       // Try with the default password to reset block 0\r
+       // With a pwd should work even if pwd bit not set\r
        PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
+               \r
+       if ( Q5 ){\r
+               snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0");\r
+       } else {\r
+               snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
+       }\r
        \r
-       //try with the default password to reset block 0  (with a pwd should work even if pwd bit not set)\r
-       snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
-       \r
-       if (!CmdT55xxWriteBlock(ptrData))\r
-               PrintAndLog("Error writing blk 0");\r
+       if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0");\r
        \r
        for (uint8_t blk = 1; blk<8; blk++) {\r
                \r
                snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);\r
                \r
-               if (!CmdT55xxWriteBlock(ptrData)) \r
-                       PrintAndLog("Error writing blk %d", blk);\r
+               if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk %d", blk);\r
                \r
                memset(writeData,0x00, sizeof(writeData));\r
        }\r
@@ -1362,7 +1378,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
        char filename[FILE_PATH_SIZE]={0};\r
        int     keycnt = 0;\r
        uint8_t stKeyBlock = 20;\r
-       uint8_t *keyBlock = NULL, *p;\r
+       uint8_t *keyBlock = NULL, *p = NULL;\r
        keyBlock = calloc(stKeyBlock, 6);\r
        if (keyBlock == NULL) return 1;\r
        \r
@@ -1371,7 +1387,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
     bool found = false;\r
 \r
     char cmdp = param_getchar(Cmd, 0);\r
-    if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
+    if (cmdp == 'h' || cmdp == 'H') {\r
+               free(keyBlock);\r
+               return usage_t55xx_bruteforce();\r
+       }\r
 \r
        if (cmdp == 'i' || cmdp == 'I') {\r
        \r
@@ -1407,6 +1426,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                                if (!p) {\r
                                        PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                        free(keyBlock);\r
+                                       fclose(f);\r
                                        return 2;\r
                                }\r
                                keyBlock = p;\r
@@ -1421,6 +1441,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                \r
                if (keycnt == 0) {\r
                        PrintAndLog("No keys found in file");\r
+                       free(keyBlock);\r
                        return 1;\r
                }\r
                PrintAndLog("Loaded %d keys", keycnt);\r
@@ -1432,6 +1453,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        if (ukbhit()) {\r
                                getchar();\r
                                printf("\naborted via keyboard!\n");\r
+                               free(keyBlock);\r
+                               free(p);\r
                                return 0;\r
                        }\r
                \r
@@ -1442,6 +1465,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        \r
                        if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
                                PrintAndLog("Aquireing data from device failed. Quitting");\r
+                               free(keyBlock);\r
+                               free(p);\r
                                return 0;\r
                        }\r
                        \r
@@ -1449,10 +1474,14 @@ int CmdT55xxBruteForce(const char *Cmd) {
 \r
                        if ( found ) {\r
                                PrintAndLog("Found valid password: [%08X]", testpwd);\r
+                               free(keyBlock);\r
+                               free(p);\r
                                return 0;\r
                        } \r
                }\r
                PrintAndLog("Password NOT found.");\r
+               free(keyBlock);\r
+               free(p);\r
                return 0;\r
        }\r
        \r
@@ -1462,7 +1491,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
     start_password = param_get32ex(Cmd, 0, 0, 16);\r
        end_password = param_get32ex(Cmd, 1, 0, 16);\r
        \r
-       if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
+       if ( start_password >= end_password ) {\r
+               free(keyBlock);\r
+               return usage_t55xx_bruteforce();\r
+       }\r
        \r
     PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
        \r
@@ -1475,11 +1507,13 @@ int CmdT55xxBruteForce(const char *Cmd) {
                if (ukbhit()) {\r
                        getchar();\r
                        printf("\naborted via keyboard!\n");\r
+                       free(keyBlock);\r
                        return 0;\r
                }\r
                        \r
                if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
                        PrintAndLog("Aquireing data from device failed. Quitting");\r
+                       free(keyBlock);\r
                        return 0;\r
                }\r
                found = tryDetectModulation();\r
@@ -1494,6 +1528,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                PrintAndLog("Found valid password: [%08x]", i);\r
     else\r
                PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
+\r
+       free(keyBlock);\r
     return 0;\r
 }\r
 \r
Impressum, Datenschutz