#ifndef CMDLFT55XX_H__\r
#define CMDLFT55XX_H__\r
\r
+#include <stdio.h>\r
+#include <string.h>\r
+#include <inttypes.h>\r
+#include "proxmark3.h"\r
+#include "ui.h"\r
+#include "graph.h"\r
+#include "cmdmain.h"\r
+#include "cmdparser.h"\r
+#include "cmddata.h"\r
+#include "cmdlf.h"\r
+#include "util.h"\r
+#include "data.h"\r
+#include "lfdemod.h"\r
+#include "cmdhf14a.h" //for getTagInfo\r
+\r
+\r
+#define T55x7_CONFIGURATION_BLOCK 0x00\r
+#define T55x7_PAGE0 0x00\r
+#define T55x7_PAGE1 0x01\r
+#define T55x7_PWD 0x00000010\r
+#define REGULAR_READ_MODE_BLOCK 0xFF\r
+\r
// config blocks\r
#define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // compat mode, data rate 32, manchester, ST, 7 data blocks\r
#define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // compat mode, data rate 32, manchester, 7 data blocks\r
-\r
#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks\r
-\r
-\r
// FDXB requires data inversion and BiPhase 57 is simply BipHase 50 inverted, so we can either do it using the modulation scheme or the inversion flag\r
// we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,\r
// and it should actually be "10000" (16)\r
// #define T55X7_FDXB_CONFIG_BLOCK 903F8080 // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks\r
#define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks\r
#define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks\r
+#define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks\r
#define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2\r
#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7\r
#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // bitrate 64pcb, Direct modulation, Biphase, 3 data blocks\r
#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // compat mode, data rate 32, Manchester, 2 data blocks\r
#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // compat mode, (NORALYS - KCP3000)\r
+#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // maxblock 2\r
+#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // data rate 32, Manchester, 5 data blocks, STT\r
#define T55X7_bin 0b0010\r
\r
+#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks?\r
+enum {\r
+ T55x7_RAW = 0x00,\r
+ T55x7_DEFAULT = 0x00,\r
+ T5555_DEFAULT = 0x01,\r
+ EM_UNIQUE = 0x0,\r
+ FDBX = 0x02,\r
+ HID_26 = 0x03,\r
+ INDALA_64 = 0x04,\r
+ INDALA_224 = 0x05,\r
+ GUARDPROXXII = 0x06,\r
+ VIKING = 0x07,\r
+ NORALSYS = 0x08,\r
+ IOPROX = 0x09,\r
+} t55xx_tag;\r
+\r
+typedef struct {\r
+ uint32_t bl1;\r
+ uint32_t bl2; \r
+ uint32_t acl; \r
+ uint32_t mfc; \r
+ uint32_t cid; \r
+ uint32_t year; \r
+ uint32_t quarter; \r
+ uint32_t icr;\r
+ uint32_t lotid; \r
+ uint32_t wafer; \r
+ uint32_t dw;\r
+} t55x7_tracedata_t;\r
+\r
+typedef struct {\r
+ uint32_t bl1;\r
+ uint32_t bl2;\r
+ uint32_t icr;\r
+ char lotidc;\r
+ uint32_t lotid;\r
+ uint32_t wafer;\r
+ uint32_t dw;\r
+} t5555_tracedata_t;\r
\r
typedef struct {\r
enum {\r
RF_100 = 0x06,\r
RF_128 = 0x07,\r
} bitrate;\r
+ bool Q5;\r
+ bool ST;\r
} t55xx_conf_block_t;\r
t55xx_conf_block_t Get_t55xx_Config();\r
void Set_t55xx_Config(t55xx_conf_block_t conf);\r
\r
-\r
int CmdLFT55XX(const char *Cmd);\r
int CmdT55xxSetConfig(const char *Cmd);\r
int CmdT55xxReadBlock(const char *Cmd);\r
int CmdT55xxInfo(const char *Cmd);\r
int CmdT55xxDetect(const char *Cmd);\r
int CmdResetRead(const char *Cmd);\r
+int CmdT55xxWipe(const char *Cmd);\r
+int CmdT55xxBruteForce(const char *Cmd);\r
\r
char * GetBitRateStr(uint32_t id);\r
char * GetSaferStr(uint32_t id);\r
char * GetModelStrFromCID(uint32_t cid);\r
char * GetSelectedModulationStr( uint8_t id);\r
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);\r
+void printT5xxHeader(uint8_t page);\r
void printT55xxBlock(const char *demodStr);\r
int printConfiguration( t55xx_conf_block_t b);\r
\r
bool DecodeT55xxBlock();\r
bool tryDetectModulation();\r
-bool test(uint8_t mode, uint8_t *offset, int *fndBitRate);\r
+bool testKnownConfigBlock(uint32_t block0);\r
+bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);\r
int special(const char *Cmd);\r
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );\r
\r
+bool detectPassword(int password);\r
+\r
+void printT55x7Trace( t55x7_tracedata_t data, uint8_t repeat );\r
+void printT5555Trace( t5555_tracedata_t data, uint8_t repeat );\r
+\r
#endif\r