int usage_t55xx_bruteforce(){\r
PrintAndLog("This command uses A) bruteforce to scan a number range");\r
PrintAndLog(" B) a dictionary attack");\r
+ PrintAndLog("press 'enter' to cancel the command");\r
PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
PrintAndLog(" password must be 4 bytes (8 hex symbols)");\r
PrintAndLog("Options:");\r
}\r
int usage_t55xx_recoverpw(){\r
PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
+ PrintAndLog("press 'enter' to cancel the command");\r
PrintAndLog("WARNING: this may brick non-password protected chips!");\r
PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
PrintAndLog(" password must be 4 bytes (8 hex symbols)");\r
\r
void printT5xxHeader(uint8_t page){\r
PrintAndLog("Reading Page %d:", page); \r
- PrintAndLog("blk | hex data | binary | ascii");\r
- PrintAndLog("----+----------+---------------------------------+-------"); \r
+ PrintAndLog("blk | hex data | binary | ascii");\r
+ PrintAndLog("----+----------+----------------------------------+-------"); \r
}\r
\r
int CmdT55xxSetConfig(const char *Cmd) {\r
return TRUE;\r
}\r
\r
+ bool retval = FALSE;\r
if ( hits > 1) {\r
PrintAndLog("Found [%d] possible matches for modulation.",hits);\r
for(int i=0; i<hits; ++i){\r
- PrintAndLog("--[%d]---------------", i+1);\r
+ retval = testKnownConfigBlock(tests[i].block0);\r
+ if ( retval ) { \r
+ PrintAndLog("--[%d]--------------- << selected this", i+1);\r
+ config.modulation = tests[i].modulation;\r
+ config.bitrate = tests[i].bitrate;\r
+ config.inverted = tests[i].inverted;\r
+ config.offset = tests[i].offset;\r
+ config.block0 = tests[i].block0;\r
+ config.Q5 = tests[i].Q5;\r
+ config.ST = tests[i].ST;\r
+ } else {\r
+ PrintAndLog("--[%d]---------------", i+1);\r
+ }\r
printConfiguration( tests[i] );\r
}\r
}\r
+ return retval;\r
+}\r
+\r
+bool testKnownConfigBlock(uint32_t block0) {\r
+ switch(block0){\r
+ case T55X7_DEFAULT_CONFIG_BLOCK:\r
+ case T55X7_RAW_CONFIG_BLOCK:\r
+ case T55X7_EM_UNIQUE_CONFIG_BLOCK:\r
+ case T55X7_FDXB_CONFIG_BLOCK:\r
+ case T55X7_HID_26_CONFIG_BLOCK:\r
+ case T55X7_PYRAMID_CONFIG_BLOCK:\r
+ case T55X7_INDALA_64_CONFIG_BLOCK:\r
+ case T55X7_INDALA_224_CONFIG_BLOCK:\r
+ case T55X7_GUARDPROXII_CONFIG_BLOCK:\r
+ case T55X7_VIKING_CONFIG_BLOCK:\r
+ case T55X7_NORALYS_CONFIG_BLOCK:\r
+ case T55X7_IOPROX_CONFIG_BLOCK:\r
+ case T55X7_PRESCO_CONFIG_BLOCK:\r
+ return TRUE;\r
+ }\r
return FALSE;\r
}\r
\r
uint32_t blockData = 0;\r
uint8_t bits[32] = {0x00};\r
\r
- PrintAndLog("OFFSET | DATA | BINARY | ASCII");\r
- PrintAndLog("-------+-------+------------------------------------+------");\r
+ PrintAndLog("OFFSET | DATA | BINARY | ASCII");\r
+ PrintAndLog("-------+-------+-------------------------------------+------");\r
int i,j = 0;\r
for (; j < 64; ++j){\r
\r
}\r
clearCommandBuffer();\r
SendCommand(&c);\r
- if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)){\r
PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
return 0;\r
}\r
return 0;\r
}\r
\r
- uint8_t got[12288];\r
+ //uint8_t got[12288];\r
+ uint8_t got[7679];\r
GetFromBigBuf(got, sizeof(got), 0);\r
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 8000) ) {\r
PrintAndLog("command execution time out");\r
// With a pwd should work even if pwd bit not set\r
PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
\r
- if ( Q5 ){\r
+ if ( Q5 )\r
snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0");\r
- } else {\r
+ else\r
snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
- }\r
\r
if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0");\r
\r
return 0;\r
}\r
\r
+bool IsCancelled(void) {\r
+ if (ukbhit()) {\r
+ int ch = getchar();\r
+ (void)ch;\r
+ printf("\naborted via keyboard!\n");\r
+ return TRUE;\r
+ }\r
+ return FALSE;\r
+}\r
+\r
int CmdT55xxBruteForce(const char *Cmd) {\r
\r
// load a default pwd file.\r
char buf[9];\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
- int ch;\r
uint8_t stKeyBlock = 20;\r
uint8_t *keyBlock = NULL, *p = NULL;\r
uint32_t start_password = 0x00000000; //start password\r
return 2;\r
}\r
\r
- if (ukbhit()) {\r
- ch = getchar();\r
- (void)ch;\r
- printf("\naborted via keyboard!\n");\r
+ if (IsCancelled()) {\r
free(keyBlock);\r
return 0;\r
}\r
\r
printf(".");\r
fflush(stdout);\r
- if (ukbhit()) {\r
- ch = getchar();\r
- (void)ch;\r
- printf("\naborted via keyboard!\n");\r
+ \r
+ if (IsCancelled()) {\r
free(keyBlock);\r
return 0;\r
}\r
else if (found == -1)\r
return 0;\r
bit++;\r
+ \r
+ if (IsCancelled()) return 0;\r
}\r
\r
// now try to use partial original password, since block 7 should have been completely\r
else if (found == -1)\r
return 0;\r
bit++;\r
- prev_password=curr_password;\r
+ prev_password = curr_password;\r
+ \r
+ if (IsCancelled()) return 0;\r
}\r
\r
// from high bit to low\r
else if (found == -1)\r
return 0;\r
bit++;\r
- prev_password=curr_password;\r
+ prev_password = curr_password;\r
+ \r
+ if (IsCancelled()) return 0;\r
}\r
done:\r
PrintAndLog("");\r
projects / proxmark3-svn / blobdiff