From 773765774761e1463cadd979c1f74728b8b6fd31 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 7 Oct 2014 21:34:02 +0200 Subject: [PATCH 1/1] Fixed: the dampening field detection is enhanced. If half a frame (clock rate) of values is within 40% of the mean value then it is a dampening field. --- client/cmdlft55xx.c | 113 +++++++++++++++++++++++++++++--------------- client/ui.c | 21 ++++---- 2 files changed, 83 insertions(+), 51 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 30f5e68e..027f528a 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -39,7 +39,7 @@ int CmdReadBlk(const char *Cmd) return 1; } - PrintAndLog(" Reading page 0 block : %d", Block); + //PrintAndLog(" Reading page 0 block : %d", Block); // this command fills up BigBuff // @@ -66,6 +66,9 @@ int CmdReadBlk(const char *Cmd) manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream); + uint32_t bl0 = PackBits(5, 32, bitstream); + PrintAndLog(" Block %d : 0x%08X %s", Block, bl0, sprint_bin(bitstream+5,32) ); + RepaintGraphWindow(); return 0; } @@ -107,6 +110,10 @@ int CmdReadBlkPWD(const char *Cmd) uint8_t * bitstream = bits; manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream); + + uint32_t bl0 = PackBits(5, 32, bitstream); + PrintAndLog(" Block %d : 0x%08X %s", Block, bl0, sprint_bin(bitstream+5,32) ); + RepaintGraphWindow(); return 0; } @@ -187,23 +194,15 @@ int CmdReadTrace(const char *Cmd) uint32_t bl0 = PackBits(si, 32, bitstream); uint32_t bl1 = PackBits(si+32, 32, bitstream); - uint32_t acl = PackBits(si, 8, bitstream); - si += 8; - uint32_t mfc = PackBits(si, 8, bitstream); - si += 8; - uint32_t cid = PackBits(si, 5, bitstream); - si += 5; - uint32_t icr = PackBits(si, 3, bitstream); - si += 3; - uint32_t year = PackBits(si, 4, bitstream); - si += 4; - uint32_t quarter = PackBits(si, 2, bitstream); - si += 2; - uint32_t num = PackBits(si, 12, bitstream); - si += 12; - uint32_t wafer = PackBits(si, 5, bitstream); - si += 5; - uint32_t dw = PackBits(si, 15, bitstream); + uint32_t acl = PackBits(si, 8, bitstream); si += 8; + uint32_t mfc = PackBits(si, 8, bitstream); si += 8; + uint32_t cid = PackBits(si, 5, bitstream); si += 5; + uint32_t icr = PackBits(si, 3, bitstream); si += 3; + uint32_t year = PackBits(si, 4, bitstream); si += 4; + uint32_t quarter = PackBits(si, 2, bitstream); si += 2; + uint32_t lotid = PackBits(si, 12, bitstream); si += 12; + uint32_t wafer = PackBits(si, 5, bitstream); si += 5; + uint32_t dw = PackBits(si, 15, bitstream); PrintAndLog(""); PrintAndLog("-- T55xx Trace Information ----------------------------------"); @@ -214,13 +213,13 @@ int CmdReadTrace(const char *Cmd) PrintAndLog(" ICR IC Revision : %d",icr ); PrintAndLog(" Manufactured"); PrintAndLog(" Year/Quarter : %d/%d",2000+year, quarter ); - PrintAndLog(" Number : %d", num ); + PrintAndLog(" Lot ID : %d", lotid ); PrintAndLog(" Wafer number : %d", wafer); PrintAndLog(" Die Number : %d", dw); PrintAndLog("-------------------------------------------------------------"); - PrintAndLog(" Raw Data"); - PrintAndLog(" Block 0 : %08X", bl0); - PrintAndLog(" Block 1 : %08X", bl1); + PrintAndLog(" Raw Data - Page 1"); + PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(bitstream+5,32) ); + PrintAndLog(" Block 0 : 0x%08X %s", bl1, sprint_bin(bitstream+37,32) ); PrintAndLog("-------------------------------------------------------------"); /* TRACE - BLOCK O @@ -231,10 +230,10 @@ int CmdReadTrace(const char *Cmd) 22-24 ICR IC revision 25-28 YEAR (BCD encoded) 9 (= 2009) 29-30 QUARTER 1,2,3,4 - 31-32 Number + 31-32 LOT ID TRACE - BLOCK 1 - 1-12 Number + 1-12 LOT ID 13-17 Wafer number 18-32 DW, die number sequential */ @@ -257,22 +256,22 @@ int CmdInfo(const char *Cmd){ manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream); uint8_t si = 5; - uint32_t bl0 = PackBits(si, 32, bitstream); + uint32_t bl0 = PackBits(si, 32, bitstream); - uint32_t safer = PackBits(si, 4, bitstream); si += 4; - uint32_t resv = PackBits(si, 7, bitstream); si += 7; - uint32_t dbr = PackBits(si, 3, bitstream); si += 3; + uint32_t safer = PackBits(si, 4, bitstream); si += 4; + uint32_t resv = PackBits(si, 7, bitstream); si += 7; + uint32_t dbr = PackBits(si, 3, bitstream); si += 3; uint32_t extend = PackBits(si, 1, bitstream); si += 1; uint32_t datamodulation = PackBits(si, 5, bitstream); si += 5; - uint32_t pskcf = PackBits(si, 2, bitstream); si += 2; - uint32_t aor = PackBits(si, 1, bitstream); si += 1; - uint32_t otp = PackBits(si, 1, bitstream); si += 1; + uint32_t pskcf = PackBits(si, 2, bitstream); si += 2; + uint32_t aor = PackBits(si, 1, bitstream); si += 1; + uint32_t otp = PackBits(si, 1, bitstream); si += 1; uint32_t maxblk = PackBits(si, 3, bitstream); si += 3; - uint32_t pwd = PackBits(si, 1, bitstream); si += 1; - uint32_t sst = PackBits(si, 1, bitstream); si += 1; - uint32_t fw = PackBits(si, 1, bitstream); si += 1; - uint32_t inv = PackBits(si, 1, bitstream); si += 1; - uint32_t por = PackBits(si, 1, bitstream); si += 1; + uint32_t pwd = PackBits(si, 1, bitstream); si += 1; + uint32_t sst = PackBits(si, 1, bitstream); si += 1; + uint32_t fw = PackBits(si, 1, bitstream); si += 1; + uint32_t inv = PackBits(si, 1, bitstream); si += 1; + uint32_t por = PackBits(si, 1, bitstream); si += 1; PrintAndLog(""); PrintAndLog("-- T55xx Configuration --------------------------------------"); @@ -292,13 +291,49 @@ int CmdInfo(const char *Cmd){ PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No"); PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No"); PrintAndLog("-------------------------------------------------------------"); - PrintAndLog(" Raw Data"); - PrintAndLog(" Block 0 : 0x%08X", bl0); + PrintAndLog(" Raw Data - Page 0"); + PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(bitstream+5,32) ); PrintAndLog("-------------------------------------------------------------"); return 0; } +int CmdDump(const char *Cmd){ + + char cmdp = param_getchar(Cmd, 0); + char s[20]; + uint8_t pwd[4] = {0x00}; + + + if (strlen(Cmd)>1 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: lf t55xx dump "); + PrintAndLog(" sample: lf t55xx dump FFFFFFFF"); + return 0; + } + + bool hasPwd = ( strlen(Cmd) > 0); + + if ( hasPwd ){ + if (param_gethex(Cmd, 0, pwd, 4)) { + PrintAndLog("password must include 4 HEX symbols"); + return 0; + } + } + + + for ( int i = 0; i <8; ++i){ + *s = 0; + if ( hasPwd ) { + sprintf(s,"%d %d", i, pwd); + CmdReadBlkPWD(s); + } else { + sprintf(s,"%d", i); + CmdReadBlk(s); + } + } + return 0; +} + char * GetBitRateStr(uint32_t id){ static char buf[40]; char *retStr = buf; @@ -335,7 +370,6 @@ char * GetBitRateStr(uint32_t id){ return buf; } - char * GetSaferStr(uint32_t id){ static char buf[40]; char *retStr = buf; @@ -416,6 +450,7 @@ static command_t CommandTable[] = {"wrPWD", CmdWriteBlkPWD, 0, " -- Write T55xx block data in password mode(page 0)"}, {"trace", CmdReadTrace, 0, "Read T55xx traceability data (page 1)"}, {"info", CmdInfo, 0, "Read T55xx configuration data (page 0 / block 0"}, + {"dump", CmdDump, 0, "Dump T55xx card block 0-7 (is possible)"}, {NULL, NULL, 0, NULL} }; diff --git a/client/ui.c b/client/ui.c index b4e85575..c796d904 100644 --- a/client/ui.c +++ b/client/ui.c @@ -113,16 +113,16 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout){ clock = GetT55x7Clock( data, len, high ); startindex = DetectFirstTransition(data, len, high); - PrintAndLog(" Clock : %d", clock); - PrintAndLog(" startindex : %d", startindex); + //PrintAndLog(" Clock : %d", clock); + //PrintAndLog(" startindex : %d", startindex); if (high != 1) bitlength = ManchesterConvertFrom255(data, len, bitStream, high, low, clock, startindex); else bitlength= ManchesterConvertFrom1(data, len, bitStream, clock, startindex); - if ( bitlength > 0 ) - PrintPaddedManchester(bitStream, bitlength, clock); + //if ( bitlength > 0 ) + // PrintPaddedManchester(bitStream, bitlength, clock); memcpy(dataout, bitStream, bitlength); @@ -170,7 +170,7 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout){ default: break; } - PrintAndLog(" Found Clock : %d - trying to adjust", clock); + //PrintAndLog(" Found Clock : %d - trying to adjust", clock); // When detected clock is 31 or 33 then then return int clockmod = clock%8; @@ -214,8 +214,7 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout){ startType = -1; z = startIndex + (i*clock); isDamp = 0; - - + /* Find out if we hit both high and low peaks */ for (j = 0; j < clock; j++) { @@ -238,15 +237,13 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout){ // No high value found, are we in a dampening field? if ( !hithigh ) { //PrintAndLog(" # Entering damp test at index : %d (%d)", z+j, j); - for (j = 0; j < clock/2; j++) + for (j = 0; j < clock; j++) { if ( (data[z+j] <= dampHi && data[z+j] >= dampLow) ){ - isDamp = 1; + isDamp++; } - else - isDamp = 0; } } @@ -261,7 +258,7 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout){ else dataout[bitIndex++] = 2; - if ( isDamp ) { + if ( isDamp > clock/2 ) { firstST++; } -- 2.39.5