fix little endian vs big endian in the macros... again... but this time correct
[RRG-proxmark3.git] / client / src / cmdlft55xx.h
blobea24d895fe36810c2d085a96424950b27038a1ca
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency T55xx commands
8 //-----------------------------------------------------------------------------
10 #ifndef CMDLFT55XX_H__
11 #define CMDLFT55XX_H__
13 #include "common.h"
15 #define T55x7_CONFIGURATION_BLOCK 0x00
16 #define T55x7_PWD_BLOCK 0x07
17 #define T55x7_TRACE_BLOCK1 0x01
18 #define T55x7_TRACE_BLOCK2 0x02
19 #define T55x7_PAGE0 0x00
20 #define T55x7_PAGE1 0x01
21 #define T55x7_PWD 0x00000010
22 #define REGULAR_READ_MODE_BLOCK 0xFF
23 #define T55x7_BLOCK_COUNT 12
25 // config blocks
26 #define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks
27 #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks
28 #define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/unique - compat mode, manchester, data rate 64, 2 data blocks
29 #define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks
30 #define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data rate 64, 3 data blocks, STT
31 #define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks
32 #define T55X7_NORALSY_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALSY - KCP3000), data rate 32, 3 data blocks
33 #define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT
34 #define T55X7_SECURAKEY_CONFIG_BLOCK 0x000C8060 // ASK, Manchester, data rate 40, 3 data blocks
35 #define T55X7_UNK_CONFIG_BLOCK 0x000880FA // ASK, Manchester, data rate 32, 7 data blocks STT, Inverse ...
37 // FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag
38 // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,
39 // and it should actually be "10000" (16)
40 // #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // BiPhase, fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks
41 #define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // BiPhase, fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks
42 #define T55X7_FDXB_2_CONFIG_BLOCK 0x00098080 //
44 #define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
45 #define T55X7_PARADOX_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
46 #define T55X7_AWID_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
47 #define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // FSK2a, Pyramid 26 bit - compat mode, data rate 50, 4 data blocks
48 #define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks
50 #define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // PSK1, indala 64 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 2
51 #define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // PSK1, indala 224 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 7
52 #define T55X7_MOTOROLA_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks
53 #define T55X7_NEXWATCH_CONFIG_BLOCK 0x00081060 // PSK1 data rate 16, psk carrier FC * 2, 3 data blocks
54 #define T55X7_KERI_CONFIG_BLOCK 0x603E1040 // PSK1, 2 data blocks
55 #define T55X7_IDTECK_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks
57 #define T55X7_JABLOTRON_CONFIG_BLOCK 0x00158040 // Biphase, data rate 64, 2 data blocks
58 #define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // Biphase, data rate 64, Direct modulation, 3 data blocks
59 #define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks
60 #define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks
62 #define T55X7_PAC_CONFIG_BLOCK 0x00080080 // NRZ, data rate 32, 4 data blocks
63 #define T55X7_VERICHIP_CONFIG_BLOCK 0x000C0080 // NRZ, data rate 40, 4 data blocks
64 #define T55X7_bin 0b0010
66 // Q5 / Termic / T5555
67 #define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // ASK, data rate 64, manchester, 2 data blocks?
69 typedef enum {
70 T55x7_RAW = 0x00,
71 T55x7_DEFAULT = 0x00,
72 T5555_DEFAULT = 0x01,
73 EM_UNIQUE = 0x0,
74 FDBX = 0x02,
75 HID_26 = 0x03,
76 INDALA_64 = 0x04,
77 INDALA_224 = 0x05,
78 GUARDPROXXII = 0x06,
79 VIKING = 0x07,
80 NORALSYS = 0x08,
81 IOPROX = 0x09,
82 NEDAP_64 = 0x0A,
83 NEDAP_128 = 0x0B,
84 } t55xx_tag;
86 typedef struct {
87 uint32_t bl1;
88 uint32_t bl2;
89 uint32_t acl;
90 uint32_t mfc;
91 uint32_t cid;
92 uint32_t year;
93 uint32_t quarter;
94 uint32_t icr;
95 uint32_t lotid;
96 uint32_t wafer;
97 uint32_t dw;
98 } t55x7_tracedata_t;
100 typedef struct {
101 uint32_t bl1;
102 uint32_t bl2;
103 uint32_t icr;
104 char lotidc;
105 uint32_t lotid;
106 uint32_t wafer;
107 uint32_t dw;
108 } t5555_tracedata_t;
110 typedef enum {
111 DEMOD_NRZ = 0x00,
112 DEMOD_PSK1 = 0x01,
113 DEMOD_PSK2 = 0x02,
114 DEMOD_PSK3 = 0x03,
115 DEMOD_FSK1 = 0x04,
116 DEMOD_FSK2 = 0x05,
117 DEMOD_FSK1a = 0x06,
118 DEMOD_FSK2a = 0x07,
119 DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs)
120 DEMOD_ASK = 0x08,
121 DEMOD_BI = 0x10,
122 DEMOD_BIa = 0x18,
123 } t55xx_modulation;
125 typedef struct {
126 t55xx_modulation modulation;
127 bool inverted;
128 uint8_t offset;
129 uint32_t block0;
130 enum {
131 NOTSET = 0x00,
132 AUTODETECT = 0x01,
133 USERSET = 0x02,
134 TAGREAD = 0x03,
135 } block0Status;
136 enum {
137 RF_8 = 0x00,
138 RF_16 = 0x01,
139 RF_32 = 0x02,
140 RF_40 = 0x03,
141 RF_50 = 0x04,
142 RF_64 = 0x05,
143 RF_100 = 0x06,
144 RF_128 = 0x07,
145 } bitrate;
146 bool Q5;
147 bool ST;
148 bool usepwd;
149 uint32_t pwd;
150 enum {
151 refFixedBit = 0x00,
152 refLongLeading = 0x01,
153 refLeading0 = 0x02,
154 ref1of4 = 0x03,
155 } downlink_mode;
156 } t55xx_conf_block_t;
158 typedef struct {
159 uint32_t blockdata;
160 bool valid;
161 } t55xx_memory_item_t ;
163 t55xx_conf_block_t Get_t55xx_Config(void);
164 void Set_t55xx_Config(t55xx_conf_block_t conf);
166 int CmdLFT55XX(const char *Cmd);
168 void SetConfigWithBlock0(uint32_t block0);
169 void SetConfigWithBlock0Ex(uint32_t block0, uint8_t offset, bool Q5);
171 char *GetPskCfStr(uint32_t id, bool q5);
172 char *GetBitRateStr(uint32_t id, bool xmode);
173 char *GetSaferStr(uint32_t id);
174 char *GetQ5ModulationStr(uint32_t id);
175 char *GetModulationStr(uint32_t id, bool xmode);
176 char *GetModelStrFromCID(uint32_t cid);
177 char *GetConfigBlock0Source(uint8_t id);
178 char *GetSelectedModulationStr(uint8_t id);
179 char *GetDownlinkModeStr(uint8_t downlink_mode);
180 void printT5xxHeader(uint8_t page);
181 void printT55xxBlock(uint8_t blockNum, bool page1);
182 int printConfiguration(t55xx_conf_block_t b);
184 bool t55xxAquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
185 bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
186 bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data);
187 int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode);
188 int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, bool verbose);
190 int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t password, uint8_t downlink_mode, uint32_t data);
192 bool GetT55xxBlockData(uint32_t *blockdata);
193 bool DecodeT55xxBlock(void);
194 bool t55xxTryDetectModulation(uint8_t downlink_mode, bool print_config);
195 //bool t55xxTryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf);
196 bool t55xxTryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf, uint64_t pwd);
197 bool testKnownConfigBlock(uint32_t block0);
199 bool tryDetectP1(bool getData);
200 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);
201 int CmdT55xxSpecial(const char *Cmd);
202 bool AcquireData(uint8_t page, uint8_t block, bool pwdmode, uint32_t password, uint8_t downlink_mode);
203 uint8_t t55xx_try_one_password(uint32_t password, uint8_t downlink_mode, bool try_all_dl_modes);
205 void printT55x7Trace(t55x7_tracedata_t data, uint8_t repeat);
206 void printT5555Trace(t5555_tracedata_t data, uint8_t repeat);
208 int clone_t55xx_tag(uint32_t *blockdata, uint8_t numblocks);
209 #endif