search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
style
[RRG-proxmark3.git] / client / src / cmdlft55xx.h
blobc3b8c31df6492ec2983fa60126655150c77ef10e
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // Low frequency T55xx commands
17 //-----------------------------------------------------------------------------
18
19 #ifndef CMDLFT55XX_H__
20 #define CMDLFT55XX_H__
21
22 #include "common.h"
23
24 #define T55x7_CONFIGURATION_BLOCK 0x00
25 #define T55x7_PWD_BLOCK 0x07
26 #define T55x7_TRACE_BLOCK1 0x01
27 #define T55x7_TRACE_BLOCK2 0x02
28 #define T55x7_PAGE0 0x00
29 #define T55x7_PAGE1 0x01
30 #define T55x7_PWD 0x00000010
31 #define REGULAR_READ_MODE_BLOCK 0xFF
32 #define T55x7_BLOCK_COUNT 12
33
34 // config blocks
35 #define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks
36 #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks
37 #define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/unique - compat mode, manchester, data rate 64, 2 data blocks
38 #define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks
39 #define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data rate 64, 3 data blocks, STT
40 #define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks
41 #define T55X7_NORALSY_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALSY - KCP3000), data rate 32, 3 data blocks
42 #define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT
43 #define T55X7_SECURAKEY_CONFIG_BLOCK 0x000C8060 // ASK, Manchester, data rate 40, 3 data blocks
44 #define T55X7_UNK_CONFIG_BLOCK 0x000880FA // ASK, Manchester, data rate 32, 7 data blocks STT, Inverse ...
45 #define T55X7_PYRONIX_CONFIG_BLOCK 0x00088C40 // ASK, Manchester, data rate 32, 2 data blocks
46
47 // FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag
48 // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,
49 // and it should actually be "10000" (16)
50 // #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // BiPhase, fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks
51 #define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // BiPhase, fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks
52 #define T55X7_FDXB_2_CONFIG_BLOCK 0x00098080 //
53
54 #define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
55 #define T55X7_PARADOX_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
56 #define T55X7_AWID_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
57 #define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // FSK2a, Pyramid 26 bit - compat mode, data rate 50, 4 data blocks
58 #define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks
59
60 #define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // PSK1, indala 64 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 2
61 #define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // PSK1, indala 224 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 7
62 #define T55X7_MOTOROLA_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks
63 #define T55X7_NEXWATCH_CONFIG_BLOCK 0x00081060 // PSK1 data rate 16, psk carrier FC * 2, 3 data blocks
64 #define T55X7_KERI_CONFIG_BLOCK 0x603E1040 // PSK1, 2 data blocks
65 #define T55X7_IDTECK_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks
66
67 #define T55X7_JABLOTRON_CONFIG_BLOCK 0x00158040 // Biphase, data rate 64, 2 data blocks
68 #define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // Biphase, data rate 64, Direct modulation, 3 data blocks
69 #define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks
70 #define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks
71
72 #define T55X7_PAC_CONFIG_BLOCK 0x00080080 // NRZ, data rate 32, 4 data blocks
73 #define T55X7_VERICHIP_CONFIG_BLOCK 0x000C0080 // NRZ, data rate 40, 4 data blocks
74
75 #define T55X7_bin 0b0010
76
77 // Q5 / Termic / T5555
78 #define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // ASK, data rate 64, manchester, 2 data blocks?
79
80 typedef enum {
81 T55x7_RAW = 0x00,
82 T55x7_DEFAULT = 0x00,
83 T5555_DEFAULT = 0x01,
84 EM_UNIQUE = 0x0,
85 FDBX = 0x02,
86 HID_26 = 0x03,
87 INDALA_64 = 0x04,
88 INDALA_224 = 0x05,
89 GUARDPROXXII = 0x06,
90 VIKING = 0x07,
91 NORALSYS = 0x08,
92 IOPROX = 0x09,
93 NEDAP_64 = 0x0A,
94 NEDAP_128 = 0x0B,
95 } t55xx_tag;
96
97 typedef struct {
98 uint32_t bl1;
99 uint32_t bl2;
100 uint32_t acl;
101 uint32_t mfc;
102 uint32_t cid;
103 uint32_t year;
104 uint32_t quarter;
105 uint32_t icr;
106 uint32_t lotid;
107 uint32_t wafer;
108 uint32_t dw;
109 } t55x7_tracedata_t;
110
111 typedef struct {
112 uint32_t bl1;
113 uint32_t bl2;
114 uint32_t icr;
115 char lotidc;
116 uint32_t lotid;
117 uint32_t wafer;
118 uint32_t dw;
119 } t5555_tracedata_t;
120
121 typedef enum {
122 DEMOD_NRZ = 0x00,
123 DEMOD_PSK1 = 0x01,
124 DEMOD_PSK2 = 0x02,
125 DEMOD_PSK3 = 0x03,
126 DEMOD_FSK1 = 0x04,
127 DEMOD_FSK2 = 0x05,
128 DEMOD_FSK1a = 0x06,
129 DEMOD_FSK2a = 0x07,
130 DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs)
131 DEMOD_ASK = 0x08,
132 DEMOD_BI = 0x10,
133 DEMOD_BIa = 0x18,
134 } t55xx_modulation;
135
136 typedef struct {
137 t55xx_modulation modulation;
138 bool inverted;
139 uint8_t offset;
140 uint32_t block0;
141 enum {
142 NOTSET = 0x00,
143 AUTODETECT = 0x01,
144 USERSET = 0x02,
145 TAGREAD = 0x03,
146 } block0Status;
147 enum {
148 RF_8 = 0x00,
149 RF_16 = 0x01,
150 RF_32 = 0x02,
151 RF_40 = 0x03,
152 RF_50 = 0x04,
153 RF_64 = 0x05,
154 RF_100 = 0x06,
155 RF_128 = 0x07,
156 } bitrate;
157 bool Q5;
158 bool ST;
159 bool usepwd;
160 uint32_t pwd;
161 enum {
162 refFixedBit = 0x00,
163 refLongLeading = 0x01,
164 refLeading0 = 0x02,
165 ref1of4 = 0x03,
166 } downlink_mode;
167 } t55xx_conf_block_t;
168
169 typedef struct {
170 uint32_t blockdata;
171 bool valid;
172 } t55xx_memory_item_t;
173
174 t55xx_conf_block_t Get_t55xx_Config(void);
175 void Set_t55xx_Config(t55xx_conf_block_t conf);
176
177 int CmdLFT55XX(const char *Cmd);
178
179 void SetConfigWithBlock0(uint32_t block0);
180 void SetConfigWithBlock0Ex(uint32_t block0, uint8_t offset, bool Q5);
181
182 char *GetPskCfStr(uint32_t id, bool q5);
183 char *GetBitRateStr(uint32_t id, bool xmode);
184 char *GetSaferStr(uint32_t id);
185 char *GetQ5ModulationStr(uint32_t id);
186 char *GetModulationStr(uint32_t id, bool xmode);
187 char *GetModelStrFromCID(uint32_t cid);
188 char *GetConfigBlock0Source(uint8_t id);
189 char *GetSelectedModulationStr(uint8_t id);
190 char *GetDownlinkModeStr(uint8_t downlink_mode);
191 void printT5xxHeader(uint8_t page);
192 void printT55xxBlock(uint8_t blockNum, bool page1);
193 int printConfiguration(t55xx_conf_block_t b);
194
195 bool t55xxAcquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
196 bool t55xxAcquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
197 bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data);
198 int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode);
199 int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, bool verbose);
200
201 int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t password, uint8_t downlink_mode, uint32_t data);
202
203 bool GetT55xxBlockData(uint32_t *blockdata);
204 bool DecodeT55xxBlock(void);
205 bool t55xxTryDetectModulation(uint8_t downlink_mode, bool print_config);
206 //bool t55xxTryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf);
207 bool t55xxTryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf, uint64_t pwd);
208 bool testKnownConfigBlock(uint32_t block0);
209
210 bool tryDetectP1(bool getData);
211 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);
212 int CmdT55xxSpecial(const char *Cmd);
213 bool AcquireData(uint8_t page, uint8_t block, bool pwdmode, uint32_t password, uint8_t downlink_mode);
214 uint8_t t55xx_try_one_password(uint32_t password, uint8_t downlink_mode, bool try_all_dl_modes);
215
216 void printT55x7Trace(t55x7_tracedata_t data, uint8_t repeat);
217 void printT5555Trace(t5555_tracedata_t data, uint8_t repeat);
218
219 int clone_t55xx_tag(uint32_t *blockdata, uint8_t numblocks);
220 #endif
Proxmark3 - the RFID research Swiss army knife. Iceman firmware