lfrfid: Add scene to clean T5577 Passwords

Co-authored-by: grvpvl <Tobirg@users.noreply.github.com>
This commit is contained in:
TQMatvey 2022-12-20 19:40:25 +07:00
parent 0238da8ac9
commit c7de198d1a
5 changed files with 270 additions and 0 deletions

View File

@ -0,0 +1,102 @@
#include "rfid_writer.h"
#include <furi_hal.h>
void writer_start() {
furi_hal_rfid_tim_read(125000, 0.5);
furi_hal_rfid_pins_read();
furi_hal_rfid_tim_read_start();
// do not ground the antenna
furi_hal_rfid_pin_pull_release();
}
void writer_stop() {
furi_hal_rfid_tim_read_stop();
furi_hal_rfid_tim_reset();
furi_hal_rfid_pins_reset();
}
void write_gap(uint32_t gap_time) {
furi_hal_rfid_tim_read_stop();
furi_delay_us(gap_time * 8);
furi_hal_rfid_tim_read_start();
}
void write_bit(T55xxTiming* t55xxtiming, bool value) {
if(value) {
furi_delay_us(t55xxtiming->data_1 * 8);
} else {
furi_delay_us(t55xxtiming->data_0 * 8);
}
write_gap(t55xxtiming->write_gap);
}
void write_byte(T55xxTiming* t55xxtiming, uint8_t value) {
for(uint8_t i = 0; i < 8; i++) {
write_bit(t55xxtiming, (value >> i) & 1);
}
}
void write_block(
T55xxTiming* t55xxtiming,
uint8_t page,
uint8_t block,
bool lock_bit,
uint32_t data,
bool password_enable,
uint32_t password) {
furi_delay_us(t55xxtiming->wait_time * 8);
//client: https://github.com/Proxmark/proxmark3/blob/6116334485ca77343eda51c557cdc81032afcf38/client/cmdlft55xx.c#L944
//hardware: https://github.com/Proxmark/proxmark3/blob/555fa197730c061bbf0ab01334e99bc47fb3dc06/armsrc/lfops.c#L1465
//hardware: https://github.com/Proxmark/proxmark3/blob/555fa197730c061bbf0ab01334e99bc47fb3dc06/armsrc/lfops.c#L1396
// start gap
write_gap(t55xxtiming->start_gap);
// opcode
switch(page) {
case 0:
write_bit(t55xxtiming, 1);
write_bit(t55xxtiming, 0);
break;
case 1:
write_bit(t55xxtiming, 1);
write_bit(t55xxtiming, 1);
break;
default:
furi_check(false);
break;
}
// password
if(password_enable) {
for(uint8_t i = 0; i < 32; i++) {
write_bit(t55xxtiming, (password >> (31 - i)) & 1);
}
}
// lock bit
write_bit(t55xxtiming, lock_bit);
// data
for(uint8_t i = 0; i < 32; i++) {
write_bit(t55xxtiming, (data >> (31 - i)) & 1);
}
// block address
write_bit(t55xxtiming, (block >> 2) & 1);
write_bit(t55xxtiming, (block >> 1) & 1);
write_bit(t55xxtiming, (block >> 0) & 1);
furi_delay_us(t55xxtiming->program * 8);
furi_delay_us(t55xxtiming->wait_time * 8);
write_reset(t55xxtiming);
}
void write_reset(T55xxTiming* t55xxtiming) {
write_gap(t55xxtiming->start_gap);
write_bit(t55xxtiming, 1);
write_bit(t55xxtiming, 0);
}

View File

@ -0,0 +1,34 @@
#include <stdint.h>
#include <stdbool.h>
typedef struct {
uint16_t wait_time;
uint8_t start_gap;
uint8_t write_gap;
uint8_t data_0;
uint8_t data_1;
uint16_t program;
} T55xxTiming;
typedef struct {
uint8_t opcode_page_0;
uint8_t opcode_page_1;
uint8_t opcode_reset;
} T55xxCmd;
//static void writer_initialize(T55xxTiming* t55xxtiming, T55xxCmd* t55xxcmd);
void writer_start();
void writer_stop();
void write_gap(uint32_t gap_time);
void write_bit(T55xxTiming* t55xxtiming, bool value);
void write_byte(T55xxTiming* t55xxtiming, uint8_t value);
void write_block(
T55xxTiming* t55xxtiming,
uint8_t page,
uint8_t block,
bool lock_bit,
uint32_t data,
bool password_enable,
uint32_t password);
void write_reset(T55xxTiming* t55xxtiming);

View File

@ -0,0 +1,123 @@
#include "../lfrfid_i.h"
#include "../helpers/rfid_writer.h"
static void writer_initialize(T55xxTiming* t55xxtiming, T55xxCmd* t55xxcmd) {
t55xxcmd->opcode_page_0 = 0b10;
t55xxcmd->opcode_page_1 = 0b11;
t55xxcmd->opcode_reset = 0b00;
t55xxtiming->wait_time = 400;
t55xxtiming->start_gap = 30;
t55xxtiming->write_gap = 18;
t55xxtiming->data_0 = 24;
t55xxtiming->data_1 = 56;
t55xxtiming->program = 700;
}
static void lfrfid_cli_t5577_clear_password_and_config_to_EM(Cli* cli, FuriString* args, LfRfid* app) {
UNUSED(cli);
UNUSED(args);
T55xxTiming* t55xxtiming = malloc(sizeof(T55xxTiming));
T55xxCmd* t55xxcmd = malloc(sizeof(T55xxCmd));
Popup* popup = app->popup;
char curr_buf[32] = {};
//TODO: use .txt file in resourses for passwords.
const uint32_t default_passwords[] = {
0x51243648, 0x000D8787, 0x19920427, 0x50524F58, 0xF9DCEBA0, 0x65857569, 0x05D73B9F,
0x89A69E60, 0x314159E0, 0xAA55BBBB, 0xA5B4C3D2, 0x1C0B5848, 0x00434343, 0x444E4752,
0x4E457854, 0x44B44CAE, 0x88661858, 0xE9920427, 0x575F4F4B, 0x50520901, 0x20206666,
0x65857569, 0x5469616E, 0x7686962A, 0xC0F5009A, 0x07CEE75D, 0xfeedbeef, 0xdeadc0de,
0x00000000, 0x11111111, 0x22222222, 0x33333333, 0x44444444, 0x55555555, 0x66666666,
0x77777777, 0x88888888, 0x99999999, 0xAAAAAAAA, 0xBBBBBBBB, 0xCCCCCCCC, 0xDDDDDDDD,
0xEEEEEEEE, 0xFFFFFFFF, 0xa0a1a2a3, 0xb0b1b2b3, 0x50415353, 0x00000001, 0x00000002,
0x0000000a, 0x0000000b, 0x01020304, 0x02030405, 0x03040506, 0x04050607, 0x05060708,
0x06070809, 0x0708090A, 0x08090A0B, 0x090A0B0C, 0x0A0B0C0D, 0x0B0C0D0E, 0x0C0D0E0F,
0x01234567, 0x12345678, 0x10000000, 0x20000000, 0x30000000, 0x40000000, 0x50000000,
0x60000000, 0x70000000, 0x80000000, 0x90000000, 0xA0000000, 0xB0000000, 0xC0000000,
0xD0000000, 0xE0000000, 0xF0000000, 0x10101010, 0x01010101, 0x11223344, 0x22334455,
0x33445566, 0x44556677, 0x55667788, 0x66778899, 0x778899AA, 0x8899AABB, 0x99AABBCC,
0xAABBCCDD, 0xBBCCDDEE, 0xCCDDEEFF, 0x0CB7E7FC, 0xFABADA11, 0x87654321, 0x12341234,
0x69696969, 0x12121212, 0x12344321, 0x1234ABCD, 0x11112222, 0x13131313, 0x10041004,
0x31415926, 0xabcd1234, 0x20002000, 0x19721972, 0xaa55aa55, 0x55aa55aa, 0x4f271149,
0x07d7bb0b, 0x9636ef8f, 0xb5f44686, 0x9E3779B9, 0xC6EF3720, 0x7854794A, 0xF1EA5EED,
0x69314718, 0x57721566, 0x93C467E3, 0x27182818, 0x50415353};
const uint8_t default_passwords_len = sizeof(default_passwords) / sizeof(uint32_t);
const uint32_t em_config_block_data =
0b00000000000101001000000001000000; //no pwd&aor config block
writer_initialize(t55xxtiming, t55xxcmd);
popup_set_header(popup, "Removing\npassword", 90, 36, AlignCenter, AlignCenter);
popup_set_icon(popup, 0, 3, &I_RFIDDolphinSend_97x61);
popup_set_text(
popup,
curr_buf,
90,
56,
AlignCenter,
AlignCenter);
for(uint8_t i = 0; i < default_passwords_len; i++) {
snprintf(curr_buf, sizeof(curr_buf), "Pass %d of %d", i, default_passwords_len);
view_dispatcher_switch_to_view(app->view_dispatcher, LfRfidViewPopup);
FURI_CRITICAL_ENTER();
writer_start();
write_block(t55xxtiming, 0, 0, false, em_config_block_data, true, default_passwords[i]);
write_reset(t55xxtiming);
writer_stop();
furi_delay_ms(5);
FURI_CRITICAL_EXIT();
}
popup_reset(app->popup);
free(t55xxtiming);
free(t55xxcmd);
}
void lfrfid_scene_clear_t5577_on_enter(void* context) {
LfRfid* app = context;
Widget* widget = app->widget;
Cli* cli = furi_record_open(RECORD_CLI);
FuriString* cmd;
cmd = furi_string_alloc();
// what is it?
lfrfid_cli_t5577_clear_password_and_config_to_EM(cli, cmd, app);
widget_add_string_element(
widget, 64, 14, AlignCenter, AlignTop, FontPrimary, "Done!");
widget_add_string_element(
widget,
64,
36,
AlignCenter,
AlignBottom,
FontSecondary,
"Test your T5577 now");
widget_add_button_element(widget, GuiButtonTypeLeft, "Exit", lfrfid_widget_callback, app);
view_dispatcher_switch_to_view(app->view_dispatcher, LfRfidViewWidget);
furi_string_free(cmd);
}
bool lfrfid_scene_clear_t5577_on_event(void* context, SceneManagerEvent event) {
LfRfid* app = context;
bool consumed = false;
SceneManager* scene_manager = app->scene_manager;
if(event.type == SceneManagerEventTypeCustom) {
consumed = true;
} if(event.event == GuiButtonTypeLeft) {
scene_manager_previous_scene(scene_manager);
}
return consumed;
}
void lfrfid_scene_clear_t5577_on_exit(void* context) {
LfRfid* app = context;
popup_reset(app->popup);
widget_reset(app->widget);
}

View File

@ -15,6 +15,7 @@ ADD_SCENE(lfrfid, saved_key_menu, SavedKeyMenu)
ADD_SCENE(lfrfid, save_data, SaveData)
ADD_SCENE(lfrfid, save_type, SaveType)
ADD_SCENE(lfrfid, saved_info, SavedInfo)
ADD_SCENE(lfrfid, clear_t5577, ClearT5577)
ADD_SCENE(lfrfid, delete_success, DeleteSuccess)
ADD_SCENE(lfrfid, extra_actions, ExtraActions)
ADD_SCENE(lfrfid, raw_info, RawInfo)

View File

@ -4,6 +4,7 @@
typedef enum {
SubmenuIndexASK,
SubmenuIndexPSK,
SubmenuIndexClearT5577,
SubmenuIndexRAW,
} SubmenuIndex;
@ -29,6 +30,12 @@ void lfrfid_scene_extra_actions_on_enter(void* context) {
SubmenuIndexPSK,
lfrfid_scene_extra_actions_submenu_callback,
app);
submenu_add_item(
submenu,
"Clear T5577 Password",
SubmenuIndexClearT5577,
lfrfid_scene_extra_actions_submenu_callback,
app);
if(furi_hal_rtc_is_flag_set(FuriHalRtcFlagDebug)) {
submenu_add_item(
@ -65,6 +72,9 @@ bool lfrfid_scene_extra_actions_on_event(void* context, SceneManagerEvent event)
scene_manager_next_scene(app->scene_manager, LfRfidSceneRead);
DOLPHIN_DEED(DolphinDeedRfidRead);
consumed = true;
} else if(event.event == SubmenuIndexClearT5577) {
scene_manager_next_scene(app->scene_manager, LfRfidSceneClearT5577);
consumed = true;
} else if(event.event == SubmenuIndexRAW) {
scene_manager_next_scene(app->scene_manager, LfRfidSceneRawName);
consumed = true;