Last active
August 1, 2024 13:50
-
-
Save atc1441/41af75048e4c22af1f5f0d4c1d94bb56 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdint.h> | |
// Philips Sonicare NFC Head Password calculation by @atc1441 Video manual: https://www.youtube.com/watch?v=EPytrn8i8sc | |
uint16_t CRC16(uint16_t crc, uint8_t *buffer, int len) // Default CRC16 Algo | |
{ | |
while(len--) | |
{ | |
crc ^= *buffer++ << 8; | |
int bits = 0; | |
do | |
{ | |
if ( (crc & 0x8000) != 0 ) | |
crc = (2 * crc) ^ 0x1021; | |
else | |
crc *= 2; | |
} | |
while ( ++bits < 8 ); | |
} | |
return crc; | |
} | |
uint8_t nfctag_uid[] = {0x04,0xEC,0xFC,0xA2,0x94,0x10,0x90}; // NTAG UID | |
uint8_t nfc_second[] = "221214 12K"; // Head MFG String, printed on Head and at memory location 0x23 | |
int main() | |
{ | |
uint32_t crc_calc = CRC16(0x49A3, nfctag_uid, 7); // Calculate the NTAG UID CRC | |
crc_calc = crc_calc | (CRC16(crc_calc, nfc_second, 10) << 16); // Calculate the MFG CRC | |
crc_calc = (crc_calc >> 8) & 0x00FF00FF | (crc_calc << 8) & 0xFF00FF00; // Rotate the uin16_t bytes | |
printf("by @ATC1441 NFC CRC : 0x%08X expected: 0x61F0A50F\r\n", crc_calc);// Print out the calucated password | |
return 0; | |
} |
Just for fun - Zig version 🤓⚡
const std = @import("std");
fn parse_uuid(uuid_str: []const u8, uuid: *[7]u8) !void {
var i: usize = 0;
var iter = std.mem.splitScalar(u8, uuid_str, ':');
while (iter.next()) |b| {
uuid[i] = try std.fmt.parseUnsigned(u8, b, 16);
i += 1;
}
}
fn parse_uuid(uuid_str: []const u8, uuid: *[7]u8) !void {
var i: usize = 0;
var iter = std.mem.splitScalar(u8, uuid_str, ':');
while (iter.next()) |b| {
uuid[i] = try std.fmt.parseUnsigned(u8, b, 16);
i += 1;
}
}
fn calc_password(uuid: []const u8, mfg: []const u8) u32 {
var crc_calc: u32 = crc16(0x49A3, uuid);
crc_calc = crc_calc | (@as(u32, crc16(@truncate(crc_calc), mfg)) << 16);
crc_calc = ((crc_calc >> 8) & 0x00FF00FF) | ((crc_calc << 8) & 0xFF00FF00);
return crc_calc;
}
fn crc16(crc: u16, buff: []const u8) u16 {
var crc_c = crc;
var i: usize = 0;
while (i < buff.len) : (i += 1) {
crc_c ^= @truncate(@as(u32, buff[i]) << 8);
for (0..8) |_| {
if (crc_c & 0x8000 != 0) {
crc_c = @truncate((2 * @as(u32, crc_c)) ^ 0x1021);
} else {
crc_c *= 2;
}
}
}
return crc_c;
}
test calc_password {
var uuid: [7]u8 = undefined;
try parse_uuid("04:EC:FC:A2:94:10:90", &uuid);
const pwd = calc_password(&uuid, "221214 12K");
try std.testing.expectEqual(0x61F0A50F, pwd);
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
More beefy python version with built in command generator and ability to set # of sessions left:
https://github.com/filipsworks/SoniKraker