]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/appmain.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add ROCA vulnerability test (RRG repository PR 76 by @merlokk) (#762)
[proxmark3-svn] / armsrc / appmain.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
15c4dc5a 2// Jonathan Westhues, Mar 2006
3// Edits by Gerhard de Koning Gans, Sep 2007 (##)
bd20f8f4 4//
5// This code is licensed to you under the terms of the GNU GPL, version 2 or,
6// at your option, any later version. See the LICENSE.txt file for the text of
7// the license.
8//-----------------------------------------------------------------------------
9// The main application code. This is the first thing called after start.c
10// executes.
15c4dc5a 11//-----------------------------------------------------------------------------
12
b8e461ff 13#include <stdarg.h>
14
902cb3c0 15#include "usb_cdc.h"
16#include "cmd.h"
e30c654b 17#include "proxmark3.h"
15c4dc5a 18#include "apps.h"
472345da 19#include "fpga.h"
f7e3ed82 20#include "util.h"
9ab7a6c7 21#include "printf.h"
22#include "string.h"
15c4dc5a 23#include "legicrf.h"
1b902aa0 24#include "legicrfsim.h"
b8e461ff 25#include "hitag2.h"
26#include "hitagS.h"
d9de20fa 27#include "iso15693.h"
31abe49f 28#include "lfsampling.h"
3000dc4e 29#include "BigBuf.h"
c89274cc 30#include "mifareutil.h"
d10e08ae 31#include "pcf7931.h"
050aa18b 32#include "i2c.h"
15c4dc5a 33#ifdef WITH_LCD
902cb3c0 34 #include "LCD.h"
15c4dc5a 35#endif
43591e64 36
15c4dc5a 37
e46fe044 38// Craig Young - 14a stand-alone code
854fdf15 39#ifdef WITH_ISO14443a
e46fe044
CY		 40 #include "iso14443a.h"
41#endif
42
15c4dc5a 43//=============================================================================
44// A buffer where we can queue things up to be sent through the FPGA, for
45// any purpose (fake tag, as reader, whatever). We go MSB first, since that
46// is the order in which they go out on the wire.
47//=============================================================================
48
6a1f2d82 49#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
50uint8_t ToSend[TOSEND_BUFFER_SIZE];
15c4dc5a 51int ToSendMax;
52static int ToSendBit;
53struct common_area common_area __attribute__((section(".commonarea")));
54
15c4dc5a 55void ToSendReset(void)
56{
57 ToSendMax = -1;
58 ToSendBit = 8;
59}
60
61void ToSendStuffBit(int b)
62{
63 if(ToSendBit >= 8) {
64 ToSendMax++;
65 ToSend[ToSendMax] = 0;
66 ToSendBit = 0;
67 }
68
69 if(b) {
70 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
71 }
72
73 ToSendBit++;
74
6a1f2d82 75 if(ToSendMax >= sizeof(ToSend)) {
15c4dc5a 76 ToSendBit = 0;
77 DbpString("ToSendStuffBit overflowed!");
78 }
79}
80
81//=============================================================================
82// Debug print functions, to go out over USB, to the usual PC-side client.
83//=============================================================================
84
85void DbpString(char *str)
86{
9440213d 87 byte_t len = strlen(str);
88 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
15c4dc5a 89}
90
91#if 0
92void DbpIntegers(int x1, int x2, int x3)
93{
902cb3c0 94 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
15c4dc5a 95}
96#endif
97
98void Dbprintf(const char *fmt, ...) {
99// should probably limit size here; oh well, let's just use a big buffer
100 char output_string[128];
101 va_list ap;
102
103 va_start(ap, fmt);
104 kvsprintf(fmt, output_string, 10, ap);
105 va_end(ap);
e30c654b 106
15c4dc5a 107 DbpString(output_string);
108}
109
9455b51c 110// prints HEX & ASCII
d19929cb 111void Dbhexdump(int len, uint8_t *d, bool bAsci) {
9455b51c 112 int l=0,i;
113 char ascii[9];
d19929cb 114
9455b51c 115 while (len>0) {
116 if (len>8) l=8;
117 else l=len;
118
119 memcpy(ascii,d,l);
d19929cb 120 ascii[l]=0;
9455b51c 121
122 // filter safe ascii
d19929cb 123 for (i=0;i<l;i++)
9455b51c 124 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
d19929cb 125
126 if (bAsci) {
127 Dbprintf("%-8s %*D",ascii,l,d," ");
128 } else {
129 Dbprintf("%*D",l,d," ");
130 }
131
9455b51c 132 len-=8;
133 d+=8;
134 }
135}
136
15c4dc5a 137//-----------------------------------------------------------------------------
138// Read an ADC channel and block till it completes, then return the result
139// in ADC units (0 to 1023). Also a routine to average 32 samples and
140// return that.
141//-----------------------------------------------------------------------------
142static int ReadAdc(int ch)
2d51da38 143{
3b692427 144 // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
050aa18b 145 // AMPL_HI is a high impedance (10MOhm || 1MOhm) output, the input capacitance of the ADC is 12pF (typical). This results in a time constant
9b32625c 146 // of RC = (0.91MOhm) * 12pF = 10.9us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
3b692427 147 //
148 // The maths are:
149 // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
150 //
9b32625c 151 // v_cap = v_in * (1 - exp(-SHTIM/RC)) = v_in * (1 - exp(-40us/10.9us)) = v_in * 0,97 (i.e. an error of 3%)
15c4dc5a 152
2d51da38
I		 153 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
154 AT91C_BASE_ADC->ADC_MR =
9b32625c 155 ADC_MODE_PRESCALE(63) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
156 ADC_MODE_STARTUP_TIME(1) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
157 ADC_MODE_SAMPLE_HOLD_TIME(15); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
3b692427 158
2d51da38
I		 159 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
160 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
15c4dc5a 161
2d51da38
I		 162 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) {};
163
050aa18b 164 return AT91C_BASE_ADC->ADC_CDR[ch] & 0x3ff;
15c4dc5a 165}
166
9ca155ba 167int AvgAdc(int ch) // was static - merlok
15c4dc5a 168{
169 int i;
170 int a = 0;
171
172 for(i = 0; i < 32; i++) {
173 a += ReadAdc(ch);
174 }
175
176 return (a + 15) >> 5;
177}
178
050aa18b 179static int AvgAdc_Voltage_HF(void)
180{
181 int AvgAdc_Voltage_Low, AvgAdc_Voltage_High;
182
183 AvgAdc_Voltage_Low= (MAX_ADC_HF_VOLTAGE_LOW * AvgAdc(ADC_CHAN_HF_LOW)) >> 10;
184 // if voltage range is about to be exceeded, use high voltage ADC channel if available (RDV40 only)
185 if (AvgAdc_Voltage_Low > MAX_ADC_HF_VOLTAGE_LOW - 300) {
186 AvgAdc_Voltage_High = (MAX_ADC_HF_VOLTAGE_HIGH * AvgAdc(ADC_CHAN_HF_HIGH)) >> 10;
187 if (AvgAdc_Voltage_High >= AvgAdc_Voltage_Low) {
188 return AvgAdc_Voltage_High;
189 }
190 }
191 return AvgAdc_Voltage_Low;
192}
193
194static int AvgAdc_Voltage_LF(void)
195{
196 return (MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10;
197}
198
fdcfbdcc 199void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv, uint8_t LF_Results[])
15c4dc5a 200{
9b32625c 201 int i, adcval = 0, peak = 0;
15c4dc5a 202
203/*
204 * Sweeps the useful LF range of the proxmark from
205 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
206 * read the voltage in the antenna, the result left
207 * in the buffer is a graph which should clearly show
208 * the resonating frequency of your LF antenna
209 * ( hopefully around 95 if it is tuned to 125kHz!)
210 */
fdcfbdcc
RAB		 211
212 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
b014c96d 213 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
2d51da38
I		 214 SpinDelay(50);
215
2bdd68c3 216 for (i=255; i>=19; i--) {
fdcfbdcc 217 WDT_HIT();
15c4dc5a 218 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
219 SpinDelay(20);
050aa18b 220 adcval = AvgAdc_Voltage_LF();
fdcfbdcc
RAB		 221 if (i==95) *vLf125 = adcval; // voltage at 125Khz
222 if (i==89) *vLf134 = adcval; // voltage at 134Khz
15c4dc5a 223
2d51da38 224 LF_Results[i] = adcval >> 9; // scale int to fit in byte for graphing purposes
2bdd68c3 225 if(LF_Results[i] > peak) {
fdcfbdcc 226 *peakv = adcval;
2bdd68c3 227 peak = LF_Results[i];
fdcfbdcc 228 *peakf = i;
9f693930 229 //ptr = i;
15c4dc5a 230 }
231 }
232
2bdd68c3 233 for (i=18; i >= 0; i--) LF_Results[i] = 0;
fdcfbdcc
RAB		 234
235 return;
236}
237
238void MeasureAntennaTuningHfOnly(int *vHf)
239{
15c4dc5a 240 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
fdcfbdcc
RAB		 241 LED_A_ON();
242 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 243 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
244 SpinDelay(20);
050aa18b 245 *vHf = AvgAdc_Voltage_HF();
fdcfbdcc 246 LED_A_OFF();
fdcfbdcc
RAB		 247 return;
248}
249
250void MeasureAntennaTuning(int mode)
251{
252 uint8_t LF_Results[256] = {0};
253 int peakv = 0, peakf = 0;
254 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
255
256 LED_B_ON();
257
258 if (((mode & FLAG_TUNE_ALL) == FLAG_TUNE_ALL) && (FpgaGetCurrent() == FPGA_BITSTREAM_HF)) {
259 // Reverse "standard" order if HF already loaded, to avoid unnecessary swap.
260 MeasureAntennaTuningHfOnly(&vHf);
261 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
262 } else {
263 if (mode & FLAG_TUNE_LF) {
264 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
265 }
266 if (mode & FLAG_TUNE_HF) {
267 MeasureAntennaTuningHfOnly(&vHf);
268 }
269 }
15c4dc5a 270
d040cb90 271 cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125>>1 | (vLf134>>1<<16), vHf, peakf | (peakv>>1<<16), LF_Results, 256);
d19929cb 272 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2bdd68c3 273 LED_B_OFF();
274 return;
15c4dc5a 275}
276
277void MeasureAntennaTuningHf(void)
278{
279 int vHf = 0; // in mV
280
281 DbpString("Measuring HF antenna, press button to exit");
282
3b692427 283 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
284 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
285 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
286
15c4dc5a 287 for (;;) {
050aa18b 288 SpinDelay(500);
289 vHf = AvgAdc_Voltage_HF();
e30c654b 290
15c4dc5a 291 Dbprintf("%d mV",vHf);
292 if (BUTTON_PRESS()) break;
293 }
294 DbpString("cancelled");
3b692427 295
296 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
297
15c4dc5a 298}
299
300
15c4dc5a 301void ReadMem(int addr)
302{
f7e3ed82 303 const uint8_t *data = ((uint8_t *)addr);
15c4dc5a 304
305 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
306 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
307}
308
309/* osimage version information is linked in */
310extern struct version_information version_information;
311/* bootrom version information is pointed to from _bootphase1_version_pointer */
0fa01ec7 312extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__;
472345da 313
050aa18b 314
15c4dc5a 315void SendVersion(void)
316{
8e074056 317 char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */
318 char VersionString[USB_CMD_DATA_SIZE] = { '\0' };
e30c654b 319
320 /* Try to find the bootrom version information. Expect to find a pointer at
15c4dc5a 321 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
322 * pointer, then use it.
323 */
324 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
325 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
8e074056 326 strcat(VersionString, "bootrom version information appears invalid\n");
15c4dc5a 327 } else {
328 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
8e074056 329 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
15c4dc5a 330 }
e30c654b 331
15c4dc5a 332 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
8e074056 333 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
e30c654b 334
472345da 335 for (int i = 0; i < fpga_bitstream_num; i++) {
336 strncat(VersionString, fpga_version_information[i], sizeof(VersionString) - strlen(VersionString) - 1);
050aa18b 337 strncat(VersionString, "\n", sizeof(VersionString) - strlen(VersionString) - 1);
472345da 338 }
050aa18b 339
340 // test availability of SmartCard slot
341 if (I2C_is_available()) {
342 strncat(VersionString, "SmartCard Slot: available\n", sizeof(VersionString) - strlen(VersionString) - 1);
343 } else {
344 strncat(VersionString, "SmartCard Slot: not available\n", sizeof(VersionString) - strlen(VersionString) - 1);
345 }
346
e6153040 347 // Send Chip ID and used flash memory
0fa01ec7 348 uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start;
349 uint32_t compressed_data_section_size = common_area.arg1;
8e074056 350 cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
15c4dc5a 351}
352
bfb01844 353// measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
354// Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included.
67b7d6fa 355void printUSBSpeed(void)
bfb01844 356{
357 Dbprintf("USB Speed:");
67b7d6fa 358 Dbprintf(" Sending USB packets to client...");
bfb01844 359
67b7d6fa 360 #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds
bfb01844 361 uint8_t *test_data = BigBuf_get_addr();
67b7d6fa 362 uint32_t end_time;
bfb01844 363
67b7d6fa 364 uint32_t start_time = end_time = GetTickCount();
365 uint32_t bytes_transferred = 0;
366
bfb01844 367 LED_B_ON();
67b7d6fa 368 while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) {
369 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE);
370 end_time = GetTickCount();
371 bytes_transferred += USB_CMD_DATA_SIZE;
bfb01844 372 }
373 LED_B_OFF();
374
67b7d6fa 375 Dbprintf(" Time elapsed: %dms", end_time - start_time);
376 Dbprintf(" Bytes transferred: %d", bytes_transferred);
377 Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s",
378 1000 * bytes_transferred / (end_time - start_time));
bfb01844 379
380}
381
c89274cc
CY		 382/**
383 * Prints runtime information about the PM3.
384**/
67b7d6fa 385void SendStatus(void)
c89274cc
CY		 386{
387 BigBuf_print_status();
388 Fpga_print_status();
43591e64 389#ifdef WITH_SMARTCARD
390 I2C_print_status();
391#endif
c89274cc 392 printConfig(); //LF Sampling config
67b7d6fa 393 printUSBSpeed();
c89274cc 394 Dbprintf("Various");
43591e64 395 Dbprintf(" MF_DBGLEVEL........%d", MF_DBGLEVEL);
396 Dbprintf(" ToSendMax..........%d", ToSendMax);
397 Dbprintf(" ToSendBit..........%d", ToSendBit);
bfb01844 398
399 cmd_send(CMD_ACK,1,0,0,0,0);
c89274cc 400}
15c4dc5a 401
a2937cea 402#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF_StandAlone)
15c4dc5a 403
15c4dc5a 404#define OPTS 2
405
86a83668
MHS		 406void StandAloneMode()
407{
408 DbpString("Stand-alone mode! No PC necessary.");
15c4dc5a 409 // Oooh pretty -- notify user we're in elite samy mode now
410 LED(LED_RED, 200);
411 LED(LED_ORANGE, 200);
412 LED(LED_GREEN, 200);
413 LED(LED_ORANGE, 200);
414 LED(LED_RED, 200);
415 LED(LED_ORANGE, 200);
416 LED(LED_GREEN, 200);
417 LED(LED_ORANGE, 200);
418 LED(LED_RED, 200);
419
86a83668
MHS		 420}
421
422#endif
423
424
425
426#ifdef WITH_ISO14443a_StandAlone
427void StandAloneMode14a()
428{
429 StandAloneMode();
430 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
431
15c4dc5a 432 int selected = 0;
44964fd1 433 bool playing = false, GotoRecord = false, GotoClone = false;
434 bool cardRead[OPTS] = {false};
86a83668
MHS		 435 uint8_t readUID[10] = {0};
436 uint32_t uid_1st[OPTS]={0};
437 uint32_t uid_2nd[OPTS]={0};
c89274cc
CY		 438 uint32_t uid_tmp1 = 0;
439 uint32_t uid_tmp2 = 0;
440 iso14a_card_select_t hi14a_card[OPTS];
15c4dc5a 441
15c4dc5a 442 LED(selected + 1, 0);
443
444 for (;;)
445 {
6e82300d 446 usb_poll();
86a83668 447 WDT_HIT();
15c4dc5a 448 SpinDelay(300);
449
44964fd1 450 if (GotoRecord || !cardRead[selected])
15c4dc5a 451 {
44964fd1 452 GotoRecord = false;
15c4dc5a 453 LEDsoff();
454 LED(selected + 1, 0);
455 LED(LED_RED2, 0);
456
457 // record
86a83668 458 Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
15c4dc5a 459 /* need this delay to prevent catching some weird data */
460 SpinDelay(500);
86a83668
MHS		 461 /* Code for reading from 14a tag */
462 uint8_t uid[10] ={0};
463 uint32_t cuid;
464 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
15c4dc5a 465
86a83668
MHS		 466 for ( ; ; )
467 {
468 WDT_HIT();
c89274cc
CY		 469 if (BUTTON_PRESS()) {
470 if (cardRead[selected]) {
471 Dbprintf("Button press detected -- replaying card in bank[%d]", selected);
472 break;
473 }
474 else if (cardRead[(selected+1)%OPTS]) {
475 Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS);
476 selected = (selected+1)%OPTS;
44964fd1 477 break;
c89274cc
CY		 478 }
479 else {
480 Dbprintf("Button press detected but no stored tag to play. (Ignoring button)");
481 SpinDelay(300);
482 }
483 }
c04a4b60 484 if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0, true))
86a83668
MHS		 485 continue;
486 else
487 {
488 Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
489 memcpy(readUID,uid,10*sizeof(uint8_t));
c89274cc 490 uint8_t *dst = (uint8_t *)&uid_tmp1;
86a83668
MHS		 491 // Set UID byte order
492 for (int i=0; i<4; i++)
493 dst[i] = uid[3-i];
c89274cc 494 dst = (uint8_t *)&uid_tmp2;
86a83668
MHS		 495 for (int i=0; i<4; i++)
496 dst[i] = uid[7-i];
c89274cc
CY		 497 if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) {
498 Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping.");
499 }
500 else {
501 if (uid_tmp2) {
502 Dbprintf("Bank[%d] received a 7-byte UID",selected);
503 uid_1st[selected] = (uid_tmp1)>>8;
504 uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8);
505 }
506 else {
507 Dbprintf("Bank[%d] received a 4-byte UID",selected);
508 uid_1st[selected] = uid_tmp1;
509 uid_2nd[selected] = uid_tmp2;
510 }
511 break;
512 }
86a83668
MHS		 513 }
514 }
c89274cc
CY		 515 Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]);
516 Dbprintf("SAK = %02X",hi14a_card[selected].sak);
86a83668
MHS		 517 LEDsoff();
518 LED(LED_GREEN, 200);
519 LED(LED_ORANGE, 200);
520 LED(LED_GREEN, 200);
521 LED(LED_ORANGE, 200);
15c4dc5a 522
523 LEDsoff();
524 LED(selected + 1, 0);
15c4dc5a 525
c89274cc 526 // Next state is replay:
44964fd1 527 playing = true;
3fe4ff4f 528
44964fd1 529 cardRead[selected] = true;
86a83668 530 }
c89274cc 531 /* MF Classic UID clone */
44964fd1 532 else if (GotoClone)
3fe4ff4f 533 {
44964fd1 534 GotoClone=false;
c89274cc
CY		 535 LEDsoff();
536 LED(selected + 1, 0);
537 LED(LED_ORANGE, 250);
3fe4ff4f 538
3fe4ff4f 539
c89274cc
CY		 540 // record
541 Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
3fe4ff4f 542
c89274cc
CY		 543 // wait for button to be released
544 while(BUTTON_PRESS())
545 {
546 // Delay cloning until card is in place
547 WDT_HIT();
548 }
549 Dbprintf("Starting clone. [Bank: %u]", selected);
550 // need this delay to prevent catching some weird data
551 SpinDelay(500);
552 // Begin clone function here:
553 /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
554 UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
555 memcpy(c.d.asBytes, data, 16);
556 SendCommand(&c);
557
558 Block read is similar:
559 UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
560 We need to imitate that call with blockNo 0 to set a uid.
561
562 The get and set commands are handled in this file:
563 // Work with "magic Chinese" card
564 case CMD_MIFARE_CSETBLOCK:
565 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
566 break;
567 case CMD_MIFARE_CGETBLOCK:
568 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
569 break;
570
571 mfCSetUID provides example logic for UID set workflow:
572 -Read block0 from card in field with MifareCGetBlock()
573 -Configure new values without replacing reserved bytes
574 memcpy(block0, uid, 4); // Copy UID bytes from byte array
575 // Mifare UID BCC
576 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
577 Bytes 5-7 are reserved SAK and ATQA for mifare classic
578 -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
579 */
580 uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
581 // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
582 MifareCGetBlock(0x3F, 1, 0, oldBlock0);
583 if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) {
584 Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected);
44964fd1 585 playing = true;
c89274cc
CY		 586 }
587 else {
588 Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
589 memcpy(newBlock0,oldBlock0,16);
590 // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
591
592 newBlock0[0] = uid_1st[selected]>>24;
593 newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
594 newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
595 newBlock0[3] = 0xFF & (uid_1st[selected]);
596 newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
597 // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
598 MifareCSetBlock(0, 0xFF,0, newBlock0);
599 MifareCGetBlock(0x3F, 1, 0, testBlock0);
600 if (memcmp(testBlock0,newBlock0,16)==0)
601 {
602 DbpString("Cloned successfull!");
44964fd1 603 cardRead[selected] = false; // Only if the card was cloned successfully should we clear it
604 playing = false;
605 GotoRecord = true;
c89274cc
CY		 606 selected = (selected+1) % OPTS;
607 }
608 else {
609 Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected);
44964fd1 610 playing = true;
c89274cc
CY		 611 }
612 }
613 LEDsoff();
614 LED(selected + 1, 0);
15c4dc5a 615
86a83668 616 }
15c4dc5a 617 // Change where to record (or begin playing)
44964fd1 618 else if (playing) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected])
15c4dc5a 619 {
15c4dc5a 620 LEDsoff();
621 LED(selected + 1, 0);
622
623 // Begin transmitting
44964fd1 624 LED(LED_GREEN, 0);
625 DbpString("Playing");
626 for ( ; ; ) {
627 WDT_HIT();
628 int button_action = BUTTON_HELD(1000);
629 if (button_action == 0) { // No button action, proceed with sim
630 uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break
631 Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
632 if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) {
633 DbpString("Mifare Classic");
634 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); // Mifare Classic
c89274cc 635 }
44964fd1 636 else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) {
637 DbpString("Mifare Ultralight");
638 SimulateIso14443aTag(2,uid_1st[selected],uid_2nd[selected],data); // Mifare Ultralight
15c4dc5a 639 }
44964fd1 640 else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) {
641 DbpString("Mifare DESFire");
642 SimulateIso14443aTag(3,uid_1st[selected],uid_2nd[selected],data); // Mifare DESFire
643 }
644 else {
645 Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
646 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data);
c89274cc 647 }
c89274cc 648 }
44964fd1 649 else if (button_action == BUTTON_SINGLE_CLICK) {
650 selected = (selected + 1) % OPTS;
651 Dbprintf("Done playing. Switching to record mode on bank %d",selected);
652 GotoRecord = true;
653 break;
654 }
655 else if (button_action == BUTTON_HOLD) {
656 Dbprintf("Playtime over. Begin cloning...");
657 GotoClone = true;
658 break;
659 }
660 WDT_HIT();
15c4dc5a 661 }
44964fd1 662
663 /* We pressed a button so ignore it here with a delay */
664 SpinDelay(300);
665 LEDsoff();
666 LED(selected + 1, 0);
15c4dc5a 667 }
668 }
669}
a2937cea 670#elif WITH_LF_StandAlone
86a83668
MHS		 671// samy's sniff and repeat routine
672void SamyRun()
e46fe044 673{
86a83668
MHS		 674 StandAloneMode();
675 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
e46fe044 676
53e2f2fa 677 int tops[OPTS], high[OPTS], low[OPTS];
15c4dc5a 678 int selected = 0;
679 int playing = 0;
3fe4ff4f 680 int cardRead = 0;
15c4dc5a 681
682 // Turn on selected LED
683 LED(selected + 1, 0);
684
685 for (;;)
686 {
6e82300d 687 usb_poll();
86a83668 688 WDT_HIT();
15c4dc5a 689
690 // Was our button held down or pressed?
691 int button_pressed = BUTTON_HELD(1000);
692 SpinDelay(300);
693
694 // Button was held for a second, begin recording
3fe4ff4f 695 if (button_pressed > 0 && cardRead == 0)
15c4dc5a 696 {
697 LEDsoff();
698 LED(selected + 1, 0);
699 LED(LED_RED2, 0);
700
701 // record
702 DbpString("Starting recording");
703
704 // wait for button to be released
705 while(BUTTON_PRESS())
706 WDT_HIT();
707
708 /* need this delay to prevent catching some weird data */
709 SpinDelay(500);
710
53e2f2fa 711 CmdHIDdemodFSK(1, &tops[selected], &high[selected], &low[selected], 0);
712 if (tops[selected] > 0)
713 Dbprintf("Recorded %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]);
714 else
715 Dbprintf("Recorded %x %x%08x", selected, high[selected], low[selected]);
15c4dc5a 716
717 LEDsoff();
718 LED(selected + 1, 0);
719 // Finished recording
720
721 // If we were previously playing, set playing off
722 // so next button push begins playing what we recorded
723 playing = 0;
3fe4ff4f 724
725 cardRead = 1;
726
727 }
728
729 else if (button_pressed > 0 && cardRead == 1)
730 {
731 LEDsoff();
732 LED(selected + 1, 0);
733 LED(LED_ORANGE, 0);
734
735 // record
53e2f2fa 736 if (tops[selected] > 0)
737 Dbprintf("Cloning %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]);
738 else
739 Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 740
741 // wait for button to be released
742 while(BUTTON_PRESS())
743 WDT_HIT();
744
745 /* need this delay to prevent catching some weird data */
746 SpinDelay(500);
747
5f84531b 748 CopyHIDtoT55x7(tops[selected] & 0x000FFFFF, high[selected], low[selected], (tops[selected] != 0 && ((high[selected]& 0xFFFFFFC0) != 0)), 0x1D);
53e2f2fa 749 if (tops[selected] > 0)
750 Dbprintf("Cloned %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]);
751 else
752 Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 753
754 LEDsoff();
755 LED(selected + 1, 0);
756 // Finished recording
757
758 // If we were previously playing, set playing off
759 // so next button push begins playing what we recorded
760 playing = 0;
761
762 cardRead = 0;
763
15c4dc5a 764 }
765
766 // Change where to record (or begin playing)
767 else if (button_pressed)
768 {
769 // Next option if we were previously playing
770 if (playing)
771 selected = (selected + 1) % OPTS;
772 playing = !playing;
773
774 LEDsoff();
775 LED(selected + 1, 0);
776
777 // Begin transmitting
778 if (playing)
779 {
780 LED(LED_GREEN, 0);
781 DbpString("Playing");
782 // wait for button to be released
783 while(BUTTON_PRESS())
784 WDT_HIT();
53e2f2fa 785 if (tops[selected] > 0)
786 Dbprintf("%x %x%08x%08x", selected, tops[selected], high[selected], low[selected]);
787 else
788 Dbprintf("%x %x%08x", selected, high[selected], low[selected]);
789
790 CmdHIDsimTAG(tops[selected], high[selected], low[selected], 0);
15c4dc5a 791 DbpString("Done playing");
792 if (BUTTON_HELD(1000) > 0)
793 {
794 DbpString("Exiting");
795 LEDsoff();
796 return;
797 }
798
799 /* We pressed a button so ignore it here with a delay */
800 SpinDelay(300);
801
802 // when done, we're done playing, move to next option
803 selected = (selected + 1) % OPTS;
804 playing = !playing;
805 LEDsoff();
806 LED(selected + 1, 0);
807 }
808 else
809 while(BUTTON_PRESS())
810 WDT_HIT();
811 }
812 }
813}
15c4dc5a 814
e46fe044 815#endif
15c4dc5a 816/*
817OBJECTIVE
818Listen and detect an external reader. Determine the best location
819for the antenna.
820
821INSTRUCTIONS:
822Inside the ListenReaderField() function, there is two mode.
823By default, when you call the function, you will enter mode 1.
824If you press the PM3 button one time, you will enter mode 2.
825If you press the PM3 button a second time, you will exit the function.
826
827DESCRIPTION OF MODE 1:
828This mode just listens for an external reader field and lights up green
829for HF and/or red for LF. This is the original mode of the detectreader
830function.
831
832DESCRIPTION OF MODE 2:
833This mode will visually represent, using the LEDs, the actual strength of the
834current compared to the maximum current detected. Basically, once you know
835what kind of external reader is present, it will help you spot the best location to place
836your antenna. You will probably not get some good results if there is a LF and a HF reader
837at the same place! :-)
838
839LIGHT SCHEME USED:
840*/
841static const char LIGHT_SCHEME[] = {
842 0x0, /* ---- | No field detected */
843 0x1, /* X--- | 14% of maximum current detected */
844 0x2, /* -X-- | 29% of maximum current detected */
845 0x4, /* --X- | 43% of maximum current detected */
846 0x8, /* ---X | 57% of maximum current detected */
847 0xC, /* --XX | 71% of maximum current detected */
848 0xE, /* -XXX | 86% of maximum current detected */
849 0xF, /* XXXX | 100% of maximum current detected */
850};
851static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
852
853void ListenReaderField(int limit)
854{
050aa18b 855 int lf_av, lf_av_new=0, lf_baseline= 0, lf_max;
856 int hf_av, hf_av_new=0, hf_baseline= 0, hf_max;
15c4dc5a 857 int mode=1, display_val, display_max, i;
858
050aa18b 859#define LF_ONLY 1
860#define HF_ONLY 2
861#define REPORT_CHANGE_PERCENT 5 // report new values only if they have changed at least by REPORT_CHANGE_PERCENT
862#define MIN_HF_FIELD 300 // in mode 1 signal HF field greater than MIN_HF_FIELD above baseline
863#define MIN_LF_FIELD 1200 // in mode 1 signal LF field greater than MIN_LF_FIELD above baseline
3b692427 864
865
866 // switch off FPGA - we don't want to measure our own signal
867 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
868 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
15c4dc5a 869
870 LEDsoff();
871
050aa18b 872 lf_av = lf_max = AvgAdc_Voltage_LF();
15c4dc5a 873
874 if(limit != HF_ONLY) {
050aa18b 875 Dbprintf("LF 125/134kHz Baseline: %dmV", lf_av);
15c4dc5a 876 lf_baseline = lf_av;
877 }
878
050aa18b 879 hf_av = hf_max = AvgAdc_Voltage_HF();
880
15c4dc5a 881 if (limit != LF_ONLY) {
050aa18b 882 Dbprintf("HF 13.56MHz Baseline: %dmV", hf_av);
15c4dc5a 883 hf_baseline = hf_av;
884 }
885
886 for(;;) {
050aa18b 887 SpinDelay(500);
15c4dc5a 888 if (BUTTON_PRESS()) {
15c4dc5a 889 switch (mode) {
890 case 1:
891 mode=2;
892 DbpString("Signal Strength Mode");
893 break;
894 case 2:
895 default:
896 DbpString("Stopped");
897 LEDsoff();
898 return;
899 break;
900 }
050aa18b 901 while (BUTTON_PRESS());
15c4dc5a 902 }
903 WDT_HIT();
904
905 if (limit != HF_ONLY) {
3b692427 906 if(mode == 1) {
050aa18b 907 if (lf_av - lf_baseline > MIN_LF_FIELD)
3b692427 908 LED_D_ON();
909 else
910 LED_D_OFF();
15c4dc5a 911 }
e30c654b 912
050aa18b 913 lf_av_new = AvgAdc_Voltage_LF();
15c4dc5a 914 // see if there's a significant change
050aa18b 915 if (ABS((lf_av - lf_av_new)*100/(lf_av?lf_av:1)) > REPORT_CHANGE_PERCENT) {
916 Dbprintf("LF 125/134kHz Field Change: %5dmV", lf_av_new);
15c4dc5a 917 lf_av = lf_av_new;
918 if (lf_av > lf_max)
919 lf_max = lf_av;
15c4dc5a 920 }
921 }
922
923 if (limit != LF_ONLY) {
924 if (mode == 1){
050aa18b 925 if (hf_av - hf_baseline > MIN_HF_FIELD)
3b692427 926 LED_B_ON();
927 else
928 LED_B_OFF();
15c4dc5a 929 }
e30c654b 930
050aa18b 931 hf_av_new = AvgAdc_Voltage_HF();
932
15c4dc5a 933 // see if there's a significant change
050aa18b 934 if (ABS((hf_av - hf_av_new)*100/(hf_av?hf_av:1)) > REPORT_CHANGE_PERCENT) {
935 Dbprintf("HF 13.56MHz Field Change: %5dmV", hf_av_new);
15c4dc5a 936 hf_av = hf_av_new;
937 if (hf_av > hf_max)
938 hf_max = hf_av;
15c4dc5a 939 }
940 }
e30c654b 941
15c4dc5a 942 if(mode == 2) {
943 if (limit == LF_ONLY) {
944 display_val = lf_av;
945 display_max = lf_max;
946 } else if (limit == HF_ONLY) {
947 display_val = hf_av;
948 display_max = hf_max;
949 } else { /* Pick one at random */
950 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
951 display_val = hf_av;
952 display_max = hf_max;
953 } else {
954 display_val = lf_av;
955 display_max = lf_max;
956 }
957 }
958 for (i=0; i<LIGHT_LEN; i++) {
959 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
960 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
961 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
962 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
963 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
964 break;
965 }
966 }
967 }
968 }
969}
970
f7e3ed82 971void UsbPacketReceived(uint8_t *packet, int len)
15c4dc5a 972{
973 UsbCommand *c = (UsbCommand *)packet;
15c4dc5a 974
902cb3c0 975// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
976
15c4dc5a 977 switch(c->cmd) {
978#ifdef WITH_LF
31abe49f
MHS		 979 case CMD_SET_LF_SAMPLING_CONFIG:
980 setSamplingConfig((sample_config *) c->d.asBytes);
981 break;
15c4dc5a 982 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
b9957414 983 cmd_send(CMD_ACK,SampleLF(c->arg[0], c->arg[1]),0,0,0,0);
15c4dc5a 984 break;
15c4dc5a 985 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
986 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
987 break;
b014c96d 988 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
31abe49f 989 cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
b014c96d 990 break;
7e67e42f 991 case CMD_HID_DEMOD_FSK:
be59094d 992 CmdHIDdemodFSK(c->arg[0], 0, 0, 0, 1);
7e67e42f 993 break;
994 case CMD_HID_SIM_TAG:
be59094d 995 CmdHIDsimTAG(c->arg[0], c->arg[1], c->arg[2], 1);
7e67e42f 996 break;
abd6112f 997 case CMD_FSK_SIM_TAG:
998 CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
999 break;
1000 case CMD_ASK_SIM_TAG:
1001 CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1002 break;
872e3d4d 1003 case CMD_PSK_SIM_TAG:
1004 CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1005 break;
1006 case CMD_HID_CLONE_TAG:
5f84531b
SS		 1007 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0], 0x1D);
1008 break;
1009 case CMD_PARADOX_CLONE_TAG:
1010 // Paradox cards are the same as HID, with a different preamble, so we can reuse the same function
1011 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0], 0x0F);
7e67e42f 1012 break;
a1f3bb12 1013 case CMD_IO_DEMOD_FSK:
3fe4ff4f 1014 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
a1f3bb12 1015 break;
3fe4ff4f 1016 case CMD_IO_CLONE_TAG:
9f669cb2 1017 CopyIOtoT55x7(c->arg[0], c->arg[1]);
a1f3bb12 1018 break;
66707a3b 1019 case CMD_EM410X_DEMOD:
1020 CmdEM410xdemod(c->arg[0], 0, 0, 1);
1021 break;
2d4eae76 1022 case CMD_EM410X_WRITE_TAG:
1023 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
1024 break;
7e67e42f 1025 case CMD_READ_TI_TYPE:
1026 ReadTItag();
1027 break;
1028 case CMD_WRITE_TI_TYPE:
1029 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
1030 break;
1031 case CMD_SIMULATE_TAG_125K:
31d1caa5 1032 LED_A_ON();
7e67e42f 1033 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
31d1caa5 1034 LED_A_OFF();
7e67e42f 1035 break;
1036 case CMD_LF_SIMULATE_BIDIR:
1037 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
1038 break;
3fe4ff4f 1039 case CMD_INDALA_CLONE_TAG:
2414f978 1040 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
1041 break;
3fe4ff4f 1042 case CMD_INDALA_CLONE_TAG_L:
2414f978 1043 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
1044 break;
1c611bbd 1045 case CMD_T55XX_READ_BLOCK:
8e99ec25 1046 T55xxReadBlock(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 1047 break;
1048 case CMD_T55XX_WRITE_BLOCK:
1049 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
1050 break;
be2d41b7 1051 case CMD_T55XX_WAKEUP:
1052 T55xxWakeUp(c->arg[0]);
1c611bbd 1053 break;
66837a03 1054 case CMD_T55XX_RESET_READ:
1055 T55xxResetRead();
1056 break;
3fe4ff4f 1057 case CMD_PCF7931_READ:
1c611bbd 1058 ReadPCF7931();
1c611bbd 1059 break;
dc4300ba 1060 case CMD_PCF7931_WRITE:
d10e08ae 1061 WritePCF7931(c->d.asBytes[0],c->d.asBytes[1],c->d.asBytes[2],c->d.asBytes[3],c->d.asBytes[4],c->d.asBytes[5],c->d.asBytes[6], c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128, c->arg[0], c->arg[1], c->arg[2]);
dc4300ba 1062 break;
818e15b0
S		 1063 case CMD_PCF7931_BRUTEFORCE:
1064 BruteForcePCF7931(c->arg[0], (c->arg[1] & 0xFF), c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128);
1065 break;
1c611bbd 1066 case CMD_EM4X_READ_WORD:
7666f460 1067 EM4xReadWord(c->arg[0], c->arg[1],c->arg[2]);
1c611bbd 1068 break;
1069 case CMD_EM4X_WRITE_WORD:
7666f460 1070 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 1071 break;
dbf6e824
CY		 1072 case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
1073 CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
7cfc777b 1074 break;
709665b5 1075 case CMD_VIKING_CLONE_TAG:
1076 CopyVikingtoT55xx(c->arg[0], c->arg[1], c->arg[2]);
1077 break;
e04475c4 1078 case CMD_COTAG:
1079 Cotag(c->arg[0]);
1080 break;
15c4dc5a 1081#endif
1082
d19929cb 1083#ifdef WITH_HITAG
1084 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
1085 SnoopHitag(c->arg[0]);
1086 break;
1087 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
1088 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1089 break;
1090 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
1091 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1092 break;
4e12287d
RS		 1093 case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content
1094 SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1095 break;
1096 case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file
7b6e3205 1097 check_challenges_cmd((bool)c->arg[0], (byte_t*)c->d.asBytes, (uint8_t)c->arg[1]);
4e12287d
RS		 1098 break;
1099 case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge
7b6e3205 1100 ReadHitagSCmd((hitag_function)c->arg[0], (hitag_data*)c->d.asBytes, (uint8_t)c->arg[1], (uint8_t)c->arg[2], false);
1101 break;
1102 case CMD_READ_HITAG_S_BLK:
1103 ReadHitagSCmd((hitag_function)c->arg[0], (hitag_data*)c->d.asBytes, (uint8_t)c->arg[1], (uint8_t)c->arg[2], true);
4e12287d
RS		 1104 break;
1105 case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge
52244230
HJ		 1106 if ((hitag_function)c->arg[0] < 10) {
1107 WritePageHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes,c->arg[2]);
1108 }
1109 else if ((hitag_function)c->arg[0] >= 10) {
1110 WriterHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes, c->arg[2]);
1111 }
4e12287d 1112 break;
d19929cb 1113#endif
f168b263 1114
15c4dc5a 1115#ifdef WITH_ISO15693
1116 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
1117 AcquireRawAdcSamplesIso15693();
1118 break;
d9de20fa 1119
1120 case CMD_SNOOP_ISO_15693:
1121 SnoopIso15693();
9455b51c 1122 break;
1123
1124 case CMD_ISO_15693_COMMAND:
1125 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1126 break;
1127
1128 case CMD_ISO_15693_FIND_AFI:
1129 BruteforceIso15693Afi(c->arg[0]);
1130 break;
1131
1132 case CMD_ISO_15693_DEBUG:
1133 SetDebugIso15693(c->arg[0]);
1134 break;
15c4dc5a 1135
15c4dc5a 1136 case CMD_READER_ISO_15693:
1137 ReaderIso15693(c->arg[0]);
1138 break;
7e67e42f 1139 case CMD_SIMTAG_ISO_15693:
3fe4ff4f 1140 SimTagIso15693(c->arg[0], c->d.asBytes);
7e67e42f 1141 break;
15c4dc5a 1142#endif
1143
7e67e42f 1144#ifdef WITH_LEGICRF
1145 case CMD_SIMULATE_TAG_LEGIC_RF:
1b902aa0 1146 LegicRfSimulate(c->arg[0]);
7e67e42f 1147 break;
3612a8a8 1148
7e67e42f 1149 case CMD_WRITER_LEGIC_RF:
1150 LegicRfWriter(c->arg[1], c->arg[0]);
1151 break;
3612a8a8 1152
15c4dc5a 1153 case CMD_READER_LEGIC_RF:
1154 LegicRfReader(c->arg[0], c->arg[1]);
1155 break;
15c4dc5a 1156#endif
1157
1158#ifdef WITH_ISO14443b
15c4dc5a 1159 case CMD_READ_SRI512_TAG:
51d4f6f1 1160 ReadSTMemoryIso14443b(0x0F);
15c4dc5a 1161 break;
7e67e42f 1162 case CMD_READ_SRIX4K_TAG:
51d4f6f1 1163 ReadSTMemoryIso14443b(0x7F);
7e67e42f 1164 break;
132a0217 1165 case CMD_SNOOP_ISO_14443B:
51d4f6f1 1166 SnoopIso14443b();
7e67e42f 1167 break;
132a0217 1168 case CMD_SIMULATE_TAG_ISO_14443B:
51d4f6f1 1169 SimulateIso14443bTag();
7e67e42f 1170 break;
7cf3ef20 1171 case CMD_ISO_14443B_COMMAND:
1172 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1173 break;
15c4dc5a 1174#endif
1175
1176#ifdef WITH_ISO14443a
7e67e42f 1177 case CMD_SNOOP_ISO_14443a:
5cd9ec01 1178 SnoopIso14443a(c->arg[0]);
7e67e42f 1179 break;
15c4dc5a 1180 case CMD_READER_ISO_14443a:
902cb3c0 1181 ReaderIso14443a(c);
15c4dc5a 1182 break;
7e67e42f 1183 case CMD_SIMULATE_TAG_ISO_14443a:
28afbd2b 1184 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
7e67e42f 1185 break;
3fe4ff4f 1186
5acd09bd 1187 case CMD_EPA_PACE_COLLECT_NONCE:
902cb3c0 1188 EPA_PACE_Collect_Nonce(c);
5acd09bd 1189 break;
3bb07d96
FM		 1190 case CMD_EPA_PACE_REPLAY:
1191 EPA_PACE_Replay(c);
1192 break;
7e67e42f 1193
15c4dc5a 1194 case CMD_READER_MIFARE:
f168b263 1195 ReaderMifare(c->arg[0]);
15c4dc5a 1196 break;
20f9a2a1
M		 1197 case CMD_MIFARE_READBL:
1198 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1199 break;
981bd429 1200 case CMD_MIFAREU_READBL:
f168b263 1201 MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
981bd429 1202 break;
8258f409 1203 case CMD_MIFAREUC_AUTH:
1204 MifareUC_Auth(c->arg[0],c->d.asBytes);
a631936e 1205 break;
981bd429 1206 case CMD_MIFAREU_READCARD:
75377d29 1207 MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
117d9ec2 1208 break;
f168b263 1209 case CMD_MIFAREUC_SETPWD:
1210 MifareUSetPwd(c->arg[0], c->d.asBytes);
1211 break;
20f9a2a1
M		 1212 case CMD_MIFARE_READSC:
1213 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1214 break;
1215 case CMD_MIFARE_WRITEBL:
1216 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1217 break;
4973f23d 1218 //case CMD_MIFAREU_WRITEBL_COMPAT:
1219 //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
1220 //break;
981bd429 1221 case CMD_MIFAREU_WRITEBL:
4973f23d 1222 MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
f168b263 1223 break;
c48c4d78 1224 case CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES:
1225 MifareAcquireEncryptedNonces(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1226 break;
20f9a2a1
M		 1227 case CMD_MIFARE_NESTED:
1228 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
f397b5cc
M		 1229 break;
1230 case CMD_MIFARE_CHKKEYS:
1231 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
20f9a2a1
M		 1232 break;
1233 case CMD_SIMULATE_MIFARE_CARD:
1234 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1235 break;
8556b852
M		 1236
1237 // emulator
1238 case CMD_MIFARE_SET_DBGMODE:
1239 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1240 break;
1241 case CMD_MIFARE_EML_MEMCLR:
1242 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1243 break;
1244 case CMD_MIFARE_EML_MEMSET:
1245 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1246 break;
1247 case CMD_MIFARE_EML_MEMGET:
1248 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1249 break;
1250 case CMD_MIFARE_EML_CARDLOAD:
1251 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
0675f200
M		 1252 break;
1253
1254 // Work with "magic Chinese" card
3a05a1e7
OM		 1255 case CMD_MIFARE_CWIPE:
1256 MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1257 break;
3fe4ff4f 1258 case CMD_MIFARE_CSETBLOCK:
0675f200 1259 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
545a1f38 1260 break;
3fe4ff4f 1261 case CMD_MIFARE_CGETBLOCK:
545a1f38 1262 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
8556b852 1263 break;
3fe4ff4f 1264 case CMD_MIFARE_CIDENT:
1265 MifareCIdent();
1266 break;
b62a5a84
M		 1267
1268 // mifare sniffer
1269 case CMD_MIFARE_SNIFFER:
5cd9ec01 1270 SniffMifare(c->arg[0]);
b62a5a84 1271 break;
a631936e 1272
20f9a2a1
M		 1273#endif
1274
7e67e42f 1275#ifdef WITH_ICLASS
cee5a30d 1276 // Makes use of ISO14443a FPGA Firmware
1277 case CMD_SNOOP_ICLASS:
1278 SnoopIClass();
1279 break;
1e262141 1280 case CMD_SIMULATE_TAG_ICLASS:
ff7bb4ef 1281 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1e262141 1282 break;
1283 case CMD_READER_ICLASS:
1284 ReaderIClass(c->arg[0]);
1285 break;
c3963755 1286 case CMD_READER_ICLASS_REPLAY:
aa53efc3 1287 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
c3963755 1288 break;
aa53efc3 1289 case CMD_ICLASS_EML_MEMSET:
e80aeb96
MHS		 1290 emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
1291 break;
aa53efc3 1292 case CMD_ICLASS_WRITEBLOCK:
3ac22ee1 1293 iClass_WriteBlock(c->arg[0], c->d.asBytes);
1294 break;
1295 case CMD_ICLASS_READCHECK: // auth step 1
1296 iClass_ReadCheck(c->arg[0], c->arg[1]);
aa53efc3 1297 break;
1298 case CMD_ICLASS_READBLOCK:
3ac22ee1 1299 iClass_ReadBlk(c->arg[0]);
aa53efc3 1300 break;
3ac22ee1 1301 case CMD_ICLASS_AUTHENTICATION: //check
aa53efc3 1302 iClass_Authentication(c->d.asBytes);
1303 break;
1304 case CMD_ICLASS_DUMP:
3ac22ee1 1305 iClass_Dump(c->arg[0], c->arg[1]);
aa53efc3 1306 break;
1307 case CMD_ICLASS_CLONE:
3ac22ee1 1308 iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
aa53efc3 1309 break;
cee5a30d 1310#endif
0472d76d 1311#ifdef WITH_HFSNOOP
1312 case CMD_HF_SNIFFER:
1313 HfSnoop(c->arg[0], c->arg[1]);
1314 break;
1315#endif
43591e64 1316#ifdef WITH_SMARTCARD
1317 case CMD_SMART_ATR: {
1318 SmartCardAtr();
1319 break;
1320 }
1321 case CMD_SMART_SETCLOCK:{
1322 SmartCardSetClock(c->arg[0]);
1323 break;
1324 }
1325 case CMD_SMART_RAW: {
1326 SmartCardRaw(c->arg[0], c->arg[1], c->d.asBytes);
1327 break;
1328 }
1329 case CMD_SMART_UPLOAD: {
1330 // upload file from client
1331 uint8_t *mem = BigBuf_get_addr();
1332 memcpy( mem + c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1333 cmd_send(CMD_ACK,1,0,0,0,0);
1334 break;
1335 }
1336 case CMD_SMART_UPGRADE: {
1337 SmartCardUpgrade(c->arg[0]);
1338 break;
1339 }
1340#endif
cee5a30d 1341
7e67e42f 1342 case CMD_BUFF_CLEAR:
117d9ec2 1343 BigBuf_Clear();
15c4dc5a 1344 break;
15c4dc5a 1345
1346 case CMD_MEASURE_ANTENNA_TUNING:
fdcfbdcc 1347 MeasureAntennaTuning(c->arg[0]);
15c4dc5a 1348 break;
1349
1350 case CMD_MEASURE_ANTENNA_TUNING_HF:
1351 MeasureAntennaTuningHf();
1352 break;
1353
1354 case CMD_LISTEN_READER_FIELD:
1355 ListenReaderField(c->arg[0]);
1356 break;
1357
15c4dc5a 1358 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
1359 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1360 SpinDelay(200);
1361 LED_D_OFF(); // LED D indicates field ON or OFF
1362 break;
1363
1c611bbd 1364 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
902cb3c0 1365
1c611bbd 1366 LED_B_ON();
117d9ec2 1367 uint8_t *BigBuf = BigBuf_get_addr();
1c611bbd 1368 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
1369 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
3000dc4e 1370 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
1c611bbd 1371 }
1372 // Trigger a finish downloading signal with an ACK frame
3000dc4e 1373 cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
d3b1f4e4 1374 LED_B_OFF();
1c611bbd 1375 break;
15c4dc5a 1376
1377 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
8c8317a5 1378 // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
1379 // to be able to use this one for uploading data to device
1380 // arg1 = 0 upload for LF usage
1381 // 1 upload for HF usage
1382 if (c->arg[1] == 0)
1383 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
1384 else
1385 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1386
117d9ec2 1387 uint8_t *b = BigBuf_get_addr();
3fe4ff4f 1388 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1c611bbd 1389 cmd_send(CMD_ACK,0,0,0,0,0);
1390 break;
1391 }
15c4dc5a 1392 case CMD_READ_MEM:
1393 ReadMem(c->arg[0]);
1394 break;
1395
1396 case CMD_SET_LF_DIVISOR:
8c8317a5 1397 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
15c4dc5a 1398 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
1399 break;
1400
1401 case CMD_SET_ADC_MUX:
1402 switch(c->arg[0]) {
1403 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
1404 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
1405 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
1406 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
1407 }
1408 break;
1409
1410 case CMD_VERSION:
1411 SendVersion();
1412 break;
c89274cc 1413 case CMD_STATUS:
67b7d6fa 1414 SendStatus();
c89274cc
CY		 1415 break;
1416 case CMD_PING:
1417 cmd_send(CMD_ACK,0,0,0,0,0);
1418 break;
15c4dc5a 1419#ifdef WITH_LCD
1420 case CMD_LCD_RESET:
1421 LCDReset();
1422 break;
1423 case CMD_LCD:
1424 LCDSend(c->arg[0]);
1425 break;
1426#endif
1427 case CMD_SETUP_WRITE:
1428 case CMD_FINISH_WRITE:
1c611bbd 1429 case CMD_HARDWARE_RESET:
1430 usb_disable();
15c4dc5a 1431 SpinDelay(1000);
1432 SpinDelay(1000);
1433 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1434 for(;;) {
1435 // We're going to reset, and the bootrom will take control.
1436 }
1c611bbd 1437 break;
15c4dc5a 1438
1c611bbd 1439 case CMD_START_FLASH:
15c4dc5a 1440 if(common_area.flags.bootrom_present) {
1441 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
1442 }
1c611bbd 1443 usb_disable();
15c4dc5a 1444 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1445 for(;;);
1c611bbd 1446 break;
e30c654b 1447
15c4dc5a 1448 case CMD_DEVICE_INFO: {
902cb3c0 1449 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1450 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1c611bbd 1451 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1452 break;
1453 }
1454 default:
15c4dc5a 1455 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1c611bbd 1456 break;
15c4dc5a 1457 }
1458}
1459
1460void __attribute__((noreturn)) AppMain(void)
1461{
1462 SpinDelay(100);
9e8255d4 1463 clear_trace();
15c4dc5a 1464 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1465 /* Initialize common area */
1466 memset(&common_area, 0, sizeof(common_area));
1467 common_area.magic = COMMON_AREA_MAGIC;
1468 common_area.version = 1;
1469 }
1470 common_area.flags.osimage_present = 1;
1471
1472 LED_D_OFF();
1473 LED_C_OFF();
1474 LED_B_OFF();
1475 LED_A_OFF();
1476
3fe4ff4f 1477 // Init USB device
050aa18b 1478 usb_enable();
15c4dc5a 1479
1480 // The FPGA gets its clock from us from PCK0 output, so set that up.
1481 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1482 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1483 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1484 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1485 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
0472d76d 1486 AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
15c4dc5a 1487 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1488
1489 // Reset SPI
1490 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1491 // Reset SSC
1492 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1493
1494 // Load the FPGA image, which we have stored in our flash.
7cc204bf 1495 // (the HF version by default)
1496 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 1497
9ca155ba 1498 StartTickCount();
902cb3c0 1499
15c4dc5a 1500#ifdef WITH_LCD
15c4dc5a 1501 LCDInit();
15c4dc5a 1502#endif
1503
902cb3c0 1504 byte_t rx[sizeof(UsbCommand)];
1505 size_t rx_len;
1506
15c4dc5a 1507 for(;;) {
902cb3c0 1508 if (usb_poll()) {
1509 rx_len = usb_read(rx,sizeof(UsbCommand));
1510 if (rx_len) {
1511 UsbPacketReceived(rx,rx_len);
1512 }
1513 }
15c4dc5a 1514 WDT_HIT();
1515
a2937cea 1516#ifdef WITH_LF_StandAlone
e46fe044 1517#ifndef WITH_ISO14443a_StandAlone
15c4dc5a 1518 if (BUTTON_HELD(1000) > 0)
1519 SamyRun();
e46fe044
CY		 1520#endif
1521#endif
1522#ifdef WITH_ISO14443a
1523#ifdef WITH_ISO14443a_StandAlone
1524 if (BUTTON_HELD(1000) > 0)
1525 StandAloneMode14a();
1526#endif
15c4dc5a 1527#endif
1528 }
1529}
Proxmark3 GIT tracking
Impressum, Datenschutz