]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/appmain.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bugfixes iso14443a (hf 14a commands)
[proxmark3-svn] / armsrc / appmain.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
15c4dc5a 2// Jonathan Westhues, Mar 2006
3// Edits by Gerhard de Koning Gans, Sep 2007 (##)
bd20f8f4 4//
5// This code is licensed to you under the terms of the GNU GPL, version 2 or,
6// at your option, any later version. See the LICENSE.txt file for the text of
7// the license.
8//-----------------------------------------------------------------------------
9// The main application code. This is the first thing called after start.c
10// executes.
15c4dc5a 11//-----------------------------------------------------------------------------
12
902cb3c0 13#include "usb_cdc.h"
14#include "cmd.h"
15
e30c654b 16#include "proxmark3.h"
15c4dc5a 17#include "apps.h"
f7e3ed82 18#include "util.h"
9ab7a6c7 19#include "printf.h"
20#include "string.h"
21
22#include <stdarg.h>
f7e3ed82 23
15c4dc5a 24#include "legicrf.h"
d19929cb 25#include <hitag2.h>
f7e3ed82 26
15c4dc5a 27#ifdef WITH_LCD
902cb3c0 28 #include "LCD.h"
15c4dc5a 29#endif
30
15c4dc5a 31#define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33//=============================================================================
34// A buffer where we can queue things up to be sent through the FPGA, for
35// any purpose (fake tag, as reader, whatever). We go MSB first, since that
36// is the order in which they go out on the wire.
37//=============================================================================
38
6a1f2d82 39#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
40uint8_t ToSend[TOSEND_BUFFER_SIZE];
15c4dc5a 41int ToSendMax;
42static int ToSendBit;
43struct common_area common_area __attribute__((section(".commonarea")));
44
45void BufferClear(void)
46{
47 memset(BigBuf,0,sizeof(BigBuf));
48 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
49}
50
51void ToSendReset(void)
52{
53 ToSendMax = -1;
54 ToSendBit = 8;
55}
56
57void ToSendStuffBit(int b)
58{
59 if(ToSendBit >= 8) {
60 ToSendMax++;
61 ToSend[ToSendMax] = 0;
62 ToSendBit = 0;
63 }
64
65 if(b) {
66 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
67 }
68
69 ToSendBit++;
70
6a1f2d82 71 if(ToSendMax >= sizeof(ToSend)) {
15c4dc5a 72 ToSendBit = 0;
73 DbpString("ToSendStuffBit overflowed!");
74 }
75}
76
77//=============================================================================
78// Debug print functions, to go out over USB, to the usual PC-side client.
79//=============================================================================
80
81void DbpString(char *str)
82{
9440213d 83 byte_t len = strlen(str);
84 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
902cb3c0 85// /* this holds up stuff unless we're connected to usb */
86// if (!UsbConnected())
87// return;
88//
89// UsbCommand c;
90// c.cmd = CMD_DEBUG_PRINT_STRING;
91// c.arg[0] = strlen(str);
92// if(c.arg[0] > sizeof(c.d.asBytes)) {
93// c.arg[0] = sizeof(c.d.asBytes);
94// }
95// memcpy(c.d.asBytes, str, c.arg[0]);
96//
97// UsbSendPacket((uint8_t *)&c, sizeof(c));
98// // TODO fix USB so stupid things like this aren't req'd
99// SpinDelay(50);
15c4dc5a 100}
101
102#if 0
103void DbpIntegers(int x1, int x2, int x3)
104{
902cb3c0 105 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
106// /* this holds up stuff unless we're connected to usb */
107// if (!UsbConnected())
108// return;
109//
110// UsbCommand c;
111// c.cmd = CMD_DEBUG_PRINT_INTEGERS;
112// c.arg[0] = x1;
113// c.arg[1] = x2;
114// c.arg[2] = x3;
115//
116// UsbSendPacket((uint8_t *)&c, sizeof(c));
117// // XXX
118// SpinDelay(50);
15c4dc5a 119}
120#endif
121
122void Dbprintf(const char *fmt, ...) {
123// should probably limit size here; oh well, let's just use a big buffer
124 char output_string[128];
125 va_list ap;
126
127 va_start(ap, fmt);
128 kvsprintf(fmt, output_string, 10, ap);
129 va_end(ap);
e30c654b 130
15c4dc5a 131 DbpString(output_string);
132}
133
9455b51c 134// prints HEX & ASCII
d19929cb 135void Dbhexdump(int len, uint8_t *d, bool bAsci) {
9455b51c 136 int l=0,i;
137 char ascii[9];
d19929cb 138
9455b51c 139 while (len>0) {
140 if (len>8) l=8;
141 else l=len;
142
143 memcpy(ascii,d,l);
d19929cb 144 ascii[l]=0;
9455b51c 145
146 // filter safe ascii
d19929cb 147 for (i=0;i<l;i++)
9455b51c 148 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
d19929cb 149
150 if (bAsci) {
151 Dbprintf("%-8s %*D",ascii,l,d," ");
152 } else {
153 Dbprintf("%*D",l,d," ");
154 }
155
9455b51c 156 len-=8;
157 d+=8;
158 }
159}
160
15c4dc5a 161//-----------------------------------------------------------------------------
162// Read an ADC channel and block till it completes, then return the result
163// in ADC units (0 to 1023). Also a routine to average 32 samples and
164// return that.
165//-----------------------------------------------------------------------------
166static int ReadAdc(int ch)
167{
f7e3ed82 168 uint32_t d;
15c4dc5a 169
170 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
171 AT91C_BASE_ADC->ADC_MR =
172 ADC_MODE_PRESCALE(32) |
173 ADC_MODE_STARTUP_TIME(16) |
174 ADC_MODE_SAMPLE_HOLD_TIME(8);
175 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
176
177 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
178 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
179 ;
180 d = AT91C_BASE_ADC->ADC_CDR[ch];
181
182 return d;
183}
184
9ca155ba 185int AvgAdc(int ch) // was static - merlok
15c4dc5a 186{
187 int i;
188 int a = 0;
189
190 for(i = 0; i < 32; i++) {
191 a += ReadAdc(ch);
192 }
193
194 return (a + 15) >> 5;
195}
196
197void MeasureAntennaTuning(void)
198{
d19929cb 199 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
9f693930 200 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
15c4dc5a 201 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
202
902cb3c0 203// UsbCommand c;
15c4dc5a 204
d19929cb 205 LED_B_ON();
206 DbpString("Measuring antenna characteristics, please wait...");
207 memset(dest,0,sizeof(FREE_BUFFER_SIZE));
15c4dc5a 208
209/*
210 * Sweeps the useful LF range of the proxmark from
211 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
212 * read the voltage in the antenna, the result left
213 * in the buffer is a graph which should clearly show
214 * the resonating frequency of your LF antenna
215 * ( hopefully around 95 if it is tuned to 125kHz!)
216 */
d19929cb 217
7cc204bf 218 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
b014c96d 219 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
15c4dc5a 220 for (i=255; i>19; i--) {
d19929cb 221 WDT_HIT();
15c4dc5a 222 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
223 SpinDelay(20);
224 // Vref = 3.3V, and a 10000:240 voltage divider on the input
225 // can measure voltages up to 137500 mV
226 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
227 if (i==95) vLf125 = adcval; // voltage at 125Khz
228 if (i==89) vLf134 = adcval; // voltage at 134Khz
229
230 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
231 if(dest[i] > peak) {
232 peakv = adcval;
233 peak = dest[i];
234 peakf = i;
9f693930 235 //ptr = i;
15c4dc5a 236 }
237 }
238
d19929cb 239 LED_A_ON();
15c4dc5a 240 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
7cc204bf 241 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 242 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
243 SpinDelay(20);
244 // Vref = 3300mV, and an 10:1 voltage divider on the input
245 // can measure voltages up to 33000 mV
246 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
247
902cb3c0 248// c.cmd = CMD_MEASURED_ANTENNA_TUNING;
249// c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
250// c.arg[1] = vHf;
251// c.arg[2] = peakf | (peakv << 16);
d19929cb 252
253 DbpString("Measuring complete, sending report back to host");
902cb3c0 254 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),0,0);
255// UsbSendPacket((uint8_t *)&c, sizeof(c));
d19929cb 256 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
257 LED_A_OFF();
258 LED_B_OFF();
259 return;
15c4dc5a 260}
261
262void MeasureAntennaTuningHf(void)
263{
264 int vHf = 0; // in mV
265
266 DbpString("Measuring HF antenna, press button to exit");
267
268 for (;;) {
269 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
7cc204bf 270 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 271 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
272 SpinDelay(20);
273 // Vref = 3300mV, and an 10:1 voltage divider on the input
274 // can measure voltages up to 33000 mV
275 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
e30c654b 276
15c4dc5a 277 Dbprintf("%d mV",vHf);
278 if (BUTTON_PRESS()) break;
279 }
280 DbpString("cancelled");
281}
282
283
284void SimulateTagHfListen(void)
285{
d19929cb 286 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
f7e3ed82 287 uint8_t v = 0;
15c4dc5a 288 int i;
289 int p = 0;
290
291 // We're using this mode just so that I can test it out; the simulated
292 // tag mode would work just as well and be simpler.
7cc204bf 293 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 294 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
295
296 // We need to listen to the high-frequency, peak-detected path.
297 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
298
299 FpgaSetupSsc();
300
301 i = 0;
302 for(;;) {
303 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
304 AT91C_BASE_SSC->SSC_THR = 0xff;
305 }
306 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
f7e3ed82 307 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
15c4dc5a 308
309 v <<= 1;
310 if(r & 1) {
311 v |= 1;
312 }
313 p++;
314
315 if(p >= 8) {
316 dest[i] = v;
317 v = 0;
318 p = 0;
319 i++;
320
d19929cb 321 if(i >= FREE_BUFFER_SIZE) {
15c4dc5a 322 break;
323 }
324 }
325 }
326 }
327 DbpString("simulate tag (now type bitsamples)");
328}
329
330void ReadMem(int addr)
331{
f7e3ed82 332 const uint8_t *data = ((uint8_t *)addr);
15c4dc5a 333
334 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
335 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
336}
337
338/* osimage version information is linked in */
339extern struct version_information version_information;
340/* bootrom version information is pointed to from _bootphase1_version_pointer */
341extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
342void SendVersion(void)
343{
cba867f2 344 char temp[256]; /* Limited data payload in USB packets */
15c4dc5a 345 DbpString("Prox/RFID mark3 RFID instrument");
e30c654b 346
347 /* Try to find the bootrom version information. Expect to find a pointer at
15c4dc5a 348 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
349 * pointer, then use it.
350 */
351 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
352 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
353 DbpString("bootrom version information appears invalid");
354 } else {
355 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
356 DbpString(temp);
357 }
e30c654b 358
15c4dc5a 359 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
360 DbpString(temp);
e30c654b 361
15c4dc5a 362 FpgaGatherVersion(temp, sizeof(temp));
363 DbpString(temp);
4f269f63 364 // Send Chip ID
365 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
15c4dc5a 366}
367
368#ifdef WITH_LF
369// samy's sniff and repeat routine
370void SamyRun()
371{
372 DbpString("Stand-alone mode! No PC necessary.");
7cc204bf 373 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
15c4dc5a 374
375 // 3 possible options? no just 2 for now
376#define OPTS 2
377
378 int high[OPTS], low[OPTS];
379
380 // Oooh pretty -- notify user we're in elite samy mode now
381 LED(LED_RED, 200);
382 LED(LED_ORANGE, 200);
383 LED(LED_GREEN, 200);
384 LED(LED_ORANGE, 200);
385 LED(LED_RED, 200);
386 LED(LED_ORANGE, 200);
387 LED(LED_GREEN, 200);
388 LED(LED_ORANGE, 200);
389 LED(LED_RED, 200);
390
391 int selected = 0;
392 int playing = 0;
393
394 // Turn on selected LED
395 LED(selected + 1, 0);
396
397 for (;;)
398 {
6e82300d 399// UsbPoll(FALSE);
400 usb_poll();
401 WDT_HIT();
15c4dc5a 402
403 // Was our button held down or pressed?
404 int button_pressed = BUTTON_HELD(1000);
405 SpinDelay(300);
406
407 // Button was held for a second, begin recording
408 if (button_pressed > 0)
409 {
410 LEDsoff();
411 LED(selected + 1, 0);
412 LED(LED_RED2, 0);
413
414 // record
415 DbpString("Starting recording");
416
417 // wait for button to be released
418 while(BUTTON_PRESS())
419 WDT_HIT();
420
421 /* need this delay to prevent catching some weird data */
422 SpinDelay(500);
423
424 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
425 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
426
427 LEDsoff();
428 LED(selected + 1, 0);
429 // Finished recording
430
431 // If we were previously playing, set playing off
432 // so next button push begins playing what we recorded
433 playing = 0;
434 }
435
436 // Change where to record (or begin playing)
437 else if (button_pressed)
438 {
439 // Next option if we were previously playing
440 if (playing)
441 selected = (selected + 1) % OPTS;
442 playing = !playing;
443
444 LEDsoff();
445 LED(selected + 1, 0);
446
447 // Begin transmitting
448 if (playing)
449 {
450 LED(LED_GREEN, 0);
451 DbpString("Playing");
452 // wait for button to be released
453 while(BUTTON_PRESS())
454 WDT_HIT();
455 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
456 CmdHIDsimTAG(high[selected], low[selected], 0);
457 DbpString("Done playing");
458 if (BUTTON_HELD(1000) > 0)
459 {
460 DbpString("Exiting");
461 LEDsoff();
462 return;
463 }
464
465 /* We pressed a button so ignore it here with a delay */
466 SpinDelay(300);
467
468 // when done, we're done playing, move to next option
469 selected = (selected + 1) % OPTS;
470 playing = !playing;
471 LEDsoff();
472 LED(selected + 1, 0);
473 }
474 else
475 while(BUTTON_PRESS())
476 WDT_HIT();
477 }
478 }
479}
480#endif
481
482/*
483OBJECTIVE
484Listen and detect an external reader. Determine the best location
485for the antenna.
486
487INSTRUCTIONS:
488Inside the ListenReaderField() function, there is two mode.
489By default, when you call the function, you will enter mode 1.
490If you press the PM3 button one time, you will enter mode 2.
491If you press the PM3 button a second time, you will exit the function.
492
493DESCRIPTION OF MODE 1:
494This mode just listens for an external reader field and lights up green
495for HF and/or red for LF. This is the original mode of the detectreader
496function.
497
498DESCRIPTION OF MODE 2:
499This mode will visually represent, using the LEDs, the actual strength of the
500current compared to the maximum current detected. Basically, once you know
501what kind of external reader is present, it will help you spot the best location to place
502your antenna. You will probably not get some good results if there is a LF and a HF reader
503at the same place! :-)
504
505LIGHT SCHEME USED:
506*/
507static const char LIGHT_SCHEME[] = {
508 0x0, /* ---- | No field detected */
509 0x1, /* X--- | 14% of maximum current detected */
510 0x2, /* -X-- | 29% of maximum current detected */
511 0x4, /* --X- | 43% of maximum current detected */
512 0x8, /* ---X | 57% of maximum current detected */
513 0xC, /* --XX | 71% of maximum current detected */
514 0xE, /* -XXX | 86% of maximum current detected */
515 0xF, /* XXXX | 100% of maximum current detected */
516};
517static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
518
519void ListenReaderField(int limit)
520{
521 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
522 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
523 int mode=1, display_val, display_max, i;
524
525#define LF_ONLY 1
526#define HF_ONLY 2
527
528 LEDsoff();
529
530 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
531
532 if(limit != HF_ONLY) {
533 Dbprintf("LF 125/134 Baseline: %d", lf_av);
534 lf_baseline = lf_av;
535 }
536
537 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
538
539 if (limit != LF_ONLY) {
540 Dbprintf("HF 13.56 Baseline: %d", hf_av);
541 hf_baseline = hf_av;
542 }
543
544 for(;;) {
545 if (BUTTON_PRESS()) {
546 SpinDelay(500);
547 switch (mode) {
548 case 1:
549 mode=2;
550 DbpString("Signal Strength Mode");
551 break;
552 case 2:
553 default:
554 DbpString("Stopped");
555 LEDsoff();
556 return;
557 break;
558 }
559 }
560 WDT_HIT();
561
562 if (limit != HF_ONLY) {
563 if(mode==1) {
564 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
565 else LED_D_OFF();
566 }
e30c654b 567
15c4dc5a 568 ++lf_count;
569 lf_av_new= ReadAdc(ADC_CHAN_LF);
570 // see if there's a significant change
571 if(abs(lf_av - lf_av_new) > 10) {
572 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
573 lf_av = lf_av_new;
574 if (lf_av > lf_max)
575 lf_max = lf_av;
576 lf_count= 0;
577 }
578 }
579
580 if (limit != LF_ONLY) {
581 if (mode == 1){
582 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
583 else LED_B_OFF();
584 }
e30c654b 585
15c4dc5a 586 ++hf_count;
587 hf_av_new= ReadAdc(ADC_CHAN_HF);
588 // see if there's a significant change
589 if(abs(hf_av - hf_av_new) > 10) {
590 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
591 hf_av = hf_av_new;
592 if (hf_av > hf_max)
593 hf_max = hf_av;
594 hf_count= 0;
595 }
596 }
e30c654b 597
15c4dc5a 598 if(mode == 2) {
599 if (limit == LF_ONLY) {
600 display_val = lf_av;
601 display_max = lf_max;
602 } else if (limit == HF_ONLY) {
603 display_val = hf_av;
604 display_max = hf_max;
605 } else { /* Pick one at random */
606 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
607 display_val = hf_av;
608 display_max = hf_max;
609 } else {
610 display_val = lf_av;
611 display_max = lf_max;
612 }
613 }
614 for (i=0; i<LIGHT_LEN; i++) {
615 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
616 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
617 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
618 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
619 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
620 break;
621 }
622 }
623 }
624 }
625}
626
f7e3ed82 627void UsbPacketReceived(uint8_t *packet, int len)
15c4dc5a 628{
629 UsbCommand *c = (UsbCommand *)packet;
15c4dc5a 630
902cb3c0 631// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
632
15c4dc5a 633 switch(c->cmd) {
634#ifdef WITH_LF
635 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
636 AcquireRawAdcSamples125k(c->arg[0]);
1c611bbd 637 cmd_send(CMD_ACK,0,0,0,0,0);
15c4dc5a 638 break;
15c4dc5a 639 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
640 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
641 break;
b014c96d 642 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
643 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
644 cmd_send(CMD_ACK,0,0,0,0,0);
645 break;
7e67e42f 646 case CMD_HID_DEMOD_FSK:
2414f978 647 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
7e67e42f 648 break;
649 case CMD_HID_SIM_TAG:
650 CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
651 break;
a1f3bb12 652 case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
1c611bbd 653 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
7e67e42f 654 break;
a1f3bb12 655 case CMD_IO_DEMOD_FSK:
656 CmdIOdemodFSK(1, 0, 0, 1); // Demodulate IO tag
657 break;
658 case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
659 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
660 break;
2d4eae76 661 case CMD_EM410X_WRITE_TAG:
662 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
663 break;
7e67e42f 664 case CMD_READ_TI_TYPE:
665 ReadTItag();
666 break;
667 case CMD_WRITE_TI_TYPE:
668 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
669 break;
670 case CMD_SIMULATE_TAG_125K:
671 LED_A_ON();
672 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
673 LED_A_OFF();
674 break;
675 case CMD_LF_SIMULATE_BIDIR:
676 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
677 break;
2414f978 678 case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
679 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
680 break;
681 case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
682 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
683 break;
1c611bbd 684 case CMD_T55XX_READ_BLOCK:
685 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
686 break;
687 case CMD_T55XX_WRITE_BLOCK:
688 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
689 break;
690 case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
691 T55xxReadTrace();
692 break;
693 case CMD_PCF7931_READ: // Read PCF7931 tag
694 ReadPCF7931();
695 cmd_send(CMD_ACK,0,0,0,0,0);
696// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
697 break;
698 case CMD_EM4X_READ_WORD:
699 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
700 break;
701 case CMD_EM4X_WRITE_WORD:
702 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
703 break;
15c4dc5a 704#endif
705
d19929cb 706#ifdef WITH_HITAG
707 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
708 SnoopHitag(c->arg[0]);
709 break;
710 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
711 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
712 break;
713 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
714 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
715 break;
716#endif
717
15c4dc5a 718#ifdef WITH_ISO15693
719 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
720 AcquireRawAdcSamplesIso15693();
721 break;
9455b51c 722 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
723 RecordRawAdcSamplesIso15693();
724 break;
725
726 case CMD_ISO_15693_COMMAND:
727 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
728 break;
729
730 case CMD_ISO_15693_FIND_AFI:
731 BruteforceIso15693Afi(c->arg[0]);
732 break;
733
734 case CMD_ISO_15693_DEBUG:
735 SetDebugIso15693(c->arg[0]);
736 break;
15c4dc5a 737
15c4dc5a 738 case CMD_READER_ISO_15693:
739 ReaderIso15693(c->arg[0]);
740 break;
7e67e42f 741 case CMD_SIMTAG_ISO_15693:
742 SimTagIso15693(c->arg[0]);
743 break;
15c4dc5a 744#endif
745
7e67e42f 746#ifdef WITH_LEGICRF
747 case CMD_SIMULATE_TAG_LEGIC_RF:
748 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
749 break;
3612a8a8 750
7e67e42f 751 case CMD_WRITER_LEGIC_RF:
752 LegicRfWriter(c->arg[1], c->arg[0]);
753 break;
3612a8a8 754
15c4dc5a 755 case CMD_READER_LEGIC_RF:
756 LegicRfReader(c->arg[0], c->arg[1]);
757 break;
15c4dc5a 758#endif
759
760#ifdef WITH_ISO14443b
761 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
762 AcquireRawAdcSamplesIso14443(c->arg[0]);
763 break;
15c4dc5a 764 case CMD_READ_SRI512_TAG:
7cf3ef20 765 ReadSTMemoryIso14443(0x0F);
15c4dc5a 766 break;
7e67e42f 767 case CMD_READ_SRIX4K_TAG:
7cf3ef20 768 ReadSTMemoryIso14443(0x7F);
7e67e42f 769 break;
770 case CMD_SNOOP_ISO_14443:
771 SnoopIso14443();
772 break;
773 case CMD_SIMULATE_TAG_ISO_14443:
774 SimulateIso14443Tag();
775 break;
7cf3ef20 776 case CMD_ISO_14443B_COMMAND:
777 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
778 break;
15c4dc5a 779#endif
780
781#ifdef WITH_ISO14443a
7e67e42f 782 case CMD_SNOOP_ISO_14443a:
5cd9ec01 783 SnoopIso14443a(c->arg[0]);
7e67e42f 784 break;
15c4dc5a 785 case CMD_READER_ISO_14443a:
902cb3c0 786 ReaderIso14443a(c);
15c4dc5a 787 break;
7e67e42f 788 case CMD_SIMULATE_TAG_ISO_14443a:
28afbd2b 789 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
7e67e42f 790 break;
5acd09bd 791 case CMD_EPA_PACE_COLLECT_NONCE:
902cb3c0 792 EPA_PACE_Collect_Nonce(c);
5acd09bd 793 break;
7e67e42f 794
15c4dc5a 795 case CMD_READER_MIFARE:
1c611bbd 796 ReaderMifare(c->arg[0]);
15c4dc5a 797 break;
20f9a2a1
M		 798 case CMD_MIFARE_READBL:
799 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
800 break;
981bd429 801 case CMD_MIFAREU_READBL:
802 MifareUReadBlock(c->arg[0],c->d.asBytes);
803 break;
804 case CMD_MIFAREU_READCARD:
805 MifareUReadCard(c->arg[0],c->d.asBytes);
806 break;
20f9a2a1
M		 807 case CMD_MIFARE_READSC:
808 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
809 break;
810 case CMD_MIFARE_WRITEBL:
811 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
812 break;
981bd429 813 case CMD_MIFAREU_WRITEBL_COMPAT:
814 MifareUWriteBlock(c->arg[0], c->d.asBytes);
815 break;
816 case CMD_MIFAREU_WRITEBL:
817 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
818 break;
20f9a2a1
M		 819 case CMD_MIFARE_NESTED:
820 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
f397b5cc
M		 821 break;
822 case CMD_MIFARE_CHKKEYS:
823 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
20f9a2a1
M		 824 break;
825 case CMD_SIMULATE_MIFARE_CARD:
826 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
827 break;
8556b852
M		 828
829 // emulator
830 case CMD_MIFARE_SET_DBGMODE:
831 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
832 break;
833 case CMD_MIFARE_EML_MEMCLR:
834 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
835 break;
836 case CMD_MIFARE_EML_MEMSET:
837 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
838 break;
839 case CMD_MIFARE_EML_MEMGET:
840 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
841 break;
842 case CMD_MIFARE_EML_CARDLOAD:
843 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
0675f200
M		 844 break;
845
846 // Work with "magic Chinese" card
847 case CMD_MIFARE_EML_CSETBLOCK:
848 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
545a1f38
M		 849 break;
850 case CMD_MIFARE_EML_CGETBLOCK:
851 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
8556b852 852 break;
b62a5a84
M		 853
854 // mifare sniffer
855 case CMD_MIFARE_SNIFFER:
5cd9ec01 856 SniffMifare(c->arg[0]);
b62a5a84 857 break;
20f9a2a1
M		 858#endif
859
7e67e42f 860#ifdef WITH_ICLASS
cee5a30d 861 // Makes use of ISO14443a FPGA Firmware
862 case CMD_SNOOP_ICLASS:
863 SnoopIClass();
864 break;
1e262141 865 case CMD_SIMULATE_TAG_ICLASS:
ff7bb4ef 866 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1e262141 867 break;
868 case CMD_READER_ICLASS:
869 ReaderIClass(c->arg[0]);
870 break;
c3963755 871 case CMD_READER_ICLASS_REPLAY:
fecd8202 872 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
c3963755 873 break;
cee5a30d 874#endif
875
15c4dc5a 876 case CMD_SIMULATE_TAG_HF_LISTEN:
877 SimulateTagHfListen();
878 break;
879
7e67e42f 880 case CMD_BUFF_CLEAR:
881 BufferClear();
15c4dc5a 882 break;
15c4dc5a 883
884 case CMD_MEASURE_ANTENNA_TUNING:
885 MeasureAntennaTuning();
886 break;
887
888 case CMD_MEASURE_ANTENNA_TUNING_HF:
889 MeasureAntennaTuningHf();
890 break;
891
892 case CMD_LISTEN_READER_FIELD:
893 ListenReaderField(c->arg[0]);
894 break;
895
15c4dc5a 896 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
897 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
898 SpinDelay(200);
899 LED_D_OFF(); // LED D indicates field ON or OFF
900 break;
901
1c611bbd 902 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
902cb3c0 903// UsbCommand n;
904// if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
905// n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
906// } else {
907// n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
908// }
909// n.arg[0] = c->arg[0];
910 // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
911 // LED_B_ON();
912 // usb_write((uint8_t *)&n, sizeof(n));
913 // UsbSendPacket((uint8_t *)&n, sizeof(n));
914 // LED_B_OFF();
915
1c611bbd 916 LED_B_ON();
917 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
918 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
919 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
920 }
921 // Trigger a finish downloading signal with an ACK frame
922 cmd_send(CMD_ACK,0,0,0,0,0);
d3b1f4e4 923 LED_B_OFF();
1c611bbd 924 break;
15c4dc5a 925
926 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
f7e3ed82 927 uint8_t *b = (uint8_t *)BigBuf;
15c4dc5a 928 memcpy(b+c->arg[0], c->d.asBytes, 48);
929 //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
902cb3c0 930// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
1c611bbd 931 cmd_send(CMD_ACK,0,0,0,0,0);
932 break;
933 }
15c4dc5a 934 case CMD_READ_MEM:
935 ReadMem(c->arg[0]);
936 break;
937
938 case CMD_SET_LF_DIVISOR:
7cc204bf 939 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
15c4dc5a 940 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
941 break;
942
943 case CMD_SET_ADC_MUX:
944 switch(c->arg[0]) {
945 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
946 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
947 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
948 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
949 }
950 break;
951
952 case CMD_VERSION:
953 SendVersion();
954 break;
955
15c4dc5a 956#ifdef WITH_LCD
957 case CMD_LCD_RESET:
958 LCDReset();
959 break;
960 case CMD_LCD:
961 LCDSend(c->arg[0]);
962 break;
963#endif
964 case CMD_SETUP_WRITE:
965 case CMD_FINISH_WRITE:
1c611bbd 966 case CMD_HARDWARE_RESET:
967 usb_disable();
15c4dc5a 968 SpinDelay(1000);
969 SpinDelay(1000);
970 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
971 for(;;) {
972 // We're going to reset, and the bootrom will take control.
973 }
1c611bbd 974 break;
15c4dc5a 975
1c611bbd 976 case CMD_START_FLASH:
15c4dc5a 977 if(common_area.flags.bootrom_present) {
978 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
979 }
1c611bbd 980 usb_disable();
15c4dc5a 981 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
982 for(;;);
1c611bbd 983 break;
e30c654b 984
15c4dc5a 985 case CMD_DEVICE_INFO: {
902cb3c0 986 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
987 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
988// UsbSendPacket((uint8_t*)&c, sizeof(c));
1c611bbd 989 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
990 break;
991 }
992 default:
15c4dc5a 993 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1c611bbd 994 break;
15c4dc5a 995 }
996}
997
998void __attribute__((noreturn)) AppMain(void)
999{
1000 SpinDelay(100);
e30c654b 1001
15c4dc5a 1002 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1003 /* Initialize common area */
1004 memset(&common_area, 0, sizeof(common_area));
1005 common_area.magic = COMMON_AREA_MAGIC;
1006 common_area.version = 1;
1007 }
1008 common_area.flags.osimage_present = 1;
1009
1010 LED_D_OFF();
1011 LED_C_OFF();
1012 LED_B_OFF();
1013 LED_A_OFF();
1014
28fdb04f 1015 // Init USB device`
902cb3c0 1016 usb_enable();
902cb3c0 1017// UsbStart();
15c4dc5a 1018
1019 // The FPGA gets its clock from us from PCK0 output, so set that up.
1020 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1021 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1022 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1023 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1024 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1025 AT91C_PMC_PRES_CLK_4;
1026 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1027
1028 // Reset SPI
1029 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1030 // Reset SSC
1031 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1032
1033 // Load the FPGA image, which we have stored in our flash.
7cc204bf 1034 // (the HF version by default)
1035 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 1036
9ca155ba 1037 StartTickCount();
902cb3c0 1038
15c4dc5a 1039#ifdef WITH_LCD
15c4dc5a 1040 LCDInit();
15c4dc5a 1041#endif
1042
902cb3c0 1043 byte_t rx[sizeof(UsbCommand)];
1044 size_t rx_len;
1045
15c4dc5a 1046 for(;;) {
902cb3c0 1047 if (usb_poll()) {
1048 rx_len = usb_read(rx,sizeof(UsbCommand));
1049 if (rx_len) {
1050 UsbPacketReceived(rx,rx_len);
1051 }
1052 }
1053// UsbPoll(FALSE);
1054
15c4dc5a 1055 WDT_HIT();
1056
1057#ifdef WITH_LF
1058 if (BUTTON_HELD(1000) > 0)
1059 SamyRun();
1060#endif
1061 }
1062}
Proxmark3 GIT tracking
Impressum, Datenschutz