]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/appmain.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Windows VC compile file shoudn't be there.
[proxmark3-svn] / armsrc / appmain.c
CommitLineData
959baa89 1//-----------------------------------------------------------------------------
2// The main application code. This is the first thing called after start.c
3// executes.
4// Jonathan Westhues, Mar 2006
5// Edits by Gerhard de Koning Gans, Sep 2007 (##)
6//-----------------------------------------------------------------------------
7
8
9#include <proxmark3.h>
7f348042 10#include <stdlib.h>
959baa89 11#include "apps.h"
12#ifdef WITH_LCD
13#include "fonts.h"
14#include "LCD.h"
15#endif
16
17// The large multi-purpose buffer, typically used to hold A/D samples,
18// maybe pre-processed in some way.
19DWORD BigBuf[16000];
955fc5e2 20int usbattached = 0;
959baa89 21
22//=============================================================================
23// A buffer where we can queue things up to be sent through the FPGA, for
24// any purpose (fake tag, as reader, whatever). We go MSB first, since that
25// is the order in which they go out on the wire.
26//=============================================================================
27
28BYTE ToSend[256];
29int ToSendMax;
30static int ToSendBit;
31
f23e056d 32
33void BufferClear(void)
34{
35 memset(BigBuf,0,sizeof(BigBuf));
36 DbpString("Buffer cleared");
37}
38
959baa89 39void ToSendReset(void)
40{
41 ToSendMax = -1;
42 ToSendBit = 8;
43}
44
45void ToSendStuffBit(int b)
46{
47 if(ToSendBit >= 8) {
48 ToSendMax++;
49 ToSend[ToSendMax] = 0;
50 ToSendBit = 0;
51 }
52
53 if(b) {
54 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
55 }
56
57 ToSendBit++;
58
59 if(ToSendBit >= sizeof(ToSend)) {
60 ToSendBit = 0;
61 DbpString("ToSendStuffBit overflowed!");
62 }
63}
64
65//=============================================================================
66// Debug print functions, to go out over USB, to the usual PC-side client.
67//=============================================================================
68
69void DbpString(char *str)
70{
955fc5e2 71 /* this holds up stuff unless we're connected to usb */
1dff8c42 72// if (!usbattached)
73// return;
955fc5e2 74
959baa89 75 UsbCommand c;
76 c.cmd = CMD_DEBUG_PRINT_STRING;
77 c.ext1 = strlen(str);
78 memcpy(c.d.asBytes, str, c.ext1);
79
80 UsbSendPacket((BYTE *)&c, sizeof(c));
81 // TODO fix USB so stupid things like this aren't req'd
82 SpinDelay(50);
83}
84
85void DbpIntegers(int x1, int x2, int x3)
86{
955fc5e2 87 /* this holds up stuff unless we're connected to usb */
1dff8c42 88// if (!usbattached)
89// return;
955fc5e2 90
959baa89 91 UsbCommand c;
92 c.cmd = CMD_DEBUG_PRINT_INTEGERS;
93 c.ext1 = x1;
94 c.ext2 = x2;
95 c.ext3 = x3;
96
97 UsbSendPacket((BYTE *)&c, sizeof(c));
98 // XXX
99 SpinDelay(50);
100}
101
102void AcquireRawAdcSamples125k(BOOL at134khz)
103{
104 if(at134khz) {
105 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
106 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
107 } else {
108 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
109 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
110 }
111
112 // Connect the A/D to the peak-detected low-frequency path.
113 SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
114
115 // Give it a bit of time for the resonant antenna to settle.
116 SpinDelay(50);
117
118 // Now set up the SSC to get the ADC samples that are now streaming at us.
119 FpgaSetupSsc();
120
121 // Now call the acquisition routine
122 DoAcquisition125k(at134khz);
123}
124
125// split into two routines so we can avoid timing issues after sending commands //
126void DoAcquisition125k(BOOL at134khz)
127{
128 BYTE *dest = (BYTE *)BigBuf;
129 int n = sizeof(BigBuf);
130 int i;
131
132 memset(dest,0,n);
133 i = 0;
134 for(;;) {
135 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
136 SSC_TRANSMIT_HOLDING = 0x43;
137 LED_D_ON();
138 }
139 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
140 dest[i] = (BYTE)SSC_RECEIVE_HOLDING;
141 i++;
142 LED_D_OFF();
143 if(i >= n) {
144 break;
145 }
146 }
147 }
148 DbpIntegers(dest[0], dest[1], at134khz);
149}
150
151void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command)
152{
153 BOOL at134khz;
154
155 // see if 'h' was specified
1dd23352 156 if(command[strlen((char *) command) - 1] == 'h')
959baa89 157 at134khz= TRUE;
158 else
159 at134khz= FALSE;
160
161 if(at134khz) {
162 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
163 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
164 } else {
165 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
166 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
167 }
168
169 // Give it a bit of time for the resonant antenna to settle.
170 SpinDelay(50);
171
172 // Now set up the SSC to get the ADC samples that are now streaming at us.
173 FpgaSetupSsc();
174
175 // now modulate the reader field
176 while(*command != '\0' && *command != ' ')
177 {
178 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
179 LED_D_OFF();
180 SpinDelayUs(delay_off);
181 if(at134khz) {
182 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
183 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
184 } else {
185 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
186 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
187 }
188 LED_D_ON();
189 if(*(command++) == '0')
190 SpinDelayUs(period_0);
191 else
192 SpinDelayUs(period_1);
193 }
194 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
195 LED_D_OFF();
196 SpinDelayUs(delay_off);
197 if(at134khz) {
198 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
199 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
200 } else {
201 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
202 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
203 }
204
205 // now do the read
206 DoAcquisition125k(at134khz);
207}
208
209//-----------------------------------------------------------------------------
210// Read an ADC channel and block till it completes, then return the result
211// in ADC units (0 to 1023). Also a routine to average 32 samples and
212// return that.
213//-----------------------------------------------------------------------------
214static int ReadAdc(int ch)
215{
216 DWORD d;
217
218 ADC_CONTROL = ADC_CONTROL_RESET;
219 ADC_MODE = ADC_MODE_PRESCALE(32) | ADC_MODE_STARTUP_TIME(16) |
220 ADC_MODE_SAMPLE_HOLD_TIME(8);
221 ADC_CHANNEL_ENABLE = ADC_CHANNEL(ch);
222
223 ADC_CONTROL = ADC_CONTROL_START;
224 while(!(ADC_STATUS & ADC_END_OF_CONVERSION(ch)))
225 ;
226 d = ADC_CHANNEL_DATA(ch);
227
228 return d;
229}
230
231static int AvgAdc(int ch)
232{
233 int i;
234 int a = 0;
235
236 for(i = 0; i < 32; i++) {
237 a += ReadAdc(ch);
238 }
239
240 return (a + 15) >> 5;
241}
30f2a7d3 242
e7aee94e 243void MeasureAntennaTuning(void)
959baa89 244{
245 BYTE *dest = (BYTE *)BigBuf;
e7aee94e 246 int i, ptr = 0, adcval = 0, peak = 0, peakv = 0, peakf = 0;;
247 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
248
249 UsbCommand c;
959baa89 250
e7aee94e 251 DbpString("Measuring antenna characteristics, please wait.");
959baa89 252 memset(BigBuf,0,sizeof(BigBuf));
253
e7aee94e 254/*
255 * Sweeps the useful LF range of the proxmark from
256 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
257 * read the voltage in the antenna, the result left
258 * in the buffer is a graph which should clearly show
259 * the resonating frequency of your LF antenna
260 * ( hopefully around 95 if it is tuned to 125kHz!)
261 */
959baa89 262 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
263 for (i=255; i>19; i--) {
264 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
265 SpinDelay(20);
e7aee94e 266 // Vref = 3.3V, and a 10000:240 voltage divider on the input
267 // can measure voltages up to 137500 mV
268 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
269 if (i==95) vLf125 = adcval; // voltage at 125Khz
270 if (i==89) vLf134 = adcval; // voltage at 134Khz
271
272 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
38b65694 273 if(dest[i] > peak) {
e7aee94e 274 peakv = adcval;
275 peak = dest[i];
276 peakf = i;
277 ptr = i;
38b65694 278 }
e7aee94e 279 }
959baa89 280
281 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
282 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
283 SpinDelay(20);
959baa89 284 // Vref = 3300mV, and an 10:1 voltage divider on the input
285 // can measure voltages up to 33000 mV
e7aee94e 286 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
959baa89 287
288 c.cmd = CMD_MEASURED_ANTENNA_TUNING;
289 c.ext1 = (vLf125 << 0) | (vLf134 << 16);
290 c.ext2 = vHf;
e7aee94e 291 c.ext3 = peakf | (peakv << 16);
959baa89 292 UsbSendPacket((BYTE *)&c, sizeof(c));
293}
294
955fc5e2 295void SimulateTagLowFrequency(int period, int ledcontrol)
959baa89 296{
297 int i;
298 BYTE *tab = (BYTE *)BigBuf;
299
300 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR);
301
302 PIO_ENABLE = (1 << GPIO_SSC_DOUT) | (1 << GPIO_SSC_CLK);
303
304 PIO_OUTPUT_ENABLE = (1 << GPIO_SSC_DOUT);
305 PIO_OUTPUT_DISABLE = (1 << GPIO_SSC_CLK);
306
307#define SHORT_COIL() LOW(GPIO_SSC_DOUT)
308#define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
309
310 i = 0;
311 for(;;) {
312 while(!(PIO_PIN_DATA_STATUS & (1<<GPIO_SSC_CLK))) {
313 if(BUTTON_PRESS()) {
6bd86cb2 314 DbpString("Stopped");
959baa89 315 return;
316 }
317 WDT_HIT();
318 }
319
955fc5e2 320 if (ledcontrol)
321 LED_D_ON();
322
323 if(tab[i])
959baa89 324 OPEN_COIL();
955fc5e2 325 else
959baa89 326 SHORT_COIL();
955fc5e2 327
328 if (ledcontrol)
329 LED_D_OFF();
959baa89 330
331 while(PIO_PIN_DATA_STATUS & (1<<GPIO_SSC_CLK)) {
332 if(BUTTON_PRESS()) {
6bd86cb2 333 DbpString("Stopped");
959baa89 334 return;
335 }
336 WDT_HIT();
337 }
338
339 i++;
340 if(i == period) i = 0;
341 }
342}
343
344// compose fc/8 fc/10 waveform
345static void fc(int c, int *n) {
346 BYTE *dest = (BYTE *)BigBuf;
347 int idx;
348
349 // for when we want an fc8 pattern every 4 logical bits
350 if(c==0) {
351 dest[((*n)++)]=1;
352 dest[((*n)++)]=1;
353 dest[((*n)++)]=0;
354 dest[((*n)++)]=0;
355 dest[((*n)++)]=0;
356 dest[((*n)++)]=0;
357 dest[((*n)++)]=0;
358 dest[((*n)++)]=0;
359 }
360 // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples
361 if(c==8) {
362 for (idx=0; idx<6; idx++) {
363 dest[((*n)++)]=1;
364 dest[((*n)++)]=1;
365 dest[((*n)++)]=0;
366 dest[((*n)++)]=0;
367 dest[((*n)++)]=0;
368 dest[((*n)++)]=0;
369 dest[((*n)++)]=0;
370 dest[((*n)++)]=0;
371 }
372 }
373
374 // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples
375 if(c==10) {
376 for (idx=0; idx<5; idx++) {
377 dest[((*n)++)]=1;
378 dest[((*n)++)]=1;
379 dest[((*n)++)]=1;
380 dest[((*n)++)]=0;
381 dest[((*n)++)]=0;
382 dest[((*n)++)]=0;
383 dest[((*n)++)]=0;
384 dest[((*n)++)]=0;
385 dest[((*n)++)]=0;
386 dest[((*n)++)]=0;
387 }
388 }
389}
390
391// prepare a waveform pattern in the buffer based on the ID given then
392// simulate a HID tag until the button is pressed
955fc5e2 393static void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
959baa89 394{
395 int n=0, i=0;
396 /*
397 HID tag bitstream format
398 The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits
399 A 1 bit is represented as 6 fc8 and 5 fc10 patterns
400 A 0 bit is represented as 5 fc10 and 6 fc8 patterns
401 A fc8 is inserted before every 4 bits
402 A special start of frame pattern is used consisting a0b0 where a and b are neither 0
403 nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10)
404 */
405
406 if (hi>0xFFF) {
407 DbpString("Tags can only have 44 bits.");
408 return;
409 }
410 fc(0,&n);
411 // special start of frame marker containing invalid bit sequences
412 fc(8, &n); fc(8, &n); // invalid
413 fc(8, &n); fc(10, &n); // logical 0
414 fc(10, &n); fc(10, &n); // invalid
415 fc(8, &n); fc(10, &n); // logical 0
416
417 WDT_HIT();
418 // manchester encode bits 43 to 32
419 for (i=11; i>=0; i--) {
420 if ((i%4)==3) fc(0,&n);
421 if ((hi>>i)&1) {
422 fc(10, &n); fc(8, &n); // low-high transition
423 } else {
424 fc(8, &n); fc(10, &n); // high-low transition
425 }
426 }
427
428 WDT_HIT();
429 // manchester encode bits 31 to 0
430 for (i=31; i>=0; i--) {
431 if ((i%4)==3) fc(0,&n);
432 if ((lo>>i)&1) {
433 fc(10, &n); fc(8, &n); // low-high transition
434 } else {
435 fc(8, &n); fc(10, &n); // high-low transition
436 }
437 }
438
955fc5e2 439 if (ledcontrol)
440 LED_A_ON();
441 SimulateTagLowFrequency(n, ledcontrol);
442
443 if (ledcontrol)
444 LED_A_OFF();
959baa89 445}
446
447// loop to capture raw HID waveform then FSK demodulate the TAG ID from it
955fc5e2 448static void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
959baa89 449{
450 BYTE *dest = (BYTE *)BigBuf;
451 int m=0, n=0, i=0, idx=0, found=0, lastval=0;
452 DWORD hi=0, lo=0;
453
454 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
455 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
456
457 // Connect the A/D to the peak-detected low-frequency path.
458 SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
459
460 // Give it a bit of time for the resonant antenna to settle.
461 SpinDelay(50);
462
463 // Now set up the SSC to get the ADC samples that are now streaming at us.
464 FpgaSetupSsc();
465
466 for(;;) {
467 WDT_HIT();
955fc5e2 468 if (ledcontrol)
469 LED_A_ON();
959baa89 470 if(BUTTON_PRESS()) {
6bd86cb2 471 DbpString("Stopped");
955fc5e2 472 if (ledcontrol)
473 LED_A_OFF();
959baa89 474 return;
475 }
476
477 i = 0;
478 m = sizeof(BigBuf);
479 memset(dest,128,m);
480 for(;;) {
481 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
482 SSC_TRANSMIT_HOLDING = 0x43;
955fc5e2 483 if (ledcontrol)
484 LED_D_ON();
959baa89 485 }
486 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
487 dest[i] = (BYTE)SSC_RECEIVE_HOLDING;
488 // we don't care about actual value, only if it's more or less than a
489 // threshold essentially we capture zero crossings for later analysis
490 if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
491 i++;
955fc5e2 492 if (ledcontrol)
493 LED_D_OFF();
959baa89 494 if(i >= m) {
495 break;
496 }
497 }
498 }
499
500 // FSK demodulator
501
502 // sync to first lo-hi transition
503 for( idx=1; idx<m; idx++) {
504 if (dest[idx-1]<dest[idx])
505 lastval=idx;
506 break;
507 }
508 WDT_HIT();
509
510 // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
511 // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
512 // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
513 for( i=0; idx<m; idx++) {
514 if (dest[idx-1]<dest[idx]) {
515 dest[i]=idx-lastval;
516 if (dest[i] <= 8) {
517 dest[i]=1;
518 } else {
519 dest[i]=0;
520 }
521
522 lastval=idx;
523 i++;
524 }
525 }
526 m=i;
527 WDT_HIT();
528
529 // we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
530 lastval=dest[0];
531 idx=0;
532 i=0;
533 n=0;
534 for( idx=0; idx<m; idx++) {
535 if (dest[idx]==lastval) {
536 n++;
537 } else {
538 // a bit time is five fc/10 or six fc/8 cycles so figure out how many bits a pattern width represents,
539 // an extra fc/8 pattern preceeds every 4 bits (about 200 cycles) just to complicate things but it gets
540 // swallowed up by rounding
541 // expected results are 1 or 2 bits, any more and it's an invalid manchester encoding
542 // special start of frame markers use invalid manchester states (no transitions) by using sequences
543 // like 111000
544 if (dest[idx-1]) {
545 n=(n+1)/6; // fc/8 in sets of 6
546 } else {
547 n=(n+1)/5; // fc/10 in sets of 5
548 }
549 switch (n) { // stuff appropriate bits in buffer
550 case 0:
551 case 1: // one bit
552 dest[i++]=dest[idx-1];
553 break;
554 case 2: // two bits
555 dest[i++]=dest[idx-1];
556 dest[i++]=dest[idx-1];
557 break;
558 case 3: // 3 bit start of frame markers
559 dest[i++]=dest[idx-1];
560 dest[i++]=dest[idx-1];
561 dest[i++]=dest[idx-1];
562 break;
563 // When a logic 0 is immediately followed by the start of the next transmisson
564 // (special pattern) a pattern of 4 bit duration lengths is created.
565 case 4:
566 dest[i++]=dest[idx-1];
567 dest[i++]=dest[idx-1];
568 dest[i++]=dest[idx-1];
569 dest[i++]=dest[idx-1];
570 break;
571 default: // this shouldn't happen, don't stuff any bits
572 break;
573 }
574 n=0;
575 lastval=dest[idx];
576 }
577 }
578 m=i;
579 WDT_HIT();
580
581 // final loop, go over previously decoded manchester data and decode into usable tag ID
582 // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
583 for( idx=0; idx<m-6; idx++) {
584 // search for a start of frame marker
585 if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) )
586 {
587 found=1;
588 idx+=6;
589 if (found && (hi|lo)) {
590 DbpString("TAG ID");
591 DbpIntegers(hi, lo, (lo>>1)&0xffff);
955fc5e2 592 /* if we're only looking for one tag */
593 if (findone)
594 {
595 *high = hi;
596 *low = lo;
597 return;
598 }
959baa89 599 hi=0;
600 lo=0;
601 found=0;
602 }
603 }
604 if (found) {
605 if (dest[idx] && (!dest[idx+1]) ) {
606 hi=(hi<<1)|(lo>>31);
607 lo=(lo<<1)|0;
608 } else if ( (!dest[idx]) && dest[idx+1]) {
609 hi=(hi<<1)|(lo>>31);
610 lo=(lo<<1)|1;
611 } else {
612 found=0;
613 hi=0;
614 lo=0;
615 }
616 idx++;
617 }
618 if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) )
619 {
620 found=1;
621 idx+=6;
622 if (found && (hi|lo)) {
623 DbpString("TAG ID");
624 DbpIntegers(hi, lo, (lo>>1)&0xffff);
955fc5e2 625 /* if we're only looking for one tag */
626 if (findone)
627 {
628 *high = hi;
629 *low = lo;
630 return;
631 }
959baa89 632 hi=0;
633 lo=0;
634 found=0;
635 }
636 }
637 }
638 WDT_HIT();
639 }
640}
641
642void SimulateTagHfListen(void)
643{
644 BYTE *dest = (BYTE *)BigBuf;
645 int n = sizeof(BigBuf);
646 BYTE v = 0;
647 int i;
648 int p = 0;
649
650 // We're using this mode just so that I can test it out; the simulated
651 // tag mode would work just as well and be simpler.
652 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
653
654 // We need to listen to the high-frequency, peak-detected path.
655 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
656
657 FpgaSetupSsc();
658
659 i = 0;
660 for(;;) {
661 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
662 SSC_TRANSMIT_HOLDING = 0xff;
663 }
664 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
665 BYTE r = (BYTE)SSC_RECEIVE_HOLDING;
666
667 v <<= 1;
668 if(r & 1) {
669 v |= 1;
670 }
671 p++;
672
673 if(p >= 8) {
674 dest[i] = v;
675 v = 0;
676 p = 0;
677 i++;
678
679 if(i >= n) {
680 break;
681 }
682 }
683 }
684 }
685 DbpString("simulate tag (now type bitsamples)");
686}
687
688void UsbPacketReceived(BYTE *packet, int len)
689{
690 UsbCommand *c = (UsbCommand *)packet;
691
692 switch(c->cmd) {
693 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
694 AcquireRawAdcSamples125k(c->ext1);
695 break;
696
697 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
698 ModThenAcquireRawAdcSamples125k(c->ext1,c->ext2,c->ext3,c->d.asBytes);
699 break;
700
701 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
702 AcquireRawAdcSamplesIso15693();
703 break;
f23e056d 704
705 case CMD_BUFF_CLEAR:
706 BufferClear();
707 break;
959baa89 708
709 case CMD_READER_ISO_15693:
710 ReaderIso15693(c->ext1);
711 break;
712
713 case CMD_SIMTAG_ISO_15693:
714 SimTagIso15693(c->ext1);
715 break;
716
717 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
718 AcquireRawAdcSamplesIso14443(c->ext1);
719 break;
fb25b483 720
721 case CMD_READ_SRI512_TAG:
722 ReadSRI512Iso14443(c->ext1);
723 break;
959baa89 724
725 case CMD_READER_ISO_14443a:
726 ReaderIso14443a(c->ext1);
727 break;
728
729 case CMD_SNOOP_ISO_14443:
730 SnoopIso14443();
731 break;
732
733 case CMD_SNOOP_ISO_14443a:
734 SnoopIso14443a();
735 break;
736
737 case CMD_SIMULATE_TAG_HF_LISTEN:
738 SimulateTagHfListen();
739 break;
740
741 case CMD_SIMULATE_TAG_ISO_14443:
742 SimulateIso14443Tag();
743 break;
744
745 case CMD_SIMULATE_TAG_ISO_14443a:
746 SimulateIso14443aTag(c->ext1, c->ext2); // ## Simulate iso14443a tag - pass tag type & UID
747 break;
748
749 case CMD_MEASURE_ANTENNA_TUNING:
750 MeasureAntennaTuning();
751 break;
752
7f348042 753 case CMD_LISTEN_READER_FIELD:
754 ListenReaderField(c->ext1);
755 break;
756
959baa89 757 case CMD_HID_DEMOD_FSK:
955fc5e2 758 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
959baa89 759 break;
760
761 case CMD_HID_SIM_TAG:
955fc5e2 762 CmdHIDsimTAG(c->ext1, c->ext2, 1); // Simulate HID tag by ID
959baa89 763 break;
764
765 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
766 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
767 SpinDelay(200);
768 LED_D_OFF(); // LED D indicates field ON or OFF
769 break;
770
771 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
772 case CMD_DOWNLOAD_RAW_BITS_TI_TYPE: {
773 UsbCommand n;
774 if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
775 n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
776 } else {
777 n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
778 }
779 n.ext1 = c->ext1;
780 memcpy(n.d.asDwords, BigBuf+c->ext1, 12*sizeof(DWORD));
781 UsbSendPacket((BYTE *)&n, sizeof(n));
782 break;
783 }
784 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
785 BYTE *b = (BYTE *)BigBuf;
786 memcpy(b+c->ext1, c->d.asBytes, 48);
787 break;
788 }
789 case CMD_SIMULATE_TAG_125K:
790 LED_A_ON();
955fc5e2 791 SimulateTagLowFrequency(c->ext1, 1);
959baa89 792 LED_A_OFF();
793 break;
794#ifdef WITH_LCD
795 case CMD_LCD_RESET:
796 LCDReset();
797 break;
798#endif
1dff8c42 799 case CMD_READ_MEM:
800 ReadMem(c->ext1);
801 break;
959baa89 802 case CMD_SET_LF_DIVISOR:
803 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->ext1);
804 break;
805#ifdef WITH_LCD
806 case CMD_LCD:
807 LCDSend(c->ext1);
808 break;
809#endif
810 case CMD_SETUP_WRITE:
811 case CMD_FINISH_WRITE:
812 case CMD_HARDWARE_RESET:
813 USB_D_PLUS_PULLUP_OFF();
814 SpinDelay(1000);
815 SpinDelay(1000);
816 RSTC_CONTROL = RST_CONTROL_KEY | RST_CONTROL_PROCESSOR_RESET;
817 for(;;) {
818 // We're going to reset, and the bootrom will take control.
819 }
820 break;
821
822
823 default:
824 DbpString("unknown command");
825 break;
826 }
827}
828
1dff8c42 829void ReadMem(int addr)
830{
831 const DWORD *data = ((DWORD *)addr);
832 int i;
833
834 DbpString("Reading memory at address");
835 DbpIntegers(0, 0, addr);
836 for (i = 0; i < 8; i+= 2)
837 DbpIntegers(0, data[i], data[i+1]);
838}
839
959baa89 840void AppMain(void)
841{
842 memset(BigBuf,0,sizeof(BigBuf));
843 SpinDelay(100);
844
845 LED_D_OFF();
846 LED_C_OFF();
847 LED_B_OFF();
848 LED_A_OFF();
849
850 UsbStart();
851
852 // The FPGA gets its clock from us from PCK0 output, so set that up.
853 PIO_PERIPHERAL_B_SEL = (1 << GPIO_PCK0);
854 PIO_DISABLE = (1 << GPIO_PCK0);
855 PMC_SYS_CLK_ENABLE = PMC_SYS_CLK_PROGRAMMABLE_CLK_0;
856 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
857 PMC_PROGRAMMABLE_CLK_0 = PMC_CLK_SELECTION_PLL_CLOCK |
858 PMC_CLK_PRESCALE_DIV_4;
859 PIO_OUTPUT_ENABLE = (1 << GPIO_PCK0);
860
861 // Reset SPI
862 SPI_CONTROL = SPI_CONTROL_RESET;
863 // Reset SSC
864 SSC_CONTROL = SSC_CONTROL_RESET;
865
866 // Load the FPGA image, which we have stored in our flash.
867 FpgaDownloadAndGo();
868
869#ifdef WITH_LCD
870
871 LCDInit();
872
873 // test text on different colored backgrounds
874 LCDString(" The quick brown fox ", &FONT6x8,1,1+8*0,WHITE ,BLACK );
875 LCDString(" jumped over the ", &FONT6x8,1,1+8*1,BLACK ,WHITE );
876 LCDString(" lazy dog. ", &FONT6x8,1,1+8*2,YELLOW ,RED );
877 LCDString(" AaBbCcDdEeFfGgHhIiJj ", &FONT6x8,1,1+8*3,RED ,GREEN );
878 LCDString(" KkLlMmNnOoPpQqRrSsTt ", &FONT6x8,1,1+8*4,MAGENTA,BLUE );
879 LCDString("UuVvWwXxYyZz0123456789", &FONT6x8,1,1+8*5,BLUE ,YELLOW);
880 LCDString("`-=[]_;',./~!@#$%^&*()", &FONT6x8,1,1+8*6,BLACK ,CYAN );
881 LCDString(" _+{}|:\\\"<>? ",&FONT6x8,1,1+8*7,BLUE ,MAGENTA);
882
883 // color bands
884 LCDFill(0, 1+8* 8, 132, 8, BLACK);
885 LCDFill(0, 1+8* 9, 132, 8, WHITE);
886 LCDFill(0, 1+8*10, 132, 8, RED);
887 LCDFill(0, 1+8*11, 132, 8, GREEN);
888 LCDFill(0, 1+8*12, 132, 8, BLUE);
889 LCDFill(0, 1+8*13, 132, 8, YELLOW);
890 LCDFill(0, 1+8*14, 132, 8, CYAN);
891 LCDFill(0, 1+8*15, 132, 8, MAGENTA);
892
893#endif
894
895 for(;;) {
955fc5e2 896 usbattached = UsbPoll(FALSE);
959baa89 897 WDT_HIT();
959baa89 898
955fc5e2 899 if (BUTTON_HELD(1000) > 0)
900 SamyRun();
959baa89 901 }
902}
903
959baa89 904
955fc5e2 905// samy's sniff and repeat routine
906void SamyRun()
907{
908 DbpString("Stand-alone mode! No PC necessary.");
959baa89 909
955fc5e2 910 // 3 possible options? no just 2 for now
911#define OPTS 2
959baa89 912
955fc5e2 913 int high[OPTS], low[OPTS];
914
915 // Oooh pretty -- notify user we're in elite samy mode now
916 LED(LED_RED, 200);
917 LED(LED_ORANGE, 200);
918 LED(LED_GREEN, 200);
919 LED(LED_ORANGE, 200);
920 LED(LED_RED, 200);
921 LED(LED_ORANGE, 200);
922 LED(LED_GREEN, 200);
923 LED(LED_ORANGE, 200);
924 LED(LED_RED, 200);
925
926 int selected = 0;
927 int playing = 0;
928
929 // Turn on selected LED
930 LED(selected + 1, 0);
931
932 for (;;)
933 {
934 usbattached = UsbPoll(FALSE);
959baa89 935 WDT_HIT();
955fc5e2 936
937 // Was our button held down or pressed?
938 int button_pressed = BUTTON_HELD(1000);
939 SpinDelay(300);
940
941 // Button was held for a second, begin recording
942 if (button_pressed > 0)
943 {
944 LEDsoff();
945 LED(selected + 1, 0);
946 LED(LED_RED2, 0);
947
948 // record
949 DbpString("Starting recording");
950
951 /* need this delay to prevent catching some weird data */
952 SpinDelay(500);
953 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
954 DbpString("Recorded");
955 DbpIntegers(selected, high[selected], low[selected]);
956
957 LEDsoff();
958 LED(selected + 1, 0);
959 // Finished recording
960
961 // If we were previously playing, set playing off
962 // so next button push begins playing what we recorded
963 playing = 0;
964 }
965
966 // Change where to record (or begin playing)
967 else if (button_pressed)
968 {
969 // Next option if we were previously playing
970 if (playing)
971 selected = (selected + 1) % OPTS;
972 playing = !playing;
973
974 LEDsoff();
975 LED(selected + 1, 0);
976
977 // Begin transmitting
978 if (playing)
979 {
980 LED(LED_GREEN, 0);
981 DbpString("Playing");
982 DbpIntegers(selected, high[selected], low[selected]);
983 CmdHIDsimTAG(high[selected], low[selected], 0);
984 DbpString("Done playing");
985
986 /* We pressed a button so ignore it here with a delay */
987 SpinDelay(300);
988
989 // when done, we're done playing, move to next option
990 selected = (selected + 1) % OPTS;
991 playing = !playing;
992 LEDsoff();
993 LED(selected + 1, 0);
994 }
995 }
959baa89 996 }
997}
7f348042 998
955fc5e2 999
7f348042 1000// listen for external reader
1001void ListenReaderField(int limit)
1002{
1dd23352 1003 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0;
1004 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0;
7f348042 1005
1006#define LF_ONLY 1
1007#define HF_ONLY 2
1008
1009 LED_A_OFF();
1010 LED_B_OFF();
1011 LED_C_OFF();
1012 LED_D_OFF();
1013
1014 lf_av= ReadAdc(ADC_CHAN_LF);
1015
1dd23352 1016 if(limit != HF_ONLY)
7f348042 1017 {
1018 DbpString("LF 125/134 Baseline:");
1019 DbpIntegers(lf_av,0,0);
1020 lf_baseline= lf_av;
1021 }
1022
1023 hf_av= ReadAdc(ADC_CHAN_HF);
1024
1025
1dd23352 1026 if (limit != LF_ONLY)
7f348042 1027 {
1028 DbpString("HF 13.56 Baseline:");
1029 DbpIntegers(hf_av,0,0);
1030 hf_baseline= hf_av;
1031 }
1032
1033 for(;;)
1034 {
1035 if(BUTTON_PRESS())
1036 {
6bd86cb2 1037 DbpString("Stopped");
7f348042 1038 LED_B_OFF();
1039 LED_D_OFF();
1040 return;
1041 }
1042 WDT_HIT();
1043
1044
1045 if (limit != HF_ONLY)
1046 {
1047 if (abs(lf_av - lf_baseline) > 10)
1048 LED_D_ON();
1049 else
1050 LED_D_OFF();
1051 ++lf_count;
1052 lf_av_new= ReadAdc(ADC_CHAN_LF);
1053 // see if there's a significant change
1054 if(abs(lf_av - lf_av_new) > 10)
1055 {
1056 DbpString("LF 125/134 Field Change:");
1057 DbpIntegers(lf_av,lf_av_new,lf_count);
1058 lf_av= lf_av_new;
1059 lf_count= 0;
1060 }
1061 }
1062
1063 if (limit != LF_ONLY)
1064 {
1065 if (abs(hf_av - hf_baseline) > 10)
1066 LED_B_ON();
1067 else
1068 LED_B_OFF();
1069 ++hf_count;
1070 hf_av_new= ReadAdc(ADC_CHAN_HF);
1071 // see if there's a significant change
1072 if(abs(hf_av - hf_av_new) > 10)
1073 {
1074 DbpString("HF 13.56 Field Change:");
1075 DbpIntegers(hf_av,hf_av_new,hf_count);
1076 hf_av= hf_av_new;
1077 hf_count= 0;
1078 }
1079 }
1080 }
1081}
Proxmark3 GIT tracking
Impressum, Datenschutz