Fix (iclass)

[proxmark3-svn] / armsrc / iclass.c

diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 9d31cd736d859418cd0c35f4d2b549f2c83b6ca4..73036712453c92496cbf37bafc7dbe0fbc71a78a 100644 (file)
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -994,7 +994,7 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
        {
 
                uint8_t mac_responses[64] = { 0 };
-               Dbprintf("Going into attack mode");
+               Dbprintf("Going into attack mode, %d CSNS sent", numberOfCSNS);
                // In this mode, a number of csns are within datain. We'll simulate each one, one at a time
                // in order to collect MAC's from the reader. This can later be used in an offlne-attack
                // in order to obtain the keys, as in the "dismantling iclass"-paper.
@@ -1295,20 +1295,23 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
   FpgaSetupSsc();
 
    if (wait)
-    if(*wait < 10)
-      *wait = 10;
+   {
+     if(*wait < 10) *wait = 10;
+     
+     for(c = 0; c < *wait;) {
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
+         AT91C_BASE_SSC->SSC_THR = 0x00;               // For exact timing!
+         c++;
+       }
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+         volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
+         (void)r;
+       }
+       WDT_HIT();
+     }
+
+   }
 
-  for(c = 0; c < *wait;) {
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
-      AT91C_BASE_SSC->SSC_THR = 0x00;          // For exact timing!
-      c++;
-    }
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-      volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
-      (void)r;
-    }
-    WDT_HIT();
-  }
 
   uint8_t sendbyte;
   bool firstpart = TRUE;
@@ -1502,7 +1505,6 @@ void ReaderIClass(uint8_t arg0) {
     uint8_t last_csn[8]={0};
 
     uint8_t* resp = (((uint8_t *)BigBuf) + 3560);      // was 3560 - tied to other size changes
-    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 
     int read_status= 0;
     bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
@@ -1594,28 +1596,9 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
        } memory;
        
        uint8_t* resp = (((uint8_t *)BigBuf) + 3560);   // was 3560 - tied to other size changes
-    // Enable and clear the trace
-    iso14a_set_tracing(TRUE);
-    iso14a_clear_trace();
-
 
+    setupIclassReader();
 
-       // Setup SSC
-       FpgaSetupSsc();
-       // Start from off (no field generated)
-       // Signal field is off with the appropriate LED
-       LED_D_OFF();
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       SpinDelay(200);
-
-       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-
-       // Now give it time to spin up.
-       // Signal field is on with the appropriate LED
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
-       SpinDelay(200);
-
-       LED_A_ON();
 
        for(int i=0;i<1;i++) {
        
@@ -1654,8 +1637,8 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
                                Dbprintf("Authenticate");
                                //for now replay captured auth (as cc not updated)
                                memcpy(check+5,MAC,4);
-                               Dbprintf("     AA: %02x %02x %02x %02x",
-                                       check[5], check[6], check[7],check[8]);
+                //Dbprintf("     AA: %02x %02x %02x %02x",
+                //     check[5], check[6], check[7],check[8]);
                                ReaderTransmitIClass(check, sizeof(check));
                                if(ReaderReceiveIClass(resp) == 4) {
                                   Dbprintf("     AR: %02x %02x %02x %02x",