X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/195af47289761be82eeb4f6687a65f5ee8f38611..117d9ec25c7cbc88555a6a990293ca95a544b915:/armsrc/hitag2.c diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 1a0e9b56..68916748 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -29,8 +29,12 @@ bool bAuthenticating; bool bPwd; bool bSuccessful; + int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader) { + static uint16_t traceLen = 0; + uint8_t *trace = BigBuf_get_addr(); + // Return when trace is full if (traceLen >= TRACE_SIZE) return FALSE; @@ -92,7 +96,6 @@ static struct hitag2_tag tag = { #define AUTH_TABLE_OFFSET FREE_BUFFER_OFFSET #define AUTH_TABLE_LENGTH FREE_BUFFER_SIZE -byte_t* auth_table = (byte_t *)BigBuf+AUTH_TABLE_OFFSET; size_t auth_table_pos = 0; size_t auth_table_len = AUTH_TABLE_LENGTH; @@ -302,6 +305,8 @@ static void hitag_send_frame(const byte_t* frame, size_t frame_len) void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + byte_t* auth_table; + auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; byte_t rx_air[HITAG_FRAME_LEN]; // Copy the (original) received frame how it is send over the air @@ -664,6 +669,10 @@ bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txl } bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + + byte_t* auth_table; + auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; + // Reset the transmission frame length *txlen = 0; @@ -736,6 +745,8 @@ void SnoopHitag(uint32_t type) { auth_table_len = 0; auth_table_pos = 0; + byte_t* auth_table; + auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 snoop"); @@ -743,7 +754,8 @@ void SnoopHitag(uint32_t type) { // Set up eavesdropping mode, frequency divisor which will drive the FPGA // and analog mux selection. - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); @@ -940,10 +952,12 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { bQuiet = false; // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); + iso14a_set_tracing(TRUE); + iso14a_clear_trace(); auth_table_len = 0; auth_table_pos = 0; + byte_t* auth_table; + auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 simulation"); @@ -966,7 +980,8 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { // Set up simulator mode, frequency divisor which will drive the FPGA // and analog mux selection. - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); @@ -988,18 +1003,18 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { // Disable timer during configuration AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on rising edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; - // Enable and reset counter - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - // Reset the received frame, frame count and timing info memset(rx,0x00,sizeof(rx)); frame_count = 0; response = 0; overflow = 0; + + // Enable and reset counter + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; while(!BUTTON_PRESS()) { // Watchdog hit @@ -1103,9 +1118,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); -// Dbprintf("frame received: %d",frame_count); -// Dbprintf("Authentication Attempts: %d",(auth_table_len/8)); -// DbpString("All done"); + + DbpString("Sim Stopped"); + } void ReaderHitag(hitag_function htf, hitag_data* htd) { @@ -1124,12 +1139,16 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { bool bStop; bool bQuitTraceFull = false; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // Reset the return status bSuccessful = false; // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); + iso14a_set_tracing(TRUE); + iso14a_clear_trace(); + byte_t* auth_table; + auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; + DbpString("Starting Hitag reader family"); // Check configuration @@ -1137,7 +1156,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { case RHT2F_PASSWORD: { Dbprintf("List identifier in password mode"); memcpy(password,htd->pwd.password,4); - blocknr = 0; + blocknr = 0; bQuitTraceFull = false; bQuiet = false; bPwd = false; @@ -1155,7 +1174,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { case RHT2F_CRYPTO: { DbpString("Authenticating using key:"); - memcpy(key,htd->crypto.key,6); + memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code. Dbhexdump(6,key,false); blocknr = 0; bQuiet = false;