X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/31abe49fd323411b391dd10335eb4c60cfcecb06..e09f21fa7b754a2f214efbebc622045138828096:/armsrc/lfops.c diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 43af4eed..3684eaaf 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -93,8 +93,8 @@ void ReadTItag(void) #define FREQLO 123200 #define FREQHI 134200 - signed char *dest = (signed char *)BigBuf; - int n = sizeof(BigBuf); + signed char *dest = (signed char *)BigBuf_get_addr(); + uint16_t n = BigBuf_max_traceLen(); // 128 bit shift register [shift3:shift2:shift1:shift0] uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; @@ -246,7 +246,8 @@ void AcquireTiType(void) #define TIBUFLEN 1250 // clear buffer - memset(BigBuf,0,sizeof(BigBuf)); + uint32_t *BigBuf = (uint32_t *)BigBuf_get_addr(); + memset(BigBuf,0,BigBuf_max_traceLen()/sizeof(uint32_t)); // Set up the synchronous serial port AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DIN; @@ -294,7 +295,7 @@ void AcquireTiType(void) AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; - char *dest = (char *)BigBuf; + char *dest = (char *)BigBuf_get_addr(); n = TIBUFLEN*32; // unpack buffer for (i=TIBUFLEN-1; i>=0; i--) { @@ -383,7 +384,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) void SimulateTagLowFrequency(int period, int gap, int ledcontrol) { int i; - uint8_t *tab = (uint8_t *)BigBuf; + uint8_t *tab = BigBuf_get_addr(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); @@ -393,11 +394,12 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { + //wait until SSC_CLK goes HIGH while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -405,7 +407,6 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } WDT_HIT(); } - if (ledcontrol) LED_D_ON(); @@ -416,17 +417,96 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - + //wait until SSC_CLK goes LOW while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); return; } WDT_HIT(); + } + + i++; + if(i == period) { + + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } +} + +//Testing to fix timing issues by marshmellow (MM) +void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol) +{ + int i; + uint8_t *tab = BigBuf_get_addr(); + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + + i = 0; + while(!BUTTON_PRESS()) { + + WDT_HIT(); + //wait until reader carrier is HIGH + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + WDT_HIT(); } + if (i>0){ + if (tab[i]!=tab[i-1]){ + // transition + if (ledcontrol) + LED_D_ON(); + + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + + } else { //no transition + //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened + // skip test for readers Carrier = LOW, otherwise we get a bit behind + + //wait until reader carrier is LOW + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + WDT_HIT(); + } + } + } else { + // transition + if (ledcontrol) + LED_D_ON(); + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + } + WDT_HIT(); + + i++; - if(i == period) { + if(i == period) { + // end of data stream, gap then repeat i = 0; if (gap) { SHORT_COIL(); @@ -434,6 +514,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } } + DbpString("Stopped"); + return; } #define DEBUG_FRAME_CONTENTS 1 @@ -441,29 +523,31 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) { } -// compose fc/8 fc/10 waveform -static void fc(int c, int *n) { - uint8_t *dest = (uint8_t *)BigBuf; +// compose fc/8 fc/10 waveform (FSK2) +static void fc(int c, int *n) +{ + uint8_t *dest = BigBuf_get_addr(); int idx; // for when we want an fc8 pattern every 4 logical bits if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -474,6 +558,8 @@ static void fc(int c, int *n) { // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; @@ -482,8 +568,55 @@ static void fc(int c, int *n) { dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + } + } +} +// compose fc/X fc/Y waveform (FSKx) +static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) +{ + uint8_t *dest = BigBuf_get_addr(); + uint8_t idx; + uint8_t fcCnt; + // c = count of field clock for this bit + uint8_t mod = clock % c; + uint8_t modAdj = c/mod; + bool modAdjOk=FALSE; + if (c % mod==0) modAdjOk=TRUE; + // loop through clock - step field clock + for (idx=0; idx < (uint8_t) clock/c; idx++){ + // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; + } else { + //fudge low to high transition + //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; + } + } + } + if (mod>0) (*modCnt)++; + if ((mod>0) && modAdjOk){ //fsk2 + if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; + } else { + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; + } + } + } + } + //Dbprintf("mod: %d, modAdj %d, modc %d",mod, modAdj, c % mod); + if (mod>0 && !modAdjOk){ //fsk1 + for (idx=0; idx < mod; idx++){ + if (idx < mod/2) { + dest[((*n)++)]=0; + } else { + dest[((*n)++)]=1; + } } } } @@ -544,14 +677,218 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) LED_A_OFF(); } +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains invert and clock +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) +{ + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + uint16_t modCnt = 0; + //spacer bit + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + //fcAll(0, &n, clk); + + WDT_HIT(); + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + WDT_HIT(); + for (i=0; i> 8; + uint8_t carrier = arg1 & 0xFF; + uint8_t invert = arg2 & 0xFF; + //uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase + //uint8_t invert = (arg2 >> 8) & 1; + uint8_t curPhase = 0; + WDT_HIT(); + for (i=0; i0 && lo>0){ + size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use + idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo); + + if (idx>0 && lo>0){ // final loop, go over previously decoded manchester data and decode into usable tag ID // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 if (hi2 != 0){ //extra large HID tags @@ -622,6 +958,8 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) } if (findone){ if (ledcontrol) LED_A_OFF(); + *high = hi; + *low = lo; return; } // reset @@ -635,10 +973,10 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); - size_t size=0; - int clk=0, invert=0, errCnt=0; + size_t size=0, idx=0; + int clk=0, invert=0, errCnt=0, maxErr=20; uint64_t lo=0; // Configure to go in 125Khz listen mode LFSetupFPGAForADC(95, true); @@ -649,15 +987,15 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) if (ledcontrol) LED_A_ON(); DoAcquisition_default(-1,true); - size = sizeof(BigBuf); + size = BigBuf_max_traceLen(); //Dbprintf("DEBUG: Buffer got"); //askdemod and manchester decode - errCnt = askmandemod(dest, &size, &clk, &invert); + errCnt = askmandemod(dest, &size, &clk, &invert, maxErr); //Dbprintf("DEBUG: ASK Got"); WDT_HIT(); if (errCnt>=0){ - lo = Em410xDecode(dest,size); + lo = Em410xDecode(dest, &size, &idx); //Dbprintf("DEBUG: EM GOT"); if (lo>0){ Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", @@ -669,6 +1007,8 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) } if (findone){ if (ledcontrol) LED_A_OFF(); + *high=lo>>32; + *low=lo & 0xFFFFFFFF; return; } } else{ @@ -687,7 +1027,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int idx=0; uint32_t code=0, code2=0; uint8_t version=0; @@ -702,7 +1042,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) DoAcquisition_default(-1,true); //fskdemod and get start index WDT_HIT(); - idx = IOdemodFSK(dest,sizeof(BigBuf)); + idx = IOdemodFSK(dest, BigBuf_max_traceLen()); if (idx>0){ //valid tag found @@ -735,6 +1075,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) if (findone){ if (ledcontrol) LED_A_OFF(); //LED_A_OFF(); + *high=code; + *low=code2; return; } code=code2=0; @@ -874,11 +1216,11 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod // Read one card block in page 0 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); //int m=0, i=0; //enio adjustment 12/10/14 uint32_t m=0, i=0; FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. @@ -939,11 +1281,11 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) // Read card traceability data (page 1) void T55xxReadTrace(void){ - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int m=0, i=0; FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. @@ -1293,8 +1635,8 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int int DemodPCF7931(uint8_t **outBlocks) { uint8_t BitStream[256]; uint8_t Blocks[8][16]; - uint8_t *GraphBuffer = (uint8_t *)BigBuf; - int GraphTraceLen = sizeof(BigBuf); + uint8_t *GraphBuffer = BigBuf_get_addr(); + int GraphTraceLen = BigBuf_max_traceLen(); int i, j, lastval, bitidx, half_switch; int clock = 64; int tolerance = clock / 8; @@ -1533,7 +1875,7 @@ void ReadPCF7931() { tries++; if (BUTTON_PRESS()) return; } while (num_blocks != max_blocks); -end: + end: Dbprintf("-----------------------------------------"); Dbprintf("Memory content:"); Dbprintf("-----------------------------------------"); @@ -1713,7 +2055,7 @@ void EM4xLogin(uint32_t Password) { void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { uint8_t fwd_bit_count; - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int m=0, i=0; //If password mode do login @@ -1723,7 +2065,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); fwd_bit_count += Prepare_Addr( Address ); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path.