X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/47e18126ec553c4a7caf6da5a55e476f61c54076..117d9ec25c7cbc88555a6a990293ca95a544b915:/armsrc/hitag2.c

diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c
index 37c2e3eb..68916748 100644
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@@ -29,12 +29,12 @@ bool bAuthenticating;
 bool bPwd;
 bool bSuccessful;
 
-size_t nbytes(size_t nbits) {
-	return (nbits/8)+((nbits%8)>0);
-}
 
 int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader)
 {
+  static uint16_t traceLen = 0;
+  uint8_t *trace = BigBuf_get_addr();
+
   // Return when trace is full
   if (traceLen >= TRACE_SIZE) return FALSE;
   
@@ -96,7 +96,6 @@ static struct hitag2_tag tag = {
 
 #define AUTH_TABLE_OFFSET FREE_BUFFER_OFFSET
 #define AUTH_TABLE_LENGTH FREE_BUFFER_SIZE
-byte_t* auth_table = (byte_t *)BigBuf+AUTH_TABLE_OFFSET;
 size_t auth_table_pos = 0;
 size_t auth_table_len = AUTH_TABLE_LENGTH;
 
@@ -306,6 +305,8 @@ static void hitag_send_frame(const byte_t* frame, size_t frame_len)
 
 void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen)
 {
+    byte_t* auth_table;
+    auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET;
 	byte_t rx_air[HITAG_FRAME_LEN];
 	
 	// Copy the (original) received frame how it is send over the air
@@ -668,6 +669,10 @@ bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txl
 }
 
 bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) {
+
+    byte_t* auth_table;
+    auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET;
+
 	// Reset the transmission frame length 
 	*txlen = 0;
 	
@@ -677,12 +682,19 @@ bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_
 		case 0: {
 			// Stop if there is no answer while we are in crypto mode (after sending NrAr)
 			if (bCrypto) {
-				Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]);
+				Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed, removed entry!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]);
+
+        // Removing failed entry from authentiations table
+        memcpy(auth_table+auth_table_pos,auth_table+auth_table_pos+8,8);
+        auth_table_len -= 8;
+
+        // Return if we reached the end of the authentiactions table
 				bCrypto = false;
-				if ((auth_table_pos+8) == auth_table_len) {
+				if (auth_table_pos == auth_table_len) {
 					return false;
 				}
-				auth_table_pos += 8;
+        
+        // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry)
 				memcpy(NrAr,auth_table+auth_table_pos,8);
 			}
 			*txlen = 5;
@@ -733,6 +745,8 @@ void SnoopHitag(uint32_t type) {
 
 	auth_table_len = 0;
 	auth_table_pos = 0;
+    byte_t* auth_table;
+    auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET;
 	memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
 	
 	DbpString("Starting Hitag2 snoop");
@@ -740,7 +754,8 @@ void SnoopHitag(uint32_t type) {
 	
 	// Set up eavesdropping mode, frequency divisor which will drive the FPGA
 	// and analog mux selection.
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT  | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
 	RELAY_OFF();
@@ -937,10 +952,12 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	bQuiet = false;
 	
 	// Clean up trace and prepare it for storing frames
-  iso14a_set_tracing(TRUE);
-  iso14a_clear_trace();
+	iso14a_set_tracing(TRUE);
+	iso14a_clear_trace();
 	auth_table_len = 0;
 	auth_table_pos = 0;
+    byte_t* auth_table;
+    auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET;
 	memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
 
 	DbpString("Starting Hitag2 simulation");
@@ -963,7 +980,8 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	
 	// Set up simulator mode, frequency divisor which will drive the FPGA
 	// and analog mux selection.
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
 	RELAY_OFF();
@@ -985,18 +1003,18 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
   // Disable timer during configuration	
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
 
-	// Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
+	// Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
 	// external trigger rising edge, load RA on rising edge of TIOA.
 	AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING;
 	
-	// Enable and reset counter
-	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
-
 	// Reset the received frame, frame count and timing info
 	memset(rx,0x00,sizeof(rx));
 	frame_count = 0;
 	response = 0;
 	overflow = 0;
+
+	// Enable and reset counter
+	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
 	
 	while(!BUTTON_PRESS()) {
 		// Watchdog hit
@@ -1100,9 +1118,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
 	AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-//	Dbprintf("frame received: %d",frame_count);
-//	Dbprintf("Authentication Attempts: %d",(auth_table_len/8));
-//	DbpString("All done");
+	
+	DbpString("Sim Stopped");
+	
 }
 
 void ReaderHitag(hitag_function htf, hitag_data* htd) {
@@ -1121,12 +1139,16 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 	bool bStop;
 	bool bQuitTraceFull = false;
   
+  FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
   // Reset the return status
   bSuccessful = false;
   
 	// Clean up trace and prepare it for storing frames
-  iso14a_set_tracing(TRUE);
-  iso14a_clear_trace();
+	iso14a_set_tracing(TRUE);
+	iso14a_clear_trace();
+    byte_t* auth_table;
+    auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET;
+
 	DbpString("Starting Hitag reader family");
 
 	// Check configuration
@@ -1134,7 +1156,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 		case RHT2F_PASSWORD: {
       Dbprintf("List identifier in password mode");
 			memcpy(password,htd->pwd.password,4);
-      blocknr = 0;
+      		blocknr = 0;
 			bQuitTraceFull = false;
 			bQuiet = false;
 			bPwd = false;
@@ -1152,7 +1174,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
       
 		case RHT2F_CRYPTO: {
 			DbpString("Authenticating using key:");
-			memcpy(key,htd->crypto.key,6);
+			memcpy(key,htd->crypto.key,4);	  //HACK; 4 or 6??  I read both in the code.
 			Dbhexdump(6,key,false);
       blocknr = 0;
 			bQuiet = false;