X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/aabb719dc4e9af383e20c79647612755957bca00..f86d6b557af096460adcb596a6e829e5900e0e76:/armsrc/hitag2.c

diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c
index 4b173d6f..c565511c 100644
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@@ -411,7 +411,7 @@ static void hitag_reader_send_bit(int bit) {
 	// Binary puls length modulation (BPLM) is used to encode the data stream
 	// This means that a transmission of a one takes longer than that of a zero
 	
-	// Enable modulation, which means, drop the the field
+	// Enable modulation, which means, drop the field
 	HIGH(GPIO_SSC_DOUT);
 	
 	// Wait for 4-10 times the carrier period
@@ -442,7 +442,7 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len)
 	}
 	// Send EOF 
 	AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
-	// Enable modulation, which means, drop the the field
+	// Enable modulation, which means, drop the field
 	HIGH(GPIO_SSC_DOUT);
 	// Wait for 4-10 times the carrier period
 	while(AT91C_BASE_TC0->TC_CV < T0*6);
@@ -697,6 +697,42 @@ static bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx
 	return true;
 }
 
+static bool hitag2_read_uid(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) {
+	// Reset the transmission frame length
+	*txlen = 0;
+
+	// Try to find out which command was send by selecting on length (in bits)
+	switch (rxlen) {
+		// No answer, try to resurrect
+		case 0: {
+			// Just starting or if there is no answer
+			*txlen = 5;
+			memcpy(tx,"\xc0",nbytes(*txlen));
+		} break;
+		// Received UID
+		case 32: {
+			// Check if we received answer tag (at)
+			if (bAuthenticating) {
+				bAuthenticating = false;
+			} else {
+				// Store the received block
+				memcpy(tag.sectors[blocknr],rx,4);
+				blocknr++;
+			}
+			if (blocknr > 0) {
+				//DbpString("Read successful!");
+				bSuccessful = true;
+				return false;
+			}
+		} break;
+		// Unexpected response
+		default: {
+			Dbprintf("Uknown frame length: %d",rxlen);
+			return false;
+		} break;
+	}
+	return true;
+}
 
 void SnoopHitag(uint32_t type) {
 	int frame_count;
@@ -710,22 +746,24 @@ void SnoopHitag(uint32_t type) {
 	byte_t rx[HITAG_FRAME_LEN];
 	size_t rxlen=0;
 	
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+	// Clean up trace and prepare it for storing frames
+	set_tracing(TRUE);
+	clear_trace();
+	
 	auth_table_len = 0;
 	auth_table_pos = 0;
+
 	BigBuf_free();
     auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
 	memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
 
-	// Clean up trace and prepare it for storing frames
-	set_tracing(TRUE);
-	clear_trace();
-	
 	DbpString("Starting Hitag2 snoop");
 	LED_D_ON();
 	
 	// Set up eavesdropping mode, frequency divisor which will drive the FPGA
 	// and analog mux selection.
-	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT  | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
@@ -922,6 +960,12 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	bool bQuitTraceFull = false;
 	bQuiet = false;
 	
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+	// Clean up trace and prepare it for storing frames
+	set_tracing(TRUE);
+	clear_trace();
+
 	auth_table_len = 0;
 	auth_table_pos = 0;
     byte_t* auth_table;
@@ -929,10 +973,6 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
     auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
 	memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
 
-	// Clean up trace and prepare it for storing frames
-	set_tracing(TRUE);
-	clear_trace();
-
 	DbpString("Starting Hitag2 simulation");
 	LED_D_ON();
 	hitag2_init();
@@ -953,7 +993,6 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	
 	// Set up simulator mode, frequency divisor which will drive the FPGA
 	// and analog mux selection.
-	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
@@ -1120,19 +1159,18 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 	set_tracing(TRUE);
 	clear_trace();
 
-	DbpString("Starting Hitag reader family");
+	//DbpString("Starting Hitag reader family");
 
 	// Check configuration
 	switch(htf) {
 		case RHT2F_PASSWORD: {
 			Dbprintf("List identifier in password mode");
 			memcpy(password,htd->pwd.password,4);
-      		blocknr = 0;
+			blocknr = 0;
 			bQuitTraceFull = false;
 			bQuiet = false;
 			bPwd = false;
 		} break;
-      
 		case RHT2F_AUTHENTICATE: {
 			DbpString("Authenticating using nr,ar pair:");
 			memcpy(NrAr,htd->auth.NrAr,8);
@@ -1142,10 +1180,9 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 			bAuthenticating = false;
 			bQuitTraceFull = true;
 		} break;
-      
 		case RHT2F_CRYPTO: {
 			DbpString("Authenticating using key:");
-			memcpy(key,htd->crypto.key,4);	  //HACK; 4 or 6??  I read both in the code.
+			memcpy(key,htd->crypto.key,6);	  //HACK; 4 or 6??  I read both in the code.
 			Dbhexdump(6,key,false);
 			blocknr = 0;
 			bQuiet = false;
@@ -1153,7 +1190,6 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 			bAuthenticating = false;
 			bQuitTraceFull = true;
 		} break;
-
 		case RHT2F_TEST_AUTH_ATTEMPTS: {
 			Dbprintf("Testing %d authentication attempts",(auth_table_len/8));
 			auth_table_pos = 0;
@@ -1162,7 +1198,12 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 			bQuiet = false;
 			bCrypto = false;
 		} break;
-			
+		case RHT2F_UID_ONLY: {
+			blocknr = 0;
+			bQuiet = false;
+			bCrypto = false;
+			bAuthenticating = false;
+		} break;
 		default: {
 			Dbprintf("Error, unknown function: %d",htf);
 			return;
@@ -1219,22 +1260,22 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
     // hitagS settings
     reset_sof = 1;
     t_wait = 200;
-    DbpString("Configured for hitagS reader");
+    //DbpString("Configured for hitagS reader");
   } else if (htf < 20) {
     // hitag1 settings
     reset_sof = 1;
     t_wait = 200;
-    DbpString("Configured for hitag1 reader");
+    //DbpString("Configured for hitag1 reader");
   } else if (htf < 30) {
     // hitag2 settings
     reset_sof = 4;
     t_wait = HITAG_T_WAIT_2;
-    DbpString("Configured for hitag2 reader");
+    //DbpString("Configured for hitag2 reader");
 	} else {
     Dbprintf("Error, unknown hitag reader type: %d",htf);
     return;
   }
-		
+	uint8_t attempt_count=0;
 	while(!bStop && !BUTTON_PRESS()) {
 		// Watchdog hit
 		WDT_HIT();
@@ -1269,6 +1310,11 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 			case RHT2F_TEST_AUTH_ATTEMPTS: {
 				bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen);
 			} break;
+			case RHT2F_UID_ONLY: {
+				bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen);
+				attempt_count++; //attempt 3 times to get uid then quit
+				if (!bStop && attempt_count == 3) bStop = true;
+			} break;
 			default: {
 				Dbprintf("Error, unknown function: %d",htf);
 				return;
@@ -1378,7 +1424,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
 	AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-	Dbprintf("frame received: %d",frame_count);
-  DbpString("All done");
+	//Dbprintf("frame received: %d",frame_count);
+  //DbpString("All done");
   cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48);
 }