X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/cb29e00a12eb3f5da6ed326938cddd0b0d1cb097..55eaed8f2ad26b9db249e2259c13444c38906795:/armsrc/iclass.c

diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 2b28b793..64abc84a 100644
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -433,7 +433,6 @@ static RAMFUNC int ManchesterDecoding(int v)
 	else {
 		modulation = bit & Demod.syncBit;
 		modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-		//modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
 
 		Demod.samples += 4;
 
@@ -688,7 +687,8 @@ void RAMFUNC SnoopIClass(void)
     SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 
 	uint32_t time_0 = GetCountSspClk();
-
+	uint32_t time_start = 0;
+	uint32_t time_stop  = 0;
 
     int div = 0;
     //int div2 = 0;
@@ -739,6 +739,7 @@ void RAMFUNC SnoopIClass(void)
 		smpl = decbyter;	
 		if(OutOfNDecoding((smpl & 0xF0) >> 4)) {
 		    rsamples = samples - Uart.samples;
+			time_stop = (GetCountSspClk()-time_0) << 4;
 		    LED_C_ON();
 
 			//if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,TRUE)) break;
@@ -746,7 +747,7 @@ void RAMFUNC SnoopIClass(void)
 			if(tracing)	{
 				uint8_t parity[MAX_PARITY_SIZE];
 				GetParity(Uart.output, Uart.byteCnt, parity);
-				LogTrace(Uart.output,Uart.byteCnt, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, TRUE);
+				LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, TRUE);
 			}
 
 
@@ -757,6 +758,8 @@ void RAMFUNC SnoopIClass(void)
 		    Demod.state = DEMOD_UNSYNCD;
 		    LED_B_OFF();
 		    Uart.byteCnt = 0;
+		}else{
+			time_start = (GetCountSspClk()-time_0) << 4;
 		}
 		decbyter = 0;
 	}
@@ -764,21 +767,24 @@ void RAMFUNC SnoopIClass(void)
 	if(div > 3) {
 		smpl = decbyte;
 		if(ManchesterDecoding(smpl & 0x0F)) {
-		    rsamples = samples - Demod.samples;
+			time_stop = (GetCountSspClk()-time_0) << 4;
+
+			rsamples = samples - Demod.samples;
 		    LED_B_ON();
 
 			if(tracing)	{
 				uint8_t parity[MAX_PARITY_SIZE];
 				GetParity(Demod.output, Demod.len, parity);
-				LogTrace(Demod.output, Demod.len, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, FALSE);
+				LogTrace(Demod.output, Demod.len, time_start, time_stop, parity, FALSE);
 			}
 
-
 		    // And ready to receive another response.
 		    memset(&Demod, 0, sizeof(Demod));
 			Demod.output = tagToReaderResponse;
 		    Demod.state = DEMOD_UNSYNCD;
 		    LED_C_OFF();
+		}else{
+			time_start = (GetCountSspClk()-time_0) << 4;
 		}
 		
 		div = 0;
@@ -842,10 +848,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
         }
         if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
             uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			/*if(OutOfNDecoding((b & 0xf0) >> 4)) {
-				*len = Uart.byteCnt;
-				return TRUE;
-			}*/
+
 			if(OutOfNDecoding(b & 0x0f)) {
 				*len = Uart.byteCnt;
 				return TRUE;
@@ -932,6 +935,7 @@ static void CodeIClassTagSOF()
 	// Convert from last byte pos to length
 	ToSendMax++;
 }
+
 int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf);
 /**
  * @brief SimulateIClass simulates an iClass card.
@@ -1002,8 +1006,8 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
 int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
 {
 
-
 	// CSN followed by two CRC bytes
+	uint8_t response1[] = { 0x0F} ;
 	uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 	uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
 	memcpy(response3,csn,sizeof(response3));
@@ -1026,11 +1030,11 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 	// Reader 81 anticoll. CSN
 	// Tag    CSN
 
-	uint8_t *resp;
-	int respLen;
-	uint8_t* respdata = NULL;
-	int respsize = 0;
-	uint8_t sof = 0x0f;
+	uint8_t *modulated_response;
+	int modulated_response_size;
+	uint8_t* trace_data = NULL;
+	int trace_data_size = 0;
+	//uint8_t sof = 0x0f;
 
 	// Respond SOF -- takes 8 bytes
 	uint8_t *resp1 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
@@ -1095,17 +1099,13 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 	LED_A_ON();
 	bool buttonPressed = false;
 
-	/** Hack  for testing
-	memcpy(reader_mac_buf,csn,8);
-	exitLoop = true;
-	end hack **/
-
 	while(!exitLoop) {
 
 		LED_B_OFF();
 		//Signal tracer
 		// Can be used to get a trigger for an oscilloscope..
 		LED_C_OFF();
+
 		if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
 			buttonPressed = true;
 			break;
@@ -1117,35 +1117,35 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 		// Okay, look at the command now.
 		if(receivedCmd[0] == 0x0a ) {
 			// Reader in anticollission phase
-			resp = resp1; respLen = resp1Len; //order = 1;
-			respdata = &sof;
-			respsize = sizeof(sof);
+			modulated_response = resp1; modulated_response_size = resp1Len; //order = 1;
+			trace_data = response1;
+			trace_data_size = sizeof(response1);
 		} else if(receivedCmd[0] == 0x0c) {
 			// Reader asks for anticollission CSN
-			resp = resp2; respLen = resp2Len; //order = 2;
-			respdata = response2;
-			respsize = sizeof(response2);
+			modulated_response = resp2; modulated_response_size = resp2Len; //order = 2;
+			trace_data = response2;
+			trace_data_size = sizeof(response2);
 			//DbpString("Reader requests anticollission CSN:");
 		} else if(receivedCmd[0] == 0x81) {
 			// Reader selects anticollission CSN.
 			// Tag sends the corresponding real CSN
-			resp = resp3; respLen = resp3Len; //order = 3;
-			respdata = response3;
-			respsize = sizeof(response3);
+			modulated_response = resp3; modulated_response_size = resp3Len; //order = 3;
+			trace_data = response3;
+			trace_data_size = sizeof(response3);
 			//DbpString("Reader selects anticollission CSN:");
 		} else if(receivedCmd[0] == 0x88) {
 			// Read e-purse (88 02)
-			resp = resp4; respLen = resp4Len; //order = 4;
-			respdata = response4;
-			respsize = sizeof(response4);
+			modulated_response = resp4; modulated_response_size = resp4Len; //order = 4;
+			trace_data = response4;
+			trace_data_size = sizeof(response4);
 			LED_B_ON();
 		} else if(receivedCmd[0] == 0x05) {
 			// Reader random and reader MAC!!!
 			// Do not respond
             // We do not know what to answer, so lets keep quiet
-			resp = resp1; respLen = 0; //order = 5;
-			respdata = NULL;
-			respsize = 0;
+			modulated_response = resp1; modulated_response_size = 0; //order = 5;
+			trace_data = NULL;
+			trace_data_size = 0;
 			if (breakAfterMacReceived){
 				// dbprintf:ing ...
 				Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x"
@@ -1162,9 +1162,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 			}
 		} else if(receivedCmd[0] == 0x00 && len == 1) {
 			// Reader ends the session
-			resp = resp1; respLen = 0; //order = 0;
-			respdata = NULL;
-			respsize = 0;
+			modulated_response = resp1; modulated_response_size = 0; //order = 0;
+			trace_data = NULL;
+			trace_data_size = 0;
 		} else {
 			//#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44
 			// Never seen this command before
@@ -1174,9 +1174,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 			receivedCmd[3], receivedCmd[4], receivedCmd[5],
 			receivedCmd[6], receivedCmd[7], receivedCmd[8]);
 			// Do not respond
-			resp = resp1; respLen = 0; //order = 0;
-			respdata = NULL;
-			respsize = 0;
+			modulated_response = resp1; modulated_response_size = 0; //order = 0;
+			trace_data = NULL;
+			trace_data_size = 0;
 		}
 
 		if(cmdsRecvd >  100) {
@@ -1186,9 +1186,16 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 		else {
 			cmdsRecvd++;
 		}
-
-		if(respLen > 0) {
-			SendIClassAnswer(resp, respLen, 21);
+		/**
+		After changes to parity calculation
+		Time between reader EOT and pm3 SOF
+		delay	21 -> 480uS
+		delay	10 -> 220us
+		delay	16 -> 388us
+		A legit tag has about 380us.
+		**/
+		if(modulated_response_size > 0) {
+			SendIClassAnswer(modulated_response, modulated_response_size, timeout);
 			t2r_time = GetCountSspClk();
 		}
 
@@ -1197,9 +1204,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
 			GetParity(receivedCmd, len, parity);
 			LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, TRUE);
 
-			if (respdata != NULL) {
-				GetParity(respdata, respsize, parity);
-				LogTrace(respdata, respsize, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
+			if (trace_data != NULL) {
+				GetParity(trace_data, trace_data_size, parity);
+				LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
 			}
 			if(!tracing) {
 				DbpString("Trace full");
@@ -1368,7 +1375,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
 	int samples = 0;
 
 	// This is tied to other size changes
-	// 	uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
 	CodeIClassCommand(frame,len);
 
 	// Select the card
@@ -1423,10 +1429,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 			b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 			skip = !skip;
 			if(skip) continue;
-			/*if(ManchesterDecoding((b>>4) & 0xf)) {
-				*samples = ((c - 1) << 3) + 4;
-				return TRUE;
-			}*/
+		
 			if(ManchesterDecoding(b & 0x0f)) {
 				*samples = c << 3;
 				return  TRUE;