X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/f6d9fb173fec6d117faeb6c39cf37ee449d4ef16..872e3d4d6f6dd1ae01ef67e4ad8255243f1e24ec:/armsrc/lfops.c diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c1031447..ea36cdec 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -15,231 +15,44 @@ #include "crc16.h" #include "string.h" #include "lfdemod.h" +#include "lfsampling.h" -uint8_t decimation = 1; -uint8_t bits_per_sample = 8; -bool averaging = 1; - -typedef struct { - uint8_t * buffer; - uint32_t numbits; - uint32_t position; -} BitstreamOut; /** - * @brief Pushes bit onto the stream - * @param stream - * @param bit + * Function to do a modulation and then get samples. + * @param delay_off + * @param period_0 + * @param period_1 + * @param command */ -void pushBit( BitstreamOut* stream, uint8_t bit) -{ - int bytepos = stream->position >> 3; // divide by 8 - int bitpos = stream->position & 7; - *(stream->buffer+bytepos) |= (bit > 0) << (7 - bitpos); - stream->position++; - stream->numbits++; -} - -/** - * Does the sample acquisition. If threshold is specified, the actual sampling - * is not commenced until the threshold has been reached. - * This method implements decimation and quantization in order to - * be able to provide longer sample traces. - * Uses the following global settings: - * - decimation - how much should the signal be decimated. A decimation of N means we keep 1 in N samples, etc. - * - bits_per_sample - bits per sample. Max 8, min 1 bit per sample. - * - averaging If set to true, decimation will use averaging, so that if e.g. decimation is 3, the sample - * value that will be used is the average value of the three samples. - * - * @param trigger_threshold - a threshold. The sampling won't commence until this threshold has been reached. Set - * to -1 to ignore threshold. - * @param silent - is true, now outputs are made. If false, dbprints the status - * @return the number of bits occupied by the samples. - */ -uint32_t DoAcquisition125k_internal(int trigger_threshold,bool silent) -{ - //. - uint8_t *dest = (uint8_t *)BigBuf; - int bufsize = BIGBUF_SIZE; - memset(dest, 0, bufsize); - - if(bits_per_sample < 1) bits_per_sample = 1; - if(bits_per_sample > 8) bits_per_sample = 8; - - if(decimation < 1) decimation = 1; - - // Use a bit stream to handle the output - BitstreamOut data = { dest , 0, 0}; - int sample_counter = 0; - uint8_t sample = 0; - //If we want to do averaging - uint32_t sample_sum =0 ; - uint32_t sample_total_numbers =0 ; - uint32_t sample_total_saved =0 ; - - while(!BUTTON_PRESS()) { - WDT_HIT(); - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - LED_D_ON(); - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - LED_D_OFF(); - if (trigger_threshold != -1 && sample < trigger_threshold) - continue; - - trigger_threshold = -1; - sample_total_numbers++; - - if(averaging) - { - sample_sum += sample; - } - //Check decimation - if(decimation > 1) - { - sample_counter++; - if(sample_counter < decimation) continue; - sample_counter = 0; - } - //Averaging - if(averaging && decimation > 1) { - sample = sample_sum / decimation; - sample_sum =0; - } - //Store the sample - sample_total_saved ++; - if(bits_per_sample == 8){ - dest[sample_total_saved-1] = sample; - data.numbits = sample_total_saved << 3;//Get the return value correct - if(sample_total_saved >= bufsize) break; - } - else{ - pushBit(&data, sample & 0x80); - if(bits_per_sample > 1) pushBit(&data, sample & 0x40); - if(bits_per_sample > 2) pushBit(&data, sample & 0x20); - if(bits_per_sample > 3) pushBit(&data, sample & 0x10); - if(bits_per_sample > 4) pushBit(&data, sample & 0x08); - if(bits_per_sample > 5) pushBit(&data, sample & 0x04); - if(bits_per_sample > 6) pushBit(&data, sample & 0x02); - //Not needed, 8bps is covered above - //if(bits_per_sample > 7) pushBit(&data, sample & 0x01); - if((data.numbits >> 3) +1 >= bufsize) break; - } - } - } - - if(!silent) - { - Dbprintf("Done, saved %d out of %d seen samples at %d bits/sample",sample_total_saved, sample_total_numbers,bits_per_sample); - Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", - dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); - } - return data.numbits; -} -/** -* Perform sample aquisition. -*/ -void DoAcquisition125k(int trigger_threshold) -{ - DoAcquisition125k_internal(trigger_threshold, false); -} - -/** -* Setup the FPGA to listen for samples. This method downloads the FPGA bitstream -* if not already loaded, sets divisor and starts up the antenna. -* @param divisor : 1, 88> 255 or negative ==> 134.8 KHz -* 0 or 95 ==> 125 KHz -* -**/ -void LFSetupFPGAForADC(int divisor, bool lf_field) -{ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - if ( (divisor == 1) || (divisor < 0) || (divisor > 255) ) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else if (divisor == 0) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0)); - - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); -} -/** -* Initializes the FPGA, and acquires the samples. -**/ -void AcquireRawAdcSamples125k(int divisor,int arg1, int arg2) -{ - if (arg1 != 0) - { - averaging = (arg1 & 0x80) != 0; - bits_per_sample = (arg1 & 0x0F); - } - if(arg2 != 0) - { - decimation = arg2; - } - - Dbprintf("Sampling config: "); - Dbprintf(" divisor: %d ", divisor); - Dbprintf(" bps: %d ", bits_per_sample); - Dbprintf(" decimation: %d ", decimation); - Dbprintf(" averaging: %d ", averaging); - - LFSetupFPGAForADC(divisor, true); - // Now call the acquisition routine - DoAcquisition125k_internal(-1,false); -} -/** -* Initializes the FPGA for snoop-mode, and acquires the samples. -**/ - -void SnoopLFRawAdcSamples(int divisor, int trigger_threshold) -{ - LFSetupFPGAForADC(divisor, false); - DoAcquisition125k(trigger_threshold); -} - void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) { - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); - - int divisor_used = 95; // 125 KHz // see if 'h' was specified if (command[strlen((char *) command) - 1] == 'h') divisor_used = 88; // 134.8 KHz + sample_config sc = { 0,0,1, divisor_used, 0}; + setSamplingConfig(&sc); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); + /* Make sure the tag is reset */ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(2500); - // And a little more time for the tag to fully power up - SpinDelay(2000); + LFSetupFPGAForADC(sc.divisor, 1); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); + // And a little more time for the tag to fully power up + SpinDelay(2000); // now modulate the reader field while(*command != '\0' && *command != ' ') { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); LED_D_ON(); @@ -251,14 +64,16 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); // now do the read - DoAcquisition125k(-1); + DoAcquisition_config(false); } + + /* blank r/w tag data stream ...0000000000000000 01111111 1010101010101010101010101010101010101010101010101010101010101010 @@ -278,8 +93,8 @@ void ReadTItag(void) #define FREQLO 123200 #define FREQHI 134200 - signed char *dest = (signed char *)BigBuf; - int n = sizeof(BigBuf); + signed char *dest = (signed char *)BigBuf_get_addr(); + uint16_t n = BigBuf_max_traceLen(); // 128 bit shift register [shift3:shift2:shift1:shift0] uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; @@ -431,7 +246,8 @@ void AcquireTiType(void) #define TIBUFLEN 1250 // clear buffer - memset(BigBuf,0,sizeof(BigBuf)); + uint32_t *BigBuf = (uint32_t *)BigBuf_get_addr(); + memset(BigBuf,0,BigBuf_max_traceLen()/sizeof(uint32_t)); // Set up the synchronous serial port AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DIN; @@ -479,7 +295,7 @@ void AcquireTiType(void) AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; - char *dest = (char *)BigBuf; + char *dest = (char *)BigBuf_get_addr(); n = TIBUFLEN*32; // unpack buffer for (i=TIBUFLEN-1; i>=0; i--) { @@ -568,7 +384,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) void SimulateTagLowFrequency(int period, int gap, int ledcontrol) { int i; - uint8_t *tab = (uint8_t *)BigBuf; + uint8_t *tab = BigBuf_get_addr(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); @@ -578,8 +394,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { @@ -601,7 +417,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - + //wait for next sample time while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -626,29 +442,31 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) { } -// compose fc/8 fc/10 waveform -static void fc(int c, int *n) { - uint8_t *dest = (uint8_t *)BigBuf; +// compose fc/8 fc/10 waveform (FSK2) +static void fc(int c, int *n) +{ + uint8_t *dest = BigBuf_get_addr(); int idx; // for when we want an fc8 pattern every 4 logical bits if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -662,8 +480,8 @@ static void fc(int c, int *n) { dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -672,6 +490,37 @@ static void fc(int c, int *n) { } } } +// compose fc/X fc/Y waveform (FSKx) +static void fcAll(uint8_t c, int *n, uint8_t clock) +{ + uint8_t *dest = BigBuf_get_addr(); + uint8_t idx; + uint8_t fcCnt; + // c = count of field clock for this bit + + int mod = clock % c; + // loop through clock - step field clock + for (idx=0; idx < (uint8_t) clock/c; idx++){ + // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + for (fcCnt=0; fcCnt < c; fcCnt++){ + if (fcCnt < c/2){ + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } + } + } + Dbprintf("mod: %d",mod); + if (mod>0){ //for FC counts that don't add up to a full clock cycle padd with extra wave + for (idx=0; idx < mod; idx++){ + if (idx < mod/2) { + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } + } + } +} // prepare a waveform pattern in the buffer based on the ID given then // simulate a HID tag until the button is pressed @@ -729,14 +578,187 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) LED_A_OFF(); } +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains invert and clock +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) +{ + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + //spacer bit + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + //fcAll(0, &n, clk); + + WDT_HIT(); + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + WDT_HIT(); + for (i=0; i> 8; + uint8_t carrier = arg1 & 0xFF; + uint8_t invert = arg2 & 0xFF; + uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase + //uint8_t invert = (arg2 >> 8) & 1; + uint8_t curPhase = 0; + WDT_HIT(); + for (i=0; i0 && lo>0){ + DoAcquisition_default(-1,true); + // FSK demodulator + size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use + idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo); + + if (idx>0 && lo>0){ // final loop, go over previously decoded manchester data and decode into usable tag ID // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 if (hi2 != 0){ //extra large HID tags @@ -807,6 +828,8 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) } if (findone){ if (ledcontrol) LED_A_OFF(); + *high = hi; + *low = lo; return; } // reset @@ -820,10 +843,10 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); - size_t size=0; - int clk=0, invert=0, errCnt=0; + size_t size=0, idx=0; + int clk=0, invert=0, errCnt=0, maxErr=20; uint64_t lo=0; // Configure to go in 125Khz listen mode LFSetupFPGAForADC(95, true); @@ -833,16 +856,16 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) WDT_HIT(); if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); - size = sizeof(BigBuf); + DoAcquisition_default(-1,true); + size = BigBuf_max_traceLen(); //Dbprintf("DEBUG: Buffer got"); //askdemod and manchester decode - errCnt = askmandemod(dest, &size, &clk, &invert); + errCnt = askmandemod(dest, &size, &clk, &invert, maxErr); //Dbprintf("DEBUG: ASK Got"); WDT_HIT(); if (errCnt>=0){ - lo = Em410xDecode(dest,size); + lo = Em410xDecode(dest, &size, &idx); //Dbprintf("DEBUG: EM GOT"); if (lo>0){ Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", @@ -854,6 +877,8 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) } if (findone){ if (ledcontrol) LED_A_OFF(); + *high=lo>>32; + *low=lo & 0xFFFFFFFF; return; } } else{ @@ -872,7 +897,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int idx=0; uint32_t code=0, code2=0; uint8_t version=0; @@ -884,10 +909,10 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) while(!BUTTON_PRESS()) { WDT_HIT(); if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); - //fskdemod and get start index + DoAcquisition_default(-1,true); + //fskdemod and get start index WDT_HIT(); - idx = IOdemodFSK(dest,sizeof(BigBuf)); + idx = IOdemodFSK(dest, BigBuf_max_traceLen()); if (idx>0){ //valid tag found @@ -920,6 +945,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) if (findone){ if (ledcontrol) LED_A_OFF(); //LED_A_OFF(); + *high=code; + *low=code2; return; } code=code2=0; @@ -1059,11 +1086,11 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod // Read one card block in page 0 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); //int m=0, i=0; //enio adjustment 12/10/14 uint32_t m=0, i=0; FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. @@ -1124,11 +1151,11 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) // Read card traceability data (page 1) void T55xxReadTrace(void){ - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int m=0, i=0; FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. @@ -1478,8 +1505,8 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int int DemodPCF7931(uint8_t **outBlocks) { uint8_t BitStream[256]; uint8_t Blocks[8][16]; - uint8_t *GraphBuffer = (uint8_t *)BigBuf; - int GraphTraceLen = sizeof(BigBuf); + uint8_t *GraphBuffer = BigBuf_get_addr(); + int GraphTraceLen = BigBuf_max_traceLen(); int i, j, lastval, bitidx, half_switch; int clock = 64; int tolerance = clock / 8; @@ -1489,7 +1516,9 @@ int DemodPCF7931(uint8_t **outBlocks) { int lmin=128, lmax=128; uint8_t dir; - AcquireRawAdcSamples125k(0,0,0); + LFSetupFPGAForADC(95, true); + DoAcquisition_default(0, 0); + lmin = 64; lmax = 192; @@ -1716,7 +1745,7 @@ void ReadPCF7931() { tries++; if (BUTTON_PRESS()) return; } while (num_blocks != max_blocks); -end: + end: Dbprintf("-----------------------------------------"); Dbprintf("Memory content:"); Dbprintf("-----------------------------------------"); @@ -1896,7 +1925,7 @@ void EM4xLogin(uint32_t Password) { void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { uint8_t fwd_bit_count; - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = BigBuf_get_addr(); int m=0, i=0; //If password mode do login @@ -1906,7 +1935,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); fwd_bit_count += Prepare_Addr( Address ); - m = sizeof(BigBuf); + m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path.