From 8d960002c8713dfbaed0f0dd52fe7d7cb2dd77b1 Mon Sep 17 00:00:00 2001
From: marshmellow42 <marshmellowrf@gmail.com>
Date: Mon, 2 Mar 2015 14:42:55 -0500
Subject: [PATCH] lf cmds fix, add, show

show command to UI:
data printdemodbuffer - allow printing of demod buffer
Add:
data askgproxiidemod - demod a gproxii tag

Fix:
adjust lf simxxx commands further for testing
---
 armsrc/lfops.c        |  74 ++++++++++++++++---------
 client/FLASH - OS.bat |  61 +++++++++++++++++++++
 client/cmddata.c      | 125 +++++++++++++++++++++++++++++++++++++++++-
 client/cmddata.h      |   1 +
 client/cmdlf.c        |  29 +++++++---
 5 files changed, 254 insertions(+), 36 deletions(-)
 create mode 100644 client/FLASH - OS.bat

diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 866ff5d2..3684eaaf 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -438,8 +438,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
     }
 }
 
-//Testing to fix timing issues
-void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol)
+//Testing to fix timing issues by marshmellow (MM)
+void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol)
 {
     int i;
     uint8_t *tab = BigBuf_get_addr();
@@ -463,7 +463,31 @@ void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol)
         while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
             WDT_HIT();
         }
-        if (i>0 && tab[i]!=tab[i-1]){
+        if (i>0){
+            if (tab[i]!=tab[i-1]){
+                // transition
+                if (ledcontrol)
+                    LED_D_ON();
+
+                // modulate coil
+                if(tab[i])
+                    OPEN_COIL();
+                else
+                    SHORT_COIL();
+
+                if (ledcontrol)
+                    LED_D_OFF();
+
+            } else { //no transition
+                //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened
+                //  skip test for readers Carrier = LOW, otherwise we get a bit behind
+                
+                //wait until reader carrier is LOW
+                while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
+                    WDT_HIT();
+                }                
+            }
+        } else {
             // transition
             if (ledcontrol)
                 LED_D_ON();
@@ -475,16 +499,10 @@ void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol)
                 SHORT_COIL();
 
             if (ledcontrol)
-                LED_D_OFF();      
-        } else { //no transition
-            //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened
-            //  skip test for readers Carrier = LOW, otherwise we get a bit behind
-            
-            //wait until reader carrier is LOW
-            while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
-                WDT_HIT();
-            }                
-        }        
+                LED_D_OFF();
+        }
+        WDT_HIT();
+      
                
         i++;
         if(i == period) {      
@@ -568,23 +586,25 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt)
     for (idx=0; idx < (uint8_t) clock/c; idx++){
         // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave)
         for (fcCnt=0; fcCnt < c; fcCnt++){  //fudge slow transition from low to high - shorten wave by 1
-            if (fcCnt < c/2){
-                dest[((*n)++)]=1;
+            if (fcCnt < c/2+1){
+                dest[((*n)++)]=0;
             } else {
                 //fudge low to high transition
-                //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; 
-                dest[((*n)++)]=0;    
+                //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0;
+                //if (c==8 && fcCnt==5) continue; 
+                dest[((*n)++)]=1;   
             }
         }
     }
     if (mod>0) (*modCnt)++;
-    if ((mod>0) && modAdjOk){  //fsk2
-        if ((*modCnt % modAdj) == 0){
+    if ((mod>0) && modAdjOk){  //fsk2 
+        if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave
             for (fcCnt=0; fcCnt < c; fcCnt++){  //fudge slow transition from low to high - shorten wave by 1
-                if (fcCnt < c/2){
-                    dest[((*n)++)]=1;
+                if (fcCnt < c/2+1){
+                    dest[((*n)++)]=0;
                 } else {
-                    dest[((*n)++)]=0;    
+                    //if (c==8 && fcCnt==5) continue; 
+                    dest[((*n)++)]=1;    
                 }
             }       
         }
@@ -593,9 +613,9 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt)
     if (mod>0 && !modAdjOk){  //fsk1
         for (idx=0; idx < mod; idx++){
             if (idx < mod/2) {
-                dest[((*n)++)]=1;
-            } else {
                 dest[((*n)++)]=0;
+            } else {
+                dest[((*n)++)]=1;
             }
         }
     }
@@ -716,7 +736,7 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
            
     if (ledcontrol)
         LED_A_ON();
-    SimulateTagLowFrequencyTest(n, 0, ledcontrol);
+    SimulateTagLowFrequencyMM(n, 0, ledcontrol);
 
     if (ledcontrol)
         LED_A_OFF();
@@ -781,7 +801,7 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
 
     if (ledcontrol)
         LED_A_ON();
-    SimulateTagLowFrequencyTest(n, 0, ledcontrol);
+    SimulateTagLowFrequencyMM(n, 0, ledcontrol);
 
     if (ledcontrol)
         LED_A_OFF();
@@ -855,7 +875,7 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
            
     if (ledcontrol)
         LED_A_ON();
-    SimulateTagLowFrequencyTest(n, 0, ledcontrol);
+    SimulateTagLowFrequencyMM(n, 0, ledcontrol);
 
     if (ledcontrol)
         LED_A_OFF();
diff --git a/client/FLASH - OS.bat b/client/FLASH - OS.bat
new file mode 100644
index 00000000..46605190
--- /dev/null
+++ b/client/FLASH - OS.bat	
@@ -0,0 +1,61 @@
+@echo off
+color 0a
+MODE CON COLS=80 LINES=36
+title OS FLASH FILE
+echo.
+echo.
+echo.
+echo   ======================================================================
+echo   ©¦!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! O__O !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!©¦
+echo   ©¦==================================================================©¦
+echo   ©¦OS-ONLY FLASHER BATCH FILE                                        ©¦
+echo   ©¦                                                                  ©¦
+echo   ©¦you will need to have this file (FLASH - OS.bat) in \win32 folder ©¦
+echo   ©¦you will need to have flasher.exe in \win32 folder                ©¦
+echo   ©¦you will need to have osimage.elf in \firmware_win folder         ©¦
+echo   ©¦                                                                  ©¦
+echo   ©¦                                                                  ©¦
+echo   ©¦IF YOU HAVE THOSE REQUISITES HIT ANY BUTTON TO CONTINUE !         ©¦
+echo   ©¦------------------------------------------------------------------©¦
+echo   ======================================================================
+pause.
+
+cls
+echo.
+echo                 ====================================
+echo                 FLASHING osimage.elf, please wait...
+echo                 ====================================
+echo.
+flasher.exe com3 ..\armsrc\obj\osimage.elf
+
+pause.
+
+cls
+title DONE
+echo.
+echo   ___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___
+echo  /   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \
+echo  \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/
+echo  /   \___/                                                   \___/   \
+echo  \___/                                                           \___/
+echo  /   \                                                           /   \
+echo  \___/                                                           \___/
+echo  /   \       FLASHING OPERATION SUCCESSFUL ! Enjoy it !          /   \
+echo  \___/                                                           \___/
+echo  /   \                                                           /   \
+echo  \___/                                                           \___/
+echo  /   \                                BATCH FILE BY ASPER        /   \
+echo  \___/                                                           \___/
+echo  /   \                                                           /   \
+echo  \___/                                                           \___/
+echo  /   \___                                                     ___/   \
+echo  \___/   \___     ___     ___     ___     ___     ___     ___/   \___/
+echo  /   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \
+echo  \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/
+echo      \___/   \___/   \___/   \___/   \___/   \___/   \___/   \___/
+
+echo.
+pause.
+cls
+MODE CON COLS=130 LINES=36
+cmd.exe
diff --git a/client/cmddata.c b/client/cmddata.c
index 15f4d3eb..b8b95c04 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -84,7 +84,11 @@ void printDemodBuff(void)
 	return;
 }
 
-
+int CmdPrintDemodBuff(const char *Cmd)
+{
+  printDemodBuff();
+  return 1;
+}
 int CmdAmp(const char *Cmd)
 {
   int i, rising, falling;
@@ -503,6 +507,29 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
 	return 1;
 }
 
+// set demod buffer back to raw after biphase demod
+void setBiphaseDemodBuf(uint8_t *BitStream, size_t size)
+{
+  uint8_t rawStream[512]={0x00};
+  size_t i=0;
+  uint8_t curPhase=0;
+  if (size > 256) {
+    PrintAndLog("ERROR - Biphase Demod Buffer overrun");
+    return;
+  }
+  for (size_t idx=0; idx<size; idx++){
+    if(BitStream[idx]){
+      rawStream[i++] = curPhase;
+      rawStream[i++] = curPhase;
+      curPhase ^= 1; 
+    } else {
+      rawStream[i++] = curPhase;
+      rawStream[i++] = curPhase ^ 1;
+    }
+  }
+  setDemodBuf(rawStream,i,0);
+  return;
+}
 //by marshmellow
 //takes 4 arguments - clock, invert, maxErr as integers and amplify as char
 //attempts to demodulate ask only
@@ -551,6 +578,100 @@ int ASKrawDemod(const char *Cmd, bool verbose)
   return 1;
 }
 
+//by marshmellow
+//attempts to demodulate and identify a G_Prox_II verex/chubb card
+//WARNING: if it fails during some points it will destroy the DemodBuffer data
+// but will leave the GraphBuffer intact.
+//if successful it will push askraw data back to demod buffer ready for emulation
+int CmdG_Prox_II_Demod(const char *Cmd)
+{
+  int ans = ASKrawDemod(Cmd, FALSE);
+  if (ans <= 0) {
+    if (g_debugMode) PrintAndLog("Error AskrawDemod: %d",ans);
+    return ans;
+  }
+  size_t size = DemodBufferLen;
+  ans = BiphaseRawDecode(DemodBuffer, &size, 0, 0); 
+  if (ans !=0) {
+    if (g_debugMode) PrintAndLog("Error BiphaseRawDecode: %d",ans);
+    return ans;
+  }
+  //call lfdemod.c demod for gProxII
+  ans = gProxII_Demod(DemodBuffer, &size);
+  if (ans < 0){
+    if (g_debugMode) PrintAndLog("Error gProxII_Demod 1st Try: %d",ans);
+    //try biphase again
+    ans = BiphaseRawDecode(DemodBuffer, &size, 1, 0); 
+    if (ans != 0) {
+      if (g_debugMode) PrintAndLog("Error BiphaseRawDecode: %d",ans);
+      return ans;
+    }
+    ans = gProxII_Demod(DemodBuffer, &size);
+    if (ans < 0) {
+      if (g_debugMode) PrintAndLog("Error gProxII_Demod 1st Try: %d",ans);
+      return ans;
+    }
+  }
+  //got a good demod
+  uint32_t ByteStream[65] = {0x00};
+  uint8_t xorKey=0;
+  uint8_t keyCnt=0;
+  uint8_t bitCnt=0;
+  uint8_t ByteCnt=0;
+  size_t startIdx = ans + 6; //start after preamble
+  for (size_t idx = 0; idx<size-6; idx++){
+    if ((idx+1) % 5 == 0){
+      //spacer bit - should be 0
+      if (DemodBuffer[startIdx+idx] != 0) {
+        if (g_debugMode) PrintAndLog("Error spacer not 0: %d, pos: %d",DemodBuffer[startIdx+idx],startIdx+idx);
+        return -1;
+      }
+      continue;
+    } 
+    if (keyCnt<8){ //lsb first
+      xorKey = xorKey | (DemodBuffer[startIdx+idx]<<keyCnt);
+      keyCnt++;
+      if (keyCnt==8 && g_debugMode) PrintAndLog("xorKey Found: %02x", xorKey);
+      continue;
+    }
+    //lsb first
+    ByteStream[ByteCnt] = ByteStream[ByteCnt] | (DemodBuffer[startIdx+idx]<<bitCnt);
+    bitCnt++;
+    if (bitCnt % 8 == 0){
+      if (g_debugMode) PrintAndLog("byte %d: %02x",ByteCnt,ByteStream[ByteCnt]);
+      bitCnt=0;
+      ByteCnt++;
+    }
+  }
+  for (uint8_t i = 0; i < ByteCnt; i++){
+    ByteStream[i] ^= xorKey; //xor
+    if (g_debugMode) PrintAndLog("byte %d after xor: %02x", i, ByteStream[i]);
+  }
+  //now ByteStream contains 64 bytes of decrypted raw tag data
+  // 
+  uint8_t fmtLen = ByteStream[0]>>2;
+  uint32_t FC = 0;
+  uint32_t Card = 0;
+  uint32_t raw1 = bytebits_to_byte(DemodBuffer+ans,32);
+  uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32);
+  uint32_t raw3 = bytebits_to_byte(DemodBuffer+ans+64, 32);
+
+  if (fmtLen==36){
+    FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1);
+    Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5);
+    PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card);
+  } else if(fmtLen==26){
+    FC = ((ByteStream[3] & 0x7F)<<1) | (ByteStream[4]>>7);
+    Card = ((ByteStream[4]&0x7F)<<9) | (ByteStream[5]<<1) | (ByteStream[6]>>7);
+    PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card);    
+  } else {
+    PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",fmtLen);
+  }
+  PrintAndLog("Raw: %08x%08x%08x", raw1,raw2,raw3);
+  setBiphaseDemodBuf(DemodBuffer+ans, 96);
+  return 1;
+}
+
 //by marshmellow - see ASKrawDemod
 int Cmdaskrawdemod(const char *Cmd)
 {
@@ -2422,6 +2543,7 @@ static command_t CommandTable[] =
   //{"askdemod",      Cmdaskdemod,        1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
   {"askedgedetect", CmdAskEdgeDetect,   1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
   {"askem410xdemod",CmdAskEM410xDemod,  1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
+  {"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"},
   //{"askmandemod",   Cmdaskmandemod,     1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"},
   //{"askrawdemod",   Cmdaskrawdemod,     1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"},
   {"autocorr",      CmdAutoCorr,        1, "<window length> -- Autocorrelation over window"},
@@ -2454,6 +2576,7 @@ static command_t CommandTable[] =
   //{"nrzrawdemod",   CmdNRZrawDemod,     1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"},
   {"plot",          CmdPlot,            1, "Show graph window (hit 'h' in window for keystroke help)"},
   //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"},
+  {"printdemodbuffer",CmdPrintDemodBuff,1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
   {"pskindalademod",CmdIndalaDecode,    1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
   //{"psk1rawdemod",  CmdPSK1rawDemod,    1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"},
   //{"psk2rawdemod",  CmdPSK2rawDemod,    1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"},
diff --git a/client/cmddata.h b/client/cmddata.h
index aba3369e..673a2ba0 100644
--- a/client/cmddata.h
+++ b/client/cmddata.h
@@ -19,6 +19,7 @@ void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx);
 int CmdAmp(const char *Cmd);
 int Cmdaskdemod(const char *Cmd);
 int CmdAskEM410xDemod(const char *Cmd);
+int CmdG_Prox_II_Demod(const char *Cmd);
 int Cmdaskrawdemod(const char *Cmd);
 int Cmdaskmandemod(const char *Cmd);
 int CmdAutoCorr(const char *Cmd);
diff --git a/client/cmdlf.c b/client/cmdlf.c
index d3ea8eea..1222b3ce 100644
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@@ -766,16 +766,19 @@ int CmdLFaskSim(const char *Cmd)
     setDemodBuf(data, dataLen, 0);
   }
   if (clk == 0) clk = 64;
-
+  if (manchester == 0) clk = clk/2; //askraw needs to double the clock speed
   uint16_t arg1, arg2;
+  size_t size=DemodBufferLen;
   arg1 = clk << 8 | manchester;
   arg2 = invert << 8 | separator;
-  UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, DemodBufferLen}};
-  if (DemodBufferLen > USB_CMD_DATA_SIZE) {
-    PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE);
+  if (size > USB_CMD_DATA_SIZE) {
+    PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE);
+    size = USB_CMD_DATA_SIZE;
   }
-  PrintAndLog("preparing to sim ask data: %d bits", DemodBufferLen);
-  memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen);
+  UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
+
+  PrintAndLog("preparing to sim ask data: %d bits", size);
+  memcpy(c.d.asBytes, DemodBuffer, size);
   SendCommand(&c);
   return 0;
 }
@@ -853,11 +856,15 @@ int CmdLFpskSim(const char *Cmd)
     return usage_lf_simpsk();
   }
   if (dataLen == 0){ //using DemodBuffer
-    if (clk==0) clk = GetPskClock(NULL, FALSE, FALSE);
-    if (!carrier) carrier = GetPskCarrier(NULL, FALSE, FALSE); 
+    PrintAndLog("Getting Clocks");
+    if (clk==0) clk = GetPskClock("", FALSE, FALSE);
+    PrintAndLog("clk: %d",clk);
+    if (!carrier) carrier = GetPskCarrier("", FALSE, FALSE); 
+    PrintAndLog("carrier: %d", carrier);
   } else {
     setDemodBuf(data, dataLen, 0);
   }
+
   if (clk <= 0) clk = 32;
   if (carrier == 0) carrier = 2;
   if (pskType != 1){
@@ -875,6 +882,7 @@ int CmdLFpskSim(const char *Cmd)
   if (DemodBufferLen > USB_CMD_DATA_SIZE) {
     PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE);
   }
+  PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen);
   memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen);
   SendCommand(&c);
   return 0;
@@ -1055,6 +1063,11 @@ int CmdLFfind(const char *Cmd)
     PrintAndLog("\nValid EM410x ID Found!");
     return 1;
   }
+  ans=CmdG_Prox_II_Demod("");
+  if (ans>0) {
+    PrintAndLog("\nValid G Prox II ID Found!");
+    return 1;
+  }
   PrintAndLog("\nNo Known Tags Found!\n");
   if (testRaw=='u' || testRaw=='U'){
     //test unknown tag formats (raw mode)
-- 
2.39.2