]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhf14b.c
Fixed buffer corruption in iso1443a_select_card, affecting several operations, e...
[proxmark3-svn] / client / cmdhf14b.c
CommitLineData
a553f267 1//-----------------------------------------------------------------------------
2// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency ISO14443B commands
9//-----------------------------------------------------------------------------
10
7fe9b0b7 11#include <stdio.h>
12#include <stdlib.h>
13#include <stdbool.h>
14#include <string.h>
15#include <stdint.h>
16#include "iso14443crc.h"
28fdb04f 17//#include "proxusb.h"
902cb3c0 18#include "proxmark3.h"
7fe9b0b7 19#include "data.h"
20#include "graph.h"
21#include "ui.h"
22#include "cmdparser.h"
23#include "cmdhf14b.h"
24
25static int CmdHelp(const char *Cmd);
26
27int CmdHF14BDemod(const char *Cmd)
28{
29 int i, j, iold;
30 int isum, qsum;
31 int outOfWeakAt;
32 bool negateI, negateQ;
33
34 uint8_t data[256];
35 int dataLen = 0;
36
37 // As received, the samples are pairs, correlations against I and Q
38 // square waves. So estimate angle of initial carrier (or just
39 // quadrant, actually), and then do the demod.
40
41 // First, estimate where the tag starts modulating.
42 for (i = 0; i < GraphTraceLen; i += 2) {
43 if (abs(GraphBuffer[i]) + abs(GraphBuffer[i + 1]) > 40) {
44 break;
45 }
46 }
47 if (i >= GraphTraceLen) {
48 PrintAndLog("too weak to sync");
49 return 0;
50 }
51 PrintAndLog("out of weak at %d", i);
52 outOfWeakAt = i;
53
54 // Now, estimate the phase in the initial modulation of the tag
55 isum = 0;
56 qsum = 0;
57 for (; i < (outOfWeakAt + 16); i += 2) {
58 isum += GraphBuffer[i + 0];
59 qsum += GraphBuffer[i + 1];
60 }
61 negateI = (isum < 0);
62 negateQ = (qsum < 0);
63
64 // Turn the correlation pairs into soft decisions on the bit.
65 j = 0;
66 for (i = 0; i < GraphTraceLen / 2; i++) {
67 int si = GraphBuffer[j];
68 int sq = GraphBuffer[j + 1];
69 if (negateI) si = -si;
70 if (negateQ) sq = -sq;
71 GraphBuffer[i] = si + sq;
72 j += 2;
73 }
74 GraphTraceLen = i;
75
76 i = outOfWeakAt / 2;
77 while (GraphBuffer[i] > 0 && i < GraphTraceLen)
78 i++;
79 if (i >= GraphTraceLen) goto demodError;
80
81 iold = i;
82 while (GraphBuffer[i] < 0 && i < GraphTraceLen)
83 i++;
84 if (i >= GraphTraceLen) goto demodError;
85 if ((i - iold) > 23) goto demodError;
86
87 PrintAndLog("make it to demod loop");
88
89 for (;;) {
90 iold = i;
91 while (GraphBuffer[i] >= 0 && i < GraphTraceLen)
92 i++;
93 if (i >= GraphTraceLen) goto demodError;
94 if ((i - iold) > 6) goto demodError;
95
96 uint16_t shiftReg = 0;
97 if (i + 20 >= GraphTraceLen) goto demodError;
98
99 for (j = 0; j < 10; j++) {
100 int soft = GraphBuffer[i] + GraphBuffer[i + 1];
101
102 if (abs(soft) < (abs(isum) + abs(qsum)) / 20) {
103 PrintAndLog("weak bit");
104 }
105
106 shiftReg >>= 1;
107 if(GraphBuffer[i] + GraphBuffer[i+1] >= 0) {
108 shiftReg |= 0x200;
109 }
110
111 i+= 2;
112 }
113
114 if ((shiftReg & 0x200) && !(shiftReg & 0x001))
115 {
116 // valid data byte, start and stop bits okay
117 PrintAndLog(" %02x", (shiftReg >> 1) & 0xff);
118 data[dataLen++] = (shiftReg >> 1) & 0xff;
119 if (dataLen >= sizeof(data)) {
120 return 0;
121 }
122 } else if (shiftReg == 0x000) {
123 // this is EOF
124 break;
125 } else {
126 goto demodError;
127 }
128 }
129
130 uint8_t first, second;
131 ComputeCrc14443(CRC_14443_B, data, dataLen-2, &first, &second);
132 PrintAndLog("CRC: %02x %02x (%s)\n", first, second,
133 (first == data[dataLen-2] && second == data[dataLen-1]) ?
134 "ok" : "****FAIL****");
135
136 RepaintGraphWindow();
137 return 0;
138
139demodError:
140 PrintAndLog("demod error");
141 RepaintGraphWindow();
142 return 0;
143}
144
145int CmdHF14BList(const char *Cmd)
146{
147 uint8_t got[960];
db09cb3a 148 GetFromBigBuf(got,sizeof(got),0);
7fe9b0b7 149
150 PrintAndLog("recorded activity:");
151 PrintAndLog(" time :rssi: who bytes");
152 PrintAndLog("---------+----+----+-----------");
153
154 int i = 0;
155 int prev = -1;
156
157 for(;;) {
158 if(i >= 900) {
159 break;
160 }
161
162 bool isResponse;
163 int timestamp = *((uint32_t *)(got+i));
164 if(timestamp & 0x80000000) {
165 timestamp &= 0x7fffffff;
166 isResponse = 1;
167 } else {
168 isResponse = 0;
169 }
170 int metric = *((uint32_t *)(got+i+4));
171
172 int len = got[i+8];
173
174 if(len > 100) {
175 break;
176 }
177 if(i + len >= 900) {
178 break;
179 }
180
181 uint8_t *frame = (got+i+9);
182
183 char line[1000] = "";
184 int j;
185 for(j = 0; j < len; j++) {
186 sprintf(line+(j*3), "%02x ", frame[j]);
187 }
188
189 char *crc;
190 if(len > 2) {
191 uint8_t b1, b2;
192 ComputeCrc14443(CRC_14443_B, frame, len-2, &b1, &b2);
193 if(b1 != frame[len-2] || b2 != frame[len-1]) {
194 crc = "**FAIL CRC**";
195 } else {
196 crc = "";
197 }
198 } else {
199 crc = "(SHORT)";
200 }
201
202 char metricString[100];
203 if(isResponse) {
204 sprintf(metricString, "%3d", metric);
205 } else {
206 strcpy(metricString, " ");
207 }
208
209 PrintAndLog(" +%7d: %s: %s %s %s",
210 (prev < 0 ? 0 : timestamp - prev),
211 metricString,
212 (isResponse ? "TAG" : " "), line, crc);
213
214 prev = timestamp;
215 i += (len + 9);
216 }
217 return 0;
218}
219
220int CmdHF14BRead(const char *Cmd)
221{
222 UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443, {strtol(Cmd, NULL, 0), 0, 0}};
223 SendCommand(&c);
224 return 0;
225}
226
227int CmdHF14Sim(const char *Cmd)
228{
229 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443};
230 SendCommand(&c);
231 return 0;
232}
233
234int CmdHFSimlisten(const char *Cmd)
235{
236 UsbCommand c = {CMD_SIMULATE_TAG_HF_LISTEN};
237 SendCommand(&c);
238 return 0;
239}
240
241int CmdHF14BSnoop(const char *Cmd)
242{
243 UsbCommand c = {CMD_SNOOP_ISO_14443};
244 SendCommand(&c);
245 return 0;
246}
247
248/* New command to read the contents of a SRI512 tag
249 * SRI512 tags are ISO14443-B modulated memory tags,
250 * this command just dumps the contents of the memory
251 */
252int CmdSri512Read(const char *Cmd)
253{
254 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
255 SendCommand(&c);
256 return 0;
257}
258
259/* New command to read the contents of a SRIX4K tag
260 * SRIX4K tags are ISO14443-B modulated memory tags,
261 * this command just dumps the contents of the memory/
262 */
263int CmdSrix4kRead(const char *Cmd)
264{
265 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
266 SendCommand(&c);
267 return 0;
268}
269
270static command_t CommandTable[] =
271{
272 {"help", CmdHelp, 1, "This help"},
273 {"demod", CmdHF14BDemod, 1, "Demodulate ISO14443 Type B from tag"},
274 {"list", CmdHF14BList, 0, "List ISO 14443 history"},
275 {"read", CmdHF14BRead, 0, "Read HF tag (ISO 14443)"},
276 {"sim", CmdHF14Sim, 0, "Fake ISO 14443 tag"},
277 {"simlisten", CmdHFSimlisten, 0, "Get HF samples as fake tag"},
278 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443"},
279 {"sri512read", CmdSri512Read, 0, "<int> -- Read contents of a SRI512 tag"},
280 {"srix4kread", CmdSrix4kRead, 0, "<int> -- Read contents of a SRIX4K tag"},
281 {NULL, NULL, 0, NULL}
282};
283
284int CmdHF14B(const char *Cmd)
285{
286 CmdsParse(CommandTable, Cmd);
287 return 0;
288}
289
290int CmdHelp(const char *Cmd)
291{
292 CmdsHelp(CommandTable);
293 return 0;
294}
Impressum, Datenschutz