]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/appmain.c
add force_align_arg_pointer attribute to all callback functions
[proxmark3-svn] / armsrc / appmain.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
15c4dc5a 2// Jonathan Westhues, Mar 2006
3// Edits by Gerhard de Koning Gans, Sep 2007 (##)
bd20f8f4 4//
5// This code is licensed to you under the terms of the GNU GPL, version 2 or,
6// at your option, any later version. See the LICENSE.txt file for the text of
7// the license.
8//-----------------------------------------------------------------------------
9// The main application code. This is the first thing called after start.c
10// executes.
15c4dc5a 11//-----------------------------------------------------------------------------
12
b8e461ff 13#include <stdarg.h>
14
902cb3c0 15#include "usb_cdc.h"
16#include "cmd.h"
e30c654b 17#include "proxmark3.h"
15c4dc5a 18#include "apps.h"
f7e3ed82 19#include "util.h"
9ab7a6c7 20#include "printf.h"
21#include "string.h"
15c4dc5a 22#include "legicrf.h"
b8e461ff 23#include "hitag2.h"
24#include "hitagS.h"
31abe49f 25#include "lfsampling.h"
3000dc4e 26#include "BigBuf.h"
c89274cc 27#include "mifareutil.h"
d10e08ae 28#include "pcf7931.h"
15c4dc5a 29#ifdef WITH_LCD
902cb3c0 30 #include "LCD.h"
15c4dc5a 31#endif
32
e46fe044
CY
33// Craig Young - 14a stand-alone code
34#ifdef WITH_ISO14443a_StandAlone
35 #include "iso14443a.h"
36#endif
37
15c4dc5a 38//=============================================================================
39// A buffer where we can queue things up to be sent through the FPGA, for
40// any purpose (fake tag, as reader, whatever). We go MSB first, since that
41// is the order in which they go out on the wire.
42//=============================================================================
43
6a1f2d82 44#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
45uint8_t ToSend[TOSEND_BUFFER_SIZE];
15c4dc5a 46int ToSendMax;
47static int ToSendBit;
48struct common_area common_area __attribute__((section(".commonarea")));
49
15c4dc5a 50void ToSendReset(void)
51{
52 ToSendMax = -1;
53 ToSendBit = 8;
54}
55
56void ToSendStuffBit(int b)
57{
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
6a1f2d82 70 if(ToSendMax >= sizeof(ToSend)) {
15c4dc5a 71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74}
75
76//=============================================================================
77// Debug print functions, to go out over USB, to the usual PC-side client.
78//=============================================================================
79
80void DbpString(char *str)
81{
9440213d 82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
15c4dc5a 84}
85
86#if 0
87void DbpIntegers(int x1, int x2, int x3)
88{
902cb3c0 89 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
15c4dc5a 90}
91#endif
92
93void Dbprintf(const char *fmt, ...) {
94// should probably limit size here; oh well, let's just use a big buffer
95 char output_string[128];
96 va_list ap;
97
98 va_start(ap, fmt);
99 kvsprintf(fmt, output_string, 10, ap);
100 va_end(ap);
e30c654b 101
15c4dc5a 102 DbpString(output_string);
103}
104
9455b51c 105// prints HEX & ASCII
d19929cb 106void Dbhexdump(int len, uint8_t *d, bool bAsci) {
9455b51c 107 int l=0,i;
108 char ascii[9];
d19929cb 109
9455b51c 110 while (len>0) {
111 if (len>8) l=8;
112 else l=len;
113
114 memcpy(ascii,d,l);
d19929cb 115 ascii[l]=0;
9455b51c 116
117 // filter safe ascii
d19929cb 118 for (i=0;i<l;i++)
9455b51c 119 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
d19929cb 120
121 if (bAsci) {
122 Dbprintf("%-8s %*D",ascii,l,d," ");
123 } else {
124 Dbprintf("%*D",l,d," ");
125 }
126
9455b51c 127 len-=8;
128 d+=8;
129 }
130}
131
15c4dc5a 132//-----------------------------------------------------------------------------
133// Read an ADC channel and block till it completes, then return the result
134// in ADC units (0 to 1023). Also a routine to average 32 samples and
135// return that.
136//-----------------------------------------------------------------------------
137static int ReadAdc(int ch)
2d51da38 138{
3b692427 139 // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
9b32625c 140 // AMPL_HI is are high impedance (10MOhm || 1MOhm) output, the input capacitance of the ADC is 12pF (typical). This results in a time constant
141 // of RC = (0.91MOhm) * 12pF = 10.9us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
3b692427 142 //
143 // The maths are:
144 // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
145 //
9b32625c 146 // v_cap = v_in * (1 - exp(-SHTIM/RC)) = v_in * (1 - exp(-40us/10.9us)) = v_in * 0,97 (i.e. an error of 3%)
15c4dc5a 147
2d51da38
I
148 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
149 AT91C_BASE_ADC->ADC_MR =
9b32625c 150 ADC_MODE_PRESCALE(63) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
151 ADC_MODE_STARTUP_TIME(1) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
152 ADC_MODE_SAMPLE_HOLD_TIME(15); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
3b692427 153
2d51da38
I
154 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
155 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
15c4dc5a 156
2d51da38
I
157 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) {};
158
159 return AT91C_BASE_ADC->ADC_CDR[ch];
15c4dc5a 160}
161
9ca155ba 162int AvgAdc(int ch) // was static - merlok
15c4dc5a 163{
164 int i;
165 int a = 0;
166
167 for(i = 0; i < 32; i++) {
168 a += ReadAdc(ch);
169 }
170
171 return (a + 15) >> 5;
172}
173
fdcfbdcc 174void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv, uint8_t LF_Results[])
15c4dc5a 175{
9b32625c 176 int i, adcval = 0, peak = 0;
15c4dc5a 177
178/*
179 * Sweeps the useful LF range of the proxmark from
180 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
181 * read the voltage in the antenna, the result left
182 * in the buffer is a graph which should clearly show
183 * the resonating frequency of your LF antenna
184 * ( hopefully around 95 if it is tuned to 125kHz!)
185 */
fdcfbdcc
RAB
186
187 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
b014c96d 188 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
2d51da38
I
189 SpinDelay(50);
190
2bdd68c3 191 for (i=255; i>=19; i--) {
fdcfbdcc 192 WDT_HIT();
15c4dc5a 193 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
194 SpinDelay(20);
3b692427 195 adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
fdcfbdcc
RAB
196 if (i==95) *vLf125 = adcval; // voltage at 125Khz
197 if (i==89) *vLf134 = adcval; // voltage at 134Khz
15c4dc5a 198
2d51da38 199 LF_Results[i] = adcval >> 9; // scale int to fit in byte for graphing purposes
2bdd68c3 200 if(LF_Results[i] > peak) {
fdcfbdcc 201 *peakv = adcval;
2bdd68c3 202 peak = LF_Results[i];
fdcfbdcc 203 *peakf = i;
9f693930 204 //ptr = i;
15c4dc5a 205 }
206 }
207
2bdd68c3 208 for (i=18; i >= 0; i--) LF_Results[i] = 0;
fdcfbdcc
RAB
209
210 return;
211}
212
213void MeasureAntennaTuningHfOnly(int *vHf)
214{
15c4dc5a 215 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
fdcfbdcc
RAB
216 LED_A_ON();
217 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 218 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
219 SpinDelay(20);
fdcfbdcc
RAB
220 *vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
221 LED_A_OFF();
222
223 return;
224}
225
226void MeasureAntennaTuning(int mode)
227{
228 uint8_t LF_Results[256] = {0};
229 int peakv = 0, peakf = 0;
230 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
231
232 LED_B_ON();
233
234 if (((mode & FLAG_TUNE_ALL) == FLAG_TUNE_ALL) && (FpgaGetCurrent() == FPGA_BITSTREAM_HF)) {
235 // Reverse "standard" order if HF already loaded, to avoid unnecessary swap.
236 MeasureAntennaTuningHfOnly(&vHf);
237 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
238 } else {
239 if (mode & FLAG_TUNE_LF) {
240 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
241 }
242 if (mode & FLAG_TUNE_HF) {
243 MeasureAntennaTuningHfOnly(&vHf);
244 }
245 }
15c4dc5a 246
d040cb90 247 cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125>>1 | (vLf134>>1<<16), vHf, peakf | (peakv>>1<<16), LF_Results, 256);
d19929cb 248 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2bdd68c3 249 LED_B_OFF();
250 return;
15c4dc5a 251}
252
253void MeasureAntennaTuningHf(void)
254{
255 int vHf = 0; // in mV
256
257 DbpString("Measuring HF antenna, press button to exit");
258
3b692427 259 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
260 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
261 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
262
15c4dc5a 263 for (;;) {
15c4dc5a 264 SpinDelay(20);
3b692427 265 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
e30c654b 266
15c4dc5a 267 Dbprintf("%d mV",vHf);
268 if (BUTTON_PRESS()) break;
269 }
270 DbpString("cancelled");
3b692427 271
272 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
273
15c4dc5a 274}
275
276
15c4dc5a 277void ReadMem(int addr)
278{
f7e3ed82 279 const uint8_t *data = ((uint8_t *)addr);
15c4dc5a 280
281 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
282 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
283}
284
285/* osimage version information is linked in */
286extern struct version_information version_information;
287/* bootrom version information is pointed to from _bootphase1_version_pointer */
0fa01ec7 288extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__;
15c4dc5a 289void SendVersion(void)
290{
8e074056 291 char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */
292 char VersionString[USB_CMD_DATA_SIZE] = { '\0' };
e30c654b 293
294 /* Try to find the bootrom version information. Expect to find a pointer at
15c4dc5a 295 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
296 * pointer, then use it.
297 */
298 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
299 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
8e074056 300 strcat(VersionString, "bootrom version information appears invalid\n");
15c4dc5a 301 } else {
302 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
8e074056 303 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
15c4dc5a 304 }
e30c654b 305
15c4dc5a 306 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
8e074056 307 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
e30c654b 308
e6153040 309 FpgaGatherVersion(FPGA_BITSTREAM_LF, temp, sizeof(temp));
8e074056 310 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
e6153040 311 FpgaGatherVersion(FPGA_BITSTREAM_HF, temp, sizeof(temp));
8e074056 312 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
0fa01ec7 313
e6153040 314 // Send Chip ID and used flash memory
0fa01ec7 315 uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start;
316 uint32_t compressed_data_section_size = common_area.arg1;
8e074056 317 cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
15c4dc5a 318}
319
bfb01844 320// measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
321// Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included.
67b7d6fa 322void printUSBSpeed(void)
bfb01844 323{
324 Dbprintf("USB Speed:");
67b7d6fa 325 Dbprintf(" Sending USB packets to client...");
bfb01844 326
67b7d6fa 327 #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds
bfb01844 328 uint8_t *test_data = BigBuf_get_addr();
67b7d6fa 329 uint32_t end_time;
bfb01844 330
67b7d6fa 331 uint32_t start_time = end_time = GetTickCount();
332 uint32_t bytes_transferred = 0;
333
bfb01844 334 LED_B_ON();
67b7d6fa 335 while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) {
336 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE);
337 end_time = GetTickCount();
338 bytes_transferred += USB_CMD_DATA_SIZE;
bfb01844 339 }
340 LED_B_OFF();
341
67b7d6fa 342 Dbprintf(" Time elapsed: %dms", end_time - start_time);
343 Dbprintf(" Bytes transferred: %d", bytes_transferred);
344 Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s",
345 1000 * bytes_transferred / (end_time - start_time));
bfb01844 346
347}
348
c89274cc
CY
349/**
350 * Prints runtime information about the PM3.
351**/
67b7d6fa 352void SendStatus(void)
c89274cc
CY
353{
354 BigBuf_print_status();
355 Fpga_print_status();
356 printConfig(); //LF Sampling config
67b7d6fa 357 printUSBSpeed();
c89274cc
CY
358 Dbprintf("Various");
359 Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL);
360 Dbprintf(" ToSendMax........%d",ToSendMax);
361 Dbprintf(" ToSendBit........%d",ToSendBit);
bfb01844 362
363 cmd_send(CMD_ACK,1,0,0,0,0);
c89274cc 364}
15c4dc5a 365
86a83668 366#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
15c4dc5a 367
15c4dc5a 368#define OPTS 2
369
86a83668
MHS
370void StandAloneMode()
371{
372 DbpString("Stand-alone mode! No PC necessary.");
15c4dc5a 373 // Oooh pretty -- notify user we're in elite samy mode now
374 LED(LED_RED, 200);
375 LED(LED_ORANGE, 200);
376 LED(LED_GREEN, 200);
377 LED(LED_ORANGE, 200);
378 LED(LED_RED, 200);
379 LED(LED_ORANGE, 200);
380 LED(LED_GREEN, 200);
381 LED(LED_ORANGE, 200);
382 LED(LED_RED, 200);
383
86a83668
MHS
384}
385
386#endif
387
388
389
390#ifdef WITH_ISO14443a_StandAlone
391void StandAloneMode14a()
392{
393 StandAloneMode();
394 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
395
15c4dc5a 396 int selected = 0;
c89274cc 397 int playing = 0, iGotoRecord = 0, iGotoClone = 0;
86a83668
MHS
398 int cardRead[OPTS] = {0};
399 uint8_t readUID[10] = {0};
400 uint32_t uid_1st[OPTS]={0};
401 uint32_t uid_2nd[OPTS]={0};
c89274cc
CY
402 uint32_t uid_tmp1 = 0;
403 uint32_t uid_tmp2 = 0;
404 iso14a_card_select_t hi14a_card[OPTS];
15c4dc5a 405
15c4dc5a 406 LED(selected + 1, 0);
407
408 for (;;)
409 {
6e82300d 410 usb_poll();
86a83668 411 WDT_HIT();
15c4dc5a 412 SpinDelay(300);
413
c89274cc 414 if (iGotoRecord == 1 || cardRead[selected] == 0)
15c4dc5a 415 {
c89274cc 416 iGotoRecord = 0;
15c4dc5a 417 LEDsoff();
418 LED(selected + 1, 0);
419 LED(LED_RED2, 0);
420
421 // record
86a83668 422 Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
15c4dc5a 423 /* need this delay to prevent catching some weird data */
424 SpinDelay(500);
86a83668
MHS
425 /* Code for reading from 14a tag */
426 uint8_t uid[10] ={0};
427 uint32_t cuid;
428 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
15c4dc5a 429
86a83668
MHS
430 for ( ; ; )
431 {
432 WDT_HIT();
c89274cc
CY
433 if (BUTTON_PRESS()) {
434 if (cardRead[selected]) {
435 Dbprintf("Button press detected -- replaying card in bank[%d]", selected);
436 break;
437 }
438 else if (cardRead[(selected+1)%OPTS]) {
439 Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS);
440 selected = (selected+1)%OPTS;
441 break; // playing = 1;
442 }
443 else {
444 Dbprintf("Button press detected but no stored tag to play. (Ignoring button)");
445 SpinDelay(300);
446 }
447 }
c04a4b60 448 if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0, true))
86a83668
MHS
449 continue;
450 else
451 {
452 Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
453 memcpy(readUID,uid,10*sizeof(uint8_t));
c89274cc 454 uint8_t *dst = (uint8_t *)&uid_tmp1;
86a83668
MHS
455 // Set UID byte order
456 for (int i=0; i<4; i++)
457 dst[i] = uid[3-i];
c89274cc 458 dst = (uint8_t *)&uid_tmp2;
86a83668
MHS
459 for (int i=0; i<4; i++)
460 dst[i] = uid[7-i];
c89274cc
CY
461 if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) {
462 Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping.");
463 }
464 else {
465 if (uid_tmp2) {
466 Dbprintf("Bank[%d] received a 7-byte UID",selected);
467 uid_1st[selected] = (uid_tmp1)>>8;
468 uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8);
469 }
470 else {
471 Dbprintf("Bank[%d] received a 4-byte UID",selected);
472 uid_1st[selected] = uid_tmp1;
473 uid_2nd[selected] = uid_tmp2;
474 }
475 break;
476 }
86a83668
MHS
477 }
478 }
c89274cc
CY
479 Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]);
480 Dbprintf("SAK = %02X",hi14a_card[selected].sak);
86a83668
MHS
481 LEDsoff();
482 LED(LED_GREEN, 200);
483 LED(LED_ORANGE, 200);
484 LED(LED_GREEN, 200);
485 LED(LED_ORANGE, 200);
15c4dc5a 486
487 LEDsoff();
488 LED(selected + 1, 0);
15c4dc5a 489
c89274cc
CY
490 // Next state is replay:
491 playing = 1;
3fe4ff4f 492
86a83668 493 cardRead[selected] = 1;
86a83668 494 }
c89274cc
CY
495 /* MF Classic UID clone */
496 else if (iGotoClone==1)
3fe4ff4f 497 {
c89274cc
CY
498 iGotoClone=0;
499 LEDsoff();
500 LED(selected + 1, 0);
501 LED(LED_ORANGE, 250);
3fe4ff4f 502
3fe4ff4f 503
c89274cc
CY
504 // record
505 Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
3fe4ff4f 506
c89274cc
CY
507 // wait for button to be released
508 while(BUTTON_PRESS())
509 {
510 // Delay cloning until card is in place
511 WDT_HIT();
512 }
513 Dbprintf("Starting clone. [Bank: %u]", selected);
514 // need this delay to prevent catching some weird data
515 SpinDelay(500);
516 // Begin clone function here:
517 /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
518 UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
519 memcpy(c.d.asBytes, data, 16);
520 SendCommand(&c);
521
522 Block read is similar:
523 UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
524 We need to imitate that call with blockNo 0 to set a uid.
525
526 The get and set commands are handled in this file:
527 // Work with "magic Chinese" card
528 case CMD_MIFARE_CSETBLOCK:
529 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
530 break;
531 case CMD_MIFARE_CGETBLOCK:
532 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
533 break;
534
535 mfCSetUID provides example logic for UID set workflow:
536 -Read block0 from card in field with MifareCGetBlock()
537 -Configure new values without replacing reserved bytes
538 memcpy(block0, uid, 4); // Copy UID bytes from byte array
539 // Mifare UID BCC
540 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
541 Bytes 5-7 are reserved SAK and ATQA for mifare classic
542 -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
543 */
544 uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
545 // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
546 MifareCGetBlock(0x3F, 1, 0, oldBlock0);
547 if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) {
548 Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected);
549 playing = 1;
550 }
551 else {
552 Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
553 memcpy(newBlock0,oldBlock0,16);
554 // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
555
556 newBlock0[0] = uid_1st[selected]>>24;
557 newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
558 newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
559 newBlock0[3] = 0xFF & (uid_1st[selected]);
560 newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
561 // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
562 MifareCSetBlock(0, 0xFF,0, newBlock0);
563 MifareCGetBlock(0x3F, 1, 0, testBlock0);
564 if (memcmp(testBlock0,newBlock0,16)==0)
565 {
566 DbpString("Cloned successfull!");
567 cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
3fe4ff4f 568 playing = 0;
c89274cc
CY
569 iGotoRecord = 1;
570 selected = (selected+1) % OPTS;
571 }
572 else {
573 Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected);
574 playing = 1;
575 }
576 }
577 LEDsoff();
578 LED(selected + 1, 0);
15c4dc5a 579
86a83668 580 }
15c4dc5a 581 // Change where to record (or begin playing)
c89274cc 582 else if (playing==1) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected])
15c4dc5a 583 {
15c4dc5a 584 LEDsoff();
585 LED(selected + 1, 0);
586
587 // Begin transmitting
588 if (playing)
589 {
590 LED(LED_GREEN, 0);
591 DbpString("Playing");
c89274cc
CY
592 for ( ; ; ) {
593 WDT_HIT();
594 int button_action = BUTTON_HELD(1000);
595 if (button_action == 0) { // No button action, proceed with sim
596 uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break
86a83668 597 Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
c89274cc
CY
598 if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) {
599 DbpString("Mifare Classic");
600 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); // Mifare Classic
601 }
602 else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) {
603 DbpString("Mifare Ultralight");
604 SimulateIso14443aTag(2,uid_1st[selected],uid_2nd[selected],data); // Mifare Ultralight
605 }
606 else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) {
607 DbpString("Mifare DESFire");
608 SimulateIso14443aTag(3,uid_1st[selected],uid_2nd[selected],data); // Mifare DESFire
609 }
610 else {
611 Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
612 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data);
613 }
614 }
615 else if (button_action == BUTTON_SINGLE_CLICK) {
616 selected = (selected + 1) % OPTS;
617 Dbprintf("Done playing. Switching to record mode on bank %d",selected);
618 iGotoRecord = 1;
619 break;
15c4dc5a 620 }
c89274cc
CY
621 else if (button_action == BUTTON_HOLD) {
622 Dbprintf("Playtime over. Begin cloning...");
623 iGotoClone = 1;
624 break;
625 }
626 WDT_HIT();
627 }
15c4dc5a 628
629 /* We pressed a button so ignore it here with a delay */
630 SpinDelay(300);
15c4dc5a 631 LEDsoff();
632 LED(selected + 1, 0);
633 }
634 else
635 while(BUTTON_PRESS())
636 WDT_HIT();
637 }
638 }
639}
86a83668
MHS
640#elif WITH_LF
641// samy's sniff and repeat routine
642void SamyRun()
e46fe044 643{
86a83668
MHS
644 StandAloneMode();
645 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
e46fe044 646
86a83668 647 int high[OPTS], low[OPTS];
15c4dc5a 648 int selected = 0;
649 int playing = 0;
3fe4ff4f 650 int cardRead = 0;
15c4dc5a 651
652 // Turn on selected LED
653 LED(selected + 1, 0);
654
655 for (;;)
656 {
6e82300d 657 usb_poll();
86a83668 658 WDT_HIT();
15c4dc5a 659
660 // Was our button held down or pressed?
661 int button_pressed = BUTTON_HELD(1000);
662 SpinDelay(300);
663
664 // Button was held for a second, begin recording
3fe4ff4f 665 if (button_pressed > 0 && cardRead == 0)
15c4dc5a 666 {
667 LEDsoff();
668 LED(selected + 1, 0);
669 LED(LED_RED2, 0);
670
671 // record
672 DbpString("Starting recording");
673
674 // wait for button to be released
675 while(BUTTON_PRESS())
676 WDT_HIT();
677
678 /* need this delay to prevent catching some weird data */
679 SpinDelay(500);
680
681 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
098015eb 682 Dbprintf("Recorded %x %x%08x", selected, high[selected], low[selected]);
15c4dc5a 683
684 LEDsoff();
685 LED(selected + 1, 0);
686 // Finished recording
687
688 // If we were previously playing, set playing off
689 // so next button push begins playing what we recorded
690 playing = 0;
3fe4ff4f 691
692 cardRead = 1;
693
694 }
695
696 else if (button_pressed > 0 && cardRead == 1)
697 {
698 LEDsoff();
699 LED(selected + 1, 0);
700 LED(LED_ORANGE, 0);
701
702 // record
098015eb 703 Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 704
705 // wait for button to be released
706 while(BUTTON_PRESS())
707 WDT_HIT();
708
709 /* need this delay to prevent catching some weird data */
710 SpinDelay(500);
711
098015eb 712 CopyHIDtoT55x7(0, high[selected], low[selected], 0);
713 Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 714
715 LEDsoff();
716 LED(selected + 1, 0);
717 // Finished recording
718
719 // If we were previously playing, set playing off
720 // so next button push begins playing what we recorded
721 playing = 0;
722
723 cardRead = 0;
724
15c4dc5a 725 }
726
727 // Change where to record (or begin playing)
728 else if (button_pressed)
729 {
730 // Next option if we were previously playing
731 if (playing)
732 selected = (selected + 1) % OPTS;
733 playing = !playing;
734
735 LEDsoff();
736 LED(selected + 1, 0);
737
738 // Begin transmitting
739 if (playing)
740 {
741 LED(LED_GREEN, 0);
742 DbpString("Playing");
743 // wait for button to be released
744 while(BUTTON_PRESS())
745 WDT_HIT();
098015eb 746 Dbprintf("%x %x%08x", selected, high[selected], low[selected]);
15c4dc5a 747 CmdHIDsimTAG(high[selected], low[selected], 0);
748 DbpString("Done playing");
749 if (BUTTON_HELD(1000) > 0)
750 {
751 DbpString("Exiting");
752 LEDsoff();
753 return;
754 }
755
756 /* We pressed a button so ignore it here with a delay */
757 SpinDelay(300);
758
759 // when done, we're done playing, move to next option
760 selected = (selected + 1) % OPTS;
761 playing = !playing;
762 LEDsoff();
763 LED(selected + 1, 0);
764 }
765 else
766 while(BUTTON_PRESS())
767 WDT_HIT();
768 }
769 }
770}
15c4dc5a 771
e46fe044 772#endif
15c4dc5a 773/*
774OBJECTIVE
775Listen and detect an external reader. Determine the best location
776for the antenna.
777
778INSTRUCTIONS:
779Inside the ListenReaderField() function, there is two mode.
780By default, when you call the function, you will enter mode 1.
781If you press the PM3 button one time, you will enter mode 2.
782If you press the PM3 button a second time, you will exit the function.
783
784DESCRIPTION OF MODE 1:
785This mode just listens for an external reader field and lights up green
786for HF and/or red for LF. This is the original mode of the detectreader
787function.
788
789DESCRIPTION OF MODE 2:
790This mode will visually represent, using the LEDs, the actual strength of the
791current compared to the maximum current detected. Basically, once you know
792what kind of external reader is present, it will help you spot the best location to place
793your antenna. You will probably not get some good results if there is a LF and a HF reader
794at the same place! :-)
795
796LIGHT SCHEME USED:
797*/
798static const char LIGHT_SCHEME[] = {
799 0x0, /* ---- | No field detected */
800 0x1, /* X--- | 14% of maximum current detected */
801 0x2, /* -X-- | 29% of maximum current detected */
802 0x4, /* --X- | 43% of maximum current detected */
803 0x8, /* ---X | 57% of maximum current detected */
804 0xC, /* --XX | 71% of maximum current detected */
805 0xE, /* -XXX | 86% of maximum current detected */
806 0xF, /* XXXX | 100% of maximum current detected */
807};
808static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
809
810void ListenReaderField(int limit)
811{
3b692427 812 int lf_av, lf_av_new, lf_baseline= 0, lf_max;
813 int hf_av, hf_av_new, hf_baseline= 0, hf_max;
15c4dc5a 814 int mode=1, display_val, display_max, i;
815
3b692427 816#define LF_ONLY 1
817#define HF_ONLY 2
818#define REPORT_CHANGE 10 // report new values only if they have changed at least by REPORT_CHANGE
819
820
821 // switch off FPGA - we don't want to measure our own signal
822 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
823 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
15c4dc5a 824
825 LEDsoff();
826
3b692427 827 lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
15c4dc5a 828
829 if(limit != HF_ONLY) {
3b692427 830 Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
15c4dc5a 831 lf_baseline = lf_av;
832 }
833
3b692427 834 hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
15c4dc5a 835
836 if (limit != LF_ONLY) {
3b692427 837 Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
15c4dc5a 838 hf_baseline = hf_av;
839 }
840
841 for(;;) {
842 if (BUTTON_PRESS()) {
843 SpinDelay(500);
844 switch (mode) {
845 case 1:
846 mode=2;
847 DbpString("Signal Strength Mode");
848 break;
849 case 2:
850 default:
851 DbpString("Stopped");
852 LEDsoff();
853 return;
854 break;
855 }
856 }
857 WDT_HIT();
858
859 if (limit != HF_ONLY) {
3b692427 860 if(mode == 1) {
cf194819 861 if (ABS(lf_av - lf_baseline) > REPORT_CHANGE)
3b692427 862 LED_D_ON();
863 else
864 LED_D_OFF();
15c4dc5a 865 }
e30c654b 866
3b692427 867 lf_av_new = AvgAdc(ADC_CHAN_LF);
15c4dc5a 868 // see if there's a significant change
cf194819 869 if(ABS(lf_av - lf_av_new) > REPORT_CHANGE) {
3b692427 870 Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
15c4dc5a 871 lf_av = lf_av_new;
872 if (lf_av > lf_max)
873 lf_max = lf_av;
15c4dc5a 874 }
875 }
876
877 if (limit != LF_ONLY) {
878 if (mode == 1){
cf194819 879 if (ABS(hf_av - hf_baseline) > REPORT_CHANGE)
3b692427 880 LED_B_ON();
881 else
882 LED_B_OFF();
15c4dc5a 883 }
e30c654b 884
3b692427 885 hf_av_new = AvgAdc(ADC_CHAN_HF);
15c4dc5a 886 // see if there's a significant change
cf194819 887 if(ABS(hf_av - hf_av_new) > REPORT_CHANGE) {
3b692427 888 Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
15c4dc5a 889 hf_av = hf_av_new;
890 if (hf_av > hf_max)
891 hf_max = hf_av;
15c4dc5a 892 }
893 }
e30c654b 894
15c4dc5a 895 if(mode == 2) {
896 if (limit == LF_ONLY) {
897 display_val = lf_av;
898 display_max = lf_max;
899 } else if (limit == HF_ONLY) {
900 display_val = hf_av;
901 display_max = hf_max;
902 } else { /* Pick one at random */
903 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
904 display_val = hf_av;
905 display_max = hf_max;
906 } else {
907 display_val = lf_av;
908 display_max = lf_max;
909 }
910 }
911 for (i=0; i<LIGHT_LEN; i++) {
912 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
913 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
914 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
915 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
916 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
917 break;
918 }
919 }
920 }
921 }
922}
923
f7e3ed82 924void UsbPacketReceived(uint8_t *packet, int len)
15c4dc5a 925{
926 UsbCommand *c = (UsbCommand *)packet;
15c4dc5a 927
902cb3c0 928// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
929
15c4dc5a 930 switch(c->cmd) {
931#ifdef WITH_LF
31abe49f
MHS
932 case CMD_SET_LF_SAMPLING_CONFIG:
933 setSamplingConfig((sample_config *) c->d.asBytes);
934 break;
15c4dc5a 935 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
b9957414 936 cmd_send(CMD_ACK,SampleLF(c->arg[0], c->arg[1]),0,0,0,0);
15c4dc5a 937 break;
15c4dc5a 938 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
939 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
940 break;
b014c96d 941 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
31abe49f 942 cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
b014c96d 943 break;
7e67e42f 944 case CMD_HID_DEMOD_FSK:
3fe4ff4f 945 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
7e67e42f 946 break;
947 case CMD_HID_SIM_TAG:
3fe4ff4f 948 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
7e67e42f 949 break;
abd6112f 950 case CMD_FSK_SIM_TAG:
951 CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
952 break;
953 case CMD_ASK_SIM_TAG:
954 CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
955 break;
872e3d4d 956 case CMD_PSK_SIM_TAG:
957 CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
958 break;
959 case CMD_HID_CLONE_TAG:
1c611bbd 960 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
7e67e42f 961 break;
a1f3bb12 962 case CMD_IO_DEMOD_FSK:
3fe4ff4f 963 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
a1f3bb12 964 break;
3fe4ff4f 965 case CMD_IO_CLONE_TAG:
9f669cb2 966 CopyIOtoT55x7(c->arg[0], c->arg[1]);
a1f3bb12 967 break;
66707a3b 968 case CMD_EM410X_DEMOD:
969 CmdEM410xdemod(c->arg[0], 0, 0, 1);
970 break;
2d4eae76 971 case CMD_EM410X_WRITE_TAG:
972 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
973 break;
7e67e42f 974 case CMD_READ_TI_TYPE:
975 ReadTItag();
976 break;
977 case CMD_WRITE_TI_TYPE:
978 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
979 break;
980 case CMD_SIMULATE_TAG_125K:
31d1caa5 981 LED_A_ON();
7e67e42f 982 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
31d1caa5 983 LED_A_OFF();
7e67e42f 984 break;
985 case CMD_LF_SIMULATE_BIDIR:
986 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
987 break;
3fe4ff4f 988 case CMD_INDALA_CLONE_TAG:
2414f978 989 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
990 break;
3fe4ff4f 991 case CMD_INDALA_CLONE_TAG_L:
2414f978 992 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
993 break;
1c611bbd 994 case CMD_T55XX_READ_BLOCK:
8e99ec25 995 T55xxReadBlock(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 996 break;
997 case CMD_T55XX_WRITE_BLOCK:
998 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
999 break;
be2d41b7 1000 case CMD_T55XX_WAKEUP:
1001 T55xxWakeUp(c->arg[0]);
1c611bbd 1002 break;
66837a03 1003 case CMD_T55XX_RESET_READ:
1004 T55xxResetRead();
1005 break;
3fe4ff4f 1006 case CMD_PCF7931_READ:
1c611bbd 1007 ReadPCF7931();
1c611bbd 1008 break;
dc4300ba 1009 case CMD_PCF7931_WRITE:
d10e08ae 1010 WritePCF7931(c->d.asBytes[0],c->d.asBytes[1],c->d.asBytes[2],c->d.asBytes[3],c->d.asBytes[4],c->d.asBytes[5],c->d.asBytes[6], c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128, c->arg[0], c->arg[1], c->arg[2]);
dc4300ba 1011 break;
1c611bbd 1012 case CMD_EM4X_READ_WORD:
7666f460 1013 EM4xReadWord(c->arg[0], c->arg[1],c->arg[2]);
1c611bbd 1014 break;
1015 case CMD_EM4X_WRITE_WORD:
7666f460 1016 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 1017 break;
dbf6e824
CY
1018 case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
1019 CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
7cfc777b 1020 break;
709665b5 1021 case CMD_VIKING_CLONE_TAG:
1022 CopyVikingtoT55xx(c->arg[0], c->arg[1], c->arg[2]);
1023 break;
e04475c4 1024 case CMD_COTAG:
1025 Cotag(c->arg[0]);
1026 break;
15c4dc5a 1027#endif
1028
d19929cb 1029#ifdef WITH_HITAG
1030 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
1031 SnoopHitag(c->arg[0]);
1032 break;
1033 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
1034 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1035 break;
1036 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
1037 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1038 break;
4e12287d
RS
1039 case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content
1040 SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1041 break;
1042 case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file
1043 check_challenges((bool)c->arg[0],(byte_t*)c->d.asBytes);
1044 break;
1045 case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge
1046 ReadHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1047 break;
1048 case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge
52244230
HJ
1049 if ((hitag_function)c->arg[0] < 10) {
1050 WritePageHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes,c->arg[2]);
1051 }
1052 else if ((hitag_function)c->arg[0] >= 10) {
1053 WriterHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes, c->arg[2]);
1054 }
4e12287d 1055 break;
d19929cb 1056#endif
f168b263 1057
15c4dc5a 1058#ifdef WITH_ISO15693
1059 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
1060 AcquireRawAdcSamplesIso15693();
1061 break;
9455b51c 1062 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
1063 RecordRawAdcSamplesIso15693();
1064 break;
1065
1066 case CMD_ISO_15693_COMMAND:
1067 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1068 break;
1069
1070 case CMD_ISO_15693_FIND_AFI:
1071 BruteforceIso15693Afi(c->arg[0]);
1072 break;
1073
1074 case CMD_ISO_15693_DEBUG:
1075 SetDebugIso15693(c->arg[0]);
1076 break;
15c4dc5a 1077
15c4dc5a 1078 case CMD_READER_ISO_15693:
1079 ReaderIso15693(c->arg[0]);
1080 break;
7e67e42f 1081 case CMD_SIMTAG_ISO_15693:
3fe4ff4f 1082 SimTagIso15693(c->arg[0], c->d.asBytes);
7e67e42f 1083 break;
15c4dc5a 1084#endif
1085
7e67e42f 1086#ifdef WITH_LEGICRF
1087 case CMD_SIMULATE_TAG_LEGIC_RF:
1088 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
1089 break;
3612a8a8 1090
7e67e42f 1091 case CMD_WRITER_LEGIC_RF:
1092 LegicRfWriter(c->arg[1], c->arg[0]);
1093 break;
3612a8a8 1094
15c4dc5a 1095 case CMD_READER_LEGIC_RF:
1096 LegicRfReader(c->arg[0], c->arg[1]);
1097 break;
15c4dc5a 1098#endif
1099
1100#ifdef WITH_ISO14443b
15c4dc5a 1101 case CMD_READ_SRI512_TAG:
51d4f6f1 1102 ReadSTMemoryIso14443b(0x0F);
15c4dc5a 1103 break;
7e67e42f 1104 case CMD_READ_SRIX4K_TAG:
51d4f6f1 1105 ReadSTMemoryIso14443b(0x7F);
7e67e42f 1106 break;
132a0217 1107 case CMD_SNOOP_ISO_14443B:
51d4f6f1 1108 SnoopIso14443b();
7e67e42f 1109 break;
132a0217 1110 case CMD_SIMULATE_TAG_ISO_14443B:
51d4f6f1 1111 SimulateIso14443bTag();
7e67e42f 1112 break;
7cf3ef20 1113 case CMD_ISO_14443B_COMMAND:
1114 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1115 break;
15c4dc5a 1116#endif
1117
1118#ifdef WITH_ISO14443a
7e67e42f 1119 case CMD_SNOOP_ISO_14443a:
5cd9ec01 1120 SnoopIso14443a(c->arg[0]);
7e67e42f 1121 break;
15c4dc5a 1122 case CMD_READER_ISO_14443a:
902cb3c0 1123 ReaderIso14443a(c);
15c4dc5a 1124 break;
7e67e42f 1125 case CMD_SIMULATE_TAG_ISO_14443a:
28afbd2b 1126 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
7e67e42f 1127 break;
3fe4ff4f 1128
5acd09bd 1129 case CMD_EPA_PACE_COLLECT_NONCE:
902cb3c0 1130 EPA_PACE_Collect_Nonce(c);
5acd09bd 1131 break;
3bb07d96
FM
1132 case CMD_EPA_PACE_REPLAY:
1133 EPA_PACE_Replay(c);
1134 break;
7e67e42f 1135
15c4dc5a 1136 case CMD_READER_MIFARE:
f168b263 1137 ReaderMifare(c->arg[0]);
15c4dc5a 1138 break;
20f9a2a1
M
1139 case CMD_MIFARE_READBL:
1140 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1141 break;
981bd429 1142 case CMD_MIFAREU_READBL:
f168b263 1143 MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
981bd429 1144 break;
8258f409 1145 case CMD_MIFAREUC_AUTH:
1146 MifareUC_Auth(c->arg[0],c->d.asBytes);
a631936e 1147 break;
981bd429 1148 case CMD_MIFAREU_READCARD:
75377d29 1149 MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
117d9ec2 1150 break;
f168b263 1151 case CMD_MIFAREUC_SETPWD:
1152 MifareUSetPwd(c->arg[0], c->d.asBytes);
1153 break;
20f9a2a1
M
1154 case CMD_MIFARE_READSC:
1155 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1156 break;
1157 case CMD_MIFARE_WRITEBL:
1158 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1159 break;
4973f23d 1160 //case CMD_MIFAREU_WRITEBL_COMPAT:
1161 //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
1162 //break;
981bd429 1163 case CMD_MIFAREU_WRITEBL:
4973f23d 1164 MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
f168b263 1165 break;
c48c4d78 1166 case CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES:
1167 MifareAcquireEncryptedNonces(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1168 break;
20f9a2a1
M
1169 case CMD_MIFARE_NESTED:
1170 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
f397b5cc
M
1171 break;
1172 case CMD_MIFARE_CHKKEYS:
1173 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
20f9a2a1
M
1174 break;
1175 case CMD_SIMULATE_MIFARE_CARD:
1176 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1177 break;
8556b852
M
1178
1179 // emulator
1180 case CMD_MIFARE_SET_DBGMODE:
1181 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1182 break;
1183 case CMD_MIFARE_EML_MEMCLR:
1184 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1185 break;
1186 case CMD_MIFARE_EML_MEMSET:
1187 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1188 break;
1189 case CMD_MIFARE_EML_MEMGET:
1190 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1191 break;
1192 case CMD_MIFARE_EML_CARDLOAD:
1193 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
0675f200
M
1194 break;
1195
1196 // Work with "magic Chinese" card
3a05a1e7
OM
1197 case CMD_MIFARE_CWIPE:
1198 MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1199 break;
3fe4ff4f 1200 case CMD_MIFARE_CSETBLOCK:
0675f200 1201 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
545a1f38 1202 break;
3fe4ff4f 1203 case CMD_MIFARE_CGETBLOCK:
545a1f38 1204 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
8556b852 1205 break;
3fe4ff4f 1206 case CMD_MIFARE_CIDENT:
1207 MifareCIdent();
1208 break;
b62a5a84
M
1209
1210 // mifare sniffer
1211 case CMD_MIFARE_SNIFFER:
5cd9ec01 1212 SniffMifare(c->arg[0]);
b62a5a84 1213 break;
a631936e 1214
20f9a2a1
M
1215#endif
1216
7e67e42f 1217#ifdef WITH_ICLASS
cee5a30d 1218 // Makes use of ISO14443a FPGA Firmware
1219 case CMD_SNOOP_ICLASS:
1220 SnoopIClass();
1221 break;
1e262141 1222 case CMD_SIMULATE_TAG_ICLASS:
ff7bb4ef 1223 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1e262141 1224 break;
1225 case CMD_READER_ICLASS:
1226 ReaderIClass(c->arg[0]);
1227 break;
c3963755 1228 case CMD_READER_ICLASS_REPLAY:
aa53efc3 1229 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
c3963755 1230 break;
aa53efc3 1231 case CMD_ICLASS_EML_MEMSET:
e80aeb96
MHS
1232 emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
1233 break;
aa53efc3 1234 case CMD_ICLASS_WRITEBLOCK:
3ac22ee1 1235 iClass_WriteBlock(c->arg[0], c->d.asBytes);
1236 break;
1237 case CMD_ICLASS_READCHECK: // auth step 1
1238 iClass_ReadCheck(c->arg[0], c->arg[1]);
aa53efc3 1239 break;
1240 case CMD_ICLASS_READBLOCK:
3ac22ee1 1241 iClass_ReadBlk(c->arg[0]);
aa53efc3 1242 break;
3ac22ee1 1243 case CMD_ICLASS_AUTHENTICATION: //check
aa53efc3 1244 iClass_Authentication(c->d.asBytes);
1245 break;
1246 case CMD_ICLASS_DUMP:
3ac22ee1 1247 iClass_Dump(c->arg[0], c->arg[1]);
aa53efc3 1248 break;
1249 case CMD_ICLASS_CLONE:
3ac22ee1 1250 iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
aa53efc3 1251 break;
cee5a30d 1252#endif
0472d76d 1253#ifdef WITH_HFSNOOP
1254 case CMD_HF_SNIFFER:
1255 HfSnoop(c->arg[0], c->arg[1]);
1256 break;
1257#endif
cee5a30d 1258
7e67e42f 1259 case CMD_BUFF_CLEAR:
117d9ec2 1260 BigBuf_Clear();
15c4dc5a 1261 break;
15c4dc5a 1262
1263 case CMD_MEASURE_ANTENNA_TUNING:
fdcfbdcc 1264 MeasureAntennaTuning(c->arg[0]);
15c4dc5a 1265 break;
1266
1267 case CMD_MEASURE_ANTENNA_TUNING_HF:
1268 MeasureAntennaTuningHf();
1269 break;
1270
1271 case CMD_LISTEN_READER_FIELD:
1272 ListenReaderField(c->arg[0]);
1273 break;
1274
15c4dc5a 1275 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
1276 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1277 SpinDelay(200);
1278 LED_D_OFF(); // LED D indicates field ON or OFF
1279 break;
1280
1c611bbd 1281 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
902cb3c0 1282
1c611bbd 1283 LED_B_ON();
117d9ec2 1284 uint8_t *BigBuf = BigBuf_get_addr();
1c611bbd 1285 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
1286 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
3000dc4e 1287 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
1c611bbd 1288 }
1289 // Trigger a finish downloading signal with an ACK frame
3000dc4e 1290 cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
d3b1f4e4 1291 LED_B_OFF();
1c611bbd 1292 break;
15c4dc5a 1293
1294 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
8c8317a5 1295 // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
1296 // to be able to use this one for uploading data to device
1297 // arg1 = 0 upload for LF usage
1298 // 1 upload for HF usage
1299 if (c->arg[1] == 0)
1300 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
1301 else
1302 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1303
117d9ec2 1304 uint8_t *b = BigBuf_get_addr();
3fe4ff4f 1305 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1c611bbd 1306 cmd_send(CMD_ACK,0,0,0,0,0);
1307 break;
1308 }
15c4dc5a 1309 case CMD_READ_MEM:
1310 ReadMem(c->arg[0]);
1311 break;
1312
1313 case CMD_SET_LF_DIVISOR:
8c8317a5 1314 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
15c4dc5a 1315 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
1316 break;
1317
1318 case CMD_SET_ADC_MUX:
1319 switch(c->arg[0]) {
1320 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
1321 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
1322 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
1323 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
1324 }
1325 break;
1326
1327 case CMD_VERSION:
1328 SendVersion();
1329 break;
c89274cc 1330 case CMD_STATUS:
67b7d6fa 1331 SendStatus();
c89274cc
CY
1332 break;
1333 case CMD_PING:
1334 cmd_send(CMD_ACK,0,0,0,0,0);
1335 break;
15c4dc5a 1336#ifdef WITH_LCD
1337 case CMD_LCD_RESET:
1338 LCDReset();
1339 break;
1340 case CMD_LCD:
1341 LCDSend(c->arg[0]);
1342 break;
1343#endif
1344 case CMD_SETUP_WRITE:
1345 case CMD_FINISH_WRITE:
1c611bbd 1346 case CMD_HARDWARE_RESET:
1347 usb_disable();
15c4dc5a 1348 SpinDelay(1000);
1349 SpinDelay(1000);
1350 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1351 for(;;) {
1352 // We're going to reset, and the bootrom will take control.
1353 }
1c611bbd 1354 break;
15c4dc5a 1355
1c611bbd 1356 case CMD_START_FLASH:
15c4dc5a 1357 if(common_area.flags.bootrom_present) {
1358 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
1359 }
1c611bbd 1360 usb_disable();
15c4dc5a 1361 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1362 for(;;);
1c611bbd 1363 break;
e30c654b 1364
15c4dc5a 1365 case CMD_DEVICE_INFO: {
902cb3c0 1366 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1367 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1c611bbd 1368 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1369 break;
1370 }
1371 default:
15c4dc5a 1372 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1c611bbd 1373 break;
15c4dc5a 1374 }
1375}
1376
1377void __attribute__((noreturn)) AppMain(void)
1378{
1379 SpinDelay(100);
9e8255d4 1380 clear_trace();
15c4dc5a 1381 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1382 /* Initialize common area */
1383 memset(&common_area, 0, sizeof(common_area));
1384 common_area.magic = COMMON_AREA_MAGIC;
1385 common_area.version = 1;
1386 }
1387 common_area.flags.osimage_present = 1;
1388
1389 LED_D_OFF();
1390 LED_C_OFF();
1391 LED_B_OFF();
1392 LED_A_OFF();
1393
3fe4ff4f 1394 // Init USB device
902cb3c0 1395 usb_enable();
15c4dc5a 1396
1397 // The FPGA gets its clock from us from PCK0 output, so set that up.
1398 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1399 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1400 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1401 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1402 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
0472d76d 1403 AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
15c4dc5a 1404 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1405
1406 // Reset SPI
1407 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1408 // Reset SSC
1409 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1410
1411 // Load the FPGA image, which we have stored in our flash.
7cc204bf 1412 // (the HF version by default)
1413 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 1414
9ca155ba 1415 StartTickCount();
902cb3c0 1416
15c4dc5a 1417#ifdef WITH_LCD
15c4dc5a 1418 LCDInit();
15c4dc5a 1419#endif
1420
902cb3c0 1421 byte_t rx[sizeof(UsbCommand)];
1422 size_t rx_len;
1423
15c4dc5a 1424 for(;;) {
902cb3c0 1425 if (usb_poll()) {
1426 rx_len = usb_read(rx,sizeof(UsbCommand));
1427 if (rx_len) {
1428 UsbPacketReceived(rx,rx_len);
1429 }
1430 }
15c4dc5a 1431 WDT_HIT();
1432
1433#ifdef WITH_LF
e46fe044 1434#ifndef WITH_ISO14443a_StandAlone
15c4dc5a 1435 if (BUTTON_HELD(1000) > 0)
1436 SamyRun();
e46fe044
CY
1437#endif
1438#endif
1439#ifdef WITH_ISO14443a
1440#ifdef WITH_ISO14443a_StandAlone
1441 if (BUTTON_HELD(1000) > 0)
1442 StandAloneMode14a();
1443#endif
15c4dc5a 1444#endif
1445 }
1446}
Impressum, Datenschutz