]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
03e6eba2f1f630b37e338adb2f0aebb8800e0d17
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26 #include "lfsampling.h"
27 #include "BigBuf.h"
28 #include "mifareutil.h"
29 #ifdef WITH_LCD
30 #include "LCD.h"
31 #endif
32
33 // Craig Young - 14a stand-alone code
34 #ifdef WITH_ISO14443a_StandAlone
35 #include "iso14443a.h"
36 #endif
37
38 #define abs(x) ( ((x)<0) ? -(x) : (x) )
39
40 //=============================================================================
41 // A buffer where we can queue things up to be sent through the FPGA, for
42 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
43 // is the order in which they go out on the wire.
44 //=============================================================================
45
46 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
47 uint8_t ToSend[TOSEND_BUFFER_SIZE];
48 int ToSendMax = 0;
49 static int ToSendBit;
50 struct common_area common_area __attribute__((section(".commonarea")));
51
52 void ToSendReset(void)
53 {
54 ToSendMax = -1;
55 ToSendBit = 8;
56 }
57
58 void ToSendStuffBit(int b)
59 {
60 if(ToSendBit >= 8) {
61 ToSendMax++;
62 ToSend[ToSendMax] = 0;
63 ToSendBit = 0;
64 }
65
66 if(b) {
67 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
68 }
69
70 ToSendBit++;
71
72 if(ToSendMax >= sizeof(ToSend)) {
73 ToSendBit = 0;
74 DbpString("ToSendStuffBit overflowed!");
75 }
76 }
77
78 //=============================================================================
79 // Debug print functions, to go out over USB, to the usual PC-side client.
80 //=============================================================================
81
82 void DbpString(char *str)
83 {
84 byte_t len = strlen(str);
85 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
86 }
87
88 #if 0
89 void DbpIntegers(int x1, int x2, int x3)
90 {
91 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
92 }
93 #endif
94
95 void Dbprintf(const char *fmt, ...) {
96 // should probably limit size here; oh well, let's just use a big buffer
97 char output_string[128];
98 va_list ap;
99
100 va_start(ap, fmt);
101 kvsprintf(fmt, output_string, 10, ap);
102 va_end(ap);
103
104 DbpString(output_string);
105 }
106
107 // prints HEX & ASCII
108 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
109 int l=0,i;
110 char ascii[9];
111
112 while (len>0) {
113 if (len>8) l=8;
114 else l=len;
115
116 memcpy(ascii,d,l);
117 ascii[l]=0;
118
119 // filter safe ascii
120 for (i=0;i<l;i++)
121 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
122
123 if (bAsci) {
124 Dbprintf("%-8s %*D",ascii,l,d," ");
125 } else {
126 Dbprintf("%*D",l,d," ");
127 }
128
129 len-=8;
130 d+=8;
131 }
132 }
133
134 //-----------------------------------------------------------------------------
135 // Read an ADC channel and block till it completes, then return the result
136 // in ADC units (0 to 1023). Also a routine to average 32 samples and
137 // return that.
138 //-----------------------------------------------------------------------------
139 static int ReadAdc(int ch)
140 {
141 uint32_t d;
142
143 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
144 AT91C_BASE_ADC->ADC_MR =
145 ADC_MODE_PRESCALE(63 /* was 32 */) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
146 ADC_MODE_STARTUP_TIME(1 /* was 16 */) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
147 ADC_MODE_SAMPLE_HOLD_TIME(15 /* was 8 */); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
148
149 // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
150 // Both AMPL_LO and AMPL_HI are very high impedance (10MOhm) outputs, the input capacitance of the ADC is 12pF (typical). This results in a time constant
151 // of RC = 10MOhm * 12pF = 120us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
152 //
153 // The maths are:
154 // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
155 //
156 // v_cap = v_in * (1 - exp(-RC/SHTIM)) = v_in * (1 - exp(-3)) = v_in * 0,95 (i.e. an error of 5%)
157 //
158 // Note: with the "historic" values in the comments above, the error was 34% !!!
159
160 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
161
162 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
163
164 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
165 ;
166 d = AT91C_BASE_ADC->ADC_CDR[ch];
167
168 return d;
169 }
170
171 int AvgAdc(int ch) // was static - merlok
172 {
173 int i;
174 int a = 0;
175
176 for(i = 0; i < 32; i++) {
177 a += ReadAdc(ch);
178 }
179
180 return (a + 15) >> 5;
181 }
182
183 void MeasureAntennaTuning(void)
184 {
185 uint8_t LF_Results[256];
186 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
187 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
188
189 LED_B_ON();
190
191 /*
192 * Sweeps the useful LF range of the proxmark from
193 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
194 * read the voltage in the antenna, the result left
195 * in the buffer is a graph which should clearly show
196 * the resonating frequency of your LF antenna
197 * ( hopefully around 95 if it is tuned to 125kHz!)
198 */
199
200 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
201 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
202 for (i=255; i>=19; i--) {
203 WDT_HIT();
204 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
205 SpinDelay(20);
206 adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
207 if (i==95) vLf125 = adcval; // voltage at 125Khz
208 if (i==89) vLf134 = adcval; // voltage at 134Khz
209
210 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
211 if(LF_Results[i] > peak) {
212 peakv = adcval;
213 peak = LF_Results[i];
214 peakf = i;
215 //ptr = i;
216 }
217 }
218
219 for (i=18; i >= 0; i--) LF_Results[i] = 0;
220
221 LED_A_ON();
222 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
223 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
224 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
225 SpinDelay(20);
226 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
227
228 cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
229 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
230 LED_A_OFF();
231 LED_B_OFF();
232 return;
233 }
234
235 void MeasureAntennaTuningHf(void)
236 {
237 int vHf = 0; // in mV
238
239 DbpString("Measuring HF antenna, press button to exit");
240
241 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
242 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
243 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
244
245 for (;;) {
246 SpinDelay(20);
247 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
248
249 Dbprintf("%d mV",vHf);
250 if (BUTTON_PRESS()) break;
251 }
252 DbpString("cancelled");
253
254 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
255
256 }
257
258
259 void ReadMem(int addr)
260 {
261 const uint8_t *data = ((uint8_t *)addr);
262
263 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
264 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
265 }
266
267 /* osimage version information is linked in */
268 extern struct version_information version_information;
269 /* bootrom version information is pointed to from _bootphase1_version_pointer */
270 extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__;
271 void SendVersion(void)
272 {
273 char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */
274 char VersionString[USB_CMD_DATA_SIZE] = { '\0' };
275
276 /* Try to find the bootrom version information. Expect to find a pointer at
277 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
278 * pointer, then use it.
279 */
280 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
281 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
282 strcat(VersionString, "bootrom version information appears invalid\n");
283 } else {
284 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
285 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
286 }
287
288 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
289 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
290
291 FpgaGatherVersion(FPGA_BITSTREAM_LF, temp, sizeof(temp));
292 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
293 FpgaGatherVersion(FPGA_BITSTREAM_HF, temp, sizeof(temp));
294 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
295
296 // Send Chip ID and used flash memory
297 uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start;
298 uint32_t compressed_data_section_size = common_area.arg1;
299 cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
300 }
301 /**
302 * Prints runtime information about the PM3.
303 **/
304 void SendStatus(void)
305 {
306 BigBuf_print_status();
307 Fpga_print_status();
308 printConfig(); //LF Sampling config
309 Dbprintf("Various");
310 Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL);
311 Dbprintf(" ToSendMax........%d",ToSendMax);
312 Dbprintf(" ToSendBit........%d",ToSendBit);
313 }
314
315 #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
316
317 #define OPTS 2
318
319 void StandAloneMode()
320 {
321 DbpString("Stand-alone mode! No PC necessary.");
322 // Oooh pretty -- notify user we're in elite samy mode now
323 LED(LED_RED, 200);
324 LED(LED_ORANGE, 200);
325 LED(LED_GREEN, 200);
326 LED(LED_ORANGE, 200);
327 LED(LED_RED, 200);
328 LED(LED_ORANGE, 200);
329 LED(LED_GREEN, 200);
330 LED(LED_ORANGE, 200);
331 LED(LED_RED, 200);
332
333 }
334
335 #endif
336
337
338
339 #ifdef WITH_ISO14443a_StandAlone
340 void StandAloneMode14a()
341 {
342 StandAloneMode();
343 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
344
345 int selected = 0;
346 int playing = 0;
347 int cardRead[OPTS] = {0};
348 uint8_t readUID[10] = {0};
349 uint32_t uid_1st[OPTS]={0};
350 uint32_t uid_2nd[OPTS]={0};
351
352 LED(selected + 1, 0);
353
354 for (;;)
355 {
356 usb_poll();
357 WDT_HIT();
358
359 // Was our button held down or pressed?
360 int button_pressed = BUTTON_HELD(1000);
361 SpinDelay(300);
362
363 // Button was held for a second, begin recording
364 if (button_pressed > 0 && cardRead[selected] == 0)
365 {
366 LEDsoff();
367 LED(selected + 1, 0);
368 LED(LED_RED2, 0);
369
370 // record
371 Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
372
373 // wait for button to be released
374 while(BUTTON_PRESS())
375 WDT_HIT();
376 /* need this delay to prevent catching some weird data */
377 SpinDelay(500);
378 /* Code for reading from 14a tag */
379 uint8_t uid[10] ={0};
380 uint32_t cuid;
381 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
382
383 for ( ; ; )
384 {
385 WDT_HIT();
386 if (!iso14443a_select_card(uid, NULL, &cuid))
387 continue;
388 else
389 {
390 Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
391 memcpy(readUID,uid,10*sizeof(uint8_t));
392 uint8_t *dst = (uint8_t *)&uid_1st[selected];
393 // Set UID byte order
394 for (int i=0; i<4; i++)
395 dst[i] = uid[3-i];
396 dst = (uint8_t *)&uid_2nd[selected];
397 for (int i=0; i<4; i++)
398 dst[i] = uid[7-i];
399 break;
400 }
401 }
402 LEDsoff();
403 LED(LED_GREEN, 200);
404 LED(LED_ORANGE, 200);
405 LED(LED_GREEN, 200);
406 LED(LED_ORANGE, 200);
407
408 LEDsoff();
409 LED(selected + 1, 0);
410 // Finished recording
411
412 // If we were previously playing, set playing off
413 // so next button push begins playing what we recorded
414 playing = 0;
415
416 cardRead[selected] = 1;
417
418 }
419 /* MF UID clone */
420 else if (button_pressed > 0 && cardRead[selected] == 1)
421 {
422 LEDsoff();
423 LED(selected + 1, 0);
424 LED(LED_ORANGE, 250);
425
426
427 // record
428 Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
429
430 // wait for button to be released
431 while(BUTTON_PRESS())
432 {
433 // Delay cloning until card is in place
434 WDT_HIT();
435 }
436 Dbprintf("Starting clone. [Bank: %u]", selected);
437 // need this delay to prevent catching some weird data
438 SpinDelay(500);
439 // Begin clone function here:
440 /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
441 UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
442 memcpy(c.d.asBytes, data, 16);
443 SendCommand(&c);
444
445 Block read is similar:
446 UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
447 We need to imitate that call with blockNo 0 to set a uid.
448
449 The get and set commands are handled in this file:
450 // Work with "magic Chinese" card
451 case CMD_MIFARE_CSETBLOCK:
452 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
453 break;
454 case CMD_MIFARE_CGETBLOCK:
455 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
456 //
457 break;
458
459 mfCSetUID provides example logic for UID set workflow:
460 -Read block0 from card in field with MifareCGetBlock()
461 -Configure new values without replacing reserved bytes
462 memcpy(block0, uid, 4); // Copy UID bytes from byte array
463 // Mifare UID BCC
464 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
465 Bytes 5-7 are reserved SAK and ATQA for mifare classic
466 -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
467 */
468 uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
469 // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
470 MifareCGetBlock(0x1F, 1, 0, oldBlock0);
471 Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
472 memcpy(newBlock0,oldBlock0,16);
473 // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
474
475 newBlock0[0] = uid_1st[selected]>>24;
476 newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
477 newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
478 newBlock0[3] = 0xFF & (uid_1st[selected]);
479 newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
480 // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
481 MifareCSetBlock(0, 0xFF,0, newBlock0);
482 MifareCGetBlock(0x1F, 1, 0, testBlock0);
483 if (memcmp(testBlock0,newBlock0,16)==0)
484 {
485 DbpString("Cloned successfull!");
486 cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
487 }
488 LEDsoff();
489 LED(selected + 1, 0);
490 // Finished recording
491
492 // If we were previously playing, set playing off
493 // so next button push begins playing what we recorded
494 playing = 0;
495
496 }
497 // Change where to record (or begin playing)
498 else if (button_pressed && cardRead[selected])
499 {
500 // Next option if we were previously playing
501 if (playing)
502 selected = (selected + 1) % OPTS;
503 playing = !playing;
504
505 LEDsoff();
506 LED(selected + 1, 0);
507
508 // Begin transmitting
509 if (playing)
510 {
511 LED(LED_GREEN, 0);
512 DbpString("Playing");
513 while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec
514 Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
515 SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL);
516 }
517 //cardRead[selected] = 1;
518 Dbprintf("Done playing [Bank: %u]",selected);
519
520 /* We pressed a button so ignore it here with a delay */
521 SpinDelay(300);
522
523 // when done, we're done playing, move to next option
524 selected = (selected + 1) % OPTS;
525 playing = !playing;
526 LEDsoff();
527 LED(selected + 1, 0);
528 }
529 else
530 while(BUTTON_PRESS())
531 WDT_HIT();
532 }
533 }
534 }
535 #elif WITH_LF
536 // samy's sniff and repeat routine
537 void SamyRun()
538 {
539 StandAloneMode();
540 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
541
542 int high[OPTS], low[OPTS];
543 int selected = 0;
544 int playing = 0;
545 int cardRead = 0;
546
547 // Turn on selected LED
548 LED(selected + 1, 0);
549
550 for (;;)
551 {
552 usb_poll();
553 WDT_HIT();
554
555 // Was our button held down or pressed?
556 int button_pressed = BUTTON_HELD(1000);
557 SpinDelay(300);
558
559 // Button was held for a second, begin recording
560 if (button_pressed > 0 && cardRead == 0)
561 {
562 LEDsoff();
563 LED(selected + 1, 0);
564 LED(LED_RED2, 0);
565
566 // record
567 DbpString("Starting recording");
568
569 // wait for button to be released
570 while(BUTTON_PRESS())
571 WDT_HIT();
572
573 /* need this delay to prevent catching some weird data */
574 SpinDelay(500);
575
576 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
577 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
578
579 LEDsoff();
580 LED(selected + 1, 0);
581 // Finished recording
582
583 // If we were previously playing, set playing off
584 // so next button push begins playing what we recorded
585 playing = 0;
586
587 cardRead = 1;
588
589 }
590
591 else if (button_pressed > 0 && cardRead == 1)
592 {
593 LEDsoff();
594 LED(selected + 1, 0);
595 LED(LED_ORANGE, 0);
596
597 // record
598 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
599
600 // wait for button to be released
601 while(BUTTON_PRESS())
602 WDT_HIT();
603
604 /* need this delay to prevent catching some weird data */
605 SpinDelay(500);
606
607 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
608 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
609
610 LEDsoff();
611 LED(selected + 1, 0);
612 // Finished recording
613
614 // If we were previously playing, set playing off
615 // so next button push begins playing what we recorded
616 playing = 0;
617
618 cardRead = 0;
619
620 }
621
622 // Change where to record (or begin playing)
623 else if (button_pressed)
624 {
625 // Next option if we were previously playing
626 if (playing)
627 selected = (selected + 1) % OPTS;
628 playing = !playing;
629
630 LEDsoff();
631 LED(selected + 1, 0);
632
633 // Begin transmitting
634 if (playing)
635 {
636 LED(LED_GREEN, 0);
637 DbpString("Playing");
638 // wait for button to be released
639 while(BUTTON_PRESS())
640 WDT_HIT();
641 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
642 CmdHIDsimTAG(high[selected], low[selected], 0);
643 DbpString("Done playing");
644 if (BUTTON_HELD(1000) > 0)
645 {
646 DbpString("Exiting");
647 LEDsoff();
648 return;
649 }
650
651 /* We pressed a button so ignore it here with a delay */
652 SpinDelay(300);
653
654 // when done, we're done playing, move to next option
655 selected = (selected + 1) % OPTS;
656 playing = !playing;
657 LEDsoff();
658 LED(selected + 1, 0);
659 }
660 else
661 while(BUTTON_PRESS())
662 WDT_HIT();
663 }
664 }
665 }
666
667 #endif
668 /*
669 OBJECTIVE
670 Listen and detect an external reader. Determine the best location
671 for the antenna.
672
673 INSTRUCTIONS:
674 Inside the ListenReaderField() function, there is two mode.
675 By default, when you call the function, you will enter mode 1.
676 If you press the PM3 button one time, you will enter mode 2.
677 If you press the PM3 button a second time, you will exit the function.
678
679 DESCRIPTION OF MODE 1:
680 This mode just listens for an external reader field and lights up green
681 for HF and/or red for LF. This is the original mode of the detectreader
682 function.
683
684 DESCRIPTION OF MODE 2:
685 This mode will visually represent, using the LEDs, the actual strength of the
686 current compared to the maximum current detected. Basically, once you know
687 what kind of external reader is present, it will help you spot the best location to place
688 your antenna. You will probably not get some good results if there is a LF and a HF reader
689 at the same place! :-)
690
691 LIGHT SCHEME USED:
692 */
693 static const char LIGHT_SCHEME[] = {
694 0x0, /* ---- | No field detected */
695 0x1, /* X--- | 14% of maximum current detected */
696 0x2, /* -X-- | 29% of maximum current detected */
697 0x4, /* --X- | 43% of maximum current detected */
698 0x8, /* ---X | 57% of maximum current detected */
699 0xC, /* --XX | 71% of maximum current detected */
700 0xE, /* -XXX | 86% of maximum current detected */
701 0xF, /* XXXX | 100% of maximum current detected */
702 };
703 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
704
705 void ListenReaderField(int limit)
706 {
707 int lf_av, lf_av_new, lf_baseline= 0, lf_max;
708 int hf_av, hf_av_new, hf_baseline= 0, hf_max;
709 int mode=1, display_val, display_max, i;
710
711 #define LF_ONLY 1
712 #define HF_ONLY 2
713 #define REPORT_CHANGE 10 // report new values only if they have changed at least by REPORT_CHANGE
714
715
716 // switch off FPGA - we don't want to measure our own signal
717 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
718 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
719
720 LEDsoff();
721
722 lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
723
724 if(limit != HF_ONLY) {
725 Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
726 lf_baseline = lf_av;
727 }
728
729 hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
730
731 if (limit != LF_ONLY) {
732 Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
733 hf_baseline = hf_av;
734 }
735
736 for(;;) {
737 if (BUTTON_PRESS()) {
738 SpinDelay(500);
739 switch (mode) {
740 case 1:
741 mode=2;
742 DbpString("Signal Strength Mode");
743 break;
744 case 2:
745 default:
746 DbpString("Stopped");
747 LEDsoff();
748 return;
749 break;
750 }
751 }
752 WDT_HIT();
753
754 if (limit != HF_ONLY) {
755 if(mode == 1) {
756 if (abs(lf_av - lf_baseline) > REPORT_CHANGE)
757 LED_D_ON();
758 else
759 LED_D_OFF();
760 }
761
762 lf_av_new = AvgAdc(ADC_CHAN_LF);
763 // see if there's a significant change
764 if(abs(lf_av - lf_av_new) > REPORT_CHANGE) {
765 Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
766 lf_av = lf_av_new;
767 if (lf_av > lf_max)
768 lf_max = lf_av;
769 }
770 }
771
772 if (limit != LF_ONLY) {
773 if (mode == 1){
774 if (abs(hf_av - hf_baseline) > REPORT_CHANGE)
775 LED_B_ON();
776 else
777 LED_B_OFF();
778 }
779
780 hf_av_new = AvgAdc(ADC_CHAN_HF);
781 // see if there's a significant change
782 if(abs(hf_av - hf_av_new) > REPORT_CHANGE) {
783 Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
784 hf_av = hf_av_new;
785 if (hf_av > hf_max)
786 hf_max = hf_av;
787 }
788 }
789
790 if(mode == 2) {
791 if (limit == LF_ONLY) {
792 display_val = lf_av;
793 display_max = lf_max;
794 } else if (limit == HF_ONLY) {
795 display_val = hf_av;
796 display_max = hf_max;
797 } else { /* Pick one at random */
798 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
799 display_val = hf_av;
800 display_max = hf_max;
801 } else {
802 display_val = lf_av;
803 display_max = lf_max;
804 }
805 }
806 for (i=0; i<LIGHT_LEN; i++) {
807 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
808 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
809 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
810 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
811 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
812 break;
813 }
814 }
815 }
816 }
817 }
818
819 void UsbPacketReceived(uint8_t *packet, int len)
820 {
821 UsbCommand *c = (UsbCommand *)packet;
822
823 //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
824
825 switch(c->cmd) {
826 #ifdef WITH_LF
827 case CMD_SET_LF_SAMPLING_CONFIG:
828 setSamplingConfig((sample_config *) c->d.asBytes);
829 break;
830 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
831 cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
832 break;
833 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
834 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
835 break;
836 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
837 cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
838 break;
839 case CMD_HID_DEMOD_FSK:
840 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
841 break;
842 case CMD_HID_SIM_TAG:
843 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
844 break;
845 case CMD_FSK_SIM_TAG:
846 CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
847 break;
848 case CMD_ASK_SIM_TAG:
849 CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
850 break;
851 case CMD_PSK_SIM_TAG:
852 CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
853 break;
854 case CMD_HID_CLONE_TAG:
855 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
856 break;
857 case CMD_IO_DEMOD_FSK:
858 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
859 break;
860 case CMD_IO_CLONE_TAG:
861 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
862 break;
863 case CMD_EM410X_DEMOD:
864 CmdEM410xdemod(c->arg[0], 0, 0, 1);
865 break;
866 case CMD_EM410X_WRITE_TAG:
867 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
868 break;
869 case CMD_READ_TI_TYPE:
870 ReadTItag();
871 break;
872 case CMD_WRITE_TI_TYPE:
873 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
874 break;
875 case CMD_SIMULATE_TAG_125K:
876 LED_A_ON();
877 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
878 LED_A_OFF();
879 break;
880 case CMD_LF_SIMULATE_BIDIR:
881 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
882 break;
883 case CMD_INDALA_CLONE_TAG:
884 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
885 break;
886 case CMD_INDALA_CLONE_TAG_L:
887 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
888 break;
889 case CMD_T55XX_READ_BLOCK:
890 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
891 break;
892 case CMD_T55XX_WRITE_BLOCK:
893 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
894 cmd_send(CMD_ACK,0,0,0,0,0);
895 break;
896 case CMD_T55XX_READ_TRACE:
897 T55xxReadTrace();
898 break;
899 case CMD_PCF7931_READ:
900 ReadPCF7931();
901 cmd_send(CMD_ACK,0,0,0,0,0);
902 break;
903 case CMD_EM4X_READ_WORD:
904 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
905 break;
906 case CMD_EM4X_WRITE_WORD:
907 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
908 break;
909 case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
910 CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
911 break;
912 #endif
913
914 #ifdef WITH_HITAG
915 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
916 SnoopHitag(c->arg[0]);
917 break;
918 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
919 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
920 break;
921 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
922 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
923 break;
924 #endif
925
926 #ifdef WITH_ISO15693
927 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
928 AcquireRawAdcSamplesIso15693();
929 break;
930 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
931 RecordRawAdcSamplesIso15693();
932 break;
933
934 case CMD_ISO_15693_COMMAND:
935 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
936 break;
937
938 case CMD_ISO_15693_FIND_AFI:
939 BruteforceIso15693Afi(c->arg[0]);
940 break;
941
942 case CMD_ISO_15693_DEBUG:
943 SetDebugIso15693(c->arg[0]);
944 break;
945
946 case CMD_READER_ISO_15693:
947 ReaderIso15693(c->arg[0]);
948 break;
949 case CMD_SIMTAG_ISO_15693:
950 SimTagIso15693(c->arg[0], c->d.asBytes);
951 break;
952 #endif
953
954 #ifdef WITH_LEGICRF
955 case CMD_SIMULATE_TAG_LEGIC_RF:
956 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
957 break;
958
959 case CMD_WRITER_LEGIC_RF:
960 LegicRfWriter(c->arg[1], c->arg[0]);
961 break;
962
963 case CMD_READER_LEGIC_RF:
964 LegicRfReader(c->arg[0], c->arg[1]);
965 break;
966 #endif
967
968 #ifdef WITH_ISO14443b
969 case CMD_READ_SRI512_TAG:
970 ReadSTMemoryIso14443b(0x0F);
971 break;
972 case CMD_READ_SRIX4K_TAG:
973 ReadSTMemoryIso14443b(0x7F);
974 break;
975 case CMD_SNOOP_ISO_14443B:
976 SnoopIso14443b();
977 break;
978 case CMD_SIMULATE_TAG_ISO_14443B:
979 SimulateIso14443bTag();
980 break;
981 case CMD_ISO_14443B_COMMAND:
982 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
983 break;
984 #endif
985
986 #ifdef WITH_ISO14443a
987 case CMD_SNOOP_ISO_14443a:
988 SniffIso14443a(c->arg[0]);
989 break;
990 case CMD_READER_ISO_14443a:
991 ReaderIso14443a(c);
992 break;
993 case CMD_SIMULATE_TAG_ISO_14443a:
994 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
995 break;
996
997 case CMD_EPA_PACE_COLLECT_NONCE:
998 EPA_PACE_Collect_Nonce(c);
999 break;
1000 case CMD_EPA_PACE_REPLAY:
1001 EPA_PACE_Replay(c);
1002 break;
1003
1004 case CMD_READER_MIFARE:
1005 ReaderMifare(c->arg[0]);
1006 break;
1007 case CMD_MIFARE_READBL:
1008 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1009 break;
1010 case CMD_MIFAREU_READBL:
1011 MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
1012 break;
1013 case CMD_MIFAREUC_AUTH:
1014 MifareUC_Auth(c->arg[0],c->d.asBytes);
1015 break;
1016 case CMD_MIFAREU_READCARD:
1017 MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1018 break;
1019 case CMD_MIFAREUC_SETPWD:
1020 MifareUSetPwd(c->arg[0], c->d.asBytes);
1021 break;
1022 case CMD_MIFARE_READSC:
1023 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1024 break;
1025 case CMD_MIFARE_WRITEBL:
1026 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1027 break;
1028 //case CMD_MIFAREU_WRITEBL_COMPAT:
1029 //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
1030 //break;
1031 case CMD_MIFAREU_WRITEBL:
1032 MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
1033 break;
1034 case CMD_MIFARE_NESTED:
1035 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1036 break;
1037 case CMD_MIFARE_CHKKEYS:
1038 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1039 break;
1040 case CMD_SIMULATE_MIFARE_CARD:
1041 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1042 break;
1043
1044 // emulator
1045 case CMD_MIFARE_SET_DBGMODE:
1046 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1047 break;
1048 case CMD_MIFARE_EML_MEMCLR:
1049 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1050 break;
1051 case CMD_MIFARE_EML_MEMSET:
1052 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1053 break;
1054 case CMD_MIFARE_EML_MEMGET:
1055 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1056 break;
1057 case CMD_MIFARE_EML_CARDLOAD:
1058 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1059 break;
1060
1061 // Work with "magic Chinese" card
1062 case CMD_MIFARE_CSETBLOCK:
1063 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1064 break;
1065 case CMD_MIFARE_CGETBLOCK:
1066 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1067 break;
1068 case CMD_MIFARE_CIDENT:
1069 MifareCIdent();
1070 break;
1071
1072 // mifare sniffer
1073 case CMD_MIFARE_SNIFFER:
1074 SniffMifare(c->arg[0]);
1075 break;
1076
1077 //mifare desfire
1078 case CMD_MIFARE_DESFIRE_READBL: break;
1079 case CMD_MIFARE_DESFIRE_WRITEBL: break;
1080 case CMD_MIFARE_DESFIRE_AUTH1:
1081 MifareDES_Auth1(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1082 break;
1083 case CMD_MIFARE_DESFIRE_AUTH2:
1084 //MifareDES_Auth2(c->arg[0],c->d.asBytes);
1085 break;
1086 case CMD_MIFARE_DES_READER:
1087 //readermifaredes(c->arg[0], c->arg[1], c->d.asBytes);
1088 break;
1089 case CMD_MIFARE_DESFIRE_INFO:
1090 MifareDesfireGetInformation();
1091 break;
1092 case CMD_MIFARE_DESFIRE:
1093 MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes);
1094 break;
1095
1096 case CMD_MIFARE_COLLECT_NONCES:
1097 MifareCollectNonces(c->arg[0], c->arg[1]);
1098 break;
1099 #endif
1100
1101 #ifdef WITH_ICLASS
1102 // Makes use of ISO14443a FPGA Firmware
1103 case CMD_SNOOP_ICLASS:
1104 SnoopIClass();
1105 break;
1106 case CMD_SIMULATE_TAG_ICLASS:
1107 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1108 break;
1109 case CMD_READER_ICLASS:
1110 ReaderIClass(c->arg[0]);
1111 break;
1112 case CMD_READER_ICLASS_REPLAY:
1113 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
1114 break;
1115 case CMD_ICLASS_EML_MEMSET:
1116 emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
1117 break;
1118 #endif
1119
1120 case CMD_BUFF_CLEAR:
1121 BigBuf_Clear();
1122 break;
1123
1124 case CMD_MEASURE_ANTENNA_TUNING:
1125 MeasureAntennaTuning();
1126 break;
1127
1128 case CMD_MEASURE_ANTENNA_TUNING_HF:
1129 MeasureAntennaTuningHf();
1130 break;
1131
1132 case CMD_LISTEN_READER_FIELD:
1133 ListenReaderField(c->arg[0]);
1134 break;
1135
1136 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
1137 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1138 SpinDelay(200);
1139 LED_D_OFF(); // LED D indicates field ON or OFF
1140 break;
1141
1142 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
1143
1144 LED_B_ON();
1145 uint8_t *BigBuf = BigBuf_get_addr();
1146 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
1147 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
1148 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
1149 }
1150 // Trigger a finish downloading signal with an ACK frame
1151 cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
1152 LED_B_OFF();
1153 break;
1154
1155 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
1156 uint8_t *b = BigBuf_get_addr();
1157 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1158 cmd_send(CMD_ACK,0,0,0,0,0);
1159 break;
1160 }
1161 case CMD_READ_MEM:
1162 ReadMem(c->arg[0]);
1163 break;
1164
1165 case CMD_SET_LF_DIVISOR:
1166 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
1167 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
1168 break;
1169
1170 case CMD_SET_ADC_MUX:
1171 switch(c->arg[0]) {
1172 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
1173 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
1174 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
1175 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
1176 }
1177 break;
1178
1179 case CMD_VERSION:
1180 SendVersion();
1181 break;
1182 case CMD_STATUS:
1183 SendStatus();
1184 break;
1185 case CMD_PING:
1186 cmd_send(CMD_ACK,0,0,0,0,0);
1187 break;
1188 #ifdef WITH_LCD
1189 case CMD_LCD_RESET:
1190 LCDReset();
1191 break;
1192 case CMD_LCD:
1193 LCDSend(c->arg[0]);
1194 break;
1195 #endif
1196 case CMD_SETUP_WRITE:
1197 case CMD_FINISH_WRITE:
1198 case CMD_HARDWARE_RESET:
1199 usb_disable();
1200 SpinDelay(1000);
1201 SpinDelay(1000);
1202 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1203 for(;;) {
1204 // We're going to reset, and the bootrom will take control.
1205 }
1206 break;
1207
1208 case CMD_START_FLASH:
1209 if(common_area.flags.bootrom_present) {
1210 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
1211 }
1212 usb_disable();
1213 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1214 for(;;);
1215 break;
1216
1217 case CMD_DEVICE_INFO: {
1218 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1219 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1220 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1221 break;
1222 }
1223 default:
1224 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1225 break;
1226 }
1227 }
1228
1229 void __attribute__((noreturn)) AppMain(void)
1230 {
1231 SpinDelay(100);
1232 clear_trace();
1233 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1234 /* Initialize common area */
1235 memset(&common_area, 0, sizeof(common_area));
1236 common_area.magic = COMMON_AREA_MAGIC;
1237 common_area.version = 1;
1238 }
1239 common_area.flags.osimage_present = 1;
1240
1241 LED_D_OFF();
1242 LED_C_OFF();
1243 LED_B_OFF();
1244 LED_A_OFF();
1245
1246 // Init USB device
1247 usb_enable();
1248
1249 // The FPGA gets its clock from us from PCK0 output, so set that up.
1250 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1251 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1252 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1253 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1254 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1255 AT91C_PMC_PRES_CLK_4;
1256 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1257
1258 // Reset SPI
1259 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1260 // Reset SSC
1261 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1262
1263 // Load the FPGA image, which we have stored in our flash.
1264 // (the HF version by default)
1265 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1266
1267 StartTickCount();
1268
1269 #ifdef WITH_LCD
1270 LCDInit();
1271 #endif
1272
1273 byte_t rx[sizeof(UsbCommand)];
1274 size_t rx_len;
1275
1276 for(;;) {
1277 if (usb_poll()) {
1278 rx_len = usb_read(rx,sizeof(UsbCommand));
1279 if (rx_len) {
1280 UsbPacketReceived(rx,rx_len);
1281 }
1282 }
1283 WDT_HIT();
1284
1285 #ifdef WITH_LF
1286 #ifndef WITH_ISO14443a_StandAlone
1287 if (BUTTON_HELD(1000) > 0)
1288 SamyRun();
1289 #endif
1290 #endif
1291 #ifdef WITH_ISO14443a
1292 #ifdef WITH_ISO14443a_StandAlone
1293 if (BUTTON_HELD(1000) > 0)
1294 StandAloneMode14a();
1295 #endif
1296 #endif
1297 }
1298 }
Impressum, Datenschutz