]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:


05e688682b6b8fadf7a4bf504cc43bb0a407de8b
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
40 uint8_t ToSend[TOSEND_BUFFER_SIZE];
41 int ToSendMax;
42 static int ToSendBit;
43 struct common_area common_area __attribute__((section(".commonarea")));
44
45 void BufferClear(void)
46 {
47 memset(BigBuf,0,sizeof(BigBuf));
48 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
49 }
50
51 void ToSendReset(void)
52 {
53 ToSendMax = -1;
54 ToSendBit = 8;
55 }
56
57 void ToSendStuffBit(int b)
58 {
59 if(ToSendBit >= 8) {
60 ToSendMax++;
61 ToSend[ToSendMax] = 0;
62 ToSendBit = 0;
63 }
64
65 if(b) {
66 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
67 }
68
69 ToSendBit++;
70
71 if(ToSendMax >= sizeof(ToSend)) {
72 ToSendBit = 0;
73 DbpString("ToSendStuffBit overflowed!");
74 }
75 }
76
77 //=============================================================================
78 // Debug print functions, to go out over USB, to the usual PC-side client.
79 //=============================================================================
80
81 void DbpString(char *str)
82 {
83 byte_t len = strlen(str);
84 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
85 // /* this holds up stuff unless we're connected to usb */
86 // if (!UsbConnected())
87 // return;
88 //
89 // UsbCommand c;
90 // c.cmd = CMD_DEBUG_PRINT_STRING;
91 // c.arg[0] = strlen(str);
92 // if(c.arg[0] > sizeof(c.d.asBytes)) {
93 // c.arg[0] = sizeof(c.d.asBytes);
94 // }
95 // memcpy(c.d.asBytes, str, c.arg[0]);
96 //
97 // UsbSendPacket((uint8_t *)&c, sizeof(c));
98 // // TODO fix USB so stupid things like this aren't req'd
99 // SpinDelay(50);
100 }
101
102 #if 0
103 void DbpIntegers(int x1, int x2, int x3)
104 {
105 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
106 // /* this holds up stuff unless we're connected to usb */
107 // if (!UsbConnected())
108 // return;
109 //
110 // UsbCommand c;
111 // c.cmd = CMD_DEBUG_PRINT_INTEGERS;
112 // c.arg[0] = x1;
113 // c.arg[1] = x2;
114 // c.arg[2] = x3;
115 //
116 // UsbSendPacket((uint8_t *)&c, sizeof(c));
117 // // XXX
118 // SpinDelay(50);
119 }
120 #endif
121
122 void Dbprintf(const char *fmt, ...) {
123 // should probably limit size here; oh well, let's just use a big buffer
124 char output_string[128];
125 va_list ap;
126
127 va_start(ap, fmt);
128 kvsprintf(fmt, output_string, 10, ap);
129 va_end(ap);
130
131 DbpString(output_string);
132 }
133
134 // prints HEX & ASCII
135 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
136 int l=0,i;
137 char ascii[9];
138
139 while (len>0) {
140 if (len>8) l=8;
141 else l=len;
142
143 memcpy(ascii,d,l);
144 ascii[l]=0;
145
146 // filter safe ascii
147 for (i=0;i<l;i++)
148 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
149
150 if (bAsci) {
151 Dbprintf("%-8s %*D",ascii,l,d," ");
152 } else {
153 Dbprintf("%*D",l,d," ");
154 }
155
156 len-=8;
157 d+=8;
158 }
159 }
160
161 //-----------------------------------------------------------------------------
162 // Read an ADC channel and block till it completes, then return the result
163 // in ADC units (0 to 1023). Also a routine to average 32 samples and
164 // return that.
165 //-----------------------------------------------------------------------------
166 static int ReadAdc(int ch)
167 {
168 uint32_t d;
169
170 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
171 AT91C_BASE_ADC->ADC_MR =
172 ADC_MODE_PRESCALE(32) |
173 ADC_MODE_STARTUP_TIME(16) |
174 ADC_MODE_SAMPLE_HOLD_TIME(8);
175 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
176
177 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
178 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
179 ;
180 d = AT91C_BASE_ADC->ADC_CDR[ch];
181
182 return d;
183 }
184
185 int AvgAdc(int ch) // was static - merlok
186 {
187 int i;
188 int a = 0;
189
190 for(i = 0; i < 32; i++) {
191 a += ReadAdc(ch);
192 }
193
194 return (a + 15) >> 5;
195 }
196
197 void MeasureAntennaTuning(void)
198 {
199 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
200 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
201 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
202
203 // UsbCommand c;
204
205 LED_B_ON();
206 DbpString("Measuring antenna characteristics, please wait...");
207 memset(dest,0,FREE_BUFFER_SIZE);
208
209 /*
210 * Sweeps the useful LF range of the proxmark from
211 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
212 * read the voltage in the antenna, the result left
213 * in the buffer is a graph which should clearly show
214 * the resonating frequency of your LF antenna
215 * ( hopefully around 95 if it is tuned to 125kHz!)
216 */
217
218 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
219 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
220 for (i=255; i>19; i--) {
221 WDT_HIT();
222 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
223 SpinDelay(20);
224 // Vref = 3.3V, and a 10000:240 voltage divider on the input
225 // can measure voltages up to 137500 mV
226 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
227 if (i==95) vLf125 = adcval; // voltage at 125Khz
228 if (i==89) vLf134 = adcval; // voltage at 134Khz
229
230 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
231 if(dest[i] > peak) {
232 peakv = adcval;
233 peak = dest[i];
234 peakf = i;
235 //ptr = i;
236 }
237 }
238
239 LED_A_ON();
240 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
241 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
242 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
243 SpinDelay(20);
244 // Vref = 3300mV, and an 10:1 voltage divider on the input
245 // can measure voltages up to 33000 mV
246 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
247
248 // c.cmd = CMD_MEASURED_ANTENNA_TUNING;
249 // c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
250 // c.arg[1] = vHf;
251 // c.arg[2] = peakf | (peakv << 16);
252
253 DbpString("Measuring complete, sending report back to host");
254 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),0,0);
255 // UsbSendPacket((uint8_t *)&c, sizeof(c));
256 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
257 LED_A_OFF();
258 LED_B_OFF();
259 return;
260 }
261
262 void MeasureAntennaTuningHf(void)
263 {
264 int vHf = 0; // in mV
265
266 DbpString("Measuring HF antenna, press button to exit");
267
268 for (;;) {
269 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
270 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
271 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
272 SpinDelay(20);
273 // Vref = 3300mV, and an 10:1 voltage divider on the input
274 // can measure voltages up to 33000 mV
275 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
276
277 Dbprintf("%d mV",vHf);
278 if (BUTTON_PRESS()) break;
279 }
280 DbpString("cancelled");
281 }
282
283
284 void SimulateTagHfListen(void)
285 {
286 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
287 uint8_t v = 0;
288 int i;
289 int p = 0;
290
291 // We're using this mode just so that I can test it out; the simulated
292 // tag mode would work just as well and be simpler.
293 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
294 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
295
296 // We need to listen to the high-frequency, peak-detected path.
297 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
298
299 FpgaSetupSsc();
300
301 i = 0;
302 for(;;) {
303 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
304 AT91C_BASE_SSC->SSC_THR = 0xff;
305 }
306 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
307 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
308
309 v <<= 1;
310 if(r & 1) {
311 v |= 1;
312 }
313 p++;
314
315 if(p >= 8) {
316 dest[i] = v;
317 v = 0;
318 p = 0;
319 i++;
320
321 if(i >= FREE_BUFFER_SIZE) {
322 break;
323 }
324 }
325 }
326 }
327 DbpString("simulate tag (now type bitsamples)");
328 }
329
330 void ReadMem(int addr)
331 {
332 const uint8_t *data = ((uint8_t *)addr);
333
334 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
335 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
336 }
337
338 /* osimage version information is linked in */
339 extern struct version_information version_information;
340 /* bootrom version information is pointed to from _bootphase1_version_pointer */
341 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
342 void SendVersion(void)
343 {
344 char temp[256]; /* Limited data payload in USB packets */
345 DbpString("Prox/RFID mark3 RFID instrument");
346
347 /* Try to find the bootrom version information. Expect to find a pointer at
348 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
349 * pointer, then use it.
350 */
351 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
352 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
353 DbpString("bootrom version information appears invalid");
354 } else {
355 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
356 DbpString(temp);
357 }
358
359 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
360 DbpString(temp);
361
362 FpgaGatherVersion(temp, sizeof(temp));
363 DbpString(temp);
364 // Send Chip ID
365 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
366 }
367
368 #ifdef WITH_LF
369 // samy's sniff and repeat routine
370 void SamyRun()
371 {
372 DbpString("Stand-alone mode! No PC necessary.");
373 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
374
375 // 3 possible options? no just 2 for now
376 #define OPTS 2
377
378 int high[OPTS], low[OPTS];
379
380 // Oooh pretty -- notify user we're in elite samy mode now
381 LED(LED_RED, 200);
382 LED(LED_ORANGE, 200);
383 LED(LED_GREEN, 200);
384 LED(LED_ORANGE, 200);
385 LED(LED_RED, 200);
386 LED(LED_ORANGE, 200);
387 LED(LED_GREEN, 200);
388 LED(LED_ORANGE, 200);
389 LED(LED_RED, 200);
390
391 int selected = 0;
392 int playing = 0;
393
394 // Turn on selected LED
395 LED(selected + 1, 0);
396
397 for (;;)
398 {
399 // UsbPoll(FALSE);
400 usb_poll();
401 WDT_HIT();
402
403 // Was our button held down or pressed?
404 int button_pressed = BUTTON_HELD(1000);
405 SpinDelay(300);
406
407 // Button was held for a second, begin recording
408 if (button_pressed > 0)
409 {
410 LEDsoff();
411 LED(selected + 1, 0);
412 LED(LED_RED2, 0);
413
414 // record
415 DbpString("Starting recording");
416
417 // wait for button to be released
418 while(BUTTON_PRESS())
419 WDT_HIT();
420
421 /* need this delay to prevent catching some weird data */
422 SpinDelay(500);
423
424 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
425 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
426
427 LEDsoff();
428 LED(selected + 1, 0);
429 // Finished recording
430
431 // If we were previously playing, set playing off
432 // so next button push begins playing what we recorded
433 playing = 0;
434 }
435
436 // Change where to record (or begin playing)
437 else if (button_pressed)
438 {
439 // Next option if we were previously playing
440 if (playing)
441 selected = (selected + 1) % OPTS;
442 playing = !playing;
443
444 LEDsoff();
445 LED(selected + 1, 0);
446
447 // Begin transmitting
448 if (playing)
449 {
450 LED(LED_GREEN, 0);
451 DbpString("Playing");
452 // wait for button to be released
453 while(BUTTON_PRESS())
454 WDT_HIT();
455 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
456 CmdHIDsimTAG(high[selected], low[selected], 0);
457 DbpString("Done playing");
458 if (BUTTON_HELD(1000) > 0)
459 {
460 DbpString("Exiting");
461 LEDsoff();
462 return;
463 }
464
465 /* We pressed a button so ignore it here with a delay */
466 SpinDelay(300);
467
468 // when done, we're done playing, move to next option
469 selected = (selected + 1) % OPTS;
470 playing = !playing;
471 LEDsoff();
472 LED(selected + 1, 0);
473 }
474 else
475 while(BUTTON_PRESS())
476 WDT_HIT();
477 }
478 }
479 }
480 #endif
481
482 /*
483 OBJECTIVE
484 Listen and detect an external reader. Determine the best location
485 for the antenna.
486
487 INSTRUCTIONS:
488 Inside the ListenReaderField() function, there is two mode.
489 By default, when you call the function, you will enter mode 1.
490 If you press the PM3 button one time, you will enter mode 2.
491 If you press the PM3 button a second time, you will exit the function.
492
493 DESCRIPTION OF MODE 1:
494 This mode just listens for an external reader field and lights up green
495 for HF and/or red for LF. This is the original mode of the detectreader
496 function.
497
498 DESCRIPTION OF MODE 2:
499 This mode will visually represent, using the LEDs, the actual strength of the
500 current compared to the maximum current detected. Basically, once you know
501 what kind of external reader is present, it will help you spot the best location to place
502 your antenna. You will probably not get some good results if there is a LF and a HF reader
503 at the same place! :-)
504
505 LIGHT SCHEME USED:
506 */
507 static const char LIGHT_SCHEME[] = {
508 0x0, /* ---- | No field detected */
509 0x1, /* X--- | 14% of maximum current detected */
510 0x2, /* -X-- | 29% of maximum current detected */
511 0x4, /* --X- | 43% of maximum current detected */
512 0x8, /* ---X | 57% of maximum current detected */
513 0xC, /* --XX | 71% of maximum current detected */
514 0xE, /* -XXX | 86% of maximum current detected */
515 0xF, /* XXXX | 100% of maximum current detected */
516 };
517 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
518
519 void ListenReaderField(int limit)
520 {
521 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
522 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
523 int mode=1, display_val, display_max, i;
524
525 #define LF_ONLY 1
526 #define HF_ONLY 2
527
528 LEDsoff();
529
530 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
531
532 if(limit != HF_ONLY) {
533 Dbprintf("LF 125/134 Baseline: %d", lf_av);
534 lf_baseline = lf_av;
535 }
536
537 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
538
539 if (limit != LF_ONLY) {
540 Dbprintf("HF 13.56 Baseline: %d", hf_av);
541 hf_baseline = hf_av;
542 }
543
544 for(;;) {
545 if (BUTTON_PRESS()) {
546 SpinDelay(500);
547 switch (mode) {
548 case 1:
549 mode=2;
550 DbpString("Signal Strength Mode");
551 break;
552 case 2:
553 default:
554 DbpString("Stopped");
555 LEDsoff();
556 return;
557 break;
558 }
559 }
560 WDT_HIT();
561
562 if (limit != HF_ONLY) {
563 if(mode==1) {
564 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
565 else LED_D_OFF();
566 }
567
568 ++lf_count;
569 lf_av_new= ReadAdc(ADC_CHAN_LF);
570 // see if there's a significant change
571 if(abs(lf_av - lf_av_new) > 10) {
572 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
573 lf_av = lf_av_new;
574 if (lf_av > lf_max)
575 lf_max = lf_av;
576 lf_count= 0;
577 }
578 }
579
580 if (limit != LF_ONLY) {
581 if (mode == 1){
582 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
583 else LED_B_OFF();
584 }
585
586 ++hf_count;
587 hf_av_new= ReadAdc(ADC_CHAN_HF);
588 // see if there's a significant change
589 if(abs(hf_av - hf_av_new) > 10) {
590 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
591 hf_av = hf_av_new;
592 if (hf_av > hf_max)
593 hf_max = hf_av;
594 hf_count= 0;
595 }
596 }
597
598 if(mode == 2) {
599 if (limit == LF_ONLY) {
600 display_val = lf_av;
601 display_max = lf_max;
602 } else if (limit == HF_ONLY) {
603 display_val = hf_av;
604 display_max = hf_max;
605 } else { /* Pick one at random */
606 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
607 display_val = hf_av;
608 display_max = hf_max;
609 } else {
610 display_val = lf_av;
611 display_max = lf_max;
612 }
613 }
614 for (i=0; i<LIGHT_LEN; i++) {
615 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
616 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
617 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
618 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
619 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
620 break;
621 }
622 }
623 }
624 }
625 }
626
627 void UsbPacketReceived(uint8_t *packet, int len)
628 {
629 UsbCommand *c = (UsbCommand *)packet;
630
631 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
632
633 switch(c->cmd) {
634 #ifdef WITH_LF
635 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
636 AcquireRawAdcSamples125k(c->arg[0]);
637 cmd_send(CMD_ACK,0,0,0,0,0);
638 break;
639 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
640 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
641 break;
642 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
643 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
644 cmd_send(CMD_ACK,0,0,0,0,0);
645 break;
646 case CMD_HID_DEMOD_FSK:
647 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
648 break;
649 case CMD_HID_SIM_TAG:
650 CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
651 break;
652 case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
653 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
654 break;
655 case CMD_IO_DEMOD_FSK:
656 CmdIOdemodFSK(1, 0, 0, 1); // Demodulate IO tag
657 break;
658 case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
659 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
660 break;
661 case CMD_EM410X_WRITE_TAG:
662 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
663 break;
664 case CMD_READ_TI_TYPE:
665 ReadTItag();
666 break;
667 case CMD_WRITE_TI_TYPE:
668 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
669 break;
670 case CMD_SIMULATE_TAG_125K:
671 LED_A_ON();
672 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
673 LED_A_OFF();
674 break;
675 case CMD_LF_SIMULATE_BIDIR:
676 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
677 break;
678 case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
679 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
680 break;
681 case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
682 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
683 break;
684 case CMD_T55XX_READ_BLOCK:
685 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
686 break;
687 case CMD_T55XX_WRITE_BLOCK:
688 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
689 break;
690 case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
691 T55xxReadTrace();
692 break;
693 case CMD_PCF7931_READ: // Read PCF7931 tag
694 ReadPCF7931();
695 cmd_send(CMD_ACK,0,0,0,0,0);
696 // UsbSendPacket((uint8_t*)&ack, sizeof(ack));
697 break;
698 case CMD_EM4X_READ_WORD:
699 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
700 break;
701 case CMD_EM4X_WRITE_WORD:
702 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
703 break;
704 #endif
705
706 #ifdef WITH_HITAG
707 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
708 SnoopHitag(c->arg[0]);
709 break;
710 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
711 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
712 break;
713 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
714 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
715 break;
716 #endif
717
718 #ifdef WITH_ISO15693
719 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
720 AcquireRawAdcSamplesIso15693();
721 break;
722 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
723 RecordRawAdcSamplesIso15693();
724 break;
725
726 case CMD_ISO_15693_COMMAND:
727 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
728 break;
729
730 case CMD_ISO_15693_FIND_AFI:
731 BruteforceIso15693Afi(c->arg[0]);
732 break;
733
734 case CMD_ISO_15693_DEBUG:
735 SetDebugIso15693(c->arg[0]);
736 break;
737
738 case CMD_READER_ISO_15693:
739 ReaderIso15693(c->arg[0]);
740 break;
741 case CMD_SIMTAG_ISO_15693:
742 SimTagIso15693(c->arg[0]);
743 break;
744 #endif
745
746 #ifdef WITH_LEGICRF
747 case CMD_SIMULATE_TAG_LEGIC_RF:
748 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
749 break;
750
751 case CMD_WRITER_LEGIC_RF:
752 LegicRfWriter(c->arg[1], c->arg[0]);
753 break;
754
755 case CMD_READER_LEGIC_RF:
756 LegicRfReader(c->arg[0], c->arg[1]);
757 break;
758 #endif
759
760 #ifdef WITH_ISO14443b
761 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
762 AcquireRawAdcSamplesIso14443(c->arg[0]);
763 break;
764 case CMD_READ_SRI512_TAG:
765 ReadSTMemoryIso14443(0x0F);
766 break;
767 case CMD_READ_SRIX4K_TAG:
768 ReadSTMemoryIso14443(0x7F);
769 break;
770 case CMD_SNOOP_ISO_14443:
771 SnoopIso14443();
772 break;
773 case CMD_SIMULATE_TAG_ISO_14443:
774 SimulateIso14443Tag();
775 break;
776 case CMD_ISO_14443B_COMMAND:
777 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
778 break;
779 #endif
780
781 #ifdef WITH_ISO14443a
782 case CMD_SNOOP_ISO_14443a:
783 SnoopIso14443a(c->arg[0]);
784 break;
785 case CMD_READER_ISO_14443a:
786 ReaderIso14443a(c);
787 break;
788 case CMD_SIMULATE_TAG_ISO_14443a:
789 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
790 break;
791 case CMD_EPA_PACE_COLLECT_NONCE:
792 EPA_PACE_Collect_Nonce(c);
793 break;
794
795 case CMD_READER_MIFARE:
796 ReaderMifare(c->arg[0]);
797 break;
798 case CMD_MIFARE_READBL:
799 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
800 break;
801 case CMD_MIFAREU_READBL:
802 MifareUReadBlock(c->arg[0],c->d.asBytes);
803 break;
804 case CMD_MIFAREU_READCARD:
805 MifareUReadCard(c->arg[0],c->d.asBytes);
806 break;
807 case CMD_MIFARE_READSC:
808 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
809 break;
810 case CMD_MIFARE_WRITEBL:
811 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
812 break;
813 case CMD_MIFAREU_WRITEBL_COMPAT:
814 MifareUWriteBlock(c->arg[0], c->d.asBytes);
815 break;
816 case CMD_MIFAREU_WRITEBL:
817 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
818 break;
819 case CMD_MIFARE_NESTED:
820 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
821 break;
822 case CMD_MIFARE_CHKKEYS:
823 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
824 break;
825 case CMD_SIMULATE_MIFARE_CARD:
826 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
827 break;
828
829 // emulator
830 case CMD_MIFARE_SET_DBGMODE:
831 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
832 break;
833 case CMD_MIFARE_EML_MEMCLR:
834 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
835 break;
836 case CMD_MIFARE_EML_MEMSET:
837 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
838 break;
839 case CMD_MIFARE_EML_MEMGET:
840 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
841 break;
842 case CMD_MIFARE_EML_CARDLOAD:
843 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
844 break;
845
846 // Work with "magic Chinese" card
847 case CMD_MIFARE_EML_CSETBLOCK:
848 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
849 break;
850 case CMD_MIFARE_EML_CGETBLOCK:
851 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
852 break;
853
854 // mifare sniffer
855 case CMD_MIFARE_SNIFFER:
856 SniffMifare(c->arg[0]);
857 break;
858 #endif
859
860 #ifdef WITH_ICLASS
861 // Makes use of ISO14443a FPGA Firmware
862 case CMD_SNOOP_ICLASS:
863 SnoopIClass();
864 break;
865 case CMD_SIMULATE_TAG_ICLASS:
866 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
867 break;
868 case CMD_READER_ICLASS:
869 ReaderIClass(c->arg[0]);
870 break;
871 case CMD_READER_ICLASS_REPLAY:
872 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
873 break;
874 #endif
875
876 case CMD_SIMULATE_TAG_HF_LISTEN:
877 SimulateTagHfListen();
878 break;
879
880 case CMD_BUFF_CLEAR:
881 BufferClear();
882 break;
883
884 case CMD_MEASURE_ANTENNA_TUNING:
885 MeasureAntennaTuning();
886 break;
887
888 case CMD_MEASURE_ANTENNA_TUNING_HF:
889 MeasureAntennaTuningHf();
890 break;
891
892 case CMD_LISTEN_READER_FIELD:
893 ListenReaderField(c->arg[0]);
894 break;
895
896 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
897 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
898 SpinDelay(200);
899 LED_D_OFF(); // LED D indicates field ON or OFF
900 break;
901
902 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
903 // UsbCommand n;
904 // if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
905 // n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
906 // } else {
907 // n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
908 // }
909 // n.arg[0] = c->arg[0];
910 // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
911 // LED_B_ON();
912 // usb_write((uint8_t *)&n, sizeof(n));
913 // UsbSendPacket((uint8_t *)&n, sizeof(n));
914 // LED_B_OFF();
915
916 LED_B_ON();
917 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
918 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
919 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
920 }
921 // Trigger a finish downloading signal with an ACK frame
922 cmd_send(CMD_ACK,0,0,0,0,0);
923 LED_B_OFF();
924 break;
925
926 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
927 uint8_t *b = (uint8_t *)BigBuf;
928 memcpy(b+c->arg[0], c->d.asBytes, 48);
929 //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
930 // UsbSendPacket((uint8_t*)&ack, sizeof(ack));
931 cmd_send(CMD_ACK,0,0,0,0,0);
932 break;
933 }
934 case CMD_READ_MEM:
935 ReadMem(c->arg[0]);
936 break;
937
938 case CMD_SET_LF_DIVISOR:
939 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
940 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
941 break;
942
943 case CMD_SET_ADC_MUX:
944 switch(c->arg[0]) {
945 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
946 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
947 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
948 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
949 }
950 break;
951
952 case CMD_VERSION:
953 SendVersion();
954 break;
955
956 #ifdef WITH_LCD
957 case CMD_LCD_RESET:
958 LCDReset();
959 break;
960 case CMD_LCD:
961 LCDSend(c->arg[0]);
962 break;
963 #endif
964 case CMD_SETUP_WRITE:
965 case CMD_FINISH_WRITE:
966 case CMD_HARDWARE_RESET:
967 usb_disable();
968 SpinDelay(1000);
969 SpinDelay(1000);
970 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
971 for(;;) {
972 // We're going to reset, and the bootrom will take control.
973 }
974 break;
975
976 case CMD_START_FLASH:
977 if(common_area.flags.bootrom_present) {
978 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
979 }
980 usb_disable();
981 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
982 for(;;);
983 break;
984
985 case CMD_DEVICE_INFO: {
986 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
987 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
988 // UsbSendPacket((uint8_t*)&c, sizeof(c));
989 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
990 break;
991 }
992 default:
993 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
994 break;
995 }
996 }
997
998 void __attribute__((noreturn)) AppMain(void)
999 {
1000 SpinDelay(100);
1001
1002 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1003 /* Initialize common area */
1004 memset(&common_area, 0, sizeof(common_area));
1005 common_area.magic = COMMON_AREA_MAGIC;
1006 common_area.version = 1;
1007 }
1008 common_area.flags.osimage_present = 1;
1009
1010 LED_D_OFF();
1011 LED_C_OFF();
1012 LED_B_OFF();
1013 LED_A_OFF();
1014
1015 // Init USB device`
1016 usb_enable();
1017 // UsbStart();
1018
1019 // The FPGA gets its clock from us from PCK0 output, so set that up.
1020 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1021 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1022 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1023 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1024 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1025 AT91C_PMC_PRES_CLK_4;
1026 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1027
1028 // Reset SPI
1029 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1030 // Reset SSC
1031 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1032
1033 // Load the FPGA image, which we have stored in our flash.
1034 // (the HF version by default)
1035 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1036
1037 StartTickCount();
1038
1039 #ifdef WITH_LCD
1040 LCDInit();
1041 #endif
1042
1043 byte_t rx[sizeof(UsbCommand)];
1044 size_t rx_len;
1045
1046 for(;;) {
1047 if (usb_poll()) {
1048 rx_len = usb_read(rx,sizeof(UsbCommand));
1049 if (rx_len) {
1050 UsbPacketReceived(rx,rx_len);
1051 }
1052 }
1053 // UsbPoll(FALSE);
1054
1055 WDT_HIT();
1056
1057 #ifdef WITH_LF
1058 if (BUTTON_HELD(1000) > 0)
1059 SamyRun();
1060 #endif
1061 }
1062 }
Proxmark3 GIT tracking
Impressum, Datenschutz