]> git.zerfleddert.de Git - proxmark3-svn/blob - common/lfdemod.c
projects / proxmark3-svn / blob
? search:


11ba131b07f5457a2a690b4559ec58c4836f9e6e
[proxmark3-svn] / common / lfdemod.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2014
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Low frequency commands
9 //-----------------------------------------------------------------------------
10
11 #include <stdlib.h>
12 #include <string.h>
13 #include "lfdemod.h"
14
15 //by marshmellow
16 //takes 1s and 0s and searches for EM410x format - output EM ID
17 uint64_t Em410xDecode(uint8_t *BitStream, size_t size)
18 {
19 //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
20 // otherwise could be a void with no arguments
21 //set defaults
22 int high=0, low=128;
23 uint64_t lo=0; //hi=0,
24
25 uint32_t i = 0;
26 uint32_t initLoopMax = 65;
27 if (initLoopMax>size) initLoopMax=size;
28
29 for (;i < initLoopMax; ++i) //65 samples should be plenty to find high and low values
30 {
31 if (BitStream[i] > high)
32 high = BitStream[i];
33 else if (BitStream[i] < low)
34 low = BitStream[i];
35 }
36 if (((high !=1)||(low !=0))){ //allow only 1s and 0s
37 // PrintAndLog("no data found");
38 return 0;
39 }
40 uint8_t parityTest=0;
41 // 111111111 bit pattern represent start of frame
42 uint8_t frame_marker_mask[] = {1,1,1,1,1,1,1,1,1};
43 uint32_t idx = 0;
44 uint32_t ii=0;
45 uint8_t resetCnt = 0;
46 while( (idx + 64) < size) {
47 restart:
48 // search for a start of frame marker
49 if ( memcmp(BitStream+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
50 { // frame marker found
51 idx+=9;//sizeof(frame_marker_mask);
52 for (i=0; i<10;i++){
53 for(ii=0; ii<5; ++ii){
54 parityTest += BitStream[(i*5)+ii+idx];
55 }
56 if (parityTest== ((parityTest>>1)<<1)){
57 parityTest=0;
58 for (ii=0; ii<4;++ii){
59 //hi = (hi<<1)|(lo>>31);
60 lo=(lo<<1LL)|(BitStream[(i*5)+ii+idx]);
61 }
62 //PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo);
63 }else {//parity failed
64 //PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]);
65 parityTest=0;
66 idx-=8;
67 if (resetCnt>5)return 0;
68 resetCnt++;
69 goto restart;//continue;
70 }
71 }
72 //skip last 5 bit parity test for simplicity.
73 return lo;
74 }else{
75 idx++;
76 }
77 }
78 return 0;
79 }
80
81 //by marshmellow
82 //takes 2 arguments - clock and invert both as integers
83 //attempts to demodulate ask while decoding manchester
84 //prints binary found and saves in graphbuffer for further commands
85 int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert)
86 {
87 int i;
88 int high = 0, low = 128;
89 *clk=DetectASKClock(BinStream, *size, *clk); //clock default
90
91 if (*clk<8) *clk =64;
92 if (*clk<32) *clk=32;
93 if (*invert != 0 && *invert != 1) *invert=0;
94 uint32_t initLoopMax = 200;
95 if (initLoopMax > *size) initLoopMax=*size;
96 // Detect high and lows
97 for (i = 0; i < initLoopMax; ++i) //200 samples should be enough to find high and low values
98 {
99 if (BinStream[i] > high)
100 high = BinStream[i];
101 else if (BinStream[i] < low)
102 low = BinStream[i];
103 }
104 if ((high < 158) ){ //throw away static
105 //PrintAndLog("no data found");
106 return -2;
107 }
108 //25% fuzz in case highs and lows aren't clipped [marshmellow]
109 high=(int)((high-128)*.75)+128;
110 low= (int)((low-128)*.75)+128;
111
112 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
113 int lastBit = 0; //set first clock check
114 uint32_t bitnum = 0; //output counter
115 int tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
116 if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
117 int iii = 0;
118 uint32_t gLen = *size;
119 if (gLen > 3000) gLen=3000;
120 uint8_t errCnt =0;
121 uint32_t bestStart = *size;
122 uint32_t bestErrCnt = (*size/1000);
123 uint32_t maxErr = (*size/1000);
124 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
125 //loop to find first wave that works
126 for (iii=0; iii < gLen; ++iii){
127 if ((BinStream[iii] >= high) || (BinStream[iii] <= low)){
128 lastBit=iii-*clk;
129 errCnt=0;
130 //loop through to see if this start location works
131 for (i = iii; i < *size; ++i) {
132 if ((BinStream[i] >= high) && ((i-lastBit) > (*clk-tol))){
133 lastBit+=*clk;
134 } else if ((BinStream[i] <= low) && ((i-lastBit) > (*clk-tol))){
135 //low found and we are expecting a bar
136 lastBit+=*clk;
137 } else {
138 //mid value found or no bar supposed to be here
139 if ((i-lastBit)>(*clk+tol)){
140 //should have hit a high or low based on clock!!
141
142 //debug
143 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
144
145 errCnt++;
146 lastBit+=*clk;//skip over until hit too many errors
147 if (errCnt>(maxErr)) break; //allow 1 error for every 1000 samples else start over
148 }
149 }
150 if ((i-iii) >(400 * *clk)) break; //got plenty of bits
151 }
152 //we got more than 64 good bits and not all errors
153 if ((((i-iii)/ *clk) > (64+errCnt)) && (errCnt<maxErr)) {
154 //possible good read
155 if (errCnt==0){
156 bestStart=iii;
157 bestErrCnt=errCnt;
158 break; //great read - finish
159 }
160 if (errCnt<bestErrCnt){ //set this as new best run
161 bestErrCnt=errCnt;
162 bestStart = iii;
163 }
164 }
165 }
166 }
167 if (bestErrCnt<maxErr){
168 //best run is good enough set to best run and set overwrite BinStream
169 iii=bestStart;
170 lastBit = bestStart - *clk;
171 bitnum=0;
172 for (i = iii; i < *size; ++i) {
173 if ((BinStream[i] >= high) && ((i-lastBit) > (*clk-tol))){
174 lastBit += *clk;
175 BinStream[bitnum] = *invert;
176 bitnum++;
177 } else if ((BinStream[i] <= low) && ((i-lastBit) > (*clk-tol))){
178 //low found and we are expecting a bar
179 lastBit+=*clk;
180 BinStream[bitnum] = 1-*invert;
181 bitnum++;
182 } else {
183 //mid value found or no bar supposed to be here
184 if ((i-lastBit)>(*clk+tol)){
185 //should have hit a high or low based on clock!!
186
187 //debug
188 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
189 if (bitnum > 0){
190 BinStream[bitnum]=77;
191 bitnum++;
192 }
193
194 lastBit+=*clk;//skip over error
195 }
196 }
197 if (bitnum >=400) break;
198 }
199 *size=bitnum;
200 } else{
201 *invert=bestStart;
202 *clk=iii;
203 return -1;
204 }
205 return bestErrCnt;
206 }
207
208 //by marshmellow
209 //take 10 and 01 and manchester decode
210 //run through 2 times and take least errCnt
211 int manrawdecode(uint8_t * BitStream, size_t *size)
212 {
213 int bitnum=0;
214 int errCnt =0;
215 int i=1;
216 int bestErr = 1000;
217 int bestRun = 0;
218 int ii=1;
219 for (ii=1;ii<3;++ii){
220 i=1;
221 for (i=i+ii;i<*size-2;i+=2){
222 if(BitStream[i]==1 && (BitStream[i+1]==0)){
223 } else if((BitStream[i]==0)&& BitStream[i+1]==1){
224 } else {
225 errCnt++;
226 }
227 if(bitnum>300) break;
228 }
229 if (bestErr>errCnt){
230 bestErr=errCnt;
231 bestRun=ii;
232 }
233 errCnt=0;
234 }
235 errCnt=bestErr;
236 if (errCnt<20){
237 ii=bestRun;
238 i=1;
239 for (i=i+ii;i < *size-2;i+=2){
240 if(BitStream[i] == 1 && (BitStream[i+1] == 0)){
241 BitStream[bitnum++]=0;
242 } else if((BitStream[i] == 0) && BitStream[i+1] == 1){
243 BitStream[bitnum++]=1;
244 } else {
245 BitStream[bitnum++]=77;
246 //errCnt++;
247 }
248 if(bitnum>300) break;
249 }
250 *size=bitnum;
251 }
252 return errCnt;
253 }
254
255
256 //by marshmellow
257 //take 01 or 10 = 0 and 11 or 00 = 1
258 int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset)
259 {
260 uint8_t bitnum=0;
261 uint32_t errCnt =0;
262 uint32_t i=1;
263 i=offset;
264 for (;i<*size-2;i+=2){
265 if((BitStream[i]==1 && BitStream[i+1]==0) || (BitStream[i]==0 && BitStream[i+1]==1)){
266 BitStream[bitnum++]=1;
267 } else if((BitStream[i]==0 && BitStream[i+1]==0) || (BitStream[i]==1 && BitStream[i+1]==1)){
268 BitStream[bitnum++]=0;
269 } else {
270 BitStream[bitnum++]=77;
271 errCnt++;
272 }
273 if(bitnum>250) break;
274 }
275 *size=bitnum;
276 return errCnt;
277 }
278
279 //by marshmellow
280 //takes 2 arguments - clock and invert both as integers
281 //attempts to demodulate ask only
282 //prints binary found and saves in graphbuffer for further commands
283 int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert)
284 {
285 uint32_t i;
286 // int invert=0; //invert default
287 int high = 0, low = 128;
288 *clk=DetectASKClock(BinStream, *size, *clk); //clock default
289 uint8_t BitStream[502] = {0};
290
291 if (*clk<8) *clk =64;
292 if (*clk<32) *clk=32;
293 if (*invert != 0 && *invert != 1) *invert =0;
294 uint32_t initLoopMax = 200;
295 if (initLoopMax>*size) initLoopMax=*size;
296 // Detect high and lows
297 for (i = 0; i < initLoopMax; ++i) //200 samples should be plenty to find high and low values
298 {
299 if (BinStream[i] > high)
300 high = BinStream[i];
301 else if (BinStream[i] < low)
302 low = BinStream[i];
303 }
304 if ((high < 158)){ //throw away static
305 // PrintAndLog("no data found");
306 return -2;
307 }
308 //25% fuzz in case highs and lows aren't clipped [marshmellow]
309 high=(int)((high-128)*.75)+128;
310 low= (int)((low-128)*.75)+128;
311
312 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
313 int lastBit = 0; //set first clock check
314 uint32_t bitnum = 0; //output counter
315 uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
316 if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
317 uint32_t iii = 0;
318 uint32_t gLen = *size;
319 if (gLen > 500) gLen=500;
320 uint8_t errCnt =0;
321 uint32_t bestStart = *size;
322 uint32_t bestErrCnt = (*size/1000);
323 uint8_t midBit=0;
324 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
325 //loop to find first wave that works
326 for (iii=0; iii < gLen; ++iii){
327 if ((BinStream[iii]>=high) || (BinStream[iii]<=low)){
328 lastBit=iii-*clk;
329 //loop through to see if this start location works
330 for (i = iii; i < *size; ++i) {
331 if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){
332 lastBit+=*clk;
333 BitStream[bitnum] = *invert;
334 bitnum++;
335 midBit=0;
336 } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){
337 //low found and we are expecting a bar
338 lastBit+=*clk;
339 BitStream[bitnum] = 1- *invert;
340 bitnum++;
341 midBit=0;
342 } else if ((BinStream[i]<=low) && (midBit==0) && ((i-lastBit)>((*clk/2)-tol))){
343 //mid bar?
344 midBit=1;
345 BitStream[bitnum]= 1- *invert;
346 bitnum++;
347 } else if ((BinStream[i]>=high) && (midBit==0) && ((i-lastBit)>((*clk/2)-tol))){
348 //mid bar?
349 midBit=1;
350 BitStream[bitnum]= *invert;
351 bitnum++;
352 } else if ((i-lastBit)>((*clk/2)+tol) && (midBit==0)){
353 //no mid bar found
354 midBit=1;
355 BitStream[bitnum]= BitStream[bitnum-1];
356 bitnum++;
357 } else {
358 //mid value found or no bar supposed to be here
359
360 if ((i-lastBit)>(*clk+tol)){
361 //should have hit a high or low based on clock!!
362 //debug
363 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
364 if (bitnum > 0){
365 BitStream[bitnum]=77;
366 bitnum++;
367 }
368
369
370 errCnt++;
371 lastBit+=*clk;//skip over until hit too many errors
372 if (errCnt > ((*size/1000))){ //allow 1 error for every 1000 samples else start over
373 errCnt=0;
374 bitnum=0;//start over
375 break;
376 }
377 }
378 }
379 if (bitnum>500) break;
380 }
381 //we got more than 64 good bits and not all errors
382 if ((bitnum > (64+errCnt)) && (errCnt<(*size/1000))) {
383 //possible good read
384 if (errCnt==0) break; //great read - finish
385 if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish
386 if (errCnt<bestErrCnt){ //set this as new best run
387 bestErrCnt=errCnt;
388 bestStart = iii;
389 }
390 }
391 }
392 if (iii>=gLen){ //exhausted test
393 //if there was a ok test go back to that one and re-run the best run (then dump after that run)
394 if (bestErrCnt < (*size/1000)) iii=bestStart;
395 }
396 }
397 if (bitnum>16){
398
399 // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
400 //move BitStream back to BinStream
401 // ClearGraph(0);
402 for (i=0; i < bitnum; ++i){
403 BinStream[i]=BitStream[i];
404 }
405 *size=bitnum;
406 // RepaintGraphWindow();
407 //output
408 // if (errCnt>0){
409 // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
410 // }
411 // PrintAndLog("ASK decoded bitstream:");
412 // Now output the bitstream to the scrollback by line of 16 bits
413 // printBitStream2(BitStream,bitnum);
414 //int errCnt=0;
415 //errCnt=manrawdemod(BitStream,bitnum);
416
417 // Em410xDecode(Cmd);
418 } else return -1;
419 return errCnt;
420 }
421 //translate wave to 11111100000 (1 for each short wave 0 for each long wave)
422 size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow)
423 {
424 uint32_t last_transition = 0;
425 uint32_t idx = 1;
426 uint32_t maxVal=0;
427 if (fchigh==0) fchigh=10;
428 if (fclow==0) fclow=8;
429 // we do care about the actual theshold value as sometimes near the center of the
430 // wave we may get static that changes direction of wave for one value
431 // if our value is too low it might affect the read. and if our tag or
432 // antenna is weak a setting too high might not see anything. [marshmellow]
433 if (size<100) return 0;
434 for(idx=1; idx<100; idx++){
435 if(maxVal<dest[idx]) maxVal = dest[idx];
436 }
437 // set close to the top of the wave threshold with 25% margin for error
438 // less likely to get a false transition up there.
439 // (but have to be careful not to go too high and miss some short waves)
440 uint8_t threshold_value = (uint8_t)(((maxVal-128)*.75)+128);
441
442 // sync to first lo-hi transition, and threshold
443
444 // Need to threshold first sample
445
446 if(dest[0] < threshold_value) dest[0] = 0;
447 else dest[0] = 1;
448
449 size_t numBits = 0;
450 // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
451 // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
452 // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
453 for(idx = 1; idx < size; idx++) {
454 // threshold current value
455
456 if (dest[idx] < threshold_value) dest[idx] = 0;
457 else dest[idx] = 1;
458
459 // Check for 0->1 transition
460 if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition
461 if ((idx-last_transition)<(fclow-2)){ //0-5 = garbage noise
462 //do nothing with extra garbage
463 } else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves
464 dest[numBits]=1;
465 } else { //9+ = 10 waves
466 dest[numBits]=0;
467 }
468 last_transition = idx;
469 numBits++;
470 }
471 }
472 return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
473 }
474
475 uint32_t myround2(float f)
476 {
477 if (f >= 2000) return 2000;//something bad happened
478 return (uint32_t) (f + (float)0.5);
479 }
480
481 //translate 11111100000 to 10
482 size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxConsequtiveBits,
483 uint8_t invert, uint8_t fchigh, uint8_t fclow)
484 {
485 uint8_t lastval=dest[0];
486 uint32_t idx=0;
487 size_t numBits=0;
488 uint32_t n=1;
489
490 for( idx=1; idx < size; idx++) {
491
492 if (dest[idx]==lastval) {
493 n++;
494 continue;
495 }
496 //if lastval was 1, we have a 1->0 crossing
497 if ( dest[idx-1]==1 ) {
498 n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow));
499 //n=(n+1) / h2l_crossing_value;
500 } else {// 0->1 crossing
501 n=myround2((float)(n+1)/((float)(rfLen-2)/(float)fchigh)); //-2 for fudge factor
502 //n=(n+1) / l2h_crossing_value;
503 }
504 if (n == 0) n = 1;
505
506 if(n < maxConsequtiveBits) //Consecutive
507 {
508 if(invert==0){ //invert bits
509 memset(dest+numBits, dest[idx-1] , n);
510 }else{
511 memset(dest+numBits, dest[idx-1]^1 , n);
512 }
513 numBits += n;
514 }
515 n=0;
516 lastval=dest[idx];
517 }//end for
518 return numBits;
519 }
520 //by marshmellow (from holiman's base)
521 // full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod)
522 int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow)
523 {
524 // FSK demodulator
525 size = fsk_wave_demod(dest, size, fchigh, fclow);
526 size = aggregate_bits(dest, size, rfLen, 192, invert, fchigh, fclow);
527 return size;
528 }
529 // loop to get raw HID waveform then FSK demodulate the TAG ID from it
530 int HIDdemodFSK(uint8_t *dest, size_t size, uint32_t *hi2, uint32_t *hi, uint32_t *lo)
531 {
532
533 size_t idx=0; //, found=0; //size=0,
534 // FSK demodulator
535 size = fskdemod(dest, size,50,0,10,8);
536
537 // final loop, go over previously decoded manchester data and decode into usable tag ID
538 // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
539 uint8_t frame_marker_mask[] = {1,1,1,0,0,0};
540 int numshifts = 0;
541 idx = 0;
542 //one scan
543 while( idx + sizeof(frame_marker_mask) < size) {
544 // search for a start of frame marker
545 if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
546 { // frame marker found
547 idx+=sizeof(frame_marker_mask);
548 while(dest[idx] != dest[idx+1] && idx < size-2)
549 {
550 // Keep going until next frame marker (or error)
551 // Shift in a bit. Start by shifting high registers
552 *hi2 = (*hi2<<1)|(*hi>>31);
553 *hi = (*hi<<1)|(*lo>>31);
554 //Then, shift in a 0 or one into low
555 if (dest[idx] && !dest[idx+1]) // 1 0
556 *lo=(*lo<<1)|0;
557 else // 0 1
558 *lo=(*lo<<1)|1;
559 numshifts++;
560 idx += 2;
561 }
562 // Hopefully, we read a tag and hit upon the next frame marker
563 if(idx + sizeof(frame_marker_mask) < size)
564 {
565 if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
566 {
567 //good return
568 return idx;
569 }
570 }
571 // reset
572 *hi2 = *hi = *lo = 0;
573 numshifts = 0;
574 }else {
575 idx++;
576 }
577 }
578 return -1;
579 }
580
581 uint32_t bytebits_to_byte(uint8_t* src, size_t numbits)
582 {
583 uint32_t num = 0;
584 for(int i = 0 ; i < numbits ; i++)
585 {
586 num = (num << 1) | (*src);
587 src++;
588 }
589 return num;
590 }
591
592 int IOdemodFSK(uint8_t *dest, size_t size)
593 {
594 static const uint8_t THRESHOLD = 140;
595 uint32_t idx=0;
596 //make sure buffer has data
597 if (size < 66) return -1;
598 //test samples are not just noise
599 uint8_t justNoise = 1;
600 for(idx=0;idx< size && justNoise ;idx++){
601 justNoise = dest[idx] < THRESHOLD;
602 }
603 if(justNoise) return 0;
604
605 // FSK demodulator
606 size = fskdemod(dest, size, 64, 1, 10, 8); // RF/64 and invert
607 if (size < 65) return -1; //did we get a good demod?
608 //Index map
609 //0 10 20 30 40 50 60
610 //| | | | | | |
611 //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
612 //-----------------------------------------------------------------------------
613 //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
614 //
615 //XSF(version)facility:codeone+codetwo
616 //Handle the data
617 uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1};
618 for( idx=0; idx < (size - 65); idx++) {
619 if ( memcmp(dest + idx, mask, sizeof(mask))==0) {
620 //frame marker found
621 if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){
622 //confirmed proper separator bits found
623 //return start position
624 return (int) idx;
625 }
626 }
627 }
628 return 0;
629 }
630
631 // by marshmellow
632 // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
633 // maybe somehow adjust peak trimming value based on samples to fix?
634 int DetectASKClock(uint8_t dest[], size_t size, int clock)
635 {
636 int i=0;
637 int peak=0;
638 int low=128;
639 int clk[]={16,32,40,50,64,100,128,256};
640 int loopCnt = 256; //don't need to loop through entire array...
641 if (size<loopCnt) loopCnt = size;
642
643 //if we already have a valid clock quit
644 for (;i<8;++i)
645 if (clk[i]==clock) return clock;
646
647 //get high and low peak
648 for (i=0;i<loopCnt;++i){
649 if(dest[i]>peak){
650 peak = dest[i];
651 }
652 if(dest[i]<low){
653 low = dest[i];
654 }
655 }
656 peak=(int)(((peak-128)*.75)+128);
657 low= (int)(((low-128)*.75)+128);
658 int ii;
659 int clkCnt;
660 int tol = 0;
661 int bestErr[]={1000,1000,1000,1000,1000,1000,1000,1000};
662 int errCnt=0;
663 //test each valid clock from smallest to greatest to see which lines up
664 for(clkCnt=0; clkCnt<6;++clkCnt){
665 if (clk[clkCnt]==32){
666 tol=1;
667 }else{
668 tol=0;
669 }
670 bestErr[clkCnt]=1000;
671 //try lining up the peaks by moving starting point (try first 256)
672 for (ii=0; ii<loopCnt; ++ii){
673 if ((dest[ii]>=peak) || (dest[ii]<=low)){
674 errCnt=0;
675 // now that we have the first one lined up test rest of wave array
676 for (i=0; i<((int)(size/clk[clkCnt])-1); ++i){
677 if (dest[ii+(i*clk[clkCnt])]>=peak || dest[ii+(i*clk[clkCnt])]<=low){
678 }else if(dest[ii+(i*clk[clkCnt])-tol]>=peak || dest[ii+(i*clk[clkCnt])-tol]<=low){
679 }else if(dest[ii+(i*clk[clkCnt])+tol]>=peak || dest[ii+(i*clk[clkCnt])+tol]<=low){
680 }else{ //error no peak detected
681 errCnt++;
682 }
683 }
684 //if we found no errors this is correct one - return this clock
685 if(errCnt==0) return clk[clkCnt];
686 //if we found errors see if it is lowest so far and save it as best run
687 if(errCnt<bestErr[clkCnt]) bestErr[clkCnt]=errCnt;
688 }
689 }
690 }
691 int iii=0;
692 int best=0;
693 for (iii=0; iii<7;++iii){
694 if (bestErr[iii]<bestErr[best]){
695 // current best bit to error ratio vs new bit to error ratio
696 if (((size/clk[best])/bestErr[best]<(size/clk[iii])/bestErr[iii]) ){
697 best = iii;
698 }
699 }
700 }
701 return clk[best];
702 }
703
704 //by marshmellow
705 //detect psk clock by reading #peaks vs no peaks(or errors)
706 int DetectpskNRZClock(uint8_t dest[], size_t size, int clock)
707 {
708 int i=0;
709 int peak=0;
710 int low=128;
711 int clk[]={16,32,40,50,64,100,128,256};
712 int loopCnt = 2048; //don't need to loop through entire array...
713 if (size<loopCnt) loopCnt = size;
714
715 //if we already have a valid clock quit
716 for (;i<8;++i)
717 if (clk[i]==clock) return clock;
718
719 //get high and low peak
720 for (i=0;i<loopCnt;++i){
721 if(dest[i]>peak){
722 peak = dest[i];
723 }
724 if(dest[i]<low){
725 low = dest[i];
726 }
727 }
728 peak=(int)(((peak-128)*.90)+128);
729 low= (int)(((low-128)*.90)+128);
730 //PrintAndLog("DEBUG: peak: %d, low: %d",peak,low);
731 int ii;
732 uint8_t clkCnt;
733 uint8_t tol = 0;
734 int peakcnt=0;
735 int errCnt=0;
736 int bestErr[]={1000,1000,1000,1000,1000,1000,1000,1000,1000};
737 int peaksdet[]={0,0,0,0,0,0,0,0,0};
738 //test each valid clock from smallest to greatest to see which lines up
739 for(clkCnt=0; clkCnt<6;++clkCnt){
740 if (clk[clkCnt]==32){
741 tol=0;
742 }else{
743 tol=0;
744 }
745 //try lining up the peaks by moving starting point (try first 256)
746 for (ii=0; ii<loopCnt; ++ii){
747 if ((dest[ii]>=peak) || (dest[ii]<=low)){
748 errCnt=0;
749 peakcnt=0;
750 // now that we have the first one lined up test rest of wave array
751 for (i=0; i<((int)(size/clk[clkCnt])-1); ++i){
752 if (dest[ii+(i*clk[clkCnt])]>=peak || dest[ii+(i*clk[clkCnt])]<=low){
753 peakcnt++;
754 }else if(dest[ii+(i*clk[clkCnt])-tol]>=peak || dest[ii+(i*clk[clkCnt])-tol]<=low){
755 peakcnt++;
756 }else if(dest[ii+(i*clk[clkCnt])+tol]>=peak || dest[ii+(i*clk[clkCnt])+tol]<=low){
757 peakcnt++;
758 }else{ //error no peak detected
759 errCnt++;
760 }
761 }
762 if(peakcnt>peaksdet[clkCnt]) {
763 peaksdet[clkCnt]=peakcnt;
764 bestErr[clkCnt]=errCnt;
765 }
766 }
767 }
768 }
769 int iii=0;
770 int best=0;
771 //int ratio2; //debug
772 int ratio;
773 //int bits;
774 for (iii=0; iii<7;++iii){
775 ratio=1000;
776 //ratio2=1000; //debug
777 //bits=size/clk[iii]; //debug
778 if (peaksdet[iii]>0){
779 ratio=bestErr[iii]/peaksdet[iii];
780 if (((bestErr[best]/peaksdet[best])>(ratio)+1)){
781 best = iii;
782 }
783 //ratio2=bits/peaksdet[iii]; //debug
784 }
785 //PrintAndLog("DEBUG: Clk: %d, peaks: %d, errs: %d, bestClk: %d, ratio: %d, bits: %d, peakbitr: %d",clk[iii],peaksdet[iii],bestErr[iii],clk[best],ratio, bits,ratio2);
786 }
787 return clk[best];
788 }
789
790 //by marshmellow (attempt to get rid of high immediately after a low)
791 void pskCleanWave(uint8_t *bitStream, size_t size)
792 {
793 int i;
794 int low=128;
795 int high=0;
796 int gap = 4;
797 // int loopMax = 2048;
798 int newLow=0;
799 int newHigh=0;
800 for (i=0; i<size; ++i){
801 if (bitStream[i]<low) low=bitStream[i];
802 if (bitStream[i]>high) high=bitStream[i];
803 }
804 high = (int)(((high-128)*.80)+128);
805 low = (int)(((low-128)*.90)+128);
806 //low = (uint8_t)(((int)(low)-128)*.80)+128;
807 for (i=0; i<size; ++i){
808 if (newLow==1){
809 bitStream[i]=low+8;
810 gap--;
811 if (gap==0){
812 newLow=0;
813 gap=4;
814 }
815 }else if (newHigh==1){
816 bitStream[i]=high-8;
817 gap--;
818 if (gap==0){
819 newHigh=0;
820 gap=4;
821 }
822 }
823 if (bitStream[i]<=low) newLow=1;
824 if (bitStream[i]>=high) newHigh=1;
825 }
826 return;
827 }
828
829
830 //redesigned by marshmellow adjusted from existing decode functions
831 //indala id decoding - only tested on 26 bit tags, but attempted to make it work for more
832 int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert)
833 {
834 //26 bit 40134 format (don't know other formats)
835 int i;
836 int long_wait;
837 long_wait = 29;//29 leading zeros in format
838 int start;
839 int first = 0;
840 int first2 = 0;
841 int bitCnt = 0;
842 int ii;
843 // Finding the start of a UID
844 for (start = 0; start <= *size - 250; start++) {
845 first = bitStream[start];
846 for (i = start; i < start + long_wait; i++) {
847 if (bitStream[i] != first) {
848 break;
849 }
850 }
851 if (i == (start + long_wait)) {
852 break;
853 }
854 }
855 if (start == *size - 250 + 1) {
856 // did not find start sequence
857 return -1;
858 }
859 //found start once now test length by finding next one
860 // Inverting signal if needed
861 if (first == 1) {
862 for (i = start; i < *size; i++) {
863 bitStream[i] = !bitStream[i];
864 }
865 *invert = 1;
866 }else *invert=0;
867
868 int iii;
869 for (ii=start+29; ii <= *size - 250; ii++) {
870 first2 = bitStream[ii];
871 for (iii = ii; iii < ii + long_wait; iii++) {
872 if (bitStream[iii] != first2) {
873 break;
874 }
875 }
876 if (iii == (ii + long_wait)) {
877 break;
878 }
879 }
880 if (ii== *size - 250 + 1){
881 // did not find second start sequence
882 return -2;
883 }
884 bitCnt=ii-start;
885
886 // Dumping UID
887 i = start;
888 for (ii = 0; ii < bitCnt; ii++) {
889 bitStream[ii] = bitStream[i++];
890 }
891 *size=bitCnt;
892 return 1;
893 }
894
895
896 //by marshmellow - demodulate PSK wave or NRZ wave (both similar enough)
897 //peaks switch bit (high=1 low=0) each clock cycle = 1 bit determined by last peak
898 int pskNRZrawDemod(uint8_t *dest, size_t *size, int *clk, int *invert)
899 {
900 pskCleanWave(dest,*size);
901 int clk2 = DetectpskNRZClock(dest, *size, *clk);
902 *clk=clk2;
903 uint32_t i;
904 uint8_t high=0, low=128;
905 uint32_t gLen = *size;
906 if (gLen > 1280) gLen=1280;
907 // get high
908 for (i=0; i<gLen; ++i){
909 if (dest[i]>high) high = dest[i];
910 if (dest[i]<low) low=dest[i];
911 }
912 //fudge high/low bars by 25%
913 high = (uint8_t)((((int)(high)-128)*.75)+128);
914 low = (uint8_t)((((int)(low)-128)*.80)+128);
915
916 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
917 int lastBit = 0; //set first clock check
918 uint32_t bitnum = 0; //output counter
919 uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
920 if (*clk==32)tol=2; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
921 uint32_t iii = 0;
922 uint8_t errCnt =0;
923 uint32_t bestStart = *size;
924 uint32_t maxErr = (*size/1000);
925 uint32_t bestErrCnt = maxErr;
926 //uint8_t midBit=0;
927 uint8_t curBit=0;
928 uint8_t bitHigh=0;
929 uint8_t ignorewin=*clk/8;
930 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
931 //loop to find first wave that works - align to clock
932 for (iii=0; iii < gLen; ++iii){
933 if ((dest[iii]>=high)||(dest[iii]<=low)){
934 lastBit=iii-*clk;
935 //loop through to see if this start location works
936 for (i = iii; i < *size; ++i) {
937 //if we found a high bar and we are at a clock bit
938 if ((dest[i]>=high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
939 bitHigh=1;
940 lastBit+=*clk;
941 ignorewin=*clk/8;
942 bitnum++;
943 //else if low bar found and we are at a clock point
944 }else if ((dest[i]<=low ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
945 bitHigh=1;
946 lastBit+=*clk;
947 ignorewin=*clk/8;
948 bitnum++;
949 //else if no bars found
950 }else if(dest[i]<high && dest[i]>low) {
951 if (ignorewin==0){
952 bitHigh=0;
953 }else ignorewin--;
954 //if we are past a clock point
955 if (i>=lastBit+*clk+tol){ //clock val
956 lastBit+=*clk;
957 bitnum++;
958 }
959 //else if bar found but we are not at a clock bit and we did not just have a clock bit
960 }else if ((dest[i]>=high || dest[i]<=low) && (i<lastBit+*clk-tol || i>lastBit+*clk+tol) && (bitHigh==0)){
961 //error bar found no clock...
962 errCnt++;
963 }
964 if (bitnum>=1000) break;
965 }
966 //we got more than 64 good bits and not all errors
967 if ((bitnum > (64+errCnt)) && (errCnt<(maxErr))) {
968 //possible good read
969 if (errCnt==0){
970 bestStart = iii;
971 bestErrCnt=errCnt;
972 break; //great read - finish
973 }
974 if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish
975 if (errCnt<bestErrCnt){ //set this as new best run
976 bestErrCnt=errCnt;
977 bestStart = iii;
978 }
979 }
980 }
981 }
982 if (bestErrCnt<maxErr){
983 //best run is good enough set to best run and set overwrite BinStream
984 iii=bestStart;
985 lastBit=bestStart-*clk;
986 bitnum=0;
987 for (i = iii; i < *size; ++i) {
988 //if we found a high bar and we are at a clock bit
989 if ((dest[i]>=high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
990 bitHigh=1;
991 lastBit+=*clk;
992 curBit=1-*invert;
993 dest[bitnum]=curBit;
994 ignorewin=*clk/8;
995 bitnum++;
996 //else if low bar found and we are at a clock point
997 }else if ((dest[i]<=low ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
998 bitHigh=1;
999 lastBit+=*clk;
1000 curBit=*invert;
1001 dest[bitnum]=curBit;
1002 ignorewin=*clk/8;
1003 bitnum++;
1004 //else if no bars found
1005 }else if(dest[i]<high && dest[i]>low) {
1006 if (ignorewin==0){
1007 bitHigh=0;
1008 }else ignorewin--;
1009 //if we are past a clock point
1010 if (i>=lastBit+*clk+tol){ //clock val
1011 lastBit+=*clk;
1012 dest[bitnum]=curBit;
1013 bitnum++;
1014 }
1015 //else if bar found but we are not at a clock bit and we did not just have a clock bit
1016 }else if ((dest[i]>=high || dest[i]<=low) && ((i<lastBit+*clk-tol) || (i>lastBit+*clk+tol)) && (bitHigh==0)){
1017 //error bar found no clock...
1018 bitHigh=1;
1019 dest[bitnum]=77;
1020 bitnum++;
1021 errCnt++;
1022 }
1023 if (bitnum >=1000) break;
1024 }
1025 *size=bitnum;
1026 } else{
1027 *size=bitnum;
1028 *clk=bestStart;
1029 return -1;
1030 }
1031
1032 if (bitnum>16){
1033 *size=bitnum;
1034 } else return -1;
1035 return errCnt;
1036 }
1037
Proxmark3 GIT tracking
Impressum, Datenschutz