]>
git.zerfleddert.de Git - proxmark3-svn/blob - common/lfdemod.c
1c3aad6fa8e123a766cb117307e1d408f9ba9e3f
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Low frequency commands
9 //-----------------------------------------------------------------------------
14 //#include <inttypes.h>
17 //#include "proxmark3.h"
21 //#include "cmdparser.h"
23 //#include "cmdmain.h"
24 //#include "cmddata.h"
25 //uint8_t BinStream[MAX_GRAPH_TRACE_LEN];
26 //uint8_t BinStreamLen;
29 //takes 1s and 0s and searches for EM410x format - output EM ID
30 uint64_t Em410xDecode(uint8_t *BitStream
,uint32_t BitLen
)
32 //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
33 // otherwise could be a void with no arguments
36 uint64_t lo
=0; //hi=0,
39 uint32_t initLoopMax
= 65;
40 if (initLoopMax
>BitLen
) initLoopMax
=BitLen
;
42 for (;i
< initLoopMax
; ++i
) //65 samples should be plenty to find high and low values
44 if (BitStream
[i
] > high
)
46 else if (BitStream
[i
] < low
)
49 if (((high
!=1)||(low
!=0))){ //allow only 1s and 0s
50 // PrintAndLog("no data found");
54 // 111111111 bit pattern represent start of frame
55 uint8_t frame_marker_mask
[] = {1,1,1,1,1,1,1,1,1};
59 while( (idx
+ 64) < BitLen
) {
61 // search for a start of frame marker
62 if ( memcmp(BitStream
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
63 { // frame marker found
64 idx
+=9;//sizeof(frame_marker_mask);
66 for(ii
=0; ii
<5; ++ii
){
67 parityTest
+= BitStream
[(i
*5)+ii
+idx
];
69 if (parityTest
== ((parityTest
>>1)<<1)){
71 for (ii
=0; ii
<4;++ii
){
72 //hi = (hi<<1)|(lo>>31);
73 lo
=(lo
<<1LL)|(BitStream
[(i
*5)+ii
+idx
]);
75 //PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo);
76 }else {//parity failed
77 //PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]);
80 if (resetCnt
>5)return 0;
82 goto restart
;//continue;
85 //skip last 5 bit parity test for simplicity.
95 //takes 2 arguments - clock and invert both as integers
96 //attempts to demodulate ask while decoding manchester
97 //prints binary found and saves in graphbuffer for further commands
98 int askmandemod(uint8_t * BinStream
,uint32_t *BitLen
,int *clk
, int *invert
)
101 //int invert=0; //invert default
102 int high
= 0, low
= 0;
103 *clk
=DetectClock2(BinStream
,(size_t)*BitLen
,*clk
); //clock default
104 uint8_t BitStream
[252] = {0};
106 //sscanf(Cmd, "%i %i", &clk, &invert);
107 if (*clk
<8) *clk
=64;
108 if (*clk
<32) *clk
=32;
109 if (*invert
!= 0 && *invert
!= 1) *invert
=0;
110 uint32_t initLoopMax
= 200;
111 if (initLoopMax
>*BitLen
) initLoopMax
=*BitLen
;
112 // Detect high and lows
113 //PrintAndLog("Using Clock: %d and invert=%d",clk,invert);
114 for (i
= 0; i
< initLoopMax
; ++i
) //200 samples should be enough to find high and low values
116 if (BinStream
[i
] > high
)
118 else if (BinStream
[i
] < low
)
121 if ((high
< 30) && ((high
!=1)||(low
!=-1))){ //throw away static - allow 1 and -1 (in case of threshold command first)
122 //PrintAndLog("no data found");
125 //13% fuzz in case highs and lows aren't clipped [marshmellow]
126 high
=(int)(0.75*high
);
129 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
130 int lastBit
= 0; //set first clock check
131 uint32_t bitnum
= 0; //output counter
132 uint8_t tol
= 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
133 if (*clk
==32)tol
=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
135 uint32_t gLen
= *BitLen
;
136 if (gLen
> 500) gLen
=500;
138 uint32_t bestStart
= *BitLen
;
139 uint32_t bestErrCnt
= (*BitLen
/1000);
140 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
141 //loop to find first wave that works
142 for (iii
=0; iii
< gLen
; ++iii
){
143 if ((BinStream
[iii
]>=high
)||(BinStream
[iii
]<=low
)){
146 //loop through to see if this start location works
147 for (i
= iii
; i
< *BitLen
; ++i
) {
148 if ((BinStream
[i
] >= high
) && ((i
-lastBit
)>(*clk
-tol
))){
150 BitStream
[bitnum
] = *invert
;
152 } else if ((BinStream
[i
] <= low
) && ((i
-lastBit
)>(*clk
-tol
))){
153 //low found and we are expecting a bar
155 BitStream
[bitnum
] = 1-*invert
;
158 //mid value found or no bar supposed to be here
159 if ((i
-lastBit
)>(*clk
+tol
)){
160 //should have hit a high or low based on clock!!
164 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
166 BitStream
[bitnum
]=77;
172 lastBit
+=*clk
;//skip over until hit too many errors
173 if (errCnt
>((*BitLen
/1000))){ //allow 1 error for every 1000 samples else start over
175 bitnum
=0;//start over
180 if (bitnum
>250) break;
182 //we got more than 64 good bits and not all errors
183 if ((bitnum
> (64+errCnt
)) && (errCnt
<(*BitLen
/1000))) {
185 if (errCnt
==0) break; //great read - finish
186 if (bestStart
== iii
) break; //if current run == bestErrCnt run (after exhausted testing) then finish
187 if (errCnt
<bestErrCnt
){ //set this as new best run
193 if (iii
>=gLen
){ //exhausted test
194 //if there was a ok test go back to that one and re-run the best run (then dump after that run)
195 if (bestErrCnt
< (*BitLen
/1000)) iii
=bestStart
;
200 // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
201 //move BitStream back to GraphBuffer
203 for (i
=0; i
< bitnum
; ++i
){
204 BinStream
[i
]=BitStream
[i
];
207 //RepaintGraphWindow();
210 // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
212 // PrintAndLog("ASK decoded bitstream:");
213 // Now output the bitstream to the scrollback by line of 16 bits
214 // printBitStream2(BitStream,bitnum);
215 // Em410xDecode(Cmd);
221 //take 10 and 01 and manchester decode
222 //run through 2 times and take least errCnt
223 int manrawdemod(uint8_t * BitStream
, int *bitLen
)
225 uint8_t BitStream2
[252]={0};
233 for (ii
=1;ii
<3;++ii
){
235 for (i
=i
+ii
;i
<*bitLen
-2;i
+=2){
236 if(BitStream
[i
]==1 && (BitStream
[i
+1]==0)){
237 BitStream2
[bitnum
++]=0;
238 } else if((BitStream
[i
]==0)&& BitStream
[i
+1]==1){
239 BitStream2
[bitnum
++]=1;
241 BitStream2
[bitnum
++]=77;
244 if(bitnum
>250) break;
250 if (ii
>1 || finish
==1) {
263 for (i
=0; i
<bitnum
;++i
){
264 BitStream
[i
]=BitStream2
[i
];
272 //takes 2 arguments - clock and invert both as integers
273 //attempts to demodulate ask only
274 //prints binary found and saves in graphbuffer for further commands
275 int askrawdemod(uint8_t *BinStream
, int *bitLen
,int *clk
, int *invert
)
278 // int invert=0; //invert default
279 int high
= 0, low
= 0;
280 *clk
=DetectClock2(BinStream
,*bitLen
,*clk
); //clock default
281 uint8_t BitStream
[502] = {0};
283 if (*clk
<8) *clk
=64;
284 if (*clk
<32) *clk
=32;
285 if (*invert
!= 0 && *invert
!= 1) *invert
=0;
286 uint32_t initLoopMax
= 200;
287 if (initLoopMax
>*bitLen
) initLoopMax
=*bitLen
;
288 // Detect high and lows
289 for (i
= 0; i
< initLoopMax
; ++i
) //200 samples should be plenty to find high and low values
291 if (BinStream
[i
] > high
)
293 else if (BinStream
[i
] < low
)
296 if ((high
< 30) && ((high
!=1)||(low
!=-1))){ //throw away static - allow 1 and -1 (in case of threshold command first)
297 // PrintAndLog("no data found");
300 //25% fuzz in case highs and lows aren't clipped [marshmellow]
301 high
=(int)(0.75*high
);
304 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
305 int lastBit
= 0; //set first clock check
306 uint32_t bitnum
= 0; //output counter
307 uint8_t tol
= 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
308 if (*clk
==32)tol
=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
310 uint32_t gLen
= *bitLen
;
311 if (gLen
> 500) gLen
=500;
313 uint32_t bestStart
= *bitLen
;
314 uint32_t bestErrCnt
= (*bitLen
/1000);
316 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
317 //loop to find first wave that works
318 for (iii
=0; iii
< gLen
; ++iii
){
319 if ((BinStream
[iii
]>=high
)||(BinStream
[iii
]<=low
)){
321 //loop through to see if this start location works
322 for (i
= iii
; i
< *bitLen
; ++i
) {
323 if ((BinStream
[i
] >= high
) && ((i
-lastBit
)>(*clk
-tol
))){
325 BitStream
[bitnum
] = *invert
;
328 } else if ((BinStream
[i
] <= low
) && ((i
-lastBit
)>(*clk
-tol
))){
329 //low found and we are expecting a bar
331 BitStream
[bitnum
] = 1-*invert
;
334 } else if ((BinStream
[i
]<=low
) && (midBit
==0) && ((i
-lastBit
)>((*clk
/2)-tol
))){
337 BitStream
[bitnum
]= 1-*invert
;
339 } else if ((BinStream
[i
]>=high
)&&(midBit
==0) && ((i
-lastBit
)>((*clk
/2)-tol
))){
342 BitStream
[bitnum
]= *invert
;
344 } else if ((i
-lastBit
)>((*clk
/2)+tol
)&&(midBit
==0)){
347 BitStream
[bitnum
]= BitStream
[bitnum
-1];
350 //mid value found or no bar supposed to be here
352 if ((i
-lastBit
)>(*clk
+tol
)){
353 //should have hit a high or low based on clock!!
355 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
357 BitStream
[bitnum
]=77;
363 lastBit
+=*clk
;//skip over until hit too many errors
364 if (errCnt
>((*bitLen
/1000))){ //allow 1 error for every 1000 samples else start over
366 bitnum
=0;//start over
371 if (bitnum
>500) break;
373 //we got more than 64 good bits and not all errors
374 if ((bitnum
> (64+errCnt
)) && (errCnt
<(*bitLen
/1000))) {
376 if (errCnt
==0) break; //great read - finish
377 if (bestStart
== iii
) break; //if current run == bestErrCnt run (after exhausted testing) then finish
378 if (errCnt
<bestErrCnt
){ //set this as new best run
384 if (iii
>=gLen
){ //exhausted test
385 //if there was a ok test go back to that one and re-run the best run (then dump after that run)
386 if (bestErrCnt
< (*bitLen
/1000)) iii
=bestStart
;
391 // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
392 //move BitStream back to BinStream
394 for (i
=0; i
< bitnum
; ++i
){
395 BinStream
[i
]=BitStream
[i
];
398 // RepaintGraphWindow();
401 // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
403 // PrintAndLog("ASK decoded bitstream:");
404 // Now output the bitstream to the scrollback by line of 16 bits
405 // printBitStream2(BitStream,bitnum);
407 //errCnt=manrawdemod(BitStream,bitnum);
409 // Em410xDecode(Cmd);
413 //translate wave to 11111100000 (1 for each short wave 0 for each long wave)
414 size_t fsk_wave_demod(uint8_t * dest
, size_t size
)
416 uint32_t last_transition
= 0;
420 // we do care about the actual theshold value as sometimes near the center of the
421 // wave we may get static that changes direction of wave for one value
422 // if our value is too low it might affect the read. and if our tag or
423 // antenna is weak a setting too high might not see anything. [marshmellow]
424 if (size
<100) return 0;
425 for(idx
=1; idx
<100; idx
++){
426 if(maxVal
<dest
[idx
]) maxVal
= dest
[idx
];
428 // set close to the top of the wave threshold with 13% margin for error
429 // less likely to get a false transition up there.
430 // (but have to be careful not to go too high and miss some short waves)
431 uint8_t threshold_value
= (uint8_t)(maxVal
*.87); idx
=1;
432 //uint8_t threshold_value = 127;
434 // sync to first lo-hi transition, and threshold
436 // Need to threshold first sample
437 if(dest
[0] < threshold_value
) dest
[0] = 0;
441 // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
442 // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
443 // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
444 for(idx
= 1; idx
< size
; idx
++) {
445 // threshold current value
446 if (dest
[idx
] < threshold_value
) dest
[idx
] = 0;
449 // Check for 0->1 transition
450 if (dest
[idx
-1] < dest
[idx
]) { // 0 -> 1 transition
451 if (idx
-last_transition
<6){ //0-5 = garbage noise
452 //do nothing with extra garbage
453 } else if (idx
-last_transition
< 9) { //6-8 = 8 waves
455 } else { //9+ = 10 waves
458 last_transition
= idx
;
462 return numBits
; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
465 uint32_t myround2(float f
)
467 if (f
>= 2000) return 2000;//something bad happened
468 return (uint32_t) (f
+ (float)0.5);
471 //translate 11111100000 to 10
472 size_t aggregate_bits(uint8_t *dest
,size_t size
, uint8_t rfLen
, uint8_t maxConsequtiveBits
, uint8_t invert
)// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value,
474 uint8_t lastval
=dest
[0];
479 for( idx
=1; idx
< size
; idx
++) {
481 if (dest
[idx
]==lastval
) {
485 //if lastval was 1, we have a 1->0 crossing
486 if ( dest
[idx
-1]==1 ) {
487 n
=myround2((float)(n
+1)/((float)(rfLen
)/(float)8));
488 //n=(n+1) / h2l_crossing_value;
489 } else {// 0->1 crossing
490 n
=myround2((float)(n
+1)/((float)(rfLen
-2)/(float)10)); //-2 for fudge factor
491 //n=(n+1) / l2h_crossing_value;
495 if(n
< maxConsequtiveBits
) //Consecutive
497 if(invert
==0){ //invert bits
498 memset(dest
+numBits
, dest
[idx
-1] , n
);
500 memset(dest
+numBits
, dest
[idx
-1]^1 , n
);
509 //by marshmellow (from holiman's base)
510 // full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod)
511 int fskdemod(uint8_t *dest
, size_t size
, uint8_t rfLen
, uint8_t invert
)
513 //uint8_t h2l_crossing_value = 6;
514 //uint8_t l2h_crossing_value = 5;
516 // if (rfLen==64) //currently only know settings for RF/64 change from default if option entered
518 // h2l_crossing_value=8; //or 8 as 64/8 = 8
519 // l2h_crossing_value=6; //or 6.4 as 64/10 = 6.4
521 // size_t size = GraphTraceLen;
523 size
= fsk_wave_demod(dest
, size
);
524 size
= aggregate_bits(dest
, size
,rfLen
,192,invert
);
525 // size = aggregate_bits(size, h2l_crossing_value, l2h_crossing_value,192, invert); //192=no limit to same values
526 //done messing with GraphBuffer - repaint
527 //RepaintGraphWindow();
530 // loop to get raw HID waveform then FSK demodulate the TAG ID from it
531 int HIDdemodFSK(uint8_t *dest
, size_t size
, uint32_t *hi2
, uint32_t *hi
, uint32_t *lo
)
534 size_t idx
=0; //, found=0; //size=0,
536 size
= fskdemod(dest
, size
,50,0);
538 // final loop, go over previously decoded manchester data and decode into usable tag ID
539 // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
540 uint8_t frame_marker_mask
[] = {1,1,1,0,0,0};
544 while( idx
+ sizeof(frame_marker_mask
) < size
) {
545 // search for a start of frame marker
546 if ( memcmp(dest
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
547 { // frame marker found
548 idx
+=sizeof(frame_marker_mask
);
549 while(dest
[idx
] != dest
[idx
+1] && idx
< size
-2)
551 // Keep going until next frame marker (or error)
552 // Shift in a bit. Start by shifting high registers
553 *hi2
= (*hi2
<<1)|(*hi
>>31);
554 *hi
= (*hi
<<1)|(*lo
>>31);
555 //Then, shift in a 0 or one into low
556 if (dest
[idx
] && !dest
[idx
+1]) // 1 0
563 // Hopefully, we read a tag and hit upon the next frame marker
564 if(idx
+ sizeof(frame_marker_mask
) < size
)
566 if ( memcmp(dest
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
573 *hi2
= *hi
= *lo
= 0;
582 uint32_t bytebits_to_byte(uint8_t* src
, int numbits
)
585 for(int i
= 0 ; i
< numbits
; i
++)
587 num
= (num
<< 1) | (*src
);
593 int IOdemodFSK(uint8_t *dest
, size_t size
)
596 //make sure buffer has data
597 if (size
< 64) return -1;
598 //test samples are not just noise
600 for(idx
=0;idx
<64;idx
++){
601 if (testMax
<dest
[idx
]) testMax
=dest
[idx
];
607 size
= fskdemod(dest
, size
,64,1);
609 //0 10 20 30 40 50 60
611 //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
612 //-----------------------------------------------------------------------------
613 //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
615 //XSF(version)facility:codeone+codetwo
617 uint8_t mask
[] = {0,0,0,0,0,0,0,0,0,1};
618 for( idx
=0; idx
< (size
- 74); idx
++) {
619 if ( memcmp(dest
+ idx
, mask
, sizeof(mask
))==0) {
621 if (!dest
[idx
+8] && dest
[idx
+17]==1 && dest
[idx
+26]==1 && dest
[idx
+35]==1 && dest
[idx
+44]==1 && dest
[idx
+53]==1){
622 //confirmed proper separator bits found
623 //return start position
633 // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
634 // maybe somehow adjust peak trimming value based on samples to fix?
635 int DetectClock2(uint8_t dest
[], size_t size
, int clock
)
640 int clk
[]={16,32,40,50,64,100,128,256};
642 if (clk
[i
]==clock
) return clock
;
644 for (i
=0;i
<size
;++i
){
652 peak
=(int)(peak
*.75);
657 if (size
<loopCnt
) loopCnt
= size
;
661 int errCnt
[]={0,0,0,0,0,0,0,0};
662 for(clkCnt
=0; clkCnt
<6;++clkCnt
){
663 if (clk
[clkCnt
]==32){
669 for (ii
=0; ii
<loopCnt
; ++ii
){
670 if ((dest
[ii
]>=peak
) || (dest
[ii
]<=low
)){
672 for (i
=0; i
<((int)(size
/clk
[clkCnt
])-1); ++i
){
673 if (dest
[ii
+(i
*clk
[clkCnt
])]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])]<=low
){
674 }else if(dest
[ii
+(i
*clk
[clkCnt
])-tol
]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])-tol
]<=low
){
675 }else if(dest
[ii
+(i
*clk
[clkCnt
])+tol
]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])+tol
]<=low
){
676 }else{ //error no peak detected
680 if(errCnt
[clkCnt
]==0) return clk
[clkCnt
];
681 if(errCnt
[clkCnt
]<bestErr
) bestErr
=errCnt
[clkCnt
];
684 errCnt
[clkCnt
]=bestErr
;
688 for (iii
=0; iii
<6;++iii
){
689 if (errCnt
[iii
]<errCnt
[best
]){