]>
git.zerfleddert.de Git - proxmark3-svn/blob - common/lfdemod.c
1d668a143bbccdf294b6be5b2367dde0f6c0a4bc
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Low frequency commands
9 //-----------------------------------------------------------------------------
14 //#include <inttypes.h>
17 //#include "proxmark3.h"
21 //#include "cmdparser.h"
23 //#include "cmdmain.h"
24 //#include "cmddata.h"
25 //uint8_t BinStream[MAX_GRAPH_TRACE_LEN];
26 //uint8_t BinStreamLen;
29 //takes 1s and 0s and searches for EM410x format - output EM ID
30 uint64_t Em410xDecode(uint8_t BitStream
[],uint32_t BitLen
)
32 //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
33 // otherwise could be a void with no arguments
36 uint64_t lo
=0; //hi=0,
39 uint32_t initLoopMax
= 1000;
40 if (initLoopMax
>BitLen
) initLoopMax
=BitLen
;
42 for (;i
< initLoopMax
; ++i
) //1000 samples should be plenty to find high and low values
44 if (BitStream
[i
] > high
)
46 else if (BitStream
[i
] < low
)
49 if (((high
!=1)||(low
!=0))){ //allow only 1s and 0s
50 // PrintAndLog("no data found");
54 // 111111111 bit pattern represent start of frame
55 uint8_t frame_marker_mask
[] = {1,1,1,1,1,1,1,1,1};
59 while( (idx
+ 64) < BitLen
) {
61 // search for a start of frame marker
62 if ( memcmp(BitStream
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
63 { // frame marker found
64 idx
+=9;//sizeof(frame_marker_mask);
66 for(ii
=0; ii
<5; ++ii
){
67 parityTest
+= BitStream
[(i
*5)+ii
+idx
];
69 if (parityTest
== ((parityTest
>>1)<<1)){
71 for (ii
=0; ii
<4;++ii
){
72 //hi = (hi<<1)|(lo>>31);
73 lo
=(lo
<<1LL)|(BitStream
[(i
*5)+ii
+idx
]);
75 //PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo);
76 }else {//parity failed
77 //PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]);
80 if (resetCnt
>5)return 0;
82 goto restart
;//continue;
85 //skip last 5 bit parity test for simplicity.
95 //takes 2 arguments - clock and invert both as integers
96 //attempts to demodulate ask while decoding manchester
97 //prints binary found and saves in graphbuffer for further commands
98 int askmandemod(uint8_t * BinStream
,uint32_t *BitLen
,int *clk
, int *invert
)
101 //int invert=0; //invert default
102 int high
= 0, low
= 0;
103 *clk
=DetectClock2(BinStream
,(size_t)*BitLen
,*clk
); //clock default
104 uint8_t BitStream
[MAX_BitStream_LEN
] = {0};
106 //sscanf(Cmd, "%i %i", &clk, &invert);
107 if (*clk
<8) *clk
=64;
108 if (*clk
<32) *clk
=32;
109 if (*invert
!= 0 && *invert
!= 1) *invert
=0;
110 uint32_t initLoopMax
= 1000;
111 if (initLoopMax
>*BitLen
) initLoopMax
=*BitLen
;
112 // Detect high and lows
113 //PrintAndLog("Using Clock: %d and invert=%d",clk,invert);
114 for (i
= 0; i
< initLoopMax
; ++i
) //1000 samples should be plenty to find high and low values
116 if (BinStream
[i
] > high
)
118 else if (BinStream
[i
] < low
)
121 if ((high
< 30) && ((high
!=1)||(low
!=-1))){ //throw away static - allow 1 and -1 (in case of threshold command first)
122 //PrintAndLog("no data found");
125 //13% fuzz in case highs and lows aren't clipped [marshmellow]
126 high
=(int)(0.75*high
);
129 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
130 int lastBit
= 0; //set first clock check
131 uint32_t bitnum
= 0; //output counter
132 uint8_t tol
= 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
133 if (*clk
==32)tol
=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
135 uint32_t gLen
= *BitLen
;
136 if (gLen
> 500) gLen
=500;
138 uint32_t bestStart
= *BitLen
;
139 uint32_t bestErrCnt
= (*BitLen
/1000);
140 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
141 //loop to find first wave that works
142 for (iii
=0; iii
< gLen
; ++iii
){
143 if ((BinStream
[iii
]>=high
)||(BinStream
[iii
]<=low
)){
145 //loop through to see if this start location works
146 for (i
= iii
; i
< *BitLen
; ++i
) {
147 if ((BinStream
[i
] >= high
) && ((i
-lastBit
)>(*clk
-tol
))){
149 BitStream
[bitnum
] = *invert
;
151 } else if ((BinStream
[i
] <= low
) && ((i
-lastBit
)>(*clk
-tol
))){
152 //low found and we are expecting a bar
154 BitStream
[bitnum
] = 1-*invert
;
157 //mid value found or no bar supposed to be here
158 if ((i
-lastBit
)>(*clk
+tol
)){
159 //should have hit a high or low based on clock!!
163 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
165 BitStream
[bitnum
]=77;
171 lastBit
+=*clk
;//skip over until hit too many errors
172 if (errCnt
>((*BitLen
/1000))){ //allow 1 error for every 1000 samples else start over
174 bitnum
=0;//start over
180 //we got more than 64 good bits and not all errors
181 if ((bitnum
> (64+errCnt
)) && (errCnt
<(*BitLen
/1000))) {
183 if (errCnt
==0) break; //great read - finish
184 if (bestStart
== iii
) break; //if current run == bestErrCnt run (after exhausted testing) then finish
185 if (errCnt
<bestErrCnt
){ //set this as new best run
191 if (iii
>=gLen
){ //exhausted test
192 //if there was a ok test go back to that one and re-run the best run (then dump after that run)
193 if (bestErrCnt
< (*BitLen
/1000)) iii
=bestStart
;
198 // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
199 //move BitStream back to GraphBuffer
201 for (i
=0; i
< bitnum
; ++i
){
202 BinStream
[i
]=BitStream
[i
];
205 //RepaintGraphWindow();
208 // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
210 // PrintAndLog("ASK decoded bitstream:");
211 // Now output the bitstream to the scrollback by line of 16 bits
212 // printBitStream2(BitStream,bitnum);
213 // Em410xDecode(Cmd);
219 //take 10 and 01 and manchester decode
220 //run through 2 times and take least errCnt
221 int manrawdemod(uint8_t * BitStream
, int *bitLen
)
223 uint8_t BitStream2
[MAX_BitStream_LEN
]={0};
231 for (ii
=1;ii
<3;++ii
){
233 for (i
=i
+ii
;i
<*bitLen
-2;i
+=2){
234 if(BitStream
[i
]==1 && (BitStream
[i
+1]==0)){
235 BitStream2
[bitnum
++]=0;
236 } else if((BitStream
[i
]==0)&& BitStream
[i
+1]==1){
237 BitStream2
[bitnum
++]=1;
239 BitStream2
[bitnum
++]=77;
247 if (ii
>1 || finish
==1) {
260 for (i
=0; i
<bitnum
;++i
){
261 BitStream
[i
]=BitStream2
[i
];
269 //takes 2 arguments - clock and invert both as integers
270 //attempts to demodulate ask only
271 //prints binary found and saves in graphbuffer for further commands
272 int askrawdemod(uint8_t *BinStream
, int *bitLen
,int *clk
, int *invert
)
275 // int invert=0; //invert default
276 int high
= 0, low
= 0;
277 *clk
=DetectClock2(BinStream
,*bitLen
,*clk
); //clock default
278 uint8_t BitStream
[MAX_BitStream_LEN
] = {0};
280 if (*clk
<8) *clk
=64;
281 if (*clk
<32) *clk
=32;
282 if (*invert
!= 0 && *invert
!= 1) *invert
=0;
283 uint32_t initLoopMax
= 1000;
284 if (initLoopMax
>*bitLen
) initLoopMax
=*bitLen
;
285 // Detect high and lows
286 for (i
= 0; i
< initLoopMax
; ++i
) //1000 samples should be plenty to find high and low values
288 if (BinStream
[i
] > high
)
290 else if (BinStream
[i
] < low
)
293 if ((high
< 30) && ((high
!=1)||(low
!=-1))){ //throw away static - allow 1 and -1 (in case of threshold command first)
294 // PrintAndLog("no data found");
297 //13% fuzz in case highs and lows aren't clipped [marshmellow]
298 high
=(int)(0.75*high
);
301 //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
302 int lastBit
= 0; //set first clock check
303 uint32_t bitnum
= 0; //output counter
304 uint8_t tol
= 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
305 if (*clk
==32)tol
=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
307 uint32_t gLen
= *bitLen
;
308 if (gLen
> 500) gLen
=500;
310 uint32_t bestStart
= *bitLen
;
311 uint32_t bestErrCnt
= (*bitLen
/1000);
313 //PrintAndLog("DEBUG - lastbit - %d",lastBit);
314 //loop to find first wave that works
315 for (iii
=0; iii
< gLen
; ++iii
){
316 if ((BinStream
[iii
]>=high
)||(BinStream
[iii
]<=low
)){
318 //loop through to see if this start location works
319 for (i
= iii
; i
< *bitLen
; ++i
) {
320 if ((BinStream
[i
] >= high
) && ((i
-lastBit
)>(*clk
-tol
))){
322 BitStream
[bitnum
] = *invert
;
325 } else if ((BinStream
[i
] <= low
) && ((i
-lastBit
)>(*clk
-tol
))){
326 //low found and we are expecting a bar
328 BitStream
[bitnum
] = 1-*invert
;
331 } else if ((BinStream
[i
]<=low
) && (midBit
==0) && ((i
-lastBit
)>((*clk
/2)-tol
))){
334 BitStream
[bitnum
]= 1-*invert
;
336 } else if ((BinStream
[i
]>=high
)&&(midBit
==0) && ((i
-lastBit
)>((*clk
/2)-tol
))){
339 BitStream
[bitnum
]= *invert
;
341 } else if ((i
-lastBit
)>((*clk
/2)+tol
)&&(midBit
==0)){
344 BitStream
[bitnum
]= BitStream
[bitnum
-1];
347 //mid value found or no bar supposed to be here
349 if ((i
-lastBit
)>(*clk
+tol
)){
350 //should have hit a high or low based on clock!!
352 //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
354 BitStream
[bitnum
]=77;
360 lastBit
+=*clk
;//skip over until hit too many errors
361 if (errCnt
>((*bitLen
/1000))){ //allow 1 error for every 1000 samples else start over
363 bitnum
=0;//start over
369 //we got more than 64 good bits and not all errors
370 if ((bitnum
> (64+errCnt
)) && (errCnt
<(*bitLen
/1000))) {
372 if (errCnt
==0) break; //great read - finish
373 if (bestStart
== iii
) break; //if current run == bestErrCnt run (after exhausted testing) then finish
374 if (errCnt
<bestErrCnt
){ //set this as new best run
380 if (iii
>=gLen
){ //exhausted test
381 //if there was a ok test go back to that one and re-run the best run (then dump after that run)
382 if (bestErrCnt
< (*bitLen
/1000)) iii
=bestStart
;
387 // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
388 //move BitStream back to BinStream
390 for (i
=0; i
< bitnum
; ++i
){
391 BinStream
[i
]=BitStream
[i
];
394 // RepaintGraphWindow();
397 // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
399 // PrintAndLog("ASK decoded bitstream:");
400 // Now output the bitstream to the scrollback by line of 16 bits
401 // printBitStream2(BitStream,bitnum);
403 //errCnt=manrawdemod(BitStream,bitnum);
405 // Em410xDecode(Cmd);
409 //translate wave to 11111100000 (1 for each short wave 0 for each long wave)
410 size_t fsk_wave_demod2(uint8_t * dest
, size_t size
)
412 uint32_t last_transition
= 0;
415 // // we don't care about actual value, only if it's more or less than a
416 // // threshold essentially we capture zero crossings for later analysis
418 // we do care about the actual value as sometimes near the center of the
419 // wave we may get static that changes direction of wave for one value
420 // if our value is too low it might affect the read. and if our tag or
421 // antenna is weak a setting too high might not see anything. [marshmellow]
422 if (size
<100) return 0;
423 for(idx
=1; idx
<100; idx
++){
424 if(maxVal
<dest
[idx
]) maxVal
= dest
[idx
];
426 // set close to the top of the wave threshold with 13% margin for error
427 // less likely to get a false transition up there.
428 // (but have to be careful not to go too high and miss some short waves)
429 uint32_t threshold_value
= (uint32_t)(maxVal
*.87); idx
=1;
430 //uint8_t threshold_value = 127;
432 // sync to first lo-hi transition, and threshold
434 // Need to threshold first sample
435 if(dest
[0] < threshold_value
) dest
[0] = 0;
439 // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
440 // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
441 // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
442 for(idx
= 1; idx
< size
; idx
++) {
443 // threshold current value
444 if (dest
[idx
] < threshold_value
) dest
[idx
] = 0;
447 // Check for 0->1 transition
448 if (dest
[idx
-1] < dest
[idx
]) { // 0 -> 1 transition
449 if (idx
-last_transition
<6){
450 //do nothing with extra garbage
451 } else if (idx
-last_transition
< 9) {
456 last_transition
= idx
;
460 return numBits
; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
463 uint32_t myround2(float f
)
465 if (f
>= 2000) return 2000;//something bad happened
466 return (uint32_t) (f
+ (float)0.5);
469 //translate 11111100000 to 10
470 size_t aggregate_bits2(uint8_t *dest
,size_t size
, uint8_t rfLen
, uint8_t maxConsequtiveBits
, uint8_t invert
)// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value,
472 uint8_t lastval
=dest
[0];
477 for( idx
=1; idx
< size
; idx
++) {
479 if (dest
[idx
]==lastval
) {
483 //if lastval was 1, we have a 1->0 crossing
484 if ( dest
[idx
-1]==1 ) {
485 n
=myround2((float)(n
+1)/((float)(rfLen
)/(float)8));
486 //n=(n+1) / h2l_crossing_value;
487 } else {// 0->1 crossing
488 n
=myround2((float)(n
+1)/((float)(rfLen
-2)/(float)10));
489 //n=(n+1) / l2h_crossing_value;
493 if(n
< maxConsequtiveBits
) //Consecutive
495 if(invert
==0){ //invert bits
496 memset(dest
+numBits
, dest
[idx
-1] , n
);
498 memset(dest
+numBits
, dest
[idx
-1]^1 , n
);
507 //by marshmellow (from holiman's base)
508 // full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod)
509 int fskdemod(uint8_t *dest
, size_t size
, uint8_t rfLen
, uint8_t invert
)
511 //uint8_t h2l_crossing_value = 6;
512 //uint8_t l2h_crossing_value = 5;
514 // if (rfLen==64) //currently only know settings for RF/64 change from default if option entered
516 // h2l_crossing_value=8; //or 8 as 64/8 = 8
517 // l2h_crossing_value=6; //or 6.4 as 64/10 = 6.4
519 // size_t size = GraphTraceLen;
521 size
= fsk_wave_demod2(dest
, size
);
522 size
= aggregate_bits2(dest
, size
,rfLen
,192,invert
);
523 // size = aggregate_bits(size, h2l_crossing_value, l2h_crossing_value,192, invert); //192=no limit to same values
524 //done messing with GraphBuffer - repaint
525 //RepaintGraphWindow();
528 // loop to get raw HID waveform then FSK demodulate the TAG ID from it
529 int HIDdemodFSK(uint8_t *dest
, size_t size
, uint32_t *hi2
, uint32_t *hi
, uint32_t *lo
)
532 size_t idx
=0; //, found=0; //size=0,
534 size
= fskdemod(dest
, size
,50,0);
536 // final loop, go over previously decoded manchester data and decode into usable tag ID
537 // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
538 uint8_t frame_marker_mask
[] = {1,1,1,0,0,0};
542 while( idx
+ sizeof(frame_marker_mask
) < size
) {
543 // search for a start of frame marker
544 if ( memcmp(dest
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
545 { // frame marker found
546 idx
+=sizeof(frame_marker_mask
);
547 while(dest
[idx
] != dest
[idx
+1] && idx
< size
-2)
549 // Keep going until next frame marker (or error)
550 // Shift in a bit. Start by shifting high registers
551 *hi2
= (*hi2
<<1)|(*hi
>>31);
552 *hi
= (*hi
<<1)|(*lo
>>31);
553 //Then, shift in a 0 or one into low
554 if (dest
[idx
] && !dest
[idx
+1]) // 1 0
561 // Hopefully, we read a tag and hit upon the next frame marker
562 if(idx
+ sizeof(frame_marker_mask
) < size
)
564 if ( memcmp(dest
+idx
, frame_marker_mask
, sizeof(frame_marker_mask
)) == 0)
571 *hi2
= *hi
= *lo
= 0;
580 uint32_t bytebits_to_byte(uint8_t* src
, int numbits
)
583 for(int i
= 0 ; i
< numbits
; i
++)
585 num
= (num
<< 1) | (*src
);
591 int IOdemodFSK(uint8_t *dest
, size_t size
)
594 //make sure buffer has data
595 if (size
< 64) return -1;
596 //test samples are not just noise
598 for(idx
=0;idx
<64;idx
++){
599 if (testMax
<dest
[idx
]) testMax
=dest
[idx
];
605 size
= fskdemod(dest
, size
,64,1);
607 //0 10 20 30 40 50 60
609 //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
610 //-----------------------------------------------------------------------------
611 //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
613 //XSF(version)facility:codeone+codetwo
615 uint8_t mask
[] = {0,0,0,0,0,0,0,0,0,1};
616 for( idx
=0; idx
< (size
- 74); idx
++) {
617 if ( memcmp(dest
+ idx
, mask
, sizeof(mask
))==0) {
619 if (!dest
[idx
+8] && dest
[idx
+17]==1 && dest
[idx
+26]==1 && dest
[idx
+35]==1 && dest
[idx
+44]==1 && dest
[idx
+53]==1){
620 //confirmed proper separator bits found
621 //return start position
631 // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
632 // maybe somehow adjust peak trimming value based on samples to fix?
633 int DetectClock2(uint8_t dest
[], size_t size
, int clock
)
638 int clk
[]={16,32,40,50,64,100,128,256};
640 if (clk
[i
]==clock
) return clock
;
642 for (i
=0;i
<size
;++i
){
650 peak
=(int)(peak
*.75);
655 if (size
<loopCnt
) loopCnt
= size
;
659 int errCnt
[]={0,0,0,0,0,0,0,0};
660 for(clkCnt
=0; clkCnt
<6;++clkCnt
){
661 if (clk
[clkCnt
]==32){
667 for (ii
=0; ii
<loopCnt
; ++ii
){
668 if ((dest
[ii
]>=peak
) || (dest
[ii
]<=low
)){
670 for (i
=0; i
<((int)(size
/clk
[clkCnt
])-1); ++i
){
671 if (dest
[ii
+(i
*clk
[clkCnt
])]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])]<=low
){
672 }else if(dest
[ii
+(i
*clk
[clkCnt
])-tol
]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])-tol
]<=low
){
673 }else if(dest
[ii
+(i
*clk
[clkCnt
])+tol
]>=peak
|| dest
[ii
+(i
*clk
[clkCnt
])+tol
]<=low
){
674 }else{ //error no peak detected
678 if(errCnt
[clkCnt
]==0) return clk
[clkCnt
];
679 if(errCnt
[clkCnt
]<bestErr
) bestErr
=errCnt
[clkCnt
];
682 errCnt
[clkCnt
]=bestErr
;
686 for (iii
=0; iii
<6;++iii
){
687 if (errCnt
[iii
]<errCnt
[best
]){