1 //-----------------------------------------------------------------------------
3 // Edits by Iceman, July 2018
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
8 //-----------------------------------------------------------------------------
9 // The main i2c code, for communications with smart card module
10 //-----------------------------------------------------------------------------
16 #include "string.h" //for memset memcmp
17 #include "proxmark3.h"
18 #include "mifareutil.h" // for MF_DBGLEVEL
23 #include "smartcard.h"
27 #define GPIO_RST AT91C_PIO_PA1
28 #define GPIO_SCL AT91C_PIO_PA5
29 #define GPIO_SDA AT91C_PIO_PA7
31 #define SCL_H HIGH(GPIO_SCL)
32 #define SCL_L LOW(GPIO_SCL)
33 #define SDA_H HIGH(GPIO_SDA)
34 #define SDA_L LOW(GPIO_SDA)
36 #define SCL_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SCL)
37 #define SDA_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SDA)
39 #define I2C_ERROR "I2C_WaitAck Error"
41 static volatile unsigned long c
;
43 // Ö±½ÓʹÓÃÑ»·À´ÑÓʱ£¬Ò»¸öÑ»· 6 ÌõÖ¸Á48M£¬ Delay=1 ´ó¸ÅΪ 200kbps
45 // I2CSpinDelayClk(4) = 12.31us
46 // I2CSpinDelayClk(1) = 3.07us
47 static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay
) {
48 for (c
= delay
* 2; c
; c
--) {};
51 // communication delay functions
52 #define I2C_DELAY_1CLK I2CSpinDelayClk(1)
53 #define I2C_DELAY_2CLK I2CSpinDelayClk(2)
54 #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
56 #define ISO7618_MAX_FRAME 255
58 // try i2c bus recovery at 100kHz = 5uS high, 5uS low
59 static void I2C_recovery(void) {
61 DbpString("Performing i2c bus recovery");
66 //9nth cycle acts as NACK
67 for (int i
= 0; i
< 10; i
++) {
72 //a STOP signal (SDA from low to high while CLK is high)
77 bool isok
= (SCL_read
&& SDA_read
);
79 DbpString("I2C bus recovery error: SDA still LOW");
81 DbpString("I2C bus recovery error: SCL still LOW");
83 DbpString("I2C bus recovery complete");
86 static void I2C_init(void) {
87 // Configure reset pin
88 AT91C_BASE_PIOA
->PIO_PPUDR
= GPIO_RST
; // disable pull up resistor
89 AT91C_BASE_PIOA
->PIO_MDDR
= GPIO_RST
; // push-pull output (multidriver disabled)
91 // Configure SCL and SDA pins
92 AT91C_BASE_PIOA
->PIO_PPUER
|= (GPIO_SCL
| GPIO_SDA
); // enable pull up resistor
93 AT91C_BASE_PIOA
->PIO_MDER
|= (GPIO_SCL
| GPIO_SDA
); // open drain output (multidriver enabled) - requires external pull up resistor
95 // set all three outputs to high
96 AT91C_BASE_PIOA
->PIO_SODR
|= (GPIO_SCL
| GPIO_SDA
| GPIO_RST
);
98 // configure all three pins as output, controlled by PIOA
99 AT91C_BASE_PIOA
->PIO_OER
|= (GPIO_SCL
| GPIO_SDA
| GPIO_RST
);
100 AT91C_BASE_PIOA
->PIO_PER
|= (GPIO_SCL
| GPIO_SDA
| GPIO_RST
);
102 bool isok
= (SCL_read
&& SDA_read
);
108 // set the reset state
109 static void I2C_SetResetStatus(uint8_t LineRST
, uint8_t LineSCK
, uint8_t LineSDA
) {
126 // Reset the SIM_Adapter, then enter the main program
127 // Note: the SIM_Adapter will not enter the main program after power up. Please run this function before use SIM_Adapter.
128 static void I2C_Reset_EnterMainProgram(void) {
131 I2C_SetResetStatus(0, 0, 0);
133 I2C_SetResetStatus(1, 0, 0);
135 I2C_SetResetStatus(1, 1, 1);
139 // Wait for the clock to go High.
140 static bool WaitSCL_H_delay(uint32_t delay
) {
150 // 15000 * 3.07us = 46050us. 46.05ms
151 static bool WaitSCL_H(void) {
152 return WaitSCL_H_delay(15000);
155 bool WaitSCL_L_delay(uint32_t delay
) {
165 bool WaitSCL_L(void) {
166 return WaitSCL_L_delay(15000);
169 static bool I2C_Start(void) {
172 SDA_H
; I2C_DELAY_1CLK
;
174 if (!WaitSCL_H()) return false;
178 if (!SCL_read
) return false;
179 if (!SDA_read
) return false;
181 SDA_L
; I2C_DELAY_2CLK
;
186 static void I2C_Stop(void) {
187 SCL_L
; I2C_DELAY_2CLK
;
188 SDA_L
; I2C_DELAY_2CLK
;
189 SCL_H
; I2C_DELAY_2CLK
;
190 if (!WaitSCL_H()) return;
195 static bool I2C_WaitAck(void) {
196 SCL_L
; I2C_DELAY_1CLK
;
197 SDA_H
; I2C_DELAY_1CLK
;
212 static void I2C_SendByte(uint8_t data
) {
237 bool I2C_is_available(void) {
238 I2C_Reset_EnterMainProgram();
239 if (!I2C_Start()) // some other device is active on the bus
241 I2C_SendByte(I2C_DEVICE_ADDRESS_MAIN
& 0xFE);
242 if (!I2C_WaitAck()) { // no response from smartcard reader
250 #ifdef WITH_SMARTCARD
251 // Reset the SIM_Adapter, then enter the bootloader program
252 // Reserve£ºFor firmware update.
253 static void I2C_Reset_EnterBootloader(void) {
254 I2C_SetResetStatus(0, 1, 1);
256 I2C_SetResetStatus(1, 1, 1);
260 // Wait max 1800ms or until SCL goes LOW.
261 // It timeout reading response from card
262 // Which ever comes first
263 bool WaitSCL_L_timeout(void){
264 volatile uint16_t delay
= 1800;
275 static bool I2C_WaitForSim() {
276 // wait for data from card
277 if (!WaitSCL_L_timeout())
280 // 8051 speaks with smart card.
281 // 1000*50*3.07 = 153.5ms
282 // 1byte transfer == 1ms with max frame being 256bytes
283 if (!WaitSCL_H_delay(10 * 1000 * 50))
290 static void I2C_Ack(void) {
291 SCL_L
; I2C_DELAY_2CLK
;
292 SDA_L
; I2C_DELAY_2CLK
;
293 SCL_H
; I2C_DELAY_2CLK
;
294 if (!WaitSCL_H()) return;
295 SCL_L
; I2C_DELAY_2CLK
;
299 static void I2C_NoAck(void) {
300 SCL_L
; I2C_DELAY_2CLK
;
301 SDA_H
; I2C_DELAY_2CLK
;
302 SCL_H
; I2C_DELAY_2CLK
;
303 if (!WaitSCL_H()) return;
304 SCL_L
; I2C_DELAY_2CLK
;
307 static int16_t I2C_ReadByte(void) {
308 uint8_t bits
= 8, b
= 0;
314 if (!WaitSCL_L()) return -2;
319 if (!WaitSCL_H()) return -1;
329 // Sends one byte ( command to be written, SlaveDevice address)
330 static bool I2C_WriteCmd(uint8_t device_cmd
, uint8_t device_address
) {
336 I2C_SendByte(device_address
& 0xFE);
340 I2C_SendByte(device_cmd
);
349 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
355 // Sends 1 byte data (Data to be written, command to be written , SlaveDevice address ).
356 static bool I2C_WriteByte(uint8_t data
, uint8_t device_cmd
, uint8_t device_address
) {
362 I2C_SendByte(device_address
& 0xFE);
366 I2C_SendByte(device_cmd
);
379 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
385 //Sends a string of data (Array, length, command to be written , SlaveDevice address ).
386 // len = uint8 (max buffer to write 256bytes)
387 static bool I2C_BufferWrite(uint8_t *data
, uint8_t len
, uint8_t device_cmd
, uint8_t device_address
) {
393 I2C_SendByte(device_address
& 0xFE);
397 I2C_SendByte(device_cmd
);
417 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
423 // read 1 strings of data (Data array, Readout length, command to be written , SlaveDevice address ).
424 // len = uint8 (max buffer to read 256bytes)
425 static int16_t I2C_BufferRead(uint8_t *data
, uint8_t len
, uint8_t device_cmd
, uint8_t device_address
) {
427 if ( !data
|| len
== 0 )
430 // extra wait 500us (514us measured)
431 // 200us (xx measured)
434 uint16_t readcount
= 0;
440 // 0xB0 / 0xC0 == i2c write
441 I2C_SendByte(device_address
& 0xFE);
445 I2C_SendByte(device_cmd
);
449 // 0xB1 / 0xC1 == i2c read
451 I2C_SendByte(device_address
| 1);
460 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
466 int16_t tmp
= I2C_ReadByte();
470 *data
= (uint8_t)tmp
& 0xFF;
474 // ¶ÁÈ¡µÄµÚÒ»¸ö×Ö½ÚΪºóÐø³¤¶È
475 // The first byte in response is the message length
476 if (!readcount
&& (len
> *data
)) {
483 // acknowledgements. After last byte send NACK.
492 // return bytecount - first byte (which is length byte)
496 static int16_t I2C_ReadFW(uint8_t *data
, uint8_t len
, uint8_t msb
, uint8_t lsb
, uint8_t device_address
) {
497 //START, 0xB0, 0x00, 0x00, START, 0xB1, xx, yy, zz, ......, STOP
499 uint8_t readcount
= 0;
506 // 0xB0 / 0xC0 i2c write
507 I2C_SendByte(device_address
& 0xFE);
519 // 0xB1 / 0xC1 i2c read
521 I2C_SendByte(device_address
| 1);
530 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
537 int16_t tmp
= I2C_ReadByte();
541 *data
= (uint8_t)tmp
& 0xFF;
547 // acknowledgements. After last byte send NACK.
558 static bool I2C_WriteFW(uint8_t *data
, uint8_t len
, uint8_t msb
, uint8_t lsb
, uint8_t device_address
) {
559 //START, 0xB0, 0x00, 0x00, xx, yy, zz, ......, STOP
567 I2C_SendByte(device_address
& 0xFE);
594 if ( MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
600 void I2C_print_status(void) {
601 DbpString("Smart card module (ISO 7816)");
602 uint8_t resp
[] = {0,0,0,0};
603 I2C_Reset_EnterMainProgram();
604 uint8_t len
= I2C_BufferRead(resp
, sizeof(resp
), I2C_DEVICE_CMD_GETVERSION
, I2C_DEVICE_ADDRESS_MAIN
);
606 Dbprintf(" version.................v%x.%02x", resp
[0], resp
[1]);
608 DbpString(" version.................FAILED");
611 // Will read response from smart card module, retries 3 times to get the data.
612 static bool sc_rx_bytes(uint8_t* dest
, uint8_t *destlen
) {
619 len
= I2C_BufferRead(dest
, *destlen
, I2C_DEVICE_CMD_READ
, I2C_DEVICE_ADDRESS_MAIN
);
623 } else if ( len
== 1 ) {
625 } else if ( len
<= 0 ) {
633 *destlen
= (uint8_t)len
& 0xFF;
637 static bool GetATR(smart_card_atr_t
*card_ptr
) {
643 card_ptr
->atr_len
= 0;
644 memset(card_ptr
->atr
, 0, sizeof(card_ptr
->atr
));
647 // start [C0 01] stop start C1 len aa bb cc stop]
648 I2C_WriteCmd(I2C_DEVICE_CMD_GENERATE_ATR
, I2C_DEVICE_ADDRESS_MAIN
);
650 // wait for sim card to answer.
651 // 1byte = 1ms, max frame 256bytes. Should wait 256ms at least just in case.
652 if (!I2C_WaitForSim())
655 // read bytes from module
656 uint8_t len
= sizeof(card_ptr
->atr
);
657 if ( !sc_rx_bytes(card_ptr
->atr
, &len
) )
660 card_ptr
->atr_len
= len
;
661 LogTrace(card_ptr
->atr
, card_ptr
->atr_len
, 0, 0, NULL
, false);
666 void SmartCardAtr(void) {
667 smart_card_atr_t card
;
671 I2C_Reset_EnterMainProgram();
672 bool isOK
= GetATR( &card
);
673 cmd_send(CMD_ACK
, isOK
, sizeof(smart_card_atr_t
), 0, &card
, sizeof(smart_card_atr_t
));
678 void SmartCardRaw( uint64_t arg0
, uint64_t arg1
, uint8_t *data
) {
683 uint8_t *resp
= BigBuf_malloc(ISO7618_MAX_FRAME
);
684 smartcard_command_t flags
= arg0
;
686 if ((flags
& SC_CONNECT
))
691 if ((flags
& SC_CONNECT
)) {
693 I2C_Reset_EnterMainProgram();
695 if ((flags
& SC_SELECT
)) {
696 smart_card_atr_t card
;
697 bool gotATR
= GetATR( &card
);
698 //cmd_send(CMD_ACK, gotATR, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t));
704 if ((flags
& SC_RAW
) || (flags
& SC_RAW_T0
)) {
706 LogTrace(data
, arg1
, 0, 0, NULL
, true);
709 // asBytes = A0 A4 00 00 02
711 bool res
= I2C_BufferWrite(data
, arg1
, ((flags
& SC_RAW_T0
) ? I2C_DEVICE_CMD_SEND_T0
: I2C_DEVICE_CMD_SEND
), I2C_DEVICE_ADDRESS_MAIN
);
712 if ( !res
&& MF_DBGLEVEL
> 3 ) DbpString(I2C_ERROR
);
714 // read bytes from module
715 len
= ISO7618_MAX_FRAME
;
716 res
= sc_rx_bytes(resp
, &len
);
718 LogTrace(resp
, len
, 0, 0, NULL
, false);
724 cmd_send(CMD_ACK
, len
, 0, 0, resp
, len
);
730 void SmartCardUpgrade(uint64_t arg0
) {
734 #define I2C_BLOCK_SIZE 128
735 // write. Sector0, with 11,22,33,44
736 // erase is 128bytes, and takes 50ms to execute
738 I2C_Reset_EnterBootloader();
742 uint16_t length
= arg0
;
744 uint8_t *fwdata
= BigBuf_get_addr();
745 uint8_t *verfiydata
= BigBuf_malloc(I2C_BLOCK_SIZE
);
749 uint8_t msb
= (pos
>> 8) & 0xFF;
750 uint8_t lsb
= pos
& 0xFF;
752 Dbprintf("FW %02X%02X", msb
, lsb
);
754 size_t size
= MIN(I2C_BLOCK_SIZE
, length
);
757 res
= I2C_WriteFW(fwdata
+pos
, size
, msb
, lsb
, I2C_DEVICE_ADDRESS_BOOT
);
759 DbpString("Writing failed");
764 // writing takes time.
768 res
= I2C_ReadFW(verfiydata
, size
, msb
, lsb
, I2C_DEVICE_ADDRESS_BOOT
);
770 DbpString("Reading back failed");
776 if ( 0 != memcmp(fwdata
+pos
, verfiydata
, size
)) {
777 DbpString("not equal data");
785 cmd_send(CMD_ACK
, isOK
, pos
, 0, 0, 0);
790 // unfinished (or not needed?)
791 //void SmartCardSetBaud(uint64_t arg0) {
794 void SmartCardSetClock(uint64_t arg0
) {
797 I2C_Reset_EnterMainProgram();
800 // start [C0 05 xx] stop
801 I2C_WriteByte(arg0
, I2C_DEVICE_CMD_SIM_CLC
, I2C_DEVICE_ADDRESS_MAIN
);
803 cmd_send(CMD_ACK
, 1, 0, 0, 0, 0);