]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:


e501dfdd9f236162c75ced0d4260b54aadc83708
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 uint8_t ToSend[512];
40 int ToSendMax;
41 static int ToSendBit;
42 struct common_area common_area __attribute__((section(".commonarea")));
43
44 void BufferClear(void)
45 {
46 memset(BigBuf,0,sizeof(BigBuf));
47 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
48 }
49
50 void ToSendReset(void)
51 {
52 ToSendMax = -1;
53 ToSendBit = 8;
54 }
55
56 void ToSendStuffBit(int b)
57 {
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
70 if(ToSendBit >= sizeof(ToSend)) {
71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74 }
75
76 //=============================================================================
77 // Debug print functions, to go out over USB, to the usual PC-side client.
78 //=============================================================================
79
80 void DbpString(char *str)
81 {
82 cmd_send(CMD_DEBUG_PRINT_STRING,strlen(str),0,0,(byte_t*)str,strlen(str));
83 // /* this holds up stuff unless we're connected to usb */
84 // if (!UsbConnected())
85 // return;
86 //
87 // UsbCommand c;
88 // c.cmd = CMD_DEBUG_PRINT_STRING;
89 // c.arg[0] = strlen(str);
90 // if(c.arg[0] > sizeof(c.d.asBytes)) {
91 // c.arg[0] = sizeof(c.d.asBytes);
92 // }
93 // memcpy(c.d.asBytes, str, c.arg[0]);
94 //
95 // UsbSendPacket((uint8_t *)&c, sizeof(c));
96 // // TODO fix USB so stupid things like this aren't req'd
97 // SpinDelay(50);
98 }
99
100 #if 0
101 void DbpIntegers(int x1, int x2, int x3)
102 {
103 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
104 // /* this holds up stuff unless we're connected to usb */
105 // if (!UsbConnected())
106 // return;
107 //
108 // UsbCommand c;
109 // c.cmd = CMD_DEBUG_PRINT_INTEGERS;
110 // c.arg[0] = x1;
111 // c.arg[1] = x2;
112 // c.arg[2] = x3;
113 //
114 // UsbSendPacket((uint8_t *)&c, sizeof(c));
115 // // XXX
116 // SpinDelay(50);
117 }
118 #endif
119
120 void Dbprintf(const char *fmt, ...) {
121 // should probably limit size here; oh well, let's just use a big buffer
122 char output_string[128];
123 va_list ap;
124
125 va_start(ap, fmt);
126 kvsprintf(fmt, output_string, 10, ap);
127 va_end(ap);
128
129 DbpString(output_string);
130 }
131
132 // prints HEX & ASCII
133 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
134 int l=0,i;
135 char ascii[9];
136
137 while (len>0) {
138 if (len>8) l=8;
139 else l=len;
140
141 memcpy(ascii,d,l);
142 ascii[l]=0;
143
144 // filter safe ascii
145 for (i=0;i<l;i++)
146 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
147
148 if (bAsci) {
149 Dbprintf("%-8s %*D",ascii,l,d," ");
150 } else {
151 Dbprintf("%*D",l,d," ");
152 }
153
154 len-=8;
155 d+=8;
156 }
157 }
158
159 //-----------------------------------------------------------------------------
160 // Read an ADC channel and block till it completes, then return the result
161 // in ADC units (0 to 1023). Also a routine to average 32 samples and
162 // return that.
163 //-----------------------------------------------------------------------------
164 static int ReadAdc(int ch)
165 {
166 uint32_t d;
167
168 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
169 AT91C_BASE_ADC->ADC_MR =
170 ADC_MODE_PRESCALE(32) |
171 ADC_MODE_STARTUP_TIME(16) |
172 ADC_MODE_SAMPLE_HOLD_TIME(8);
173 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
174
175 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
176 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
177 ;
178 d = AT91C_BASE_ADC->ADC_CDR[ch];
179
180 return d;
181 }
182
183 int AvgAdc(int ch) // was static - merlok
184 {
185 int i;
186 int a = 0;
187
188 for(i = 0; i < 32; i++) {
189 a += ReadAdc(ch);
190 }
191
192 return (a + 15) >> 5;
193 }
194
195 void MeasureAntennaTuning(void)
196 {
197 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
198 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
199 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
200
201 // UsbCommand c;
202
203 LED_B_ON();
204 DbpString("Measuring antenna characteristics, please wait...");
205 memset(dest,0,sizeof(FREE_BUFFER_SIZE));
206
207 /*
208 * Sweeps the useful LF range of the proxmark from
209 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
210 * read the voltage in the antenna, the result left
211 * in the buffer is a graph which should clearly show
212 * the resonating frequency of your LF antenna
213 * ( hopefully around 95 if it is tuned to 125kHz!)
214 */
215
216 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
217 for (i=255; i>19; i--) {
218 WDT_HIT();
219 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
220 SpinDelay(20);
221 // Vref = 3.3V, and a 10000:240 voltage divider on the input
222 // can measure voltages up to 137500 mV
223 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
224 if (i==95) vLf125 = adcval; // voltage at 125Khz
225 if (i==89) vLf134 = adcval; // voltage at 134Khz
226
227 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
228 if(dest[i] > peak) {
229 peakv = adcval;
230 peak = dest[i];
231 peakf = i;
232 //ptr = i;
233 }
234 }
235
236 LED_A_ON();
237 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
238 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
239 SpinDelay(20);
240 // Vref = 3300mV, and an 10:1 voltage divider on the input
241 // can measure voltages up to 33000 mV
242 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
243
244 // c.cmd = CMD_MEASURED_ANTENNA_TUNING;
245 // c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
246 // c.arg[1] = vHf;
247 // c.arg[2] = peakf | (peakv << 16);
248
249 DbpString("Measuring complete, sending report back to host");
250 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),0,0);
251 // UsbSendPacket((uint8_t *)&c, sizeof(c));
252 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
253 LED_A_OFF();
254 LED_B_OFF();
255 return;
256 }
257
258 void MeasureAntennaTuningHf(void)
259 {
260 int vHf = 0; // in mV
261
262 DbpString("Measuring HF antenna, press button to exit");
263
264 for (;;) {
265 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
266 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
267 SpinDelay(20);
268 // Vref = 3300mV, and an 10:1 voltage divider on the input
269 // can measure voltages up to 33000 mV
270 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
271
272 Dbprintf("%d mV",vHf);
273 if (BUTTON_PRESS()) break;
274 }
275 DbpString("cancelled");
276 }
277
278
279 void SimulateTagHfListen(void)
280 {
281 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
282 uint8_t v = 0;
283 int i;
284 int p = 0;
285
286 // We're using this mode just so that I can test it out; the simulated
287 // tag mode would work just as well and be simpler.
288 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
289
290 // We need to listen to the high-frequency, peak-detected path.
291 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
292
293 FpgaSetupSsc();
294
295 i = 0;
296 for(;;) {
297 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
298 AT91C_BASE_SSC->SSC_THR = 0xff;
299 }
300 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
301 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
302
303 v <<= 1;
304 if(r & 1) {
305 v |= 1;
306 }
307 p++;
308
309 if(p >= 8) {
310 dest[i] = v;
311 v = 0;
312 p = 0;
313 i++;
314
315 if(i >= FREE_BUFFER_SIZE) {
316 break;
317 }
318 }
319 }
320 }
321 DbpString("simulate tag (now type bitsamples)");
322 }
323
324 void ReadMem(int addr)
325 {
326 const uint8_t *data = ((uint8_t *)addr);
327
328 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
329 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
330 }
331
332 /* osimage version information is linked in */
333 extern struct version_information version_information;
334 /* bootrom version information is pointed to from _bootphase1_version_pointer */
335 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
336 void SendVersion(void)
337 {
338 char temp[48]; /* Limited data payload in USB packets */
339 DbpString("Prox/RFID mark3 RFID instrument");
340
341 /* Try to find the bootrom version information. Expect to find a pointer at
342 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
343 * pointer, then use it.
344 */
345 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
346 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
347 DbpString("bootrom version information appears invalid");
348 } else {
349 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
350 DbpString(temp);
351 }
352
353 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
354 DbpString(temp);
355
356 FpgaGatherVersion(temp, sizeof(temp));
357 DbpString(temp);
358 }
359
360 #ifdef WITH_LF
361 // samy's sniff and repeat routine
362 void SamyRun()
363 {
364 DbpString("Stand-alone mode! No PC necessary.");
365
366 // 3 possible options? no just 2 for now
367 #define OPTS 2
368
369 int high[OPTS], low[OPTS];
370
371 // Oooh pretty -- notify user we're in elite samy mode now
372 LED(LED_RED, 200);
373 LED(LED_ORANGE, 200);
374 LED(LED_GREEN, 200);
375 LED(LED_ORANGE, 200);
376 LED(LED_RED, 200);
377 LED(LED_ORANGE, 200);
378 LED(LED_GREEN, 200);
379 LED(LED_ORANGE, 200);
380 LED(LED_RED, 200);
381
382 int selected = 0;
383 int playing = 0;
384
385 // Turn on selected LED
386 LED(selected + 1, 0);
387
388 for (;;)
389 {
390 UsbPoll(FALSE);
391 WDT_HIT();
392
393 // Was our button held down or pressed?
394 int button_pressed = BUTTON_HELD(1000);
395 SpinDelay(300);
396
397 // Button was held for a second, begin recording
398 if (button_pressed > 0)
399 {
400 LEDsoff();
401 LED(selected + 1, 0);
402 LED(LED_RED2, 0);
403
404 // record
405 DbpString("Starting recording");
406
407 // wait for button to be released
408 while(BUTTON_PRESS())
409 WDT_HIT();
410
411 /* need this delay to prevent catching some weird data */
412 SpinDelay(500);
413
414 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
415 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
416
417 LEDsoff();
418 LED(selected + 1, 0);
419 // Finished recording
420
421 // If we were previously playing, set playing off
422 // so next button push begins playing what we recorded
423 playing = 0;
424 }
425
426 // Change where to record (or begin playing)
427 else if (button_pressed)
428 {
429 // Next option if we were previously playing
430 if (playing)
431 selected = (selected + 1) % OPTS;
432 playing = !playing;
433
434 LEDsoff();
435 LED(selected + 1, 0);
436
437 // Begin transmitting
438 if (playing)
439 {
440 LED(LED_GREEN, 0);
441 DbpString("Playing");
442 // wait for button to be released
443 while(BUTTON_PRESS())
444 WDT_HIT();
445 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
446 CmdHIDsimTAG(high[selected], low[selected], 0);
447 DbpString("Done playing");
448 if (BUTTON_HELD(1000) > 0)
449 {
450 DbpString("Exiting");
451 LEDsoff();
452 return;
453 }
454
455 /* We pressed a button so ignore it here with a delay */
456 SpinDelay(300);
457
458 // when done, we're done playing, move to next option
459 selected = (selected + 1) % OPTS;
460 playing = !playing;
461 LEDsoff();
462 LED(selected + 1, 0);
463 }
464 else
465 while(BUTTON_PRESS())
466 WDT_HIT();
467 }
468 }
469 }
470 #endif
471
472 /*
473 OBJECTIVE
474 Listen and detect an external reader. Determine the best location
475 for the antenna.
476
477 INSTRUCTIONS:
478 Inside the ListenReaderField() function, there is two mode.
479 By default, when you call the function, you will enter mode 1.
480 If you press the PM3 button one time, you will enter mode 2.
481 If you press the PM3 button a second time, you will exit the function.
482
483 DESCRIPTION OF MODE 1:
484 This mode just listens for an external reader field and lights up green
485 for HF and/or red for LF. This is the original mode of the detectreader
486 function.
487
488 DESCRIPTION OF MODE 2:
489 This mode will visually represent, using the LEDs, the actual strength of the
490 current compared to the maximum current detected. Basically, once you know
491 what kind of external reader is present, it will help you spot the best location to place
492 your antenna. You will probably not get some good results if there is a LF and a HF reader
493 at the same place! :-)
494
495 LIGHT SCHEME USED:
496 */
497 static const char LIGHT_SCHEME[] = {
498 0x0, /* ---- | No field detected */
499 0x1, /* X--- | 14% of maximum current detected */
500 0x2, /* -X-- | 29% of maximum current detected */
501 0x4, /* --X- | 43% of maximum current detected */
502 0x8, /* ---X | 57% of maximum current detected */
503 0xC, /* --XX | 71% of maximum current detected */
504 0xE, /* -XXX | 86% of maximum current detected */
505 0xF, /* XXXX | 100% of maximum current detected */
506 };
507 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
508
509 void ListenReaderField(int limit)
510 {
511 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
512 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
513 int mode=1, display_val, display_max, i;
514
515 #define LF_ONLY 1
516 #define HF_ONLY 2
517
518 LEDsoff();
519
520 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
521
522 if(limit != HF_ONLY) {
523 Dbprintf("LF 125/134 Baseline: %d", lf_av);
524 lf_baseline = lf_av;
525 }
526
527 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
528
529 if (limit != LF_ONLY) {
530 Dbprintf("HF 13.56 Baseline: %d", hf_av);
531 hf_baseline = hf_av;
532 }
533
534 for(;;) {
535 if (BUTTON_PRESS()) {
536 SpinDelay(500);
537 switch (mode) {
538 case 1:
539 mode=2;
540 DbpString("Signal Strength Mode");
541 break;
542 case 2:
543 default:
544 DbpString("Stopped");
545 LEDsoff();
546 return;
547 break;
548 }
549 }
550 WDT_HIT();
551
552 if (limit != HF_ONLY) {
553 if(mode==1) {
554 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
555 else LED_D_OFF();
556 }
557
558 ++lf_count;
559 lf_av_new= ReadAdc(ADC_CHAN_LF);
560 // see if there's a significant change
561 if(abs(lf_av - lf_av_new) > 10) {
562 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
563 lf_av = lf_av_new;
564 if (lf_av > lf_max)
565 lf_max = lf_av;
566 lf_count= 0;
567 }
568 }
569
570 if (limit != LF_ONLY) {
571 if (mode == 1){
572 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
573 else LED_B_OFF();
574 }
575
576 ++hf_count;
577 hf_av_new= ReadAdc(ADC_CHAN_HF);
578 // see if there's a significant change
579 if(abs(hf_av - hf_av_new) > 10) {
580 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
581 hf_av = hf_av_new;
582 if (hf_av > hf_max)
583 hf_max = hf_av;
584 hf_count= 0;
585 }
586 }
587
588 if(mode == 2) {
589 if (limit == LF_ONLY) {
590 display_val = lf_av;
591 display_max = lf_max;
592 } else if (limit == HF_ONLY) {
593 display_val = hf_av;
594 display_max = hf_max;
595 } else { /* Pick one at random */
596 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
597 display_val = hf_av;
598 display_max = hf_max;
599 } else {
600 display_val = lf_av;
601 display_max = lf_max;
602 }
603 }
604 for (i=0; i<LIGHT_LEN; i++) {
605 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
606 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
607 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
608 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
609 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
610 break;
611 }
612 }
613 }
614 }
615 }
616
617 void UsbPacketReceived(uint8_t *packet, int len)
618 {
619 UsbCommand *c = (UsbCommand *)packet;
620
621 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
622
623 switch(c->cmd) {
624 #ifdef WITH_LF
625 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
626 AcquireRawAdcSamples125k(c->arg[0]);
627 cmd_send(CMD_ACK,0,0,0,0,0);
628 break;
629 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
630 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
631 break;
632 case CMD_HID_DEMOD_FSK:
633 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
634 break;
635 case CMD_HID_SIM_TAG:
636 CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
637 break;
638 case CMD_HID_CLONE_TAG:
639 CopyHIDtoT55x7(c->arg[0], c->arg[1]); // Clone HID tag by ID to T55x7
640 break;
641 case CMD_EM410X_WRITE_TAG:
642 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
643 break;
644 case CMD_READ_TI_TYPE:
645 ReadTItag();
646 break;
647 case CMD_WRITE_TI_TYPE:
648 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
649 break;
650 case CMD_SIMULATE_TAG_125K:
651 LED_A_ON();
652 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
653 LED_A_OFF();
654 break;
655 case CMD_LF_SIMULATE_BIDIR:
656 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
657 break;
658 case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
659 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
660 break;
661 case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
662 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
663 break;
664 #endif
665
666 #ifdef WITH_HITAG
667 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
668 SnoopHitag(c->arg[0]);
669 break;
670 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
671 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
672 break;
673 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
674 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
675 break;
676 #endif
677
678 #ifdef WITH_ISO15693
679 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
680 AcquireRawAdcSamplesIso15693();
681 break;
682 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
683 RecordRawAdcSamplesIso15693();
684 break;
685
686 case CMD_ISO_15693_COMMAND:
687 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
688 break;
689
690 case CMD_ISO_15693_FIND_AFI:
691 BruteforceIso15693Afi(c->arg[0]);
692 break;
693
694 case CMD_ISO_15693_DEBUG:
695 SetDebugIso15693(c->arg[0]);
696 break;
697
698 case CMD_READER_ISO_15693:
699 ReaderIso15693(c->arg[0]);
700 break;
701 case CMD_SIMTAG_ISO_15693:
702 SimTagIso15693(c->arg[0]);
703 break;
704 #endif
705
706 #ifdef WITH_LEGICRF
707 case CMD_SIMULATE_TAG_LEGIC_RF:
708 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
709 break;
710
711 case CMD_WRITER_LEGIC_RF:
712 LegicRfWriter(c->arg[1], c->arg[0]);
713 break;
714
715 case CMD_READER_LEGIC_RF:
716 LegicRfReader(c->arg[0], c->arg[1]);
717 break;
718 #endif
719
720 #ifdef WITH_ISO14443b
721 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
722 AcquireRawAdcSamplesIso14443(c->arg[0]);
723 break;
724 case CMD_READ_SRI512_TAG:
725 ReadSRI512Iso14443(c->arg[0]);
726 break;
727 case CMD_READ_SRIX4K_TAG:
728 ReadSRIX4KIso14443(c->arg[0]);
729 break;
730 case CMD_SNOOP_ISO_14443:
731 SnoopIso14443();
732 break;
733 case CMD_SIMULATE_TAG_ISO_14443:
734 SimulateIso14443Tag();
735 break;
736 #endif
737
738 #ifdef WITH_ISO14443a
739 case CMD_SNOOP_ISO_14443a:
740 SnoopIso14443a(c->arg[0]);
741 break;
742 case CMD_READER_ISO_14443a:
743 ReaderIso14443a(c);
744 break;
745 case CMD_SIMULATE_TAG_ISO_14443a:
746 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2]); // ## Simulate iso14443a tag - pass tag type & UID
747 break;
748 case CMD_EPA_PACE_COLLECT_NONCE:
749 EPA_PACE_Collect_Nonce(c);
750 break;
751
752 case CMD_READER_MIFARE:
753 ReaderMifare(c->arg[0]);
754 break;
755 case CMD_MIFARE_READBL:
756 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
757 break;
758 case CMD_MIFARE_READSC:
759 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
760 break;
761 case CMD_MIFARE_WRITEBL:
762 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
763 break;
764 case CMD_MIFARE_NESTED:
765 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
766 break;
767 case CMD_MIFARE_CHKKEYS:
768 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
769 break;
770 case CMD_SIMULATE_MIFARE_CARD:
771 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
772 break;
773
774 // emulator
775 case CMD_MIFARE_SET_DBGMODE:
776 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
777 break;
778 case CMD_MIFARE_EML_MEMCLR:
779 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
780 break;
781 case CMD_MIFARE_EML_MEMSET:
782 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
783 break;
784 case CMD_MIFARE_EML_MEMGET:
785 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
786 break;
787 case CMD_MIFARE_EML_CARDLOAD:
788 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
789 break;
790
791 // Work with "magic Chinese" card
792 case CMD_MIFARE_EML_CSETBLOCK:
793 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
794 break;
795 case CMD_MIFARE_EML_CGETBLOCK:
796 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
797 break;
798
799 // mifare sniffer
800 case CMD_MIFARE_SNIFFER:
801 SniffMifare(c->arg[0]);
802 break;
803 #endif
804
805 #ifdef WITH_ICLASS
806 // Makes use of ISO14443a FPGA Firmware
807 case CMD_SNOOP_ICLASS:
808 SnoopIClass();
809 break;
810 case CMD_SIMULATE_TAG_ICLASS:
811 SimulateIClass(c->arg[0], c->d.asBytes);
812 break;
813 case CMD_READER_ICLASS:
814 ReaderIClass(c->arg[0]);
815 break;
816 #endif
817
818 case CMD_SIMULATE_TAG_HF_LISTEN:
819 SimulateTagHfListen();
820 break;
821
822 case CMD_BUFF_CLEAR:
823 BufferClear();
824 break;
825
826 case CMD_MEASURE_ANTENNA_TUNING:
827 MeasureAntennaTuning();
828 break;
829
830 case CMD_MEASURE_ANTENNA_TUNING_HF:
831 MeasureAntennaTuningHf();
832 break;
833
834 case CMD_LISTEN_READER_FIELD:
835 ListenReaderField(c->arg[0]);
836 break;
837
838 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
839 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
840 SpinDelay(200);
841 LED_D_OFF(); // LED D indicates field ON or OFF
842 break;
843
844 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
845 // UsbCommand n;
846 // if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
847 // n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
848 // } else {
849 // n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
850 // }
851 // n.arg[0] = c->arg[0];
852 // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
853 // LED_B_ON();
854 // usb_write((uint8_t *)&n, sizeof(n));
855 // UsbSendPacket((uint8_t *)&n, sizeof(n));
856 // LED_B_OFF();
857
858 LED_B_ON();
859 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
860 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
861 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
862 }
863 // Trigger a finish downloading signal with an ACK frame
864 cmd_send(CMD_ACK,0,0,0,0,0);
865 LED_B_OFF();
866 } break;
867
868 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
869 uint8_t *b = (uint8_t *)BigBuf;
870 memcpy(b+c->arg[0], c->d.asBytes, 48);
871 //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
872 // UsbSendPacket((uint8_t*)&ack, sizeof(ack));
873 cmd_send(CMD_ACK,0,0,0,0,0);
874 } break;
875
876 case CMD_READ_MEM:
877 ReadMem(c->arg[0]);
878 break;
879
880 case CMD_SET_LF_DIVISOR:
881 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
882 break;
883
884 case CMD_SET_ADC_MUX:
885 switch(c->arg[0]) {
886 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
887 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
888 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
889 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
890 }
891 break;
892
893 case CMD_VERSION:
894 SendVersion();
895 break;
896
897 #ifdef WITH_LCD
898 case CMD_LCD_RESET:
899 LCDReset();
900 break;
901 case CMD_LCD:
902 LCDSend(c->arg[0]);
903 break;
904 #endif
905 case CMD_SETUP_WRITE:
906 case CMD_FINISH_WRITE:
907 case CMD_HARDWARE_RESET: {
908 USB_D_PLUS_PULLUP_OFF();
909 SpinDelay(1000);
910 SpinDelay(1000);
911 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
912 for(;;) {
913 // We're going to reset, and the bootrom will take control.
914 }
915 } break;
916
917 case CMD_START_FLASH: {
918 if(common_area.flags.bootrom_present) {
919 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
920 }
921 USB_D_PLUS_PULLUP_OFF();
922 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
923 for(;;);
924 } break;
925
926 case CMD_DEVICE_INFO: {
927 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
928 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
929 // UsbSendPacket((uint8_t*)&c, sizeof(c));
930 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
931 } break;
932
933 default: {
934 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
935 } break;
936 }
937 }
938
939 void __attribute__((noreturn)) AppMain(void)
940 {
941 SpinDelay(100);
942
943 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
944 /* Initialize common area */
945 memset(&common_area, 0, sizeof(common_area));
946 common_area.magic = COMMON_AREA_MAGIC;
947 common_area.version = 1;
948 }
949 common_area.flags.osimage_present = 1;
950
951 LED_D_OFF();
952 LED_C_OFF();
953 LED_B_OFF();
954 LED_A_OFF();
955
956 // Init USB device
957 usb_enable();
958 UsbStart();
959 // UsbStart();
960
961 // The FPGA gets its clock from us from PCK0 output, so set that up.
962 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
963 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
964 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
965 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
966 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
967 AT91C_PMC_PRES_CLK_4;
968 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
969
970 // Reset SPI
971 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
972 // Reset SSC
973 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
974
975 // Load the FPGA image, which we have stored in our flash.
976 FpgaDownloadAndGo();
977
978 StartTickCount();
979
980 #ifdef WITH_LCD
981 LCDInit();
982 #endif
983
984 byte_t rx[sizeof(UsbCommand)];
985 size_t rx_len;
986
987 for(;;) {
988 if (usb_poll()) {
989 rx_len = usb_read(rx,sizeof(UsbCommand));
990 if (rx_len) {
991 UsbPacketReceived(rx,rx_len);
992 }
993 }
994 // UsbPoll(FALSE);
995
996 WDT_HIT();
997
998 #ifdef WITH_LF
999 if (BUTTON_HELD(1000) > 0)
1000 SamyRun();
1001 #endif
1002 }
1003 }
Proxmark3 GIT tracking
Impressum, Datenschutz