]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/iso14443a.c
fixed 'hf mf' command and some others
[proxmark3-svn] / armsrc / iso14443a.c
index 7f82ad321431d9c57386ce383519939120be36ac..d2ebb0c6c61a47ec1a7be957f0cc3fe196d9b331 100644 (file)
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
-// Merlok - June 2011
+// Merlok - June 2011, 2012
 // Gerhard de Koning Gans - May 2008
 // Hagen Fritsch - June 2010
 //
 // Gerhard de Koning Gans - May 2008
 // Hagen Fritsch - June 2010
 //
@@ -14,6 +14,7 @@
 #include "apps.h"
 #include "util.h"
 #include "string.h"
 #include "apps.h"
 #include "util.h"
 #include "string.h"
+#include "cmd.h"
 
 #include "iso14443crc.h"
 #include "iso14443a.h"
 
 #include "iso14443crc.h"
 #include "iso14443a.h"
 #include "mifareutil.h"
 
 static uint32_t iso14a_timeout;
 #include "mifareutil.h"
 
 static uint32_t iso14a_timeout;
-uint8_t *trace = (uint8_t *) BigBuf;
+uint8_t *trace = (uint8_t *) BigBuf+TRACE_OFFSET;
 int traceLen = 0;
 int rsamples = 0;
 int tracing = TRUE;
 uint8_t trigger = 0;
 int traceLen = 0;
 int rsamples = 0;
 int tracing = TRUE;
 uint8_t trigger = 0;
+// the block number for the ISO14443-4 PCB
+static uint8_t iso14_pcb_blocknum = 0;
 
 // CARD TO READER - manchester
 // Sequence D: 11110000 modulation with subcarrier during first half
 
 // CARD TO READER - manchester
 // Sequence D: 11110000 modulation with subcarrier during first half
@@ -62,17 +65,23 @@ const uint8_t OddByteParity[256] = {
 };
 
 
 };
 
 
-void iso14a_set_trigger(int enable) {
+void iso14a_set_trigger(bool enable) {
        trigger = enable;
 }
 
        trigger = enable;
 }
 
-void iso14a_clear_tracelen(void) {
+void iso14a_clear_trace() {
+  memset(trace, 0x44, TRACE_SIZE);
        traceLen = 0;
 }
        traceLen = 0;
 }
-void iso14a_set_tracing(int enable) {
+
+void iso14a_set_tracing(bool enable) {
        tracing = enable;
 }
 
        tracing = enable;
 }
 
+void iso14a_set_timeout(uint32_t timeout) {
+       iso14a_timeout = timeout;
+}
+
 //-----------------------------------------------------------------------------
 // Generate the parity value for a byte sequence
 //
 //-----------------------------------------------------------------------------
 // Generate the parity value for a byte sequence
 //
@@ -101,7 +110,7 @@ void AppendCrc14443a(uint8_t* data, int len)
 }
 
 // The function LogTrace() is also used by the iClass implementation in iClass.c
 }
 
 // The function LogTrace() is also used by the iClass implementation in iClass.c
-int LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader)
+int RAMFUNC LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader)
 {
   // Return when trace is full
   if (traceLen >= TRACE_SIZE) return FALSE;
 {
   // Return when trace is full
   if (traceLen >= TRACE_SIZE) return FALSE;
@@ -129,32 +138,7 @@ int LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity,
 // The software UART that receives commands from the reader, and its state
 // variables.
 //-----------------------------------------------------------------------------
 // The software UART that receives commands from the reader, and its state
 // variables.
 //-----------------------------------------------------------------------------
-static struct {
-    enum {
-        STATE_UNSYNCD,
-        STATE_START_OF_COMMUNICATION,
-               STATE_MILLER_X,
-               STATE_MILLER_Y,
-               STATE_MILLER_Z,
-        STATE_ERROR_WAIT
-    }       state;
-    uint16_t    shiftReg;
-    int     bitCnt;
-    int     byteCnt;
-    int     byteCntMax;
-    int     posCnt;
-    int     syncBit;
-       int     parityBits;
-       int     samples;
-    int     highCnt;
-    int     bitBuffer;
-       enum {
-               DROP_NONE,
-               DROP_FIRST_HALF,
-               DROP_SECOND_HALF
-       }               drop;
-    uint8_t   *output;
-} Uart;
+static tUart Uart;
 
 static RAMFUNC int MillerDecoding(int bit)
 {
 
 static RAMFUNC int MillerDecoding(int bit)
 {
@@ -393,32 +377,7 @@ static RAMFUNC int MillerDecoding(int bit)
 //=============================================================================
 // ISO 14443 Type A - Manchester
 //=============================================================================
 //=============================================================================
 // ISO 14443 Type A - Manchester
 //=============================================================================
-
-static struct {
-    enum {
-        DEMOD_UNSYNCD,
-               DEMOD_START_OF_COMMUNICATION,
-               DEMOD_MANCHESTER_D,
-               DEMOD_MANCHESTER_E,
-               DEMOD_MANCHESTER_F,
-        DEMOD_ERROR_WAIT
-    }       state;
-    int     bitCount;
-    int     posCount;
-       int     syncBit;
-       int     parityBits;
-    uint16_t    shiftReg;
-       int     buffer;
-       int     buff;
-       int     samples;
-    int     len;
-       enum {
-               SUB_NONE,
-               SUB_FIRST_HALF,
-               SUB_SECOND_HALF
-       }               sub;
-    uint8_t   *output;
-} Demod;
+static tDemod Demod;
 
 static RAMFUNC int ManchesterDecoding(int v)
 {
 
 static RAMFUNC int ManchesterDecoding(int v)
 {
@@ -618,166 +577,147 @@ static RAMFUNC int ManchesterDecoding(int v)
 // triggering so that we start recording at the point that the tag is moved
 // near the reader.
 //-----------------------------------------------------------------------------
 // triggering so that we start recording at the point that the tag is moved
 // near the reader.
 //-----------------------------------------------------------------------------
-void RAMFUNC SnoopIso14443a(void)
-{
-//     #define RECV_CMD_OFFSET         2032    // original (working as of 21/2/09) values
-//     #define RECV_RES_OFFSET         2096    // original (working as of 21/2/09) values
-//     #define DMA_BUFFER_OFFSET       2160    // original (working as of 21/2/09) values
-//     #define DMA_BUFFER_SIZE         4096    // original (working as of 21/2/09) values
-//     #define TRACE_SIZE              2000    // original (working as of 21/2/09) values
-
-    // We won't start recording the frames that we acquire until we trigger;
-    // a good trigger condition to get started is probably when we see a
-    // response from the tag.
-    int triggered = FALSE; // FALSE to wait first for card
-
-    // The command (reader -> tag) that we're receiving.
+void RAMFUNC SnoopIso14443a(uint8_t param) {
+       // param:
+       // bit 0 - trigger from first card answer
+       // bit 1 - trigger from first reader 7-bit request
+       
+       LEDsoff();
+       // init trace buffer
+    iso14a_clear_trace();
+
+       // We won't start recording the frames that we acquire until we trigger;
+       // a good trigger condition to get started is probably when we see a
+       // response from the tag.
+       // triggered == FALSE -- to wait first for card
+       int triggered = !(param & 0x03); 
+
+       // The command (reader -> tag) that we're receiving.
        // The length of a received command will in most cases be no more than 18 bytes.
        // So 32 should be enough!
        // The length of a received command will in most cases be no more than 18 bytes.
        // So 32 should be enough!
-    uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
-    // The response (tag -> reader) that we're receiving.
-    uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
-
-    // As we receive stuff, we copy it from receivedCmd or receivedResponse
-    // into trace, along with its length and other annotations.
-    //uint8_t *trace = (uint8_t *)BigBuf;
-    
-    traceLen = 0; // uncommented to fix ISSUE 15 - gerhard - jan2011
-
-    // The DMA buffer, used to stream samples from the FPGA
-    int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
-    int lastRxCounter;
-    int8_t *upTo;
-    int smpl;
-    int maxBehindBy = 0;
-
-    // Count of samples received so far, so that we can include timing
-    // information in the trace buffer.
-    int samples = 0;
-    int rsamples = 0;
-
-    memset(trace, 0x44, TRACE_SIZE);
-
-    // Set up the demodulator for tag -> reader responses.
-    Demod.output = receivedResponse;
-    Demod.len = 0;
-    Demod.state = DEMOD_UNSYNCD;
-
-    // Setup for the DMA.
-    FpgaSetupSsc();
-    upTo = dmaBuf;
-    lastRxCounter = DMA_BUFFER_SIZE;
-    FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
-
-    // And the reader -> tag commands
-    memset(&Uart, 0, sizeof(Uart));
-    Uart.output = receivedCmd;
-    Uart.byteCntMax = 32; // was 100 (greg)////////////////////////////////////////////////////////////////////////
-    Uart.state = STATE_UNSYNCD;
+       uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
+       // The response (tag -> reader) that we're receiving.
+       uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
 
 
-    // And put the FPGA in the appropriate mode
-    // Signal field is off with the appropriate LED
-    LED_D_OFF();
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
-    SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+       // As we receive stuff, we copy it from receivedCmd or receivedResponse
+       // into trace, along with its length and other annotations.
+       //uint8_t *trace = (uint8_t *)BigBuf;
+       
+       // The DMA buffer, used to stream samples from the FPGA
+       int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
+       int8_t *data = dmaBuf;
+       int maxDataLen = 0;
+       int dataLen = 0;
 
 
+       // Set up the demodulator for tag -> reader responses.
+       Demod.output = receivedResponse;
+       Demod.len = 0;
+       Demod.state = DEMOD_UNSYNCD;
 
 
-    // And now we loop, receiving samples.
-    for(;;) {
-        LED_A_ON();
-        WDT_HIT();
-        int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
-                                (DMA_BUFFER_SIZE-1);
-        if(behindBy > maxBehindBy) {
-            maxBehindBy = behindBy;
-            if(behindBy > 400) {
-                Dbprintf("blew circular buffer! behindBy=0x%x", behindBy);
-                goto done;
-            }
-        }
-        if(behindBy < 1) continue;
+       // Set up the demodulator for the reader -> tag commands
+       memset(&Uart, 0, sizeof(Uart));
+       Uart.output = receivedCmd;
+       Uart.byteCntMax = 32;                        // was 100 (greg)//////////////////
+       Uart.state = STATE_UNSYNCD;
 
 
-       LED_A_OFF();
-        smpl = upTo[0];
-        upTo++;
-        lastRxCounter -= 1;
-        if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
-            upTo -= DMA_BUFFER_SIZE;
-            lastRxCounter += DMA_BUFFER_SIZE;
-            AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
-            AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
-        }
+       // Setup for the DMA.
+       FpgaSetupSsc();
+       FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
 
 
-        samples += 4;
-        if(MillerDecoding((smpl & 0xF0) >> 4)) {
-            rsamples = samples - Uart.samples;
-            LED_C_ON();
-            if(triggered) {
-                trace[traceLen++] = ((rsamples >>  0) & 0xff);
-                trace[traceLen++] = ((rsamples >>  8) & 0xff);
-                trace[traceLen++] = ((rsamples >> 16) & 0xff);
-                trace[traceLen++] = ((rsamples >> 24) & 0xff);
-                trace[traceLen++] = ((Uart.parityBits >>  0) & 0xff);
-                trace[traceLen++] = ((Uart.parityBits >>  8) & 0xff);
-                trace[traceLen++] = ((Uart.parityBits >> 16) & 0xff);
-                trace[traceLen++] = ((Uart.parityBits >> 24) & 0xff);
-                trace[traceLen++] = Uart.byteCnt;
-                memcpy(trace+traceLen, receivedCmd, Uart.byteCnt);
-                traceLen += Uart.byteCnt;
-                if(traceLen > TRACE_SIZE) break;
-            }
-            /* And ready to receive another command. */
-            Uart.state = STATE_UNSYNCD;
-            /* And also reset the demod code, which might have been */
-            /* false-triggered by the commands from the reader. */
-            Demod.state = DEMOD_UNSYNCD;
-            LED_B_OFF();
-        }
+       // And put the FPGA in the appropriate mode
+       // Signal field is off with the appropriate LED
+       LED_D_OFF();
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
+       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 
 
-        if(ManchesterDecoding(smpl & 0x0F)) {
-            rsamples = samples - Demod.samples;
-            LED_B_ON();
-
-            // timestamp, as a count of samples
-            trace[traceLen++] = ((rsamples >>  0) & 0xff);
-            trace[traceLen++] = ((rsamples >>  8) & 0xff);
-            trace[traceLen++] = ((rsamples >> 16) & 0xff);
-            trace[traceLen++] = 0x80 | ((rsamples >> 24) & 0xff);
-            trace[traceLen++] = ((Demod.parityBits >>  0) & 0xff);
-            trace[traceLen++] = ((Demod.parityBits >>  8) & 0xff);
-            trace[traceLen++] = ((Demod.parityBits >> 16) & 0xff);
-            trace[traceLen++] = ((Demod.parityBits >> 24) & 0xff);
-            // length
-            trace[traceLen++] = Demod.len;
-            memcpy(trace+traceLen, receivedResponse, Demod.len);
-            traceLen += Demod.len;
-            if(traceLen > TRACE_SIZE) break;
-
-            triggered = TRUE;
-
-            // And ready to receive another response.
-            memset(&Demod, 0, sizeof(Demod));
-            Demod.output = receivedResponse;
-            Demod.state = DEMOD_UNSYNCD;
-            LED_C_OFF();
-        }
+       // Count of samples received so far, so that we can include timing
+       // information in the trace buffer.
+       rsamples = 0;
+       // And now we loop, receiving samples.
+       while(true) {
+               if(BUTTON_PRESS()) {
+                       DbpString("cancelled by button");
+                       goto done;
+               }
 
 
-        if(BUTTON_PRESS()) {
-            DbpString("cancelled_a");
-            goto done;
-        }
-    }
+               LED_A_ON();
+               WDT_HIT();
 
 
-    DbpString("COMMAND FINISHED");
+               int register readBufDataP = data - dmaBuf;
+               int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
+               if (readBufDataP <= dmaBufDataP){
+                       dataLen = dmaBufDataP - readBufDataP;
+               } else {
+                       dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP + 1;
+               }
+               // test for length of buffer
+               if(dataLen > maxDataLen) {
+                       maxDataLen = dataLen;
+                       if(dataLen > 400) {
+                               Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
+                               goto done;
+                       }
+               }
+               if(dataLen < 1) continue;
+
+               // primary buffer was stopped( <-- we lost data!
+               if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
+                       AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
+                       AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
+               }
+               // secondary buffer sets as primary, secondary buffer was stopped
+               if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
+                       AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
+                       AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
+               }
+
+               LED_A_OFF();
+               
+               rsamples += 4;
+               if(MillerDecoding((data[0] & 0xF0) >> 4)) {
+                       LED_C_ON();
+
+                       // check - if there is a short 7bit request from reader
+                       if ((!triggered) && (param & 0x02) && (Uart.byteCnt == 1) && (Uart.bitCnt = 9)) triggered = TRUE;
+
+                       if(triggered) {
+                               if (!LogTrace(receivedCmd, Uart.byteCnt, 0 - Uart.samples, Uart.parityBits, TRUE)) break;
+                       }
+                       /* And ready to receive another command. */
+                       Uart.state = STATE_UNSYNCD;
+                       /* And also reset the demod code, which might have been */
+                       /* false-triggered by the commands from the reader. */
+                       Demod.state = DEMOD_UNSYNCD;
+                       LED_B_OFF();
+               }
+
+               if(ManchesterDecoding(data[0] & 0x0F)) {
+                       LED_B_ON();
+
+                       if (!LogTrace(receivedResponse, Demod.len, 0 - Demod.samples, Demod.parityBits, FALSE)) break;
+
+                       if ((!triggered) && (param & 0x01)) triggered = TRUE;
+
+                       // And ready to receive another response.
+                       memset(&Demod, 0, sizeof(Demod));
+                       Demod.output = receivedResponse;
+                       Demod.state = DEMOD_UNSYNCD;
+                       LED_C_OFF();
+               }
+
+               data++;
+               if(data > dmaBuf + DMA_BUFFER_SIZE) {
+                       data = dmaBuf;
+               }
+       } // main cycle
+
+       DbpString("COMMAND FINISHED");
 
 done:
 
 done:
-    AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
-    Dbprintf("maxBehindBy=%x, Uart.state=%x, Uart.byteCnt=%x", maxBehindBy, Uart.state, Uart.byteCnt);
-    Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
-    LED_A_OFF();
-    LED_B_OFF();
-       LED_C_OFF();
-       LED_D_OFF();
+       AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
+       Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x", maxDataLen, Uart.state, Uart.byteCnt);
+       Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%08x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
+       LEDsoff();
 }
 
 //-----------------------------------------------------------------------------
 }
 
 //-----------------------------------------------------------------------------
@@ -968,8 +908,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd)
 {
   // Enable and clear the trace
        tracing = TRUE;
 {
   // Enable and clear the trace
        tracing = TRUE;
-       traceLen = 0;
-  memset(trace, 0x44, TRACE_SIZE);
+  iso14a_clear_trace();
 
        // This function contains the tag emulation
        uint8_t sak;
 
        // This function contains the tag emulation
        uint8_t sak;
@@ -1209,7 +1148,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd)
                        respsize = sizeof(response6);
                } else {
                        // Never seen this command before
                        respsize = sizeof(response6);
                } else {
                        // Never seen this command before
-                       Dbprintf("Received unknown command (len=%d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+                       Dbprintf("Received (len=%d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",
                        len,
                        receivedCmd[0], receivedCmd[1], receivedCmd[2],
                        receivedCmd[3], receivedCmd[4], receivedCmd[5],
                        len,
                        receivedCmd[0], receivedCmd[1], receivedCmd[2],
                        receivedCmd[3], receivedCmd[4], receivedCmd[5],
@@ -1242,16 +1181,6 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd)
                if(respLen > 0) {
                        EmSendCmd14443aRaw(resp, respLen, receivedCmd[0] == 0x52);
                }
                if(respLen > 0) {
                        EmSendCmd14443aRaw(resp, respLen, receivedCmd[0] == 0x52);
                }
-                       
-               // After sending the response, print out some debug data.
-               if (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) {
-                       Dbprintf("Authenticate request from reader: %02x %02x",receivedCmd[0],receivedCmd[1]);
-               } else if (receivedCmd[0] == 0xE0) {
-                       Dbprintf("RATS request from reader: %02x %02x",receivedCmd[0],receivedCmd[1]);
-               } else if (receivedCmd[0] == 0x30) {
-                       Dbprintf("READ request from reader: %02x %02x",receivedCmd[0],receivedCmd[1]);
-               }
-
                
                if (tracing) {
                        LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
                
                if (tracing) {
                        LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
@@ -1713,7 +1642,7 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u
        uint8_t sel_uid[]    = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
        uint8_t rats[]       = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0
 
        uint8_t sel_uid[]    = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
        uint8_t rats[]       = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0
 
-       uint8_t* resp = (((uint8_t *)BigBuf) + 3560);   // was 3560 - tied to other size changes
+       uint8_t* resp = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);     // was 3560 - tied to other size changes
 
        uint8_t sak = 0x04; // cascade uid
        int cascade_level = 0;
 
        uint8_t sak = 0x04; // cascade uid
        int cascade_level = 0;
@@ -1721,13 +1650,14 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u
        int len;
        
        // clear uid
        int len;
        
        // clear uid
-       memset(uid_ptr, 0, 8);
+       memset(uid_ptr, 0, 12);
 
        // Broadcast for a card, WUPA (0x52) will force response from all cards in the field
        ReaderTransmitShort(wupa);
        // Receive the ATQA
        if(!ReaderReceive(resp)) return 0;
 
        // Broadcast for a card, WUPA (0x52) will force response from all cards in the field
        ReaderTransmitShort(wupa);
        // Receive the ATQA
        if(!ReaderReceive(resp)) return 0;
-
+//  Dbprintf("atqa: %02x %02x",resp[0],resp[1]);
+  
        if(resp_data)
                memcpy(resp_data->atqa, resp, 2);
        
        if(resp_data)
                memcpy(resp_data->atqa, resp, 2);
        
@@ -1742,6 +1672,8 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u
                // SELECT_ALL
                ReaderTransmit(sel_all,sizeof(sel_all));
                if (!ReaderReceive(resp)) return 0;
                // SELECT_ALL
                ReaderTransmit(sel_all,sizeof(sel_all));
                if (!ReaderReceive(resp)) return 0;
+//    Dbprintf("uid: %02x %02x %02x %02x",resp[0],resp[1],resp[2],resp[3]);
+
                if(uid_ptr) memcpy(uid_ptr + cascade_level*4, resp, 4);
                
                // calculate crypto UID
                if(uid_ptr) memcpy(uid_ptr + cascade_level*4, resp, 4);
                
                // calculate crypto UID
@@ -1780,17 +1712,20 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u
                resp_data->ats_len = len;
        }
        
                resp_data->ats_len = len;
        }
        
+       // reset the PCB block number
+       iso14_pcb_blocknum = 0;
+       
        return 1;
 }
 
 void iso14443a_setup() {
        return 1;
 }
 
 void iso14443a_setup() {
-       // Setup SSC
-       FpgaSetupSsc();
+  // Set up the synchronous serial port
+  FpgaSetupSsc();
        // Start from off (no field generated)
        // Signal field is off with the appropriate LED
        LED_D_OFF();
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        // Start from off (no field generated)
        // Signal field is off with the appropriate LED
        LED_D_OFF();
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       SpinDelay(200);
+       SpinDelay(50);
 
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 
 
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 
@@ -1798,7 +1733,7 @@ void iso14443a_setup() {
        // Signal field is on with the appropriate LED
        LED_D_ON();
        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
        // Signal field is on with the appropriate LED
        LED_D_ON();
        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
-       SpinDelay(200);
+       SpinDelay(50);
 
        iso14a_timeout = 2048; //default
 }
 
        iso14a_timeout = 2048; //default
 }
@@ -1806,35 +1741,52 @@ void iso14443a_setup() {
 int iso14_apdu(uint8_t * cmd, size_t cmd_len, void * data) {
        uint8_t real_cmd[cmd_len+4];
        real_cmd[0] = 0x0a; //I-Block
 int iso14_apdu(uint8_t * cmd, size_t cmd_len, void * data) {
        uint8_t real_cmd[cmd_len+4];
        real_cmd[0] = 0x0a; //I-Block
+       // put block number into the PCB
+       real_cmd[0] |= iso14_pcb_blocknum;
        real_cmd[1] = 0x00; //CID: 0 //FIXME: allow multiple selected cards
        memcpy(real_cmd+2, cmd, cmd_len);
        AppendCrc14443a(real_cmd,cmd_len+2);
  
        ReaderTransmit(real_cmd, cmd_len+4);
        size_t len = ReaderReceive(data);
        real_cmd[1] = 0x00; //CID: 0 //FIXME: allow multiple selected cards
        memcpy(real_cmd+2, cmd, cmd_len);
        AppendCrc14443a(real_cmd,cmd_len+2);
  
        ReaderTransmit(real_cmd, cmd_len+4);
        size_t len = ReaderReceive(data);
-       if(!len)
-               return -1; //DATA LINK ERROR
-       
+       uint8_t * data_bytes = (uint8_t *) data;
+       if (!len)
+               return 0; //DATA LINK ERROR
+       // if we received an I- or R(ACK)-Block with a block number equal to the
+       // current block number, toggle the current block number
+       else if (len >= 4 // PCB+CID+CRC = 4 bytes
+                && ((data_bytes[0] & 0xC0) == 0 // I-Block
+                    || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
+                && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) // equal block numbers
+       {
+               iso14_pcb_blocknum ^= 1;
+       }
+
        return len;
 }
 
        return len;
 }
 
-
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
 //-----------------------------------------------------------------------------
-void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
+void ReaderIso14443a(UsbCommand * c)
 {
        iso14a_command_t param = c->arg[0];
        uint8_t * cmd = c->d.asBytes;
        size_t len = c->arg[1];
 {
        iso14a_command_t param = c->arg[0];
        uint8_t * cmd = c->d.asBytes;
        size_t len = c->arg[1];
+  uint32_t arg0;
+  byte_t buf[48];
+  
+  iso14a_clear_trace();
+  iso14a_set_tracing(true);
 
        if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(1);
 
        if(param & ISO14A_CONNECT) {
                iso14443a_setup();
 
        if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(1);
 
        if(param & ISO14A_CONNECT) {
                iso14443a_setup();
-               ack->arg[0] = iso14443a_select_card(ack->d.asBytes, (iso14a_card_select_t *) (ack->d.asBytes+12), NULL);
-               UsbSendPacket((void *)ack, sizeof(UsbCommand));
+               arg0 = iso14443a_select_card(buf, (iso14a_card_select_t *)(buf+12), NULL);
+               cmd_send(CMD_ACK,arg0,0,0,buf,48);
+//    UsbSendPacket((void *)ack, sizeof(UsbCommand));
        }
 
        if(param & ISO14A_SET_TIMEOUT) {
        }
 
        if(param & ISO14A_SET_TIMEOUT) {
@@ -1846,8 +1798,9 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
        }
 
        if(param & ISO14A_APDU) {
        }
 
        if(param & ISO14A_APDU) {
-               ack->arg[0] = iso14_apdu(cmd, len, ack->d.asBytes);
-               UsbSendPacket((void *)ack, sizeof(UsbCommand));
+               arg0 = iso14_apdu(cmd, len, buf);
+               cmd_send(CMD_ACK,arg0,0,0,buf,48);
+//             UsbSendPacket((void *)ack, sizeof(UsbCommand));
        }
 
        if(param & ISO14A_RAW) {
        }
 
        if(param & ISO14A_RAW) {
@@ -1856,8 +1809,9 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
                        len += 2;
                }
                ReaderTransmit(cmd,len);
                        len += 2;
                }
                ReaderTransmit(cmd,len);
-               ack->arg[0] = ReaderReceive(ack->d.asBytes);
-               UsbSendPacket((void *)ack, sizeof(UsbCommand));
+               arg0 = ReaderReceive(buf);
+//             UsbSendPacket((void *)ack, sizeof(UsbCommand));
+    cmd_send(CMD_ACK,arg0,0,0,buf,48);
        }
 
        if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(0);
        }
 
        if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(0);
@@ -1868,6 +1822,7 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        LEDsoff();
 }
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        LEDsoff();
 }
+
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
@@ -1878,7 +1833,7 @@ void ReaderMifare(uint32_t parameter)
        uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
        uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 
        uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
        uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 
-       uint8_t* receivedAnswer = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
+       uint8_t* receivedAnswer = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);   // was 3560 - tied to other size changes
        traceLen = 0;
        tracing = false;
 
        traceLen = 0;
        tracing = false;
 
@@ -1907,11 +1862,12 @@ void ReaderMifare(uint32_t parameter)
 
        while(TRUE)
        {
 
        while(TRUE)
        {
-               LED_C_ON();
+               LED_C_OFF();
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-               SpinDelay(200);
+               SpinDelay(50);
                FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
                FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
-               LED_C_OFF();
+               LED_C_ON();
+               SpinDelay(2);
 
                // Test if the action was cancelled
                if(BUTTON_PRESS()) {
 
                // Test if the action was cancelled
                if(BUTTON_PRESS()) {
@@ -1935,7 +1891,7 @@ void ReaderMifare(uint32_t parameter)
                {
                        if ( (parameter != 0) && (memcmp(nt, nt_noattack, 4) == 0) ) continue;
 
                {
                        if ( (parameter != 0) && (memcmp(nt, nt_noattack, 4) == 0) ) continue;
 
-                       isNULL = (nt_attacked[0] == 0) && (nt_attacked[1] == 0) && (nt_attacked[2] == 0) && (nt_attacked[3] == 0);
+                       isNULL = !(nt_attacked[0] == 0) && (nt_attacked[1] == 0) && (nt_attacked[2] == 0) && (nt_attacked[3] == 0);
                        if ( (isNULL != 0 ) && (memcmp(nt, nt_attacked, 4) != 0) ) continue;
 
                        if (nt_diff == 0)
                        if ( (isNULL != 0 ) && (memcmp(nt, nt_attacked, 4) != 0) ) continue;
 
                        if (nt_diff == 0)
@@ -1974,14 +1930,16 @@ void ReaderMifare(uint32_t parameter)
        LogTrace(par_list, 8, 0, GetParity(par_list, 8), TRUE);
        LogTrace(ks_list, 8, 0, GetParity(ks_list, 8), TRUE);
 
        LogTrace(par_list, 8, 0, GetParity(par_list, 8), TRUE);
        LogTrace(ks_list, 8, 0, GetParity(ks_list, 8), TRUE);
 
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
-       memcpy(ack.d.asBytes + 0,  uid, 4);
-       memcpy(ack.d.asBytes + 4,  nt, 4);
-       memcpy(ack.d.asBytes + 8,  par_list, 8);
-       memcpy(ack.d.asBytes + 16, ks_list, 8);
+  byte_t buf[48];
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
+       memcpy(buf + 0,  uid, 4);
+       memcpy(buf + 4,  nt, 4);
+       memcpy(buf + 8,  par_list, 8);
+       memcpy(buf + 16, ks_list, 8);
                
        LED_B_ON();
                
        LED_B_ON();
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
+  cmd_send(CMD_ACK,isOK,0,0,buf,48);
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
        LED_B_OFF();    
 
        // Thats it...
        LED_B_OFF();    
 
        // Thats it...
@@ -2412,9 +2370,7 @@ lbWORK:   if (len == 0) break;
                                cardSTATE = MFEMUL_WORK;
                                break;
                        }
                                cardSTATE = MFEMUL_WORK;
                                break;
                        }
-               
                }
                }
-       
        }
 
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        }
 
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@@ -2426,3 +2382,149 @@ lbWORK: if (len == 0) break;
 
        if (MF_DBGLEVEL >= 1)   Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ",    tracing, traceLen);
 }
 
        if (MF_DBGLEVEL >= 1)   Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ",    tracing, traceLen);
 }
+
+//-----------------------------------------------------------------------------
+// MIFARE sniffer. 
+// 
+//-----------------------------------------------------------------------------
+void RAMFUNC SniffMifare(uint8_t param) {
+       // param:
+       // bit 0 - trigger from first card answer
+       // bit 1 - trigger from first reader 7-bit request
+
+       // C(red) A(yellow) B(green)
+       LEDsoff();
+       // init trace buffer
+    iso14a_clear_trace();
+
+       // The command (reader -> tag) that we're receiving.
+       // The length of a received command will in most cases be no more than 18 bytes.
+       // So 32 should be enough!
+       uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
+       // The response (tag -> reader) that we're receiving.
+       uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
+
+       // As we receive stuff, we copy it from receivedCmd or receivedResponse
+       // into trace, along with its length and other annotations.
+       //uint8_t *trace = (uint8_t *)BigBuf;
+       
+       // The DMA buffer, used to stream samples from the FPGA
+       int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
+       int8_t *data = dmaBuf;
+       int maxDataLen = 0;
+       int dataLen = 0;
+
+       // Set up the demodulator for tag -> reader responses.
+       Demod.output = receivedResponse;
+       Demod.len = 0;
+       Demod.state = DEMOD_UNSYNCD;
+
+       // Set up the demodulator for the reader -> tag commands
+       memset(&Uart, 0, sizeof(Uart));
+       Uart.output = receivedCmd;
+       Uart.byteCntMax = 32; // was 100 (greg)//////////////////
+       Uart.state = STATE_UNSYNCD;
+
+       // Setup for the DMA.
+       FpgaSetupSsc();
+       FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
+
+       // And put the FPGA in the appropriate mode
+       // Signal field is off with the appropriate LED
+       LED_D_OFF();
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
+       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+       
+       // init sniffer
+       MfSniffInit();
+       int sniffCounter = 0;
+
+       // And now we loop, receiving samples.
+       while(true) {
+               if(BUTTON_PRESS()) {
+                       DbpString("cancelled by button");
+                       goto done;
+               }
+
+               LED_A_ON();
+               WDT_HIT();
+               
+               if (++sniffCounter > 65) {
+                       if (MfSniffSend(2000)) {
+                               FpgaEnableSscDma();
+                       }
+                       sniffCounter = 0;
+               }
+
+               int register readBufDataP = data - dmaBuf;
+               int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
+               if (readBufDataP <= dmaBufDataP){
+                       dataLen = dmaBufDataP - readBufDataP;
+               } else {
+                       dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP + 1;
+               }
+               // test for length of buffer
+               if(dataLen > maxDataLen) {
+                       maxDataLen = dataLen;
+                       if(dataLen > 400) {
+                               Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
+                               goto done;
+                       }
+               }
+               if(dataLen < 1) continue;
+
+               // primary buffer was stopped( <-- we lost data!
+               if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
+                       AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
+                       AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
+                       Dbprintf("RxEmpty ERROR!!! data length:%d", dataLen); // temporary
+               }
+               // secondary buffer sets as primary, secondary buffer was stopped
+               if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
+                       AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
+                       AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
+               }
+
+               LED_A_OFF();
+               
+               if(MillerDecoding((data[0] & 0xF0) >> 4)) {
+                       LED_C_INV();
+                       // check - if there is a short 7bit request from reader
+                       if (MfSniffLogic(receivedCmd, Uart.byteCnt, Uart.parityBits, Uart.bitCnt, TRUE)) break;
+
+                       /* And ready to receive another command. */
+                       Uart.state = STATE_UNSYNCD;
+                       
+                       /* And also reset the demod code */
+                       Demod.state = DEMOD_UNSYNCD;
+               }
+
+               if(ManchesterDecoding(data[0] & 0x0F)) {
+                       LED_C_INV();
+
+                       if (MfSniffLogic(receivedResponse, Demod.len, Demod.parityBits, Demod.bitCount, FALSE)) break;
+
+                       // And ready to receive another response.
+                       memset(&Demod, 0, sizeof(Demod));
+                       Demod.output = receivedResponse;
+                       Demod.state = DEMOD_UNSYNCD;
+
+                       /* And also reset the uart code */
+                       Uart.state = STATE_UNSYNCD;
+               }
+
+               data++;
+               if(data > dmaBuf + DMA_BUFFER_SIZE) {
+                       data = dmaBuf;
+               }
+       } // main cycle
+
+       DbpString("COMMAND FINISHED");
+
+done:
+       FpgaDisableSscDma();
+       MfSniffEnd();
+       
+       Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x Uart.byteCntMax=%x", maxDataLen, Uart.state, Uart.byteCnt, Uart.byteCntMax);
+       LEDsoff();
+}
\ No newline at end of file
Impressum, Datenschutz