// LEGIC RF simulation code
//-----------------------------------------------------------------------------
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
#include "apps.h"
#include "util.h"
#include "string.h"
#include "legicrf.h"
-#include "../include/legic_prng.h"
-#include "../common/crc.h"
+#include "legic_prng.h"
+#include "crc.h"
static struct legic_frame {
int bits;
}
/* Write Time Data into LOG */
+ uint8_t *BigBuf = BigBuf_get_addr();
if(count == 6) { i = -1; } else { i = legic_read_count; }
- ((uint8_t*)BigBuf)[OFFSET_LOG+128+i] = legic_prng_count();
- ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4] = (legic_prng_bc >> 0) & 0xff;
- ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+1] = (legic_prng_bc >> 8) & 0xff;
- ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+2] = (legic_prng_bc >>16) & 0xff;
- ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+3] = (legic_prng_bc >>24) & 0xff;
- ((uint8_t*)BigBuf)[OFFSET_LOG+384+i] = count;
+ BigBuf[OFFSET_LOG+128+i] = legic_prng_count();
+ BigBuf[OFFSET_LOG+256+i*4] = (legic_prng_bc >> 0) & 0xff;
+ BigBuf[OFFSET_LOG+256+i*4+1] = (legic_prng_bc >> 8) & 0xff;
+ BigBuf[OFFSET_LOG+256+i*4+2] = (legic_prng_bc >>16) & 0xff;
+ BigBuf[OFFSET_LOG+256+i*4+3] = (legic_prng_bc >>24) & 0xff;
+ BigBuf[OFFSET_LOG+384+i] = count;
/* Generate KeyStream */
for(i=0; i<count; i++) {
LegicCommonInit();
+ uint8_t *BigBuf = BigBuf_get_addr();
memset(BigBuf, 0, 1024);
DbpString("setting up legic card");
LED_C_OFF();
return -1;
}
- ((uint8_t*)BigBuf)[byte_index] = r;
+ BigBuf[byte_index] = r;
WDT_HIT();
byte_index++;
if(byte_index & 0x10) LED_C_ON(); else LED_C_OFF();
void LegicRfWriter(int bytes, int offset) {
int byte_index=0, addr_sz=0;
-
+ uint8_t *BigBuf = BigBuf_get_addr();
+
LegicCommonInit();
DbpString("setting up legic card");
perform_setup_phase_rwd(SESSION_IV);
legic_prng_forward(2);
while(byte_index < bytes) {
- int r = legic_write_byte(((uint8_t*)BigBuf)[byte_index+offset], byte_index+offset, addr_sz);
+ int r = legic_write_byte(BigBuf[byte_index+offset], byte_index+offset, addr_sz);
if((r != 0) || BUTTON_PRESS()) {
Dbprintf("operation aborted @ 0x%03.3x", byte_index);
switch_off_tag_rwd();
/* Handle (whether to respond) a frame in tag mode */
static void frame_handle_tag(struct legic_frame const * const f)
{
+ uint8_t *BigBuf = BigBuf_get_addr();
+
/* First Part of Handshake (IV) */
if(f->bits == 7) {
if(f->data == SESSION_IV) {
if(legic_state == STATE_CON) {
int key = get_key_stream(-1, 11); //legic_phase_drift, 11);
int addr = f->data ^ key; addr = addr >> 1;
- int data = ((uint8_t*)BigBuf)[addr];
+ int data = BigBuf[addr];
int hash = LegicCRC(addr, data, 11) << 8;
- ((uint8_t*)BigBuf)[OFFSET_LOG+legic_read_count] = (uint8_t)addr;
+ BigBuf[OFFSET_LOG+legic_read_count] = (uint8_t)addr;
legic_read_count++;
//Dbprintf("Data:%03.3x, key:%03.3x, addr: %03.3x, read_c:%u", f->data, key, addr, read_c);
int i;
Dbprintf("IV: %03.3x", legic_prng_iv);
for(i = 0; i<legic_read_count; i++) {
- Dbprintf("Read Nb: %u, Addr: %u", i, ((uint8_t*)BigBuf)[OFFSET_LOG+i]);
+ Dbprintf("Read Nb: %u, Addr: %u", i, BigBuf[OFFSET_LOG+i]);
}
for(i = -1; i<legic_read_count; i++) {
uint32_t t;
- t = ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4];
- t |= ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+1] << 8;
- t |= ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+2] <<16;
- t |= ((uint8_t*)BigBuf)[OFFSET_LOG+256+i*4+3] <<24;
+ t = BigBuf[OFFSET_LOG+256+i*4];
+ t |= BigBuf[OFFSET_LOG+256+i*4+1] << 8;
+ t |= BigBuf[OFFSET_LOG+256+i*4+2] <<16;
+ t |= BigBuf[OFFSET_LOG+256+i*4+3] <<24;
Dbprintf("Cycles: %u, Frame Length: %u, Time: %u",
- ((uint8_t*)BigBuf)[OFFSET_LOG+128+i],
- ((uint8_t*)BigBuf)[OFFSET_LOG+384+i],
+ BigBuf[OFFSET_LOG+128+i],
+ BigBuf[OFFSET_LOG+384+i],
t);
}
}
LED_B_ON();
DbpString("Starting Legic emulator, press button to end");
- while(!BUTTON_PRESS()) {
+ while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
int level = !!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
int time = timer->TC_CV;