#include "legicrf.h"
static struct legic_frame {
- int bits;
+ uint8_t bits;
uint32_t data;
} current_frame;
#define RWD_TIME_1 120 // READER_TIME_PAUSE 20us off, 80us on = 100us 80 * 1.5 == 120ticks
#define RWD_TIME_0 60 // READER_TIME_PAUSE 20us off, 40us on = 60us 40 * 1.5 == 60ticks
#define RWD_TIME_PAUSE 30 // 20us == 20 * 1.5 == 30ticks */
-#define TAG_BIT_PERIOD 150 // 100us == 100 * 1.5 == 150ticks
+#define TAG_BIT_PERIOD 143 // 100us == 100 * 1.5 == 150ticks
#define TAG_FRAME_WAIT 495 // 330us from READER frame end to TAG frame start. 330 * 1.5 == 495
#define RWD_TIME_FUZZ 20 // rather generous 13us, since the peak detector + hysteresis fuzz quite a bit
uint8_t i = bits, edges = 0;
uint16_t lsfr = 0;
- uint32_t the_bit = 1, next_bit_at = 0, data;
+ uint32_t the_bit = 1, next_bit_at = 0, data = 0;
int old_level = 0, level = 0;
// calibrate the prng.
legic_prng_forward(2);
-
- // precompute the cipher
uint8_t prngstart = legic_prng_count() ;
-
data = lsfr = legic_prng_get_bits(bits);
//FIXED time between sending frame and now listening frame. 330us
// 387 = 0x19 0001 1001
- // 480 = 0x19
- // 500 = 0x1C 0001 1100
uint32_t starttime = GET_TICKS;
//uint16_t mywait = TAG_FRAME_WAIT - (starttime - sendFrameStop);
//uint16_t mywait = 495 - (starttime - sendFrameStop);
if ( bits == 6) {
- //Dbprintf("6 WAIT %d", 495 - 9 - 9 );
- WaitTicks( 495 - 9 - 9 );
+ //WaitTicks( 495 - 9 - 9 );
+ WaitTicks( 475 );
} else {
//Dbprintf("x WAIT %d", mywait );
//WaitTicks( mywait );
while ( i-- ){
edges = 0;
- uint8_t adjust = 0;
while ( GET_TICKS < next_bit_at) {
level = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
++edges;
old_level = level;
-
- if(edges > 20 && adjust == 0) {
- next_bit_at -= 15;
- adjust = 1;
- }
}
next_bit_at += TAG_BIT_PERIOD;
uint8_t cmdbytes[] = {
bits,
- BYTEx(data,0),
- BYTEx(data,1),
- BYTEx(data, 0) ^ BYTEx(lsfr,0),
- BYTEx(data, 1) ^ BYTEx(lsfr,1),
+ BYTEx(data, 0),
+ BYTEx(data, 1),
+ BYTEx(data, 0) ^ BYTEx(lsfr, 0),
+ BYTEx(data, 1) ^ BYTEx(lsfr, 1),
prngstart,
legic_prng_count()
};
// Switch on carrier and let the tag charge for 1ms
HIGH(GPIO_SSC_DOUT);
- WaitUS(100);
+ WaitUS(1000);
ResetTicks();
frame_receiveAsReader(¤t_frame, 6);
- // fixed delay before sending ack.
- WaitTicks(366); // 244us
- legic_prng_forward(1); //240us / 100 == 2.4 iterations
+ // 292us (438t) - fixed delay before sending ack.
+ // minus log and stuff 100tick?
+ WaitTicks(338);
+ legic_prng_forward(3);
// Send obsfuscated acknowledgment frame.
// 0x19 = 0x18 MIM22, 0x01 LSB READCMD
case 0x3D: frame_sendAsReader(0x39, 6); break;
default: break;
}
+
+ legic_prng_forward(2);
return current_frame.data;
}
int legic_read_byte(int byte_index, int cmd_sz) {
- uint8_t byte = 0, crc = 0, calcCrc = 0;
+ uint8_t byte = 0; //, crc = 0, calcCrc = 0;
uint32_t cmd = (byte_index << 1) | LEGIC_READ;
// (us)| ticks
// -------------
// 330 | 495
- // 460 | 690
- // 258 | 387
// 244 | 366
- WaitTicks(495);
- legic_prng_forward(3); // 460 / 100 = 4.6 iterations
+ WaitTicks(366);
frame_sendAsReader(cmd, cmd_sz);
frame_receiveAsReader(¤t_frame, 12);
byte = BYTEx(current_frame.data, 0);
- calcCrc = legic4Crc(LEGIC_READ, byte_index, byte, cmd_sz);
- crc = BYTEx(current_frame.data, 1);
- if( calcCrc != crc ) {
- Dbprintf("!!! crc mismatch: expected %x but got %x !!!", calcCrc, crc);
- return -1;
- }
+ // calcCrc = legic4Crc(LEGIC_READ, byte_index, byte, cmd_sz);
+ // crc = BYTEx(current_frame.data, 1);
+
+ // if( calcCrc != crc ) {
+ // Dbprintf("!!! crc mismatch: expected %x but got %x !!!", calcCrc, crc);
+ // return -1;
+ // }
+
+ legic_prng_forward(4);
+ WaitTicks(40);
return byte;
}
int LegicRfReader(int offset, int bytes, int iv) {
uint16_t byte_index = 0;
- uint8_t cmd_sz = 0, isOK = 1;
- int card_sz = 0;
-
+ uint8_t isOK = 1;
+ legic_card_select_t card;
+
LegicCommonInit();
-
- uint32_t tag_type = setup_phase_reader(iv);
+ if ( legic_select_card(&card) ) {
+ isOK = 0;
+ goto OUT;
+ }
+
switch_off_tag_rwd();
- switch(tag_type) {
- case 0x0d:
- if ( MF_DBGLEVEL >= 2) DbpString("MIM22 card found, reading card");
- cmd_sz = 6;
- card_sz = 22;
- break;
- case 0x1d:
- if ( MF_DBGLEVEL >= 2) DbpString("MIM256 card found, reading card");
- cmd_sz = 9;
- card_sz = 256;
- break;
- case 0x3d:
- if ( MF_DBGLEVEL >= 2) DbpString("MIM1024 card found, reading card");
- cmd_sz = 11;
- card_sz = 1024;
- break;
- default:
- if ( MF_DBGLEVEL >= 1) Dbprintf("Unknown card format: %x", tag_type);
- isOK = 0;
- goto OUT;
- break;
- }
if (bytes == -1)
- bytes = card_sz;
+ bytes = card.cardsize;
- if (bytes + offset >= card_sz)
- bytes = card_sz - offset;
+ if (bytes + offset >= card.cardsize)
+ bytes = card.cardsize - offset;
// Start setup and read bytes.
setup_phase_reader(iv);
-
+
LED_B_ON();
while (byte_index < bytes) {
- int r = legic_read_byte(byte_index + offset, cmd_sz);
+ int r = legic_read_byte(byte_index + offset, card.cmdsize);
if (r == -1 || BUTTON_PRESS()) {
if ( MF_DBGLEVEL >= 3) DbpString("operation aborted");
isOK = 0;
goto OUT;
}
- cardmem[++byte_index] = r;
+ cardmem[byte_index++] = r;
WDT_HIT();
}
if ( MF_DBGLEVEL >= 1) DbpString("write successful");
}
-void LegicRfInfo(void){
+int legic_select_card(legic_card_select_t *p_card){
- LegicCommonInit();
- uint32_t tag_type = setup_phase_reader(0x55);
- uint8_t cmd_sz = 0;
- uint16_t card_sz = 0;
+ if ( p_card == NULL ) return 1;
- switch(tag_type) {
+ p_card->tagtype = setup_phase_reader(0x1);
+
+ switch(p_card->tagtype) {
case 0x0d:
- cmd_sz = 6;
- card_sz = 22;
+ p_card->cmdsize = 6;
+ p_card->cardsize = 22;
break;
case 0x1d:
- cmd_sz = 9;
- card_sz = 256;
+ p_card->cmdsize = 9;
+ p_card->cardsize = 256;
break;
case 0x3d:
- cmd_sz = 11;
- card_sz = 1024;
+ p_card->cmdsize = 11;
+ p_card->cardsize = 1024;
break;
default:
- cmd_send(CMD_ACK,0,0,0,0,0);
- goto OUT;
+ p_card->cmdsize = 0;
+ p_card->cardsize = 0;
+ return 2;
+ break;
+ }
+ return 0;
+}
+
+void LegicRfInfo(void){
+
+ uint8_t buf[sizeof(legic_card_select_t)] = {0x00};
+ legic_card_select_t *card = (legic_card_select_t*) buf;
+
+ LegicCommonInit();
+
+ if ( legic_select_card(card) ) {
+ cmd_send(CMD_ACK,0,0,0,0,0);
+ goto OUT;
}
// read UID bytes.
- uint8_t uid[] = {0,0,0,0};
- for ( uint8_t i = 0; i < sizeof(uid); ++i) {
- int r = legic_read_byte(i, cmd_sz);
+ for ( uint8_t i = 0; i < sizeof(card->uid); ++i) {
+ int r = legic_read_byte(i, card->cmdsize);
if ( r == -1 ) {
cmd_send(CMD_ACK,0,0,0,0,0);
goto OUT;
}
- uid[i] = r & 0xFF;
+ card->uid[i] = r & 0xFF;
}
- cmd_send(CMD_ACK,1,card_sz,0,uid,sizeof(uid));
-OUT:
+ cmd_send(CMD_ACK, 1 ,0 , 0, buf, sizeof(legic_card_select_t));
+
+OUT:
switch_off_tag_rwd();
LEDsoff();
-
}
/* Handle (whether to respond) a frame in tag mode
projects / proxmark3-svn / blobdiff