#include <proxmark3.h>\r
#include "apps.h"\r
#include "hitag2.h"\r
-#include "../common/crc16.c"\r
+#include "crc16.h"\r
\r
void AcquireRawAdcSamples125k(BOOL at134khz)\r
{\r
- if(at134khz) {\r
+ if (at134khz)\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- } else {\r
+ else\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- }\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
\r
// Connect the A/D to the peak-detected low-frequency path.\r
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);\r
FpgaSetupSsc();\r
\r
// Now call the acquisition routine\r
- DoAcquisition125k(at134khz);\r
+ DoAcquisition125k();\r
}\r
\r
// split into two routines so we can avoid timing issues after sending commands //\r
-void DoAcquisition125k(BOOL at134khz)\r
+void DoAcquisition125k(void)\r
{\r
BYTE *dest = (BYTE *)BigBuf;\r
int n = sizeof(BigBuf);\r
int i;\r
-\r
- memset(dest,0,n);\r
+ \r
+ memset(dest, 0, n);\r
i = 0;\r
for(;;) {\r
- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {\r
AT91C_BASE_SSC->SSC_THR = 0x43;\r
LED_D_ON();\r
}\r
- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {\r
dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR;\r
i++;\r
LED_D_OFF();\r
- if(i >= n) {\r
- break;\r
- }\r
+ if (i >= n) break;\r
}\r
}\r
- DbpIntegers(dest[0], dest[1], at134khz);\r
+ Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...",\r
+ dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]);\r
}\r
\r
-void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command)\r
+void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, BYTE *command)\r
{\r
BOOL at134khz;\r
\r
SpinDelay(2500);\r
\r
// see if 'h' was specified\r
- if(command[strlen((char *) command) - 1] == 'h')\r
- at134khz= TRUE;\r
+ if (command[strlen((char *) command) - 1] == 'h')\r
+ at134khz = TRUE;\r
else\r
- at134khz= FALSE;\r
+ at134khz = FALSE;\r
\r
- if(at134khz) {\r
+ if (at134khz)\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- } else {\r
+ else\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- }\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
\r
// Give it a bit of time for the resonant antenna to settle.\r
SpinDelay(50);\r
FpgaSetupSsc();\r
\r
// now modulate the reader field\r
- while(*command != '\0' && *command != ' ')\r
- {\r
+ while(*command != '\0' && *command != ' ') {\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LED_D_OFF();\r
SpinDelayUs(delay_off);\r
- if(at134khz) {\r
+ if (at134khz)\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- } else {\r
+ else\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- }\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
LED_D_ON();\r
- if(*(command++) == '0') {\r
+ if(*(command++) == '0')\r
SpinDelayUs(period_0);\r
- } else {\r
+ else\r
SpinDelayUs(period_1);\r
- }\r
- }\r
+ }\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LED_D_OFF();\r
SpinDelayUs(delay_off);\r
- if(at134khz) {\r
+ if (at134khz)\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- } else {\r
+ else\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
- }\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);\r
\r
// now do the read\r
- DoAcquisition125k(at134khz);\r
+ DoAcquisition125k();\r
}\r
\r
/* blank r/w tag data stream\r
\r
[5555fe852c5555555555555555fe0000]\r
*/\r
-void ReadTItag()\r
+void ReadTItag(void)\r
{\r
// some hardcoded initial params\r
// when we read a TI tag we sample the zerocross line at 2Mhz\r
crc = update_crc16(crc, (shift1>>16)&0xff);\r
crc = update_crc16(crc, (shift1>>24)&0xff);\r
\r
- DbpString("Info: Tag data_hi, data_lo, crc = ");\r
- DbpIntegers(shift1, shift0, shift2&0xffff);\r
+ Dbprintf("Info: Tag data: %x%08x, crc=%x",\r
+ (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF);\r
if (crc != (shift2&0xffff)) {\r
- DbpString("Error: CRC mismatch, expected");\r
- DbpIntegers(0, 0, crc);\r
+ Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc);\r
} else {\r
DbpString("Info: CRC is good");\r
}\r
\r
// steal this pin from the SSP and use it to control the modulation\r
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;\r
- AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;\r
+ AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;\r
\r
AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;\r
AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;\r
n = TIBUFLEN*32;\r
// unpack buffer\r
for (i=TIBUFLEN-1; i>=0; i--) {\r
-// DbpIntegers(0, 0, BigBuf[i]);\r
for (j=0; j<32; j++) {\r
if(BigBuf[i] & (1 << j)) {\r
dest[--n] = 1;\r
// if not provided a valid crc will be computed from the data and written.\r
void WriteTItag(DWORD idhi, DWORD idlo, WORD crc)\r
{\r
-\r
- // WARNING the order of the bytes in which we calc crc below needs checking\r
- // i'm 99% sure the crc algorithm is correct, but it may need to eat the\r
- // bytes in reverse or something\r
-\r
if(crc == 0) {\r
crc = update_crc16(crc, (idlo)&0xff);\r
crc = update_crc16(crc, (idlo>>8)&0xff);\r
crc = update_crc16(crc, (idhi>>16)&0xff);\r
crc = update_crc16(crc, (idhi>>24)&0xff);\r
}\r
- DbpString("Writing the following data to tag:");\r
- DbpIntegers(idhi, idlo, crc);\r
+ Dbprintf("Writing to tag: %x%08x, crc=%x",\r
+ (unsigned int) idhi, (unsigned int) idlo, crc);\r
\r
// TI tags charge at 134.2Khz\r
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz\r
\r
// steal this pin from the SSP and use it to control the modulation\r
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;\r
- AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;\r
+ AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;\r
\r
// writing algorithm:\r
// a high bit consists of a field off for 1ms and field on for 1ms\r
DbpString("Now use tiread to check");\r
}\r
\r
-void SimulateTagLowFrequency(int period, int ledcontrol)\r
+void SimulateTagLowFrequency(int period, int gap, int ledcontrol)\r
{\r
int i;\r
BYTE *tab = (BYTE *)BigBuf;\r
}\r
\r
i++;\r
- if(i == period) i = 0;\r
+ if(i == period) {\r
+ i = 0;\r
+ if (gap) { \r
+ SHORT_COIL();\r
+ SpinDelayUs(gap);\r
+ }\r
+ }\r
}\r
}\r
\r
\r
if (ledcontrol)\r
LED_A_ON();\r
- SimulateTagLowFrequency(n, ledcontrol);\r
+ SimulateTagLowFrequency(n, 0, ledcontrol);\r
\r
if (ledcontrol)\r
LED_A_OFF();\r
found=1;\r
idx+=6;\r
if (found && (hi|lo)) {\r
- DbpString("TAG ID");\r
- DbpIntegers(hi, lo, (lo>>1)&0xffff);\r
+ Dbprintf("TAG ID: %x%08x (%d)",\r
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);\r
/* if we're only looking for one tag */\r
if (findone)\r
{\r
found=1;\r
idx+=6;\r
if (found && (hi|lo)) {\r
- DbpString("TAG ID");\r
- DbpIntegers(hi, lo, (lo>>1)&0xffff);\r
+ Dbprintf("TAG ID: %x%08x (%d)",\r
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);\r
/* if we're only looking for one tag */\r
if (findone)\r
{\r