-/*------------------------------
- * T5555/T5557/T5567 routines
- *------------------------------
- */
-
-/* T55x7 configuration register definitions */
-#define T55x7_POR_DELAY 0x00000001
-#define T55x7_ST_TERMINATOR 0x00000008
-#define T55x7_PWD 0x00000010
-#define T55x7_MAXBLOCK_SHIFT 5
-#define T55x7_AOR 0x00000200
-#define T55x7_PSKCF_RF_2 0
-#define T55x7_PSKCF_RF_4 0x00000400
-#define T55x7_PSKCF_RF_8 0x00000800
-#define T55x7_MODULATION_DIRECT 0
-#define T55x7_MODULATION_PSK1 0x00001000
-#define T55x7_MODULATION_PSK2 0x00002000
-#define T55x7_MODULATION_PSK3 0x00003000
-#define T55x7_MODULATION_FSK1 0x00004000
-#define T55x7_MODULATION_FSK2 0x00005000
-#define T55x7_MODULATION_FSK1a 0x00006000
-#define T55x7_MODULATION_FSK2a 0x00007000
-#define T55x7_MODULATION_MANCHESTER 0x00008000
-#define T55x7_MODULATION_BIPHASE 0x00010000
-#define T55x7_BITRATE_RF_8 0
-#define T55x7_BITRATE_RF_16 0x00040000
-#define T55x7_BITRATE_RF_32 0x00080000
-#define T55x7_BITRATE_RF_40 0x000C0000
-#define T55x7_BITRATE_RF_50 0x00100000
-#define T55x7_BITRATE_RF_64 0x00140000
-#define T55x7_BITRATE_RF_100 0x00180000
-#define T55x7_BITRATE_RF_128 0x001C0000
-
-/* T5555 (Q5) configuration register definitions */
-#define T5555_ST_TERMINATOR 0x00000001
-#define T5555_MAXBLOCK_SHIFT 0x00000001
-#define T5555_MODULATION_MANCHESTER 0
-#define T5555_MODULATION_PSK1 0x00000010
-#define T5555_MODULATION_PSK2 0x00000020
-#define T5555_MODULATION_PSK3 0x00000030
-#define T5555_MODULATION_FSK1 0x00000040
-#define T5555_MODULATION_FSK2 0x00000050
-#define T5555_MODULATION_BIPHASE 0x00000060
-#define T5555_MODULATION_DIRECT 0x00000070
-#define T5555_INVERT_OUTPUT 0x00000080
-#define T5555_PSK_RF_2 0
-#define T5555_PSK_RF_4 0x00000100
-#define T5555_PSK_RF_8 0x00000200
-#define T5555_USE_PWD 0x00000400
-#define T5555_USE_AOR 0x00000800
-#define T5555_BITRATE_SHIFT 12
-#define T5555_FAST_WRITE 0x00004000
-#define T5555_PAGE_SELECT 0x00008000
-
-/*
- * Relevant times in microsecond
- * To compensate antenna falling times shorten the write times
- * and enlarge the gap ones.
- */
-#define START_GAP 30*8 // 10 - 50fc 250
-#define WRITE_GAP 20*8 // 8 - 30fc
-#define WRITE_0 24*8 // 16 - 31fc 24fc 192
-#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
-
+void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
+{
+ uint8_t *dest = BigBuf_get_addr();
+ int idx=0;
+ uint32_t code=0, code2=0;
+ uint8_t version=0;
+ uint8_t facilitycode=0;
+ uint16_t number=0;
+ uint8_t crc = 0;
+ uint16_t calccrc = 0;
+
+ //clear read buffer
+ BigBuf_Clear_keep_EM();
+
+// Configure to go in 125Khz listen mode
+ LFSetupFPGAForADC(95, true);
+
+ while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
+ WDT_HIT();
+ if (ledcontrol) LED_A_ON();
+ DoAcquisition_default(-1,true);
+ //fskdemod and get start index
+ WDT_HIT();
+ idx = IOdemodFSK(dest, BigBuf_max_traceLen());
+ if (idx<0) continue;
+ //valid tag found
+
+ //Index map
+ //0 10 20 30 40 50 60
+ //| | | | | | |
+ //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
+ //-----------------------------------------------------------------------------
+ //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 checksum 11
+ //
+ //Checksum:
+ //00000000 0 11110000 1 11100000 1 00000001 1 00000011 1 10110110 1 01110101 11
+ //preamble F0 E0 01 03 B6 75
+ // How to calc checksum,
+ // http://www.proxmark.org/forum/viewtopic.php?id=364&p=6
+ // F0 + E0 + 01 + 03 + B6 = 28A
+ // 28A & FF = 8A
+ // FF - 8A = 75
+ // Checksum: 0x75
+ //XSF(version)facility:codeone+codetwo
+ //Handle the data
+ if(findone){ //only print binary if we are doing one
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]);
+ Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]);
+ }
+ code = bytebits_to_byte(dest+idx,32);
+ code2 = bytebits_to_byte(dest+idx+32,32);
+ version = bytebits_to_byte(dest+idx+27,8); //14,4
+ facilitycode = bytebits_to_byte(dest+idx+18,8);
+ number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
+
+ crc = bytebits_to_byte(dest+idx+54,8);
+ for (uint8_t i=1; i<6; ++i)
+ calccrc += bytebits_to_byte(dest+idx+9*i,8);
+ calccrc &= 0xff;
+ calccrc = 0xff - calccrc;
+
+ char *crcStr = (crc == calccrc) ? "ok":"!crc";
+
+ Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
+ // if we're only looking for one tag
+ if (findone){
+ if (ledcontrol) LED_A_OFF();
+ *high=code;
+ *low=code2;
+ return;
+ }
+ code=code2=0;
+ version=facilitycode=0;
+ number=0;
+ idx=0;
+
+ WDT_HIT();
+ }
+ DbpString("Stopped");
+ if (ledcontrol) LED_A_OFF();
+}
+
+/*------------------------------
+ * T5555/T5557/T5567/T5577 routines
+ *------------------------------
+ * NOTE: T55x7/T5555 configuration register definitions moved to protocols.h
+ *
+ * Relevant communication times in microsecond
+ * To compensate antenna falling times shorten the write times
+ * and enlarge the gap ones.
+ * Q5 tags seems to have issues when these values changes.
+ */
+
+#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
+#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
+#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
+#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
+#define READ_GAP 15*8
+