COIL_PULSE(0);
// log
- uint8_t cmdbytes[] = {cmd_sz, BYTEx(cmd, 0), BYTEx(cmd, 1), BYTEx(cmd, 2), BYTEx(send, 0), BYTEx(send, 1) };
+ uint8_t cmdbytes[] = {bits, BYTEx(data,0), BYTEx(data,1), BYTEx(data,2), BYTEx(send,0), BYTEx(send,1), BYTEx(send,2)};
LogTrace(cmdbytes, sizeof(cmdbytes), starttime, GET_TICKS, NULL, TRUE);
}
bool legic_write_byte(uint16_t index, uint8_t byte, uint8_t addr_sz) {
bool isOK = false;
- uint8_t i = 80, edges = 0;
+ int8_t i = 40;
+ uint8_t edges = 0;
uint8_t cmd_sz = addr_sz+1+8+4; //crc+data+cmd;
uint32_t steps = 0, next_bit_at, start, crc, old_level = 0;
- /*
- crc_clear(&legic_crc);
- crc_update(&legic_crc, 0, 1); // CMD_WRITE
- crc_update(&legic_crc, index, addr_sz);
- crc_update(&legic_crc, byte, 8);
- uint32_t crc = crc_finish(&legic_crc);
- */
crc = legic4Crc(LEGIC_WRITE, index, byte, addr_sz+1);
// send write command
- uint32_t cmd;
- cmd = ((crc & 0xF ) << (addr_sz+1+8)); // CRC
- cmd |= byte << (addr_sz+1); // Data
- cmd |= ((index & 0xFF) << 1); // index
- cmd |= LEGIC_WRITE; // CMD
-
- /* Bitbang the response */
- SHORT_COIL;
- AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
+ uint32_t cmd = LEGIC_WRITE;
+ cmd |= index << 1; // index
+ cmd |= byte << (addr_sz+1); // Data
+ cmd |= (crc & 0xF ) << (addr_sz+1+8); // CRC
- WaitTicks(330);
+ WaitTicks(240);
frame_sendAsReader(cmd, cmd_sz);
// ACK, - one single "1" bit after 3.6ms
// 3.6ms = 3600us * 1.5 = 5400ticks.
- WaitTicks(5000);
- //WaitTicks(330);
+ WaitTicks(5400);
next_bit_at = GET_TICKS + TAG_BIT_PERIOD;
goto OUT;
}
}
-
+
OUT: ;
- // log
- uint8_t cmdbytes[] = {cmd_sz, isOK, BYTEx(steps, 0), BYTEx(steps, 1) };
+ legic_prng_forward(1);
+
+ uint8_t cmdbytes[] = {1, isOK, BYTEx(steps, 0), BYTEx(steps, 1) };
LogTrace(cmdbytes, sizeof(cmdbytes), start, GET_TICKS, NULL, FALSE);
return isOK;
}
goto OUT;
}
- if (len + offset >= card.cardsize)
+ if (len + offset > card.cardsize)
len = card.cardsize - offset;
LED_B_ON();
void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data) {
#define LOWERLIMIT 4
- uint8_t isOK = 1;
+ uint8_t isOK = 1, msg = 0;
legic_card_select_t card;
// uid NOT is writeable.
if ( legic_select_card_iv(&card, iv) ) {
isOK = 0;
+ msg = 1;
goto OUT;
}
- if ( len + offset + LOWERLIMIT >= card.cardsize) {
- isOK = 0;
- goto OUT;
- }
+ if ( len + offset > card.cardsize)
+ len = card.cardsize - offset;
LED_B_ON();
while( len > 0 ) {
-
- if ( !legic_write_byte( len + offset + LOWERLIMIT, data[len-1], card.addrsize) ) {
- Dbprintf("operation failed @ 0x%03.3x", len-1);
+ --len;
+ if ( !legic_write_byte( len + offset, data[len], card.addrsize) ) {
+ Dbprintf("operation failed | %02X | %02X | %02X", len + offset, len, data[len] );
isOK = 0;
goto OUT;
}
- --len;
WDT_HIT();
}
OUT:
- cmd_send(CMD_ACK, isOK, 0,0,0,0);
+ cmd_send(CMD_ACK, isOK, msg,0,0,0);
switch_off_tag_rwd();
LEDsoff();
}
}
/* Write */
- if(f->bits == 23) {
+ if (f->bits == 23 || f->bits == 21 ) {
uint32_t key = get_key_stream(-1, 23); //legic_frame_drift, 23);
uint16_t addr = f->data ^ key;
addr >>= 1;
legic_state = STATE_DISCON;
LED_C_OFF();
Dbprintf("write - addr: %x, data: %x", addr, data);
- // should send a ACK within 3.5ms too
+ // should send a ACK after 3.6ms
return;
}
* measure the time between two rising edges on DIN, and no encoding on the
* subcarrier from card to reader, so we'll just shift out our verbatim data
* on DOUT, 1 bit is 100us. The time from reader to card frame is still unclear,
- * seems to be 300us-ish.
+ * seems to be 330us.
*/
int old_level = 0, active = 0;
projects / proxmark3-svn / blobdiff