X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0fa9ca5b53e412decad0df1f6b5baca73ae76a9c..393c3ef933553e628635590ca2b8237d07e9e0e3:/armsrc/lfops.c?ds=inline diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 8ad25ce0..a7e1f1df 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -7,17 +7,16 @@ #include #include "apps.h" #include "hitag2.h" -#include "../common/crc16.c" +#include "crc16.h" void AcquireRawAdcSamples125k(BOOL at134khz) { - if(at134khz) { + if (at134khz) FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } else { + else FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); @@ -29,36 +28,35 @@ void AcquireRawAdcSamples125k(BOOL at134khz) FpgaSetupSsc(); // Now call the acquisition routine - DoAcquisition125k(at134khz); + DoAcquisition125k(); } // split into two routines so we can avoid timing issues after sending commands // -void DoAcquisition125k(BOOL at134khz) +void DoAcquisition125k(void) { BYTE *dest = (BYTE *)BigBuf; int n = sizeof(BigBuf); int i; - - memset(dest,0,n); + + memset(dest, 0, n); i = 0; for(;;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0x43; + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; LED_D_ON(); } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - dest[i] = (BYTE)SSC_RECEIVE_HOLDING; + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; i++; LED_D_OFF(); - if(i >= n) { - break; - } + if (i >= n) break; } } - DbpIntegers(dest[0], dest[1], at134khz); + Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", + dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); } -void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command) +void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, BYTE *command) { BOOL at134khz; @@ -67,18 +65,17 @@ void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYT SpinDelay(2500); // see if 'h' was specified - if(command[strlen((char *) command) - 1] == 'h') - at134khz= TRUE; + if (command[strlen((char *) command) - 1] == 'h') + at134khz = TRUE; else - at134khz= FALSE; + at134khz = FALSE; - if(at134khz) { + if (at134khz) FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } else { + else FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); // Give it a bit of time for the resonant antenna to settle. SpinDelay(50); @@ -89,38 +86,34 @@ void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYT FpgaSetupSsc(); // now modulate the reader field - while(*command != '\0' && *command != ' ') - { + while(*command != '\0' && *command != ' ') { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - if(at134khz) { + if (at134khz) FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } else { + else FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); LED_D_ON(); - if(*(command++) == '0') { + if(*(command++) == '0') SpinDelayUs(period_0); - } else { + else SpinDelayUs(period_1); - } - } + } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - if(at134khz) { + if (at134khz) FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } else { + else FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); // now do the read - DoAcquisition125k(at134khz); + DoAcquisition125k(); } /* blank r/w tag data stream @@ -132,7 +125,7 @@ void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYT [5555fe852c5555555555555555fe0000] */ -void ReadTItag() +void ReadTItag(void) { // some hardcoded initial params // when we read a TI tag we sample the zerocross line at 2Mhz @@ -254,11 +247,10 @@ void ReadTItag() crc = update_crc16(crc, (shift1>>16)&0xff); crc = update_crc16(crc, (shift1>>24)&0xff); - DbpString("Info: Tag data_hi, data_lo, crc = "); - DbpIntegers(shift1, shift0, shift2&0xffff); + Dbprintf("Info: Tag data: %x%08x, crc=%x", + (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); if (crc != (shift2&0xffff)) { - DbpString("Error: CRC mismatch, expected"); - DbpIntegers(0, 0, crc); + Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); } else { DbpString("Info: CRC is good"); } @@ -274,17 +266,17 @@ void WriteTIbyte(BYTE b) { if (b&(1<PIO_PDR = GPIO_SSC_DIN; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; // steal this pin from the SSP and use it to control the modulation - PIO_ENABLE = (1<PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - SSC_CONTROL = SSC_CONTROL_RESET; - SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; - // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long - // 48/2 = 24 MHz clock must be divided by 12 - SSC_CLOCK_DIVISOR = 12; + // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long + // 48/2 = 24 MHz clock must be divided by 12 + AT91C_BASE_SSC->SSC_CMR = 12; - SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(0); - SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(32) | SSC_FRAME_MODE_MSB_FIRST; - SSC_TRANSMIT_CLOCK_MODE = 0; - SSC_TRANSMIT_FRAME_MODE = 0; + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; + AT91C_BASE_SSC->SSC_TCMR = 0; + AT91C_BASE_SSC->SSC_TFMR = 0; LED_D_ON(); // modulate antenna - PIO_OUTPUT_DATA_SET = (1<= TIBUFLEN) break; - } - WDT_HIT(); + if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer + i++; if(i >= TIBUFLEN) break; + } + WDT_HIT(); } // return stolen pin to SSP - PIO_DISABLE = (1<PIO_PDR = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; char *dest = (char *)BigBuf; n = TIBUFLEN*32; // unpack buffer for (i=TIBUFLEN-1; i>=0; i--) { -// DbpIntegers(0, 0, BigBuf[i]); for (j=0; j<32; j++) { if(BigBuf[i] & (1 << j)) { dest[--n] = 1; @@ -366,11 +357,6 @@ void AcquireTiType(void) // if not provided a valid crc will be computed from the data and written. void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) { - - // WARNING the order of the bytes in which we calc crc below needs checking - // i'm 99% sure the crc algorithm is correct, but it may need to eat the - // bytes in reverse or something - if(crc == 0) { crc = update_crc16(crc, (idlo)&0xff); crc = update_crc16(crc, (idlo>>8)&0xff); @@ -381,8 +367,8 @@ void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) crc = update_crc16(crc, (idhi>>16)&0xff); crc = update_crc16(crc, (idhi>>24)&0xff); } - DbpString("Writing the following data to tag:"); - DbpIntegers(idhi, idlo, crc); + Dbprintf("Writing to tag: %x%08x, crc=%x", + (unsigned int) idhi, (unsigned int) idlo, crc); // TI tags charge at 134.2Khz FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz @@ -394,8 +380,8 @@ void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) LED_A_ON(); // steal this pin from the SSP and use it to control the modulation - PIO_ENABLE = (1<PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; // writing algorithm: // a high bit consists of a field off for 1ms and field on for 1ms @@ -408,7 +394,7 @@ void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) // finish with 15ms programming time // modulate antenna - PIO_OUTPUT_DATA_SET = (1<>8 )&0xff ); // crc hi WriteTIbyte(0x00); // write frame lo WriteTIbyte(0x03); // write frame hi - PIO_OUTPUT_DATA_SET = (1<PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - PIO_OUTPUT_ENABLE = (1 << GPIO_SSC_DOUT); - PIO_OUTPUT_DISABLE = (1 << GPIO_SSC_CLK); + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; #define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) +#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { - while(!(PIO_PIN_DATA_STATUS & (1<PIO_PDSR & GPIO_SSC_CLK)) { if(BUTTON_PRESS()) { DbpString("Stopped"); return; @@ -473,7 +459,7 @@ void SimulateTagLowFrequency(int period, int ledcontrol) if (ledcontrol) LED_D_OFF(); - while(PIO_PIN_DATA_STATUS & (1<PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); return; @@ -482,7 +468,13 @@ void SimulateTagLowFrequency(int period, int ledcontrol) } i++; - if(i == period) i = 0; + if(i == period) { + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } } } @@ -529,7 +521,7 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) hitag2_init(); /* Set up simulator mode, frequency divisor which will drive the FPGA - * and analog mux selection. + * and analog mux selection. */ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); @@ -539,15 +531,19 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) /* Set up Timer 1: * Capture mode, timer source MCK/2 (TIMER_CLOCK1), TIOA is external trigger, * external trigger rising edge, load RA on rising edge of TIOA, load RB on rising - * edge of TIOA. Assign PA15 to TIOA1 (peripheral B) + * edge of TIOA. Assign PA15 to TIOA1 (peripheral B) */ - PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_TC1); - PIO_PERIPHERAL_B_SEL = (1 << GPIO_SSC_FRAME); - TC1_CCR = TC_CCR_CLKDIS; - TC1_CMR = TC_CMR_TCCLKS_TIMER_CLOCK1 | TC_CMR_ETRGEDG_RISING | TC_CMR_ABETRG | - TC_CMR_LDRA_RISING | TC_CMR_LDRB_RISING; - TC1_CCR = TC_CCR_CLKEN | TC_CCR_SWTRG; + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); + AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC1->TC_CMR = TC_CMR_TCCLKS_TIMER_CLOCK1 | + AT91C_TC_ETRGEDG_RISING | + AT91C_TC_ABETRG | + AT91C_TC_LDRA_RISING | + AT91C_TC_LDRB_RISING; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | + AT91C_TC_SWTRG; /* calculate the new value for the carrier period in terms of TC1 values */ t0 = t0/2; @@ -555,8 +551,8 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) int overflow = 0; while(!BUTTON_PRESS()) { WDT_HIT(); - if(TC1_SR & TC_SR_LDRAS) { - int ra = TC1_RA; + if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + int ra = AT91C_BASE_TC1->TC_RA; if((ra > t0*HITAG_T_EOF) | overflow) ra = t0*HITAG_T_EOF+1; #if DEBUG_RA_VALUES if(ra > 255 || overflow) ra = 255; @@ -583,14 +579,14 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) overflow = 0; LED_D_ON(); } else { - if(TC1_CV > t0*HITAG_T_EOF) { + if(AT91C_BASE_TC1->TC_CV > t0*HITAG_T_EOF) { /* Minor nuisance: In Capture mode, the timer can not be * stopped by a Compare C. There's no way to stop the clock * in software, so we'll just have to note the fact that an * overflow happened and the next loaded timer value might * have wrapped. Also, this marks the end of frame, and the * still running counter can be used to determine the correct - * time for the start of the reply. + * time for the start of the reply. */ overflow = 1; @@ -619,37 +615,37 @@ static void hitag_send_bit(int t0, int bit) { /* Manchester: Loaded, then unloaded */ LED_A_ON(); SHORT_COIL(); - while(TC1_CV < t0*15); + while(AT91C_BASE_TC1->TC_CV < t0*15); OPEN_COIL(); - while(TC1_CV < t0*31); + while(AT91C_BASE_TC1->TC_CV < t0*31); LED_A_OFF(); } else if(bit == 0) { /* Manchester: Unloaded, then loaded */ LED_B_ON(); OPEN_COIL(); - while(TC1_CV < t0*15); + while(AT91C_BASE_TC1->TC_CV < t0*15); SHORT_COIL(); - while(TC1_CV < t0*31); + while(AT91C_BASE_TC1->TC_CV < t0*31); LED_B_OFF(); } - TC1_CCR = TC_CCR_SWTRG; /* Reset clock for the next bit */ + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset clock for the next bit */ } static void hitag_send_frame(int t0, int frame_len, const char const * frame, int fdt) { OPEN_COIL(); - PIO_OUTPUT_ENABLE = (1 << GPIO_SSC_DOUT); + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; /* Wait for HITAG_T_WRESP carrier periods after the last reader bit, * not that since the clock counts since the rising edge, but T_wresp is * with respect to the falling edge, we need to wait actually (T_wresp - T_g) - * periods. The gap time T_g varies (4..10). + * periods. The gap time T_g varies (4..10). */ - while(TC1_CV < t0*(fdt-8)); + while(AT91C_BASE_TC1->TC_CV < t0*(fdt-8)); - int saved_cmr = TC1_CMR; - TC1_CMR &= ~TC_CMR_ETRGEDG; /* Disable external trigger for the clock */ - TC1_CCR = TC_CCR_SWTRG; /* Reset the clock and use it for response timing */ + int saved_cmr = AT91C_BASE_TC1->TC_CMR; + AT91C_BASE_TC1->TC_CMR &= ~AT91C_TC_ETRGEDG; /* Disable external trigger for the clock */ + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset the clock and use it for response timing */ int i; for(i=0; i<5; i++) @@ -660,7 +656,7 @@ static void hitag_send_frame(int t0, int frame_len, const char const * frame, in } OPEN_COIL(); - TC1_CMR = saved_cmr; + AT91C_BASE_TC1->TC_CMR = saved_cmr; } /* Callback structure to cleanly separate tag emulation code from the radio layer. */ @@ -772,7 +768,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequency(n, ledcontrol); + SimulateTagLowFrequency(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); @@ -813,13 +809,13 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) m = sizeof(BigBuf); memset(dest,128,m); for(;;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0x43; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; if (ledcontrol) LED_D_ON(); } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - dest[i] = (BYTE)SSC_RECEIVE_HOLDING; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; // we don't care about actual value, only if it's more or less than a // threshold essentially we capture zero crossings for later analysis if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; @@ -922,8 +918,8 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) found=1; idx+=6; if (found && (hi|lo)) { - DbpString("TAG ID"); - DbpIntegers(hi, lo, (lo>>1)&0xffff); + Dbprintf("TAG ID: %x%08x (%d)", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); /* if we're only looking for one tag */ if (findone) { @@ -955,8 +951,8 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) found=1; idx+=6; if (found && (hi|lo)) { - DbpString("TAG ID"); - DbpIntegers(hi, lo, (lo>>1)&0xffff); + Dbprintf("TAG ID: %x%08x (%d)", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); /* if we're only looking for one tag */ if (findone) {