X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/70459879e98e1e7a2a5627c4008f0ad38b8dc782..060fdaf998d09011610c14de5b27ac597b0660a0:/armsrc/lfops.c

diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 4a9e07b1..702f4b1f 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -202,8 +202,7 @@ void ReadTItag(void)
 		crc = update_crc16(crc, (shift1>>16)&0xff);
 		crc = update_crc16(crc, (shift1>>24)&0xff);
 
-		Dbprintf("Info: Tag data: %x%08x, crc=%x",
-				 (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF);
+		Dbprintf("Info: Tag data: %x%08x, crc=%x", (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF);
 		if (crc != (shift2&0xffff)) {
 			Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc);
 		} else {
@@ -349,7 +348,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
 	// start by writing 0xBB (keyword) and 0xEB (password)
 	// then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer)
 	// finally end with 0x0300 (write frame)
-	// all data is sent lsb firts
+	// all data is sent lsb first
 	// finish with 15ms programming time
 
 	// modulate antenna
@@ -839,7 +838,7 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 		size = 50*128*2; //big enough to catch 2 sequences of largest format
 		idx = AWIDdemodFSK(dest, &size);
 		
-		if (idx>0 && size==96){
+		if (idx<=0 || size!=96) continue;
 	        // Index map
 	        // 0            10            20            30              40            50              60
 	        // |            |             |             |               |             |               |
@@ -859,6 +858,7 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	        uint32_t rawHi2 = bytebits_to_byte(dest+idx,32);
 
 	        size = removeParity(dest, idx+8, 4, 1, 88);
+		if (size != 66) continue;
 	        // ok valid card found!
 
 	        // Index map
@@ -900,7 +900,6 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 				return;
 			}
 			// reset
-		}
 		idx = 0;
 		WDT_HIT();
 	}
@@ -1065,7 +1064,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 #define WRITE_GAP 20*8 // was 160 // SPEC:  1*8 to 20*8 - typ 10*8 (or 10fc)
 #define WRITE_0   16*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
 #define WRITE_1   50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc)  432 for T55x7; 448 for E5550
-#define READ_GAP  52*8 
+#define READ_GAP  15*8 
 
 //  VALUES TAKEN FROM EM4x function: SendForward
 //  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
@@ -1183,7 +1182,7 @@ void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
 	cmd_send(CMD_ACK,0,0,0,0,0);
 }
 
-// Read one card block in page 0
+// Read one card block in page [page]
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	LED_A_ON();
 	bool PwdMode = arg0 & 0x1;
@@ -1267,7 +1266,6 @@ void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
 // Copy HID id to card and setup block 0 config
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
 	uint32_t data[] = {0,0,0,0,0,0,0};
-	//int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
 	uint8_t last_block = 0;
 
 	if (longFMT){
@@ -1357,6 +1355,15 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
 	//	T5567WriteBlock(0x603E10E2,0);
 	DbpString("DONE!");
 }
+// clone viking tag to T55xx
+void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) {
+	uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2};
+	if (Q5) data[0] = (32 << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT;
+	// Program the data blocks for supplied ID and the block 0 config
+	WriteT55xx(data, 0, 3);
+	LED_D_OFF();
+	cmd_send(CMD_ACK,0,0,0,0,0);
+}
 
 // Define 9bit header for EM410x tags
 #define EM410X_HEADER		0x1FF
@@ -1463,6 +1470,15 @@ uint8_t * fwd_write_ptr; //forwardlink bit pointer
 // prepares command bits
 // see EM4469 spec
 //====================================================================
+//--------------------------------------------------------------------
+//  VALUES TAKEN FROM EM4x function: SendForward
+//  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
+//  WRITE_GAP = 128;       (16*8)
+//  WRITE_1   = 256 32*8;  (32*8) 
+
+//  These timings work for 4469/4269/4305 (with the 55*8 above)
+//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); 
+
 uint8_t Prepare_Cmd( uint8_t cmd ) {
 
 	*forward_ptr++ = 0; //start bit
@@ -1648,12 +1664,3 @@ void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
 	LED_D_OFF();
 }
-
-void CopyViKingtoT55x7(uint32_t block1, uint32_t block2) {
-
-	uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2};
-	// Program the data blocks for supplied ID and the block 0 config
-	WriteT55xx(data, 0, 3);
-	LED_D_OFF();
-}
-