X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/e4d57949dfd8ee457f10adc89c4aba641090e346..564c9ae2b68afc0d8b0455fb9b9d2aba0ca6c574:/armsrc/legicrf.c diff --git a/armsrc/legicrf.c b/armsrc/legicrf.c index 4b4a6ff6..9abc7761 100644 --- a/armsrc/legicrf.c +++ b/armsrc/legicrf.c @@ -217,7 +217,7 @@ void frame_sendAsReader(uint32_t data, uint8_t bits){ COIL_PULSE(0); // log - uint8_t cmdbytes[] = {bits, BYTEx(data,0), BYTEx(data,1), BYTEx(data,2) , BYTEx(send,0), BYTEx(send,1)}; + uint8_t cmdbytes[] = {bits, BYTEx(data,0), BYTEx(data,1), BYTEx(data,2), BYTEx(send,0), BYTEx(send,1), BYTEx(send,2)}; LogTrace(cmdbytes, sizeof(cmdbytes), starttime, GET_TICKS, NULL, TRUE); } @@ -405,31 +405,20 @@ int legic_read_byte( uint16_t index, uint8_t cmd_sz) { bool legic_write_byte(uint16_t index, uint8_t byte, uint8_t addr_sz) { bool isOK = false; - uint8_t i = 80, edges = 0; + int8_t i = 40; + uint8_t edges = 0; uint8_t cmd_sz = addr_sz+1+8+4; //crc+data+cmd; uint32_t steps = 0, next_bit_at, start, crc, old_level = 0; - /* - crc_clear(&legic_crc); - crc_update(&legic_crc, 0, 1); // CMD_WRITE - crc_update(&legic_crc, index, addr_sz); - crc_update(&legic_crc, byte, 8); - uint32_t crc = crc_finish(&legic_crc); - */ crc = legic4Crc(LEGIC_WRITE, index, byte, addr_sz+1); // send write command - uint32_t cmd; - cmd = ((crc & 0xF ) << (addr_sz+1+8)); // CRC - cmd |= byte << (addr_sz+1); // Data - cmd |= ((index & 0xFF) << 1); // index - cmd |= LEGIC_WRITE; // CMD - - /* Bitbang the response */ - SHORT_COIL; - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + uint32_t cmd = LEGIC_WRITE; + cmd |= index << 1; // index + cmd |= byte << (addr_sz+1); // Data + cmd |= (crc & 0xF ) << (addr_sz+1+8); // CRC - WaitTicks(330); + WaitTicks(240); frame_sendAsReader(cmd, cmd_sz); @@ -439,8 +428,7 @@ bool legic_write_byte(uint16_t index, uint8_t byte, uint8_t addr_sz) { // ACK, - one single "1" bit after 3.6ms // 3.6ms = 3600us * 1.5 = 5400ticks. - WaitTicks(5000); - //WaitTicks(330); + WaitTicks(5400); next_bit_at = GET_TICKS + TAG_BIT_PERIOD; @@ -467,10 +455,11 @@ bool legic_write_byte(uint16_t index, uint8_t byte, uint8_t addr_sz) { goto OUT; } } - + OUT: ; - // log - uint8_t cmdbytes[] = {cmd_sz, isOK, BYTEx(steps, 0), BYTEx(steps, 1) }; + legic_prng_forward(1); + + uint8_t cmdbytes[] = {1, isOK, BYTEx(steps, 0), BYTEx(steps, 1) }; LogTrace(cmdbytes, sizeof(cmdbytes), start, GET_TICKS, NULL, FALSE); return isOK; } @@ -488,7 +477,7 @@ int LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv) { goto OUT; } - if (len + offset >= card.cardsize) + if (len + offset > card.cardsize) len = card.cardsize - offset; LED_B_ON(); @@ -515,7 +504,7 @@ OUT: void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data) { #define LOWERLIMIT 4 - uint8_t isOK = 1; + uint8_t isOK = 1, msg = 0; legic_card_select_t card; // uid NOT is writeable. @@ -528,27 +517,25 @@ void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data) { if ( legic_select_card_iv(&card, iv) ) { isOK = 0; + msg = 1; goto OUT; } - if ( len + offset + LOWERLIMIT >= card.cardsize) { - isOK = 0; - goto OUT; - } + if ( len + offset > card.cardsize) + len = card.cardsize - offset; LED_B_ON(); while( len > 0 ) { - - if ( !legic_write_byte( len + offset + LOWERLIMIT, data[len-1], card.addrsize) ) { - Dbprintf("operation failed @ 0x%03.3x", len-1); + --len; + if ( !legic_write_byte( len + offset, data[len], card.addrsize) ) { + Dbprintf("operation failed | %02X | %02X | %02X", len + offset, len, data[len] ); isOK = 0; goto OUT; } - --len; WDT_HIT(); } OUT: - cmd_send(CMD_ACK, isOK, 0,0,0,0); + cmd_send(CMD_ACK, isOK, msg,0,0,0); switch_off_tag_rwd(); LEDsoff(); } @@ -735,7 +722,7 @@ static void frame_handle_tag(struct legic_frame const * const f) } /* Write */ - if(f->bits == 23) { + if (f->bits == 23 || f->bits == 21 ) { uint32_t key = get_key_stream(-1, 23); //legic_frame_drift, 23); uint16_t addr = f->data ^ key; addr >>= 1; @@ -749,7 +736,7 @@ static void frame_handle_tag(struct legic_frame const * const f) legic_state = STATE_DISCON; LED_C_OFF(); Dbprintf("write - addr: %x, data: %x", addr, data); - // should send a ACK within 3.5ms too + // should send a ACK after 3.6ms return; } @@ -799,7 +786,7 @@ void LegicRfSimulate(int phase, int frame, int reqresp) * measure the time between two rising edges on DIN, and no encoding on the * subcarrier from card to reader, so we'll just shift out our verbatim data * on DOUT, 1 bit is 100us. The time from reader to card frame is still unclear, - * seems to be 300us-ish. + * seems to be 330us. */ int old_level = 0, active = 0;