}
void clear_trace() {
- uint8_t *trace = BigBuf_get_addr();
- uint16_t max_traceLen = BigBuf_max_traceLen();
- memset(trace, 0x44, max_traceLen);
traceLen = 0;
}
}
traceLen += num_paritybytes;
- if(traceLen +4 < max_traceLen)
- { //If it hadn't been cleared, for whatever reason..
- memset(trace+traceLen,0x44, 4);
- }
-
return TRUE;
}
+
+
int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int readerToTag)
{
/**
byte_t rx[HITAG_FRAME_LEN];
size_t rxlen=0;
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ // Clean up trace and prepare it for storing frames
+ set_tracing(TRUE);
+ clear_trace();
+
auth_table_len = 0;
auth_table_pos = 0;
+
BigBuf_free();
auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
- // Clean up trace and prepare it for storing frames
- set_tracing(TRUE);
- clear_trace();
-
DbpString("Starting Hitag2 snoop");
LED_D_ON();
// Set up eavesdropping mode, frequency divisor which will drive the FPGA
// and analog mux selection.
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
bool bQuitTraceFull = false;
bQuiet = false;
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ // Clean up trace and prepare it for storing frames
+ set_tracing(TRUE);
+ clear_trace();
+
auth_table_len = 0;
auth_table_pos = 0;
byte_t* auth_table;
auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
- // Clean up trace and prepare it for storing frames
- set_tracing(TRUE);
- clear_trace();
-
DbpString("Starting Hitag2 simulation");
LED_D_ON();
hitag2_init();
// Set up simulator mode, frequency divisor which will drive the FPGA
// and analog mux selection.
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
int resp_cc_len;
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
- memset(receivedCmd, 0x44, MAX_FRAME_SIZE);
int len;
// Prepare card messages
}
}
- memset(receivedCmd, 0x44, MAX_FRAME_SIZE);
}
//Dbprintf("%x", cmdsRecvd);
LEDsoff();
- // We won't start recording the frames that we acquire until we trigger;
- // a good trigger condition to get started is probably when we see a
- // response from the tag.
- // triggered == FALSE -- to wait first for card
- bool triggered = !(param & 0x03);
-
+ iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
+
// Allocate memory from BigBuf for some buffers
// free all previous allocations first
BigBuf_free();
bool TagIsActive = FALSE;
bool ReaderIsActive = FALSE;
- iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
-
// Set up the demodulator for tag -> reader responses.
DemodInit(receivedResponse, receivedResponsePar);
// Setup and start DMA.
FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
+ // We won't start recording the frames that we acquire until we trigger;
+ // a good trigger condition to get started is probably when we see a
+ // response from the tag.
+ // triggered == FALSE -- to wait first for card
+ bool triggered = !(param & 0x03);
+
// And now we loop, receiving samples.
for(uint32_t rsamples = 0; TRUE; ) {
.modulation_n = 0
};
+ // We need to listen to the high-frequency, peak-detected path.
+ iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
+
BigBuf_free_keep_EM();
// allocate buffers:
int happened2 = 0;
int cmdsRecvd = 0;
- // We need to listen to the high-frequency, peak-detected path.
- iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
-
cmdsRecvd = 0;
tag_response_info_t* p_response;
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
+ if (first_try) {
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+ }
+
// free eventually allocated BigBuf memory. We want all for tracing.
BigBuf_free();
if (first_try) {
mf_nr_ar3 = 0;
- iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
sync_time = GetCountSspClk() & 0xfffffff8;
sync_cycles = 65536; // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
nt_attacked = 0;
uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0};
uint8_t ar_nr_collected = 0;
- // free eventually allocated BigBuf memory but keep Emulator Memory
- BigBuf_free_keep_EM();
-
- // clear trace
- clear_trace();
- set_tracing(TRUE);
-
// Authenticate response - nonce
uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
}
- // We need to listen to the high-frequency, peak-detected path.
- iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
-
-
if (MF_DBGLEVEL >= 1) {
if (!_7BUID) {
Dbprintf("4B UID: %02x%02x%02x%02x",
}
}
+ // We need to listen to the high-frequency, peak-detected path.
+ iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
+
+ // free eventually allocated BigBuf memory but keep Emulator Memory
+ BigBuf_free_keep_EM();
+
+ // clear trace
+ clear_trace();
+ set_tracing(TRUE);
+
+
bool finished = FALSE;
while (!BUTTON_PRESS() && !finished) {
WDT_HIT();
uint8_t receivedResponse[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedResponsePar[MAX_MIFARE_PARITY_SIZE];
- // As we receive stuff, we copy it from receivedCmd or receivedResponse
- // into trace, along with its length and other annotations.
- //uint8_t *trace = (uint8_t *)BigBuf;
-
+ iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
+
// free eventually allocated BigBuf memory
BigBuf_free();
// allocate the DMA buffer, used to stream samples from the FPGA
bool ReaderIsActive = FALSE;
bool TagIsActive = FALSE;
- iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
-
// Set up the demodulator for tag -> reader responses.
DemodInit(receivedResponse, receivedResponsePar);
0x00, 0x21, 0x85, 0x5e, 0xd7
};
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
clear_trace();
set_tracing(TRUE);
uint16_t len;
uint16_t cmdsRecvd = 0;
- FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-
// prepare the (only one) tag answer:
CodeIso14443bAsTag(response1, sizeof(response1));
uint8_t *resp1Code = BigBuf_malloc(ToSendMax);
//-----------------------------------------------------------------------------
void ReadSTMemoryIso14443b(uint32_t dwLast)
{
- clear_trace();
- set_tracing(TRUE);
-
uint8_t i = 0x00;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);
SpinDelay(200);
+ clear_trace();
+ set_tracing(TRUE);
+
// First command: wake up the tag using the INITIATE command
uint8_t cmd1[] = {0x06, 0x00, 0x97, 0x5b};
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1));
LED_C_OFF();
LED_D_OFF();
+ if (init) Iso15693InitReader();
+
int answerLen=0;
uint8_t *answer = BigBuf_get_addr() + 3660;
if (recv != NULL) memset(answer, 0, 100);
- if (init) Iso15693InitReader();
-
if (!speed) {
// low speed (1 out of 256)
CodeIso15693AsReader256(send, sendlen);
LED_C_OFF();
LED_D_OFF();
- uint8_t *answer1 = BigBuf_get_addr() + 3660;
- uint8_t *answer2 = BigBuf_get_addr() + 3760;
- uint8_t *answer3 = BigBuf_get_addr() + 3860;
-
int answerLen1 = 0;
int answerLen2 = 0;
int answerLen3 = 0;
int elapsed = 0;
uint8_t TagUID[8] = {0x00};
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ uint8_t *answer1 = BigBuf_get_addr() + 3660;
+ uint8_t *answer2 = BigBuf_get_addr() + 3760;
+ uint8_t *answer3 = BigBuf_get_addr() + 3860;
// Blank arrays
memset(answer1, 0x00, 300);
- FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Setup SSC
FpgaSetupSsc();
// Start from off (no field generated)
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelay(200);
// Give the tags time to energize
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
LED_C_OFF();
LED_D_OFF();
- uint8_t *buf = BigBuf_get_addr() + 3660;
-
int answerLen1 = 0;
int samples = 0;
int tsamples = 0;
int wait = 0;
int elapsed = 0;
- memset(buf, 0x00, 100);
-
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ uint8_t *buf = BigBuf_get_addr() + 3660;
+ memset(buf, 0x00, 100);
+
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-
FpgaSetupSsc();
// Start from off (no field generated)
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
LED_A_OFF();
struct Crypto1State *pcs;\r
pcs = &mpcs;\r
\r
- // clear trace\r
- clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
bool turnOffField = (arg0 == 1);\r
\r
LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
- clear_trace();\r
+\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
OnError(0);\r
\r
LEDsoff();\r
LED_A_ON();\r
- clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
int len = iso14443a_select_card(NULL, NULL, NULL);\r
if(!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
struct Crypto1State *pcs;\r
pcs = &mpcs;\r
\r
- // clear trace\r
- clear_trace();\r
-\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
// datain = KEY bytes\r
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
{\r
+ LEDsoff();\r
+ LED_A_ON();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
// free eventually allocated BigBuf memory\r
BigBuf_free();\r
clear_trace();\r
return;\r
}\r
\r
- LEDsoff();\r
- LED_A_ON();\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
int len = iso14443a_select_card(NULL, NULL, NULL);\r
if (!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);\r
struct Crypto1State *pcs;\r
pcs = &mpcs;\r
\r
- // clear trace\r
- clear_trace();\r
-\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
\r
LEDsoff();\r
LED_A_ON();\r
- clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
OnError(0);\r
memcpy(pwd, datain, 16);\r
\r
LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
- clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
+ clear_trace();\r
+\r
if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
OnError(0);\r
uint32_t auth1_time, auth2_time;\r
static uint16_t delta_time;\r
\r
+ LED_A_ON();\r
+ LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
// free eventually allocated BigBuf memory\r
BigBuf_free();\r
- // clear trace\r
+\r
clear_trace();\r
set_tracing(false);\r
\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
- LED_A_ON();\r
- LED_C_OFF();\r
-\r
-\r
// statistics on nonce distance\r
int16_t isOK = 0;\r
#define NESTED_MAX_TRIES 12\r
int OLD_MF_DBGLEVEL = MF_DBGLEVEL; \r
MF_DBGLEVEL = MF_DBG_NONE;\r
\r
- // clear trace\r
- clear_trace();\r
- set_tracing(TRUE);\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+ clear_trace();\r
+ set_tracing(TRUE);\r
\r
for (i = 0; i < keyCount; i++) {\r
if(mifare_classic_halt(pcs, cuid)) {\r
//-----------------------------------------------------------------------------\r
// Work with emulator memory\r
// \r
+// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_HF) here although FPGA is not\r
+// involved in dealing with emulator memory. But if it is called later, it might\r
+// destroy the Emulator Memory.\r
//-----------------------------------------------------------------------------\r
+\r
void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
emlClearMem();\r
}\r
\r
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
}\r
\r
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
byte_t buf[USB_CMD_DATA_SIZE];\r
emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
\r
byte_t dataoutbuf2[16];\r
uint8_t uid[10];\r
\r
- // clear trace\r
- clear_trace();\r
- set_tracing(false);\r
- \r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ \r
+ clear_trace();\r
+ set_tracing(false);\r
\r
bool isOK = true;\r
\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
clear_trace();\r
set_tracing(TRUE);\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
- \r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
clear_trace();\r
set_tracing(TRUE);\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
}\r
\r
- //\r
+//\r
// DESFIRE\r
//\r
\r
uint8_t uid[10] = {0x00};\r
uint32_t cuid;\r
\r
- clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ clear_trace();\r
\r
int len = iso14443a_select_card(uid, NULL, &cuid);\r
if(!len) {\r
projects / proxmark3-svn / commitdiff