#-DWITH_LCD
#SRC_LCD = fonts.c LCD.c
- SRC_LF = lfops.c hitag2.c
+ SRC_LF = lfops.c hitag2.c lfsampling.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443.c
iclass.c \
BigBuf.c \
+
# stdint.h provided locally until GCC 4.5 becomes C99 compliant
APP_CFLAGS += -I.
// executes.
//-----------------------------------------------------------------------------
-#include "usb_cdc.h"
-#include "cmd.h"
+#include "../common/usb_cdc.h"
+#include "../common/cmd.h"
-#include "proxmark3.h"
+#include "../include/proxmark3.h"
#include "apps.h"
#include "util.h"
#include "printf.h"
#include "string.h"
-
#include <stdarg.h>
#include "legicrf.h"
-#include <hitag2.h>
+#include "../include/hitag2.h"
-
+ #include "lfsampling.h"
+
#ifdef WITH_LCD
#include "LCD.h"
#endif
int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
- LED_B_ON();
+ LED_B_ON();
/*
* Sweeps the useful LF range of the proxmark from
for (i=18; i >= 0; i--) LF_Results[i] = 0;
- LED_A_ON();
+ LED_A_ON();
// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LED_A_OFF();
- LED_B_OFF();
- return;
+ LED_A_OFF();
+ LED_B_OFF();
+ return;
}
void MeasureAntennaTuningHf(void)
for (;;)
{
usb_poll();
- WDT_HIT();
+ WDT_HIT();
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(1000);
{
UsbCommand *c = (UsbCommand *)packet;
-// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
+ //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
switch(c->cmd) {
#ifdef WITH_LF
+ case CMD_SET_LF_SAMPLING_CONFIG:
+ setSamplingConfig((sample_config *) c->d.asBytes);
+ break;
case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
- AcquireRawAdcSamples125k(c->arg[0]);
- cmd_send(CMD_ACK,0,0,0,0,0);
+ cmd_send(CMD_ACK,SampleLF(),0,0,0,0);
break;
case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
break;
case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
- SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
- cmd_send(CMD_ACK,0,0,0,0,0);
+ cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
break;
case CMD_HID_DEMOD_FSK:
CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
break;
case CMD_SIMULATE_TAG_125K:
- LED_A_ON();
- SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
- LED_A_OFF();
+ SimulateTagLowFrequency(c->arg[0], c->arg[1], 0);
+ //SimulateTagLowFrequencyA(c->arg[0], c->arg[1]);
break;
case CMD_LF_SIMULATE_BIDIR:
SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
EPA_PACE_Collect_Nonce(c);
break;
+ // case CMD_EPA_:
+ // EpaFoo(c);
+ // break;
+
case CMD_READER_MIFARE:
ReaderMifare(c->arg[0]);
break;
break;
case CMD_MIFAREU_READCARD:
MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
- break;
+ break;
case CMD_MIFAREUC_READCARD:
MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
break;
ReaderIClass(c->arg[0]);
break;
case CMD_READER_ICLASS_REPLAY:
- ReaderIClass_Replay(c->arg[0], c->d.asBytes);
+ ReaderIClass_Replay(c->arg[0], c->d.asBytes);
break;
#endif
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,traceLen,BigBuf+c->arg[0]+i,len);
}
// Trigger a finish downloading signal with an ACK frame
- cmd_send(CMD_ACK,0,0,traceLen,0,0);
+ cmd_send(CMD_ACK,1,0,traceLen,getSamplingConfig(),sizeof(sample_config));
LED_B_OFF();
break;
LED_A_OFF();
// Init USB device
- usb_enable();
+ usb_enable();
// The FPGA gets its clock from us from PCK0 output, so set that up.
AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
size_t rx_len;
for(;;) {
- if (usb_poll()) {
- rx_len = usb_read(rx,sizeof(UsbCommand));
- if (rx_len) {
- UsbPacketReceived(rx,rx_len);
- }
- }
+ if (usb_poll()) {
+ rx_len = usb_read(rx,sizeof(UsbCommand));
+ if (rx_len) {
+ UsbPacketReceived(rx,rx_len);
+ }
+ }
WDT_HIT();
#ifdef WITH_LF
#include <stdint.h>
#include <stddef.h>
-#include "common.h"
-#include "hitag2.h"
-#include "mifare.h"
+#include <stdlib.h>
+#include <sys/types.h>
+#include <string.h>
+#include <strings.h>
#include "../common/crc32.h"
#include "BigBuf.h"
+#include "../include/hitag2.h"
extern const uint8_t OddByteParity[256];
extern int rsamples; // = 0;
void ToSendStuffBit(int b);
void ToSendReset(void);
void ListenReaderField(int limit);
- void AcquireRawAdcSamples125k(int at134khz);
- void SnoopLFRawAdcSamples(int divisor, int trigger_threshold);
- void DoAcquisition125k_internal(int trigger_threshold, bool silent);
- void DoAcquisition125k_threshold(int trigger_threshold);
- void DoAcquisition125k();
-
extern int ToSendMax;
extern uint8_t ToSend[];
#define FPGA_HF_ISO14443A_READER_MOD (4<<0)
/// lfops.h
+ extern uint8_t decimation;
+ extern uint8_t bits_per_sample ;
+ extern bool averaging;
+
void AcquireRawAdcSamples125k(int divisor);
void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,uint8_t *command);
void ReadTItag(void);
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc);
void AcquireTiType(void);
void AcquireRawBitsTI(void);
-void SimulateTagLowFrequency(int period, int gap, int ledcontrol);
+void SimulateTagLowFrequency( uint16_t period, uint32_t gap, uint8_t ledcontrol);
+//void SimulateTagLowFrequencyA(int period, int gap);
+
void CmdHIDsimTAG(int hi, int lo, int ledcontrol);
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode );
void T55xxReadTrace(void);
+void TurnReadLFOn();
int DemodPCF7931(uint8_t **outBlocks);
int IsBlock0PCF7931(uint8_t *Block);
int IsBlock1PCF7931(uint8_t *Block);
#include "crc16.h"
#include "string.h"
#include "lfdemod.h"
+ #include "lfsampling.h"
/**
- * Does the sample acquisition. If threshold is specified, the actual sampling
- * is not commenced until the threshold has been reached.
- * @param trigger_threshold - the threshold
- * @param silent - is true, now outputs are made. If false, dbprints the status
- */
- void DoAcquisition125k_internal(int trigger_threshold,bool silent)
- {
- uint8_t *dest = BigBuf_get_addr();
- int n = BigBuf_max_traceLen();
- int i;
-
- memset(dest, 0, n);
- i = 0;
- for(;;) {
- if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
- AT91C_BASE_SSC->SSC_THR = 0x43;
- LED_D_ON();
- }
- if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
- dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- LED_D_OFF();
- if (trigger_threshold != -1 && dest[i] < trigger_threshold)
- continue;
- else
- trigger_threshold = -1;
- if (++i >= n) break;
- }
- }
- if(!silent)
- {
- Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...",
- dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]);
-
- }
- }
- /**
- * Perform sample aquisition.
- */
- void DoAcquisition125k(int trigger_threshold)
- {
- DoAcquisition125k_internal(trigger_threshold, false);
- }
-
- /**
- * Setup the FPGA to listen for samples. This method downloads the FPGA bitstream
- * if not already loaded, sets divisor and starts up the antenna.
- * @param divisor : 1, 88> 255 or negative ==> 134.8 KHz
- * 0 or 95 ==> 125 KHz
- *
- **/
- void LFSetupFPGAForADC(int divisor, bool lf_field)
- {
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- if ( (divisor == 1) || (divisor < 0) || (divisor > 255) )
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
- else if (divisor == 0)
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- else
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor);
-
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0));
-
- // Connect the A/D to the peak-detected low-frequency path.
- SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-
- // Give it a bit of time for the resonant antenna to settle.
- SpinDelay(150);
-
- // Now set up the SSC to get the ADC samples that are now streaming at us.
- FpgaSetupSsc();
- }
- /**
- * Initializes the FPGA, and acquires the samples.
- **/
- void AcquireRawAdcSamples125k(int divisor)
- {
- LFSetupFPGAForADC(divisor, true);
- // Now call the acquisition routine
- DoAcquisition125k_internal(-1,false);
- }
- /**
- * Initializes the FPGA for snoop-mode, and acquires the samples.
- **/
-
- void SnoopLFRawAdcSamples(int divisor, int trigger_threshold)
- {
- LFSetupFPGAForADC(divisor, false);
- DoAcquisition125k(trigger_threshold);
- }
-
+ * Function to do a modulation and then get samples.
+ * @param delay_off
+ * @param period_0
+ * @param period_1
+ * @param command
+ */
void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command)
{
- /* Make sure the tag is reset */
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(2500);
-
-
int divisor_used = 95; // 125 KHz
// see if 'h' was specified
if (command[strlen((char *) command) - 1] == 'h')
divisor_used = 88; // 134.8 KHz
+ sample_config sc = { 0,0,1, divisor_used, 0};
+ setSamplingConfig(&sc);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
- // Give it a bit of time for the resonant antenna to settle.
- SpinDelay(50);
- /* Make sure the tag is reset */
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(2500);
++ /* Make sure the tag is reset */
++ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
++ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
++ SpinDelay(2500);
+
+ LFSetupFPGAForADC(sc.divisor, 1);
- // And a little more time for the tag to fully power up
- SpinDelay(2000);
+ // And a little more time for the tag to fully power up
+ SpinDelay(2000);
- // Now set up the SSC to get the ADC samples that are now streaming at us.
- FpgaSetupSsc();
-
// now modulate the reader field
while(*command != '\0' && *command != ' ') {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
SpinDelayUs(delay_off);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used);
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
LED_D_ON();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
SpinDelayUs(delay_off);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used);
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// now do the read
- DoAcquisition125k(-1);
+ DoAcquisition_config(false);
}
+
+
/* blank r/w tag data stream
...0000000000000000 01111111
1010101010101010101010101010101010101010101010101010101010101010
DbpString("Now use tiread to check");
}
-void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
+void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
{
int i;
uint8_t *tab = BigBuf_get_addr();
WDT_HIT();
if (ledcontrol) LED_A_ON();
- DoAcquisition125k_internal(-1,true);
+ DoAcquisition_default(-1,true);
- // FSK demodulator
+ // FSK demodulator
size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use
idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo);
WDT_HIT();
if (ledcontrol) LED_A_ON();
- DoAcquisition125k_internal(-1,true);
+ DoAcquisition_default(-1,true);
- size = BigBuf_max_traceLen();
+ size = BigBuf_max_traceLen();
//Dbprintf("DEBUG: Buffer got");
//askdemod and manchester decode
errCnt = askmandemod(dest, &size, &clk, &invert);
while(!BUTTON_PRESS()) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
- DoAcquisition125k_internal(-1,true);
+ DoAcquisition_default(-1,true);
- //fskdemod and get start index
+ //fskdemod and get start index
WDT_HIT();
idx = IOdemodFSK(dest, BigBuf_max_traceLen());
if (idx>0){
* To compensate antenna falling times shorten the write times
* and enlarge the gap ones.
*/
-#define START_GAP 250
-#define WRITE_GAP 160
-#define WRITE_0 144 // 192
-#define WRITE_1 400 // 432 for T55x7; 448 for E5550
+#define START_GAP 30*8 // 10 - 50fc 250
+#define WRITE_GAP 20*8 // 8 - 30fc
+#define WRITE_0 24*8 // 16 - 31fc 24fc 192
+#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
+
+// VALUES TAKEN FROM EM4x function: SendForward
+// START_GAP = 440; (55*8) cycles at 125Khz (8us = 1cycle)
+// WRITE_GAP = 128; (16*8)
+// WRITE_1 = 256 32*8; (32*8)
+
+// These timings work for 4469/4269/4305 (with the 55*8 above)
+// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8);
+
+#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
// Write one bit to card
void T55xxWriteBit(int bit)
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
- if (bit == 0)
+ if (!bit)
SpinDelayUs(WRITE_0);
else
SpinDelayUs(WRITE_1);
// Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{
- //unsigned int i; //enio adjustment 12/10/14
- uint32_t i;
-
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ uint32_t i = 0;
- // Give it a bit of time for the resonant antenna to settle.
- // And for the tag to fully power up
- SpinDelay(150);
+ // Set up FPGA, 125kHz
+ // Wait for config.. (192+8190xPOW)x8 == 67ms
+ LFSetupFPGAForADC(0, true);
// Now start writting
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{
uint8_t *dest = BigBuf_get_addr();
- //int m=0, i=0; //enio adjustment 12/10/14
- uint32_t m=0, i=0;
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- m = BigBuf_max_traceLen();
- // Clear destination buffer before sending the command
- memset(dest, 128, m);
- // Connect the A/D to the peak-detected low-frequency path.
- SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
- // Now set up the SSC to get the ADC samples that are now streaming at us.
- FpgaSetupSsc();
-
- LED_D_ON();
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-
- // Give it a bit of time for the resonant antenna to settle.
- // And for the tag to fully power up
- SpinDelay(150);
-
- // Now start writting
+ //uint16_t bufferlength = BigBuf_max_traceLen();
+ uint16_t bufferlength = T55xx_SAMPLES_SIZE;
+ uint32_t i = 0;
+ // Clear destination buffer before sending the command 0x80 = average.
+ memset(dest, 0x80, bufferlength);
+
+ // Set up FPGA, 125kHz
+ // Wait for config.. (192+8190xPOW)x8 == 67ms
+ LFSetupFPGAForADC(0, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
T55xxWriteBit(Block & i);
// Turn field on to read the response
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ TurnReadLFOn();
// Now do the acquisition
i = 0;
for(;;) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x43;
+ //AT91C_BASE_SSC->SSC_THR = 0xff;
+ LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- // we don't care about actual value, only if it's more or less than a
- // threshold essentially we capture zero crossings for later analysis
- // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
- i++;
- if (i >= m) break;
+ ++i;
+ LED_D_OFF();
+ if (i >= bufferlength) break;
}
}
+ cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
- DbpString("DONE!");
}
// Read card traceability data (page 1)
void T55xxReadTrace(void){
uint8_t *dest = BigBuf_get_addr();
- int m=0, i=0;
-
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
- m = BigBuf_max_traceLen();
- // Clear destination buffer before sending the command
- memset(dest, 128, m);
- // Connect the A/D to the peak-detected low-frequency path.
- SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
- // Now set up the SSC to get the ADC samples that are now streaming at us.
- FpgaSetupSsc();
-
- LED_D_ON();
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-
- // Give it a bit of time for the resonant antenna to settle.
- // And for the tag to fully power up
- SpinDelay(150);
-
- // Now start writting
+ //uint16_t bufferlength = BigBuf_max_traceLen();
+ uint16_t bufferlength = T55xx_SAMPLES_SIZE;
+ uint32_t i = 0;
+
+ // Clear destination buffer before sending the command 0x80 = average
+ memset(dest, 0x80, bufferlength);
+
+ LFSetupFPGAForADC(0, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
T55xxWriteBit(1); //Page 1
// Turn field on to read the response
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ TurnReadLFOn();
// Now do the acquisition
- i = 0;
for(;;) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x43;
+ LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- i++;
- if (i >= m) break;
- }
- }
-
+ ++i;
+ LED_D_OFF();
+
+ if (i >= bufferlength) break;
+ }
+ }
+
+ cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
- DbpString("DONE!");
+}
+
+void TurnReadLFOn(){
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ // Give it a bit of time for the resonant antenna to settle.
+ //SpinDelay(30);
+ SpinDelayUs(8*150);
}
/*-------------- Cloning routines -----------*/
int lmin=128, lmax=128;
uint8_t dir;
- AcquireRawAdcSamples125k(0);
+ LFSetupFPGAForADC(95, true);
+ DoAcquisition_default(0, 0);
+
lmin = 64;
lmax = 192;
void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
+ uint8_t *dest = BigBuf_get_addr();
+ uint16_t bufferlength = BigBuf_max_traceLen();
+ uint32_t i = 0;
+
+ // Clear destination buffer before sending the command 0x80 = average.
+ memset(dest, 0x80, bufferlength);
+
uint8_t fwd_bit_count;
- uint8_t *dest = BigBuf_get_addr();
- int m=0, i=0;
//If password mode do login
if (PwdMode == 1) EM4xLogin(Pwd);
fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
fwd_bit_count += Prepare_Addr( Address );
- m = BigBuf_max_traceLen();
- // Clear destination buffer before sending the command
- memset(dest, 128, m);
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Now set up the SSC to get the ADC samples that are now streaming at us.
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- i++;
- if (i >= m) break;
- }
- }
+ ++i;
+ if (i >= bufferlength) break;
+ }
+ }
+
+ cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
}
LUAPLATFORM = linux
endif
+# QT version, 4 or 5
+qtplatform = $(shell $(MOC) -v)
+ifneq (, $(findstring moc 5,$(qtplatform)))
+ CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets -I/mingw/include
+ QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets
+else
+ CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
+ QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
+endif
ifneq ($(QTLDLIBS),)
QTGUI = $(OBJDIR)/proxgui.o $(OBJDIR)/proxguiqt.o $(OBJDIR)/proxguiqt.moc.o
tarbin: $(BINS)
$(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(BINS:%=client/%)
- # must be run as root
- install_kext: Info.plist
- mkdir -p /System/Library/Extensions/Proxmark3.kext/Contents
- cp Info.plist /System/Library/Extensions/Proxmark3.kext/Contents
- chown -R root:wheel /System/Library/Extensions/Proxmark3.kext
- chmod 755 /System/Library/Extensions/Proxmark3.kext /System/Library/Extensions/Proxmark3.kext/Contents
- chmod 644 /System/Library/Extensions/Proxmark3.kext/Contents/Info.plist
- rm -rf /System/Library/Caches/com.apple.kext.caches
- touch /System/Library/Extensions
- @echo "*** You may need to reboot for the kext to take effect."
-
lua_build:
@echo Compiling liblua, using platform $(LUAPLATFORM)
cd ../liblua && make $(LUAPLATFORM)
#include "cmdmain.h"
#include "cmddata.h"
#include "lfdemod.h"
+ #include "usb_cmd.h"
+
uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN];
uint8_t g_debugMode;
int DemodBufferLen;
//by marshmellow
void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx)
{
+ if (buff == NULL)
+ return;
+
+ if ( size >= MAX_DEMOD_BUF_LEN)
+ size = MAX_DEMOD_BUF_LEN;
+
size_t i = 0;
for (; i < size; i++){
DemodBuffer[i]=buff[startIdx++];
RepaintGraphWindow();
return 0;
}
+ /**
+ * Undecimate - I'd call it 'interpolate', but we'll save that
+ * name until someone does an actual interpolation command, not just
+ * blindly repeating samples
+ * @param Cmd
+ * @return
+ */
+ int CmdUndec(const char *Cmd)
+ {
+ if(param_getchar(Cmd, 0) == 'h')
+ {
+ PrintAndLog("Usage: data undec [factor]");
+ PrintAndLog("This function performs un-decimation, by repeating each sample N times");
+ PrintAndLog("Options: ");
+ PrintAndLog(" h This help");
+ PrintAndLog(" factor The number of times to repeat each sample.[default:2]");
+ PrintAndLog("Example: 'data undec 3'");
+ return 0;
+ }
+
+ uint8_t factor = param_get8ex(Cmd, 0,2, 10);
+ //We have memory, don't we?
+ int swap[MAX_GRAPH_TRACE_LEN] = { 0 };
+ uint32_t g_index = 0 ,s_index = 0;
+ while(g_index < GraphTraceLen && s_index < MAX_GRAPH_TRACE_LEN)
+ {
+ int count = 0;
+ for(count = 0; count < factor && s_index+count < MAX_GRAPH_TRACE_LEN; count ++)
+ swap[s_index+count] = GraphBuffer[g_index];
+ s_index+=count;
+ }
+
+ memcpy(GraphBuffer,swap, s_index * sizeof(int));
+ GraphTraceLen = s_index;
+ RepaintGraphWindow();
+ return 0;
+ }
//by marshmellow
//shift graph zero up or down based on input + or -
RepaintGraphWindow();
return 0;
}
+ typedef struct {
+ uint8_t * buffer;
+ uint32_t numbits;
+ uint32_t position;
+ }BitstreamOut;
+
+ bool _headBit( BitstreamOut *stream)
+ {
+ int bytepos = stream->position >> 3; // divide by 8
+ int bitpos = (stream->position++) & 7; // mask out 00000111
+ return (*(stream->buffer + bytepos) >> (7-bitpos)) & 1;
+ }
+
+ uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b)
+ {
+ int i;
+ uint8_t val = 0;
+ for(i =0 ; i < bits_per_sample; i++)
+ {
+ val |= (_headBit(b) << (7-i));
+ }
+ return val;
+ }
int CmdSamples(const char *Cmd)
{
- uint8_t got[BIGBUF_SIZE] = {0x00};
+ //If we get all but the last byte in bigbuf,
+ // we don't have to worry about remaining trash
+ // in the last byte in case the bits-per-sample
+ // does not line up on byte boundaries
+ uint8_t got[BIGBUF_SIZE-1] = { 0 };
int n = strtol(Cmd, NULL, 0);
if (n == 0)
- n = 20000;
+ n = sizeof(got);
if (n > sizeof(got))
n = sizeof(got);
- PrintAndLog("Reading %d samples from device memory\n", n);
+ PrintAndLog("Reading %d bytes from device memory\n", n);
GetFromBigBuf(got,n,0);
- WaitForResponse(CMD_ACK,NULL);
- for (int j = 0; j < n; j++) {
- GraphBuffer[j] = ((int)got[j]) - 128;
+ PrintAndLog("Data fetched");
+ UsbCommand response;
+ WaitForResponse(CMD_ACK, &response);
+ uint8_t bits_per_sample = 8;
+
+ //Old devices without this feature would send 0 at arg[0]
+ if(response.arg[0] > 0)
+ {
+ sample_config *sc = (sample_config *) response.d.asBytes;
+ PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
+ , sc->decimation);
+ bits_per_sample = sc->bits_per_sample;
}
- GraphTraceLen = n;
+ if(bits_per_sample < 8)
+ {
+ PrintAndLog("Unpacking...");
+ BitstreamOut bout = { got, bits_per_sample * n, 0};
+ int j =0;
+ for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
+ uint8_t sample = getByte(bits_per_sample, &bout);
+ GraphBuffer[j] = ((int) sample )- 128;
+ }
+ GraphTraceLen = j;
+ PrintAndLog("Unpacked %d samples" , j );
+ }else
+ {
+ for (int j = 0; j < n; j++) {
+ GraphBuffer[j] = ((int)got[j]) - 128;
+ }
+ GraphTraceLen = n;
+ }
+
RepaintGraphWindow();
return 0;
}
{"threshold", CmdThreshold, 1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"},
{"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
{"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"},
- {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"},
+ {"undec", CmdUndec, 1, "Un-decimate samples by 2"},
+ {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"},
{NULL, NULL, 0, NULL}
};
uint32_t asDwords[USB_CMD_DATA_SIZE/4];
} d;
} PACKED UsbCommand;
+ // A struct used to send sample-configs over USB
+ typedef struct{
+ uint8_t decimation;
+ uint8_t bits_per_sample;
+ bool averaging;
+ int divisor;
+ int trigger_threshold;
+ } sample_config;
// For the bootloader
#define CMD_DEVICE_INFO 0x0000
#define CMD_IO_DEMOD_FSK 0x021A
#define CMD_IO_CLONE_TAG 0x021B
#define CMD_EM410X_DEMOD 0x021c
+ // Sampling configuration for LF reader/snooper
+ #define CMD_SET_LF_SAMPLING_CONFIG 0x021d
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
#define CMD_READER_LEGIC_RF 0x0388
#define CMD_WRITER_LEGIC_RF 0x0389
#define CMD_EPA_PACE_COLLECT_NONCE 0x038A
+//#define CMD_EPA_ 0x038B
#define CMD_SNOOP_ICLASS 0x0392
#define CMD_SIMULATE_TAG_ICLASS 0x0393
#define CMD_READER_ICLASS 0x0394
-#define CMD_READER_ICLASS_REPLAY 0x0395
+#define CMD_READER_ICLASS_REPLAY 0x0395
#define CMD_ICLASS_ISO14443A_WRITE 0x0397
// For measurements of the antenna tuning
#define CMD_MIFARE_NESTED 0x0612
#define CMD_MIFARE_READBL 0x0620
-#define CMD_MIFAREU_READBL 0x0720
+#define CMD_MIFAREU_READBL 0x0720
+
#define CMD_MIFARE_READSC 0x0621
-#define CMD_MIFAREU_READCARD 0x0721
+#define CMD_MIFAREU_READCARD 0x0721
+
#define CMD_MIFARE_WRITEBL 0x0622
#define CMD_MIFAREU_WRITEBL 0x0722
#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723
//Iclass reader flags
-#define FLAG_ICLASS_READER_ONLY_ONCE 0x01
+#define FLAG_ICLASS_READER_ONLY_ONCE 0x01
#define FLAG_ICLASS_READER_GET_CC 0x02
+
// CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions:
/* Whether a bootloader that understands the common_area is present */
#define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0)
projects / proxmark3-svn / commitdiff