From: pwpiwi Date: Mon, 25 Nov 2019 07:38:23 +0000 (+0100) Subject: Hitag fixes (#887) X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/00848e096b408a43786ea283d4e77d32189994b9?ds=sidebyside;hp=-c Hitag fixes (#887) * don't display error message during 'lf search' when no Hitag tag is present * remove superfluous options in 'lf hitag read' * fix setting of default threshold when selecting FPGA_CMD_SET_EDGE_DETECT_THRESHOLD major mode * some refactoring --- 00848e096b408a43786ea283d4e77d32189994b9 diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h index 09eaec42..9746638d 100644 --- a/armsrc/fpgaloader.h +++ b/armsrc/fpgaloader.h @@ -39,7 +39,8 @@ void SetAdcMuxFor(uint32_t whichGpio); #define FPGA_CMD_SET_CONFREG (1<<12) // LF #define FPGA_CMD_SET_DIVISOR (2<<12) -#define FPGA_CMD_SET_USER_BYTE1 (3<<12) +#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD (3<<12) + // HF #define FPGA_CMD_TRACE_ENABLE (2<<12) @@ -61,9 +62,8 @@ void SetAdcMuxFor(uint32_t whichGpio); #define FPGA_LF_ADC_READER_FIELD (1<<0) // Options for LF_EDGE_DETECT -#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD FPGA_CMD_SET_USER_BYTE1 #define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0) -#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (1<<1) +#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (2<<0) // Options for the HF reader #define FPGA_HF_READER_MODE_RECEIVE_IQ (0<<0) diff --git a/client/cmdlf.c b/client/cmdlf.c index f661e518..61040f04 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -943,12 +943,12 @@ int CmdLFfind(const char *Cmd) PrintAndLog("\nValid EM4x05/EM4x69 Chip Found\nUse lf em 4x05readword/dump commands to read\n"); return 1; } - ans=CmdLFHitagReader("26"); // 26 = RHT2F_UID_ONLY - if (ans==0) { + if (getHitagUid(NULL, true)) { + PrintAndLog("\nValid Hitag2 tag Found!"); return 1; - } - ans=CmdCOTAGRead(""); - if (ans>0) { + } + ans = CmdCOTAGRead(""); + if (ans > 0) { PrintAndLog("\nValid COTAG ID Found!"); return 1; } diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index be807222..22050a2f 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -70,7 +70,7 @@ static int CmdLFHitagList(const char *Cmd) { for (;;) { - if(i > traceLen) { break; } + if(i >= traceLen) { break; } bool isResponse; int timestamp = *((uint32_t *)(got+i)); @@ -208,7 +208,7 @@ static int CmdLFHitagSim(const char *Cmd) { } -static bool getHitagUid(uint32_t *uid) { +bool getHitagUid(uint32_t *uid, bool quiet) { // ToDo: this is for Hitag2 only (??) UsbCommand c = {CMD_READER_HITAG, {RHT2F_UID_ONLY}}; @@ -217,12 +217,12 @@ static bool getHitagUid(uint32_t *uid) { UsbCommand resp; if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { - PrintAndLogEx(WARNING, "timeout while waiting for reply."); + if (!quiet) PrintAndLogEx(WARNING, "timeout while waiting for reply."); return false; } if (resp.arg[0] == false) { - PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID"); + if (!quiet) PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID"); return false; } @@ -246,7 +246,7 @@ static int CmdLFHitagInfo(const char *Cmd) { // read UID uint32_t uid = 0; - if (getHitagUid(&uid) == false) + if (getHitagUid(&uid, false) == false) return 1; PrintAndLogEx(SUCCESS, "UID: %08X", uid); @@ -271,32 +271,19 @@ int CmdLFHitagReader(const char *Cmd) { hitag_function htf = param_get32ex(Cmd, 0, 0, 10); switch (htf) { - case 01: { //RHTSF_CHALLENGE + case RHTSF_CHALLENGE: { c = (UsbCommand){ CMD_READ_HITAG_S }; num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr); num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4); c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode } break; - case 02: { //RHTSF_KEY + case RHTSF_KEY: { c = (UsbCommand){ CMD_READ_HITAG_S }; num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key); c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode } break; - case 03: { //RHTSF_CHALLENGE BLOCK - c = (UsbCommand){ CMD_READ_HITAG_S_BLK }; - num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr); - num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4); - c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage - c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode - } break; - case 04: { //RHTSF_KEY BLOCK - c = (UsbCommand){ CMD_READ_HITAG_S_BLK }; - num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key); - c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage - c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode - } break; case RHT2F_PASSWORD: { num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->pwd.password); } break; @@ -322,8 +309,6 @@ int CmdLFHitagReader(const char *Cmd) { PrintAndLog(" HitagS (0*):"); PrintAndLog(" 01 (Challenge) read all pages from a Hitag S tag"); PrintAndLog(" 02 (set to 0 if no authentication is needed) read all pages from a Hitag S tag"); - PrintAndLog(" 03 (Challenge) read all blocks from a Hitag S tag"); - PrintAndLog(" 04 (set to 0 if no authentication is needed) read all blocks from a Hitag S tag"); PrintAndLog(" Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)"); PrintAndLog(" Hitag1 (1*):"); PrintAndLog(" (not yet implemented)"); @@ -356,11 +341,11 @@ int CmdLFHitagReader(const char *Cmd) { return 1; } - uint32_t id = bytes_to_num(resp.d.asBytes,4); + uint32_t id = bytes_to_num(resp.d.asBytes, 4); - if (htf == RHT2F_UID_ONLY){ - PrintAndLog("Valid Hitag2 tag found - UID: %08x",id); - } else { + PrintAndLog("Valid Hitag2 tag found - UID: %08x", id); + if (htf != RHT2F_UID_ONLY) { + PrintAndLogEx(SUCCESS, "Dumping tag memory..."); char filename[256]; FILE* pf = NULL; diff --git a/client/cmdlfhitag.h b/client/cmdlfhitag.h index 062ed484..ca30101f 100644 --- a/client/cmdlfhitag.h +++ b/client/cmdlfhitag.h @@ -11,7 +11,11 @@ #ifndef CMDLFHITAG_H__ #define CMDLFHITAG_H__ +#include +#include + extern int CmdLFHitag(const char *Cmd); extern int CmdLFHitagReader(const char *Cmd); +extern bool getHitagUid(uint32_t *uid, bool quiet); #endif diff --git a/fpga/fpga_lf.bit b/fpga/fpga_lf.bit index 96d27372..b140b59d 100644 Binary files a/fpga/fpga_lf.bit and b/fpga/fpga_lf.bit differ diff --git a/fpga/fpga_lf.v b/fpga/fpga_lf.v index bb0795e8..ac329653 100644 --- a/fpga/fpga_lf.v +++ b/fpga/fpga_lf.v @@ -3,6 +3,26 @@ // iZsh , June 2014 //----------------------------------------------------------------------------- +// Defining commands, modes and options. This must be aligned to the definitions in fpgaloader.h +// Note: the definitions here are without shifts + +// Commands: +`define FPGA_CMD_SET_CONFREG 1 +`define FPGA_CMD_SET_DIVISOR 2 +`define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD 3 + +// Major modes: +`define FPGA_MAJOR_MODE_LF_ADC 0 +`define FPGA_MAJOR_MODE_LF_EDGE_DETECT 1 +`define FPGA_MAJOR_MODE_LF_PASSTHRU 2 + +// Options for LF_ADC +`define FPGA_LF_ADC_READER_FIELD 1 + +// Options for LF_EDGE_DETECT +`define FPGA_LF_EDGE_DETECT_READER_FIELD 1 +`define FPGA_LF_EDGE_DETECT_TOGGLE_MODE 2 + `include "lo_read.v" `include "lo_passthru.v" `include "lo_edge_detect.v" @@ -30,21 +50,23 @@ module fpga_lf( reg [15:0] shift_reg; reg [7:0] divisor; reg [8:0] conf_word; -reg [7:0] user_byte1; +reg [7:0] lf_ed_threshold; always @(posedge ncs) begin case (shift_reg[15:12]) - 4'b0001: // FPGA_CMD_SET_CONFREG + `FPGA_CMD_SET_CONFREG: begin conf_word <= shift_reg[8:0]; - if (shift_reg[8:0] == 9'b000000001) - begin // LF edge detect - user_byte1 <= 127; // default threshold + if (shift_reg[8:6] == `FPGA_MAJOR_MODE_LF_EDGE_DETECT) + begin + lf_ed_threshold <= 127; // default threshold end end - 4'b0010: divisor <= shift_reg[7:0]; // FPGA_CMD_SET_DIVISOR - 4'b0011: user_byte1 <= shift_reg[7:0]; // FPGA_CMD_SET_USER_BYTE1 + `FPGA_CMD_SET_DIVISOR: + divisor <= shift_reg[7:0]; + `FPGA_CMD_SET_EDGE_DETECT_THRESHOLD: + lf_ed_threshold <= shift_reg[7:0]; endcase end @@ -62,7 +84,6 @@ wire [2:0] major_mode = conf_word[8:6]; // For the low-frequency configuration: wire lf_field = conf_word[0]; wire lf_ed_toggle_mode = conf_word[1]; // for lo_edge_detect -wire [7:0] lf_ed_threshold = user_byte1; //----------------------------------------------------------------------------- // And then we instantiate the modules corresponding to each of the FPGA's @@ -106,17 +127,17 @@ lo_edge_detect le( // 001 -- LF edge detect (generic) // 010 -- LF passthrough -mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_ssp_din (major_mode, ssp_din, lr_ssp_din, 1'b0, lp_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_ssp_frame (major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_oe1 (major_mode, pwr_oe1, lr_pwr_oe1, le_pwr_oe1, lp_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_oe2 (major_mode, pwr_oe2, lr_pwr_oe2, le_pwr_oe2, lp_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_oe3 (major_mode, pwr_oe3, lr_pwr_oe3, le_pwr_oe3, lp_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_oe4 (major_mode, pwr_oe4, lr_pwr_oe4, le_pwr_oe4, lp_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_lo (major_mode, pwr_lo, lr_pwr_lo, le_pwr_lo, lp_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_pwr_hi (major_mode, pwr_hi, lr_pwr_hi, le_pwr_hi, lp_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_adc_clk (major_mode, adc_clk, lr_adc_clk, le_adc_clk, lp_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); -mux8 mux_dbg (major_mode, dbg, lr_dbg, le_dbg, lp_dbg, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_ssp_din (major_mode, ssp_din, lr_ssp_din, 1'b0, lp_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_ssp_frame (major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_oe1 (major_mode, pwr_oe1, lr_pwr_oe1, le_pwr_oe1, lp_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_oe2 (major_mode, pwr_oe2, lr_pwr_oe2, le_pwr_oe2, lp_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_oe3 (major_mode, pwr_oe3, lr_pwr_oe3, le_pwr_oe3, lp_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_oe4 (major_mode, pwr_oe4, lr_pwr_oe4, le_pwr_oe4, lp_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_lo (major_mode, pwr_lo, lr_pwr_lo, le_pwr_lo, lp_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_pwr_hi (major_mode, pwr_hi, lr_pwr_hi, le_pwr_hi, lp_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_adc_clk (major_mode, adc_clk, lr_adc_clk, le_adc_clk, lp_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); +mux8 mux_dbg (major_mode, dbg, lr_dbg, le_dbg, lp_dbg, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0); // In all modes, let the ADC's outputs be enabled. assign adc_noe = 1'b0; diff --git a/fpga/min_max_tracker.v b/fpga/min_max_tracker.v index 8abd40fb..c47cfd3d 100644 --- a/fpga/min_max_tracker.v +++ b/fpga/min_max_tracker.v @@ -25,7 +25,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold, always @(posedge clk) begin case (state) - 0: + 0: // initialize begin if (cur_max_val >= ({1'b0, adc_d} + threshold)) state <= 2; @@ -36,7 +36,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold, else if (adc_d <= cur_min_val) cur_min_val <= adc_d; end - 1: + 1: // high phase begin if (cur_max_val <= adc_d) cur_max_val <= adc_d; @@ -46,7 +46,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold, max_val <= cur_max_val; end end - 2: + 2: // low phase begin if (adc_d <= cur_min_val) cur_min_val <= adc_d;