From: pwpiwi <pwpiwi@users.noreply.github.com>
Date: Mon, 25 Nov 2019 07:38:23 +0000 (+0100)
Subject: Hitag fixes (#887)
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/00848e096b408a43786ea283d4e77d32189994b9?hp=e938f7101179641c9478e9c914bc1bb3ee171570
Hitag fixes (#887)
* don't display error message during 'lf search' when no Hitag tag is present
* remove superfluous options in 'lf hitag read'
* fix setting of default threshold when selecting FPGA_CMD_SET_EDGE_DETECT_THRESHOLD major mode
* some refactoring
---
diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h
index 09eaec42..9746638d 100644
--- a/armsrc/fpgaloader.h
+++ b/armsrc/fpgaloader.h
@@ -39,7 +39,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
#define FPGA_CMD_SET_CONFREG (1<<12)
// LF
#define FPGA_CMD_SET_DIVISOR (2<<12)
-#define FPGA_CMD_SET_USER_BYTE1 (3<<12)
+#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD (3<<12)
+
// HF
#define FPGA_CMD_TRACE_ENABLE (2<<12)
@@ -61,9 +62,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
#define FPGA_LF_ADC_READER_FIELD (1<<0)
// Options for LF_EDGE_DETECT
-#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD FPGA_CMD_SET_USER_BYTE1
#define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0)
-#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (1<<1)
+#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (2<<0)
// Options for the HF reader
#define FPGA_HF_READER_MODE_RECEIVE_IQ (0<<0)
diff --git a/client/cmdlf.c b/client/cmdlf.c
index f661e518..61040f04 100644
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@@ -943,12 +943,12 @@ int CmdLFfind(const char *Cmd)
PrintAndLog("\nValid EM4x05/EM4x69 Chip Found\nUse lf em 4x05readword/dump commands to read\n");
return 1;
}
- ans=CmdLFHitagReader("26"); // 26 = RHT2F_UID_ONLY
- if (ans==0) {
+ if (getHitagUid(NULL, true)) {
+ PrintAndLog("\nValid Hitag2 tag Found!");
return 1;
- }
- ans=CmdCOTAGRead("");
- if (ans>0) {
+ }
+ ans = CmdCOTAGRead("");
+ if (ans > 0) {
PrintAndLog("\nValid COTAG ID Found!");
return 1;
}
diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c
index be807222..22050a2f 100644
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@@ -70,7 +70,7 @@ static int CmdLFHitagList(const char *Cmd) {
for (;;) {
- if(i > traceLen) { break; }
+ if(i >= traceLen) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
@@ -208,7 +208,7 @@ static int CmdLFHitagSim(const char *Cmd) {
}
-static bool getHitagUid(uint32_t *uid) {
+bool getHitagUid(uint32_t *uid, bool quiet) {
// ToDo: this is for Hitag2 only (??)
UsbCommand c = {CMD_READER_HITAG, {RHT2F_UID_ONLY}};
@@ -217,12 +217,12 @@ static bool getHitagUid(uint32_t *uid) {
UsbCommand resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
- PrintAndLogEx(WARNING, "timeout while waiting for reply.");
+ if (!quiet) PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return false;
}
if (resp.arg[0] == false) {
- PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID");
+ if (!quiet) PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID");
return false;
}
@@ -246,7 +246,7 @@ static int CmdLFHitagInfo(const char *Cmd) {
// read UID
uint32_t uid = 0;
- if (getHitagUid(&uid) == false)
+ if (getHitagUid(&uid, false) == false)
return 1;
PrintAndLogEx(SUCCESS, "UID: %08X", uid);
@@ -271,32 +271,19 @@ int CmdLFHitagReader(const char *Cmd) {
hitag_function htf = param_get32ex(Cmd, 0, 0, 10);
switch (htf) {
- case 01: { //RHTSF_CHALLENGE
+ case RHTSF_CHALLENGE: {
c = (UsbCommand){ CMD_READ_HITAG_S };
num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage
c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode
} break;
- case 02: { //RHTSF_KEY
+ case RHTSF_KEY: {
c = (UsbCommand){ CMD_READ_HITAG_S };
num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage
c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode
} break;
- case 03: { //RHTSF_CHALLENGE BLOCK
- c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
- num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
- num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
- c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage
- c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode
- } break;
- case 04: { //RHTSF_KEY BLOCK
- c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
- num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
- c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage
- c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode
- } break;
case RHT2F_PASSWORD: {
num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->pwd.password);
} break;
@@ -322,8 +309,6 @@ int CmdLFHitagReader(const char *Cmd) {
PrintAndLog(" HitagS (0*):");
PrintAndLog(" 01 <nr> <ar> (Challenge) <firstPage> <tagmode> read all pages from a Hitag S tag");
PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all pages from a Hitag S tag");
- PrintAndLog(" 03 <nr> <ar> (Challenge) <firstPage> <tagmode> read all blocks from a Hitag S tag");
- PrintAndLog(" 04 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all blocks from a Hitag S tag");
PrintAndLog(" Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)");
PrintAndLog(" Hitag1 (1*):");
PrintAndLog(" (not yet implemented)");
@@ -356,11 +341,11 @@ int CmdLFHitagReader(const char *Cmd) {
return 1;
}
- uint32_t id = bytes_to_num(resp.d.asBytes,4);
+ uint32_t id = bytes_to_num(resp.d.asBytes, 4);
- if (htf == RHT2F_UID_ONLY){
- PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
- } else {
+ PrintAndLog("Valid Hitag2 tag found - UID: %08x", id);
+ if (htf != RHT2F_UID_ONLY) {
+ PrintAndLogEx(SUCCESS, "Dumping tag memory...");
char filename[256];
FILE* pf = NULL;
diff --git a/client/cmdlfhitag.h b/client/cmdlfhitag.h
index 062ed484..ca30101f 100644
--- a/client/cmdlfhitag.h
+++ b/client/cmdlfhitag.h
@@ -11,7 +11,11 @@
#ifndef CMDLFHITAG_H__
#define CMDLFHITAG_H__
+#include <stdint.h>
+#include <stdbool.h>
+
extern int CmdLFHitag(const char *Cmd);
extern int CmdLFHitagReader(const char *Cmd);
+extern bool getHitagUid(uint32_t *uid, bool quiet);
#endif
diff --git a/fpga/fpga_lf.bit b/fpga/fpga_lf.bit
index 96d27372..b140b59d 100644
Binary files a/fpga/fpga_lf.bit and b/fpga/fpga_lf.bit differ
diff --git a/fpga/fpga_lf.v b/fpga/fpga_lf.v
index bb0795e8..ac329653 100644
--- a/fpga/fpga_lf.v
+++ b/fpga/fpga_lf.v
@@ -3,6 +3,26 @@
// iZsh <izsh at fail0verflow.com>, June 2014
//-----------------------------------------------------------------------------
+// Defining commands, modes and options. This must be aligned to the definitions in fpgaloader.h
+// Note: the definitions here are without shifts
+
+// Commands:
+`define FPGA_CMD_SET_CONFREG 1
+`define FPGA_CMD_SET_DIVISOR 2
+`define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD 3
+
+// Major modes:
+`define FPGA_MAJOR_MODE_LF_ADC 0
+`define FPGA_MAJOR_MODE_LF_EDGE_DETECT 1
+`define FPGA_MAJOR_MODE_LF_PASSTHRU 2
+
+// Options for LF_ADC
+`define FPGA_LF_ADC_READER_FIELD 1
+
+// Options for LF_EDGE_DETECT
+`define FPGA_LF_EDGE_DETECT_READER_FIELD 1
+`define FPGA_LF_EDGE_DETECT_TOGGLE_MODE 2
+
`include "lo_read.v"
`include "lo_passthru.v"
`include "lo_edge_detect.v"
@@ -30,21 +50,23 @@ module fpga_lf(
reg [15:0] shift_reg;
reg [7:0] divisor;
reg [8:0] conf_word;
-reg [7:0] user_byte1;
+reg [7:0] lf_ed_threshold;
always @(posedge ncs)
begin
case (shift_reg[15:12])
- 4'b0001: // FPGA_CMD_SET_CONFREG
+ `FPGA_CMD_SET_CONFREG:
begin
conf_word <= shift_reg[8:0];
- if (shift_reg[8:0] == 9'b000000001)
- begin // LF edge detect
- user_byte1 <= 127; // default threshold
+ if (shift_reg[8:6] == `FPGA_MAJOR_MODE_LF_EDGE_DETECT)
+ begin
+ lf_ed_threshold <= 127; // default threshold
end
end
- 4'b0010: divisor <= shift_reg[7:0]; // FPGA_CMD_SET_DIVISOR
- 4'b0011: user_byte1 <= shift_reg[7:0]; // FPGA_CMD_SET_USER_BYTE1
+ `FPGA_CMD_SET_DIVISOR:
+ divisor <= shift_reg[7:0];
+ `FPGA_CMD_SET_EDGE_DETECT_THRESHOLD:
+ lf_ed_threshold <= shift_reg[7:0];
endcase
end
@@ -62,7 +84,6 @@ wire [2:0] major_mode = conf_word[8:6];
// For the low-frequency configuration:
wire lf_field = conf_word[0];
wire lf_ed_toggle_mode = conf_word[1]; // for lo_edge_detect
-wire [7:0] lf_ed_threshold = user_byte1;
//-----------------------------------------------------------------------------
// And then we instantiate the modules corresponding to each of the FPGA's
@@ -106,17 +127,17 @@ lo_edge_detect le(
// 001 -- LF edge detect (generic)
// 010 -- LF passthrough
-mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_din (major_mode, ssp_din, lr_ssp_din, 1'b0, lp_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_frame (major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe1 (major_mode, pwr_oe1, lr_pwr_oe1, le_pwr_oe1, lp_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe2 (major_mode, pwr_oe2, lr_pwr_oe2, le_pwr_oe2, lp_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe3 (major_mode, pwr_oe3, lr_pwr_oe3, le_pwr_oe3, lp_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe4 (major_mode, pwr_oe4, lr_pwr_oe4, le_pwr_oe4, lp_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_lo (major_mode, pwr_lo, lr_pwr_lo, le_pwr_lo, lp_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_hi (major_mode, pwr_hi, lr_pwr_hi, le_pwr_hi, lp_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_adc_clk (major_mode, adc_clk, lr_adc_clk, le_adc_clk, lp_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_dbg (major_mode, dbg, lr_dbg, le_dbg, lp_dbg, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_din (major_mode, ssp_din, lr_ssp_din, 1'b0, lp_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_frame (major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe1 (major_mode, pwr_oe1, lr_pwr_oe1, le_pwr_oe1, lp_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe2 (major_mode, pwr_oe2, lr_pwr_oe2, le_pwr_oe2, lp_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe3 (major_mode, pwr_oe3, lr_pwr_oe3, le_pwr_oe3, lp_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe4 (major_mode, pwr_oe4, lr_pwr_oe4, le_pwr_oe4, lp_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_lo (major_mode, pwr_lo, lr_pwr_lo, le_pwr_lo, lp_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_hi (major_mode, pwr_hi, lr_pwr_hi, le_pwr_hi, lp_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_adc_clk (major_mode, adc_clk, lr_adc_clk, le_adc_clk, lp_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_dbg (major_mode, dbg, lr_dbg, le_dbg, lp_dbg, 1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
// In all modes, let the ADC's outputs be enabled.
assign adc_noe = 1'b0;
diff --git a/fpga/min_max_tracker.v b/fpga/min_max_tracker.v
index 8abd40fb..c47cfd3d 100644
--- a/fpga/min_max_tracker.v
+++ b/fpga/min_max_tracker.v
@@ -25,7 +25,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
always @(posedge clk)
begin
case (state)
- 0:
+ 0: // initialize
begin
if (cur_max_val >= ({1'b0, adc_d} + threshold))
state <= 2;
@@ -36,7 +36,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
else if (adc_d <= cur_min_val)
cur_min_val <= adc_d;
end
- 1:
+ 1: // high phase
begin
if (cur_max_val <= adc_d)
cur_max_val <= adc_d;
@@ -46,7 +46,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
max_val <= cur_max_val;
end
end
- 2:
+ 2: // low phase
begin
if (adc_d <= cur_min_val)
cur_min_val <= adc_d;