From: iceman1001 Date: Tue, 10 Mar 2015 08:18:35 +0000 (+0100) Subject: Merge branch 'master' of https://github.com/Proxmark/proxmark3 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/12d708fec157dfde6f94d61e5fdc265713a71578?hp=-c Merge branch 'master' of https://github.com/Proxmark/proxmark3 Conflicts: client/cmddata.c client/cmddata.h --- 12d708fec157dfde6f94d61e5fdc265713a71578 diff --combined armsrc/appmain.c index f1edc3aa,3e670f0b..f6c97978 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@@ -10,18 -10,19 +10,18 @@@ // executes. //----------------------------------------------------------------------------- -#include "usb_cdc.h" -#include "cmd.h" +#include "../common/usb_cdc.h" +#include "../common/cmd.h" -#include "proxmark3.h" +#include "../include/proxmark3.h" #include "apps.h" #include "util.h" #include "printf.h" #include "string.h" - #include #include "legicrf.h" -#include +#include "../include/hitag2.h" #include "lfsampling.h" #include "BigBuf.h" #ifdef WITH_LCD @@@ -179,7 -180,7 +179,7 @@@ void MeasureAntennaTuning(void int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV - LED_B_ON(); + LED_B_ON(); /* * Sweeps the useful LF range of the proxmark from @@@ -211,7 -212,7 +211,7 @@@ for (i=18; i >= 0; i--) LF_Results[i] = 0; - LED_A_ON(); + LED_A_ON(); // Let the FPGA drive the high-frequency antenna around 13.56 MHz. FpgaDownloadAndGo(FPGA_BITSTREAM_HF); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); @@@ -220,9 -221,9 +220,9 @@@ cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_A_OFF(); - LED_B_OFF(); - return; + LED_A_OFF(); + LED_B_OFF(); + return; } void MeasureAntennaTuningHf(void) @@@ -369,7 -370,7 +369,7 @@@ void SamyRun( for (;;) { usb_poll(); - WDT_HIT(); + WDT_HIT(); // Was our button held down or pressed? int button_pressed = BUTTON_HELD(1000); @@@ -639,7 -640,7 +639,7 @@@ void UsbPacketReceived(uint8_t *packet { UsbCommand *c = (UsbCommand *)packet; -// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]); + //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]); switch(c->cmd) { #ifdef WITH_LF @@@ -661,6 -662,15 +661,15 @@@ case CMD_HID_SIM_TAG: CmdHIDsimTAG(c->arg[0], c->arg[1], 1); break; + case CMD_FSK_SIM_TAG: + CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_ASK_SIM_TAG: + CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_PSK_SIM_TAG: + CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; @@@ -683,8 -693,9 +692,8 @@@ WriteTItag(c->arg[0],c->arg[1],c->arg[2]); break; case CMD_SIMULATE_TAG_125K: - LED_A_ON(); - SimulateTagLowFrequency(c->arg[0], c->arg[1], 1); - LED_A_OFF(); + SimulateTagLowFrequency(c->arg[0], c->arg[1], 0); + //SimulateTagLowFrequencyA(c->arg[0], c->arg[1]); break; case CMD_LF_SIMULATE_BIDIR: SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]); @@@ -806,10 -817,6 +815,10 @@@ EPA_PACE_Collect_Nonce(c); break; + // case CMD_EPA_: + // EpaFoo(c); + // break; + case CMD_READER_MIFARE: ReaderMifare(c->arg[0]); break; @@@ -827,7 -834,7 +836,7 @@@ break; case CMD_MIFAREU_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes); - break; + break; case CMD_MIFAREUC_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes); break; @@@ -900,7 -907,7 +909,7 @@@ ReaderIClass(c->arg[0]); break; case CMD_READER_ICLASS_REPLAY: - ReaderIClass_Replay(c->arg[0], c->d.asBytes); + ReaderIClass_Replay(c->arg[0], c->d.asBytes); break; case CMD_ICLASS_EML_MEMSET: emlSet(c->d.asBytes,c->arg[0], c->arg[1]); @@@ -1033,7 -1040,7 +1042,7 @@@ void __attribute__((noreturn)) AppMain LED_A_OFF(); // Init USB device - usb_enable(); + usb_enable(); // The FPGA gets its clock from us from PCK0 output, so set that up. AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0; @@@ -1063,12 -1070,12 +1072,12 @@@ size_t rx_len; for(;;) { - if (usb_poll()) { - rx_len = usb_read(rx,sizeof(UsbCommand)); - if (rx_len) { - UsbPacketReceived(rx,rx_len); - } - } + if (usb_poll()) { + rx_len = usb_read(rx,sizeof(UsbCommand)); + if (rx_len) { + UsbPacketReceived(rx,rx_len); + } + } WDT_HIT(); #ifdef WITH_LF diff --combined armsrc/apps.h index dc8a9c93,928a3075..3fe8acae --- a/armsrc/apps.h +++ b/armsrc/apps.h @@@ -14,13 -14,11 +14,13 @@@ #include #include -#include "common.h" -#include "hitag2.h" -#include "mifare.h" +#include +#include +#include +#include #include "../common/crc32.h" #include "BigBuf.h" +#include "../include/hitag2.h" extern const uint8_t OddByteParity[256]; extern int rsamples; // = 0; @@@ -118,10 -116,11 +118,13 @@@ void ReadTItag(void) void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc); void AcquireTiType(void); void AcquireRawBitsTI(void); -void SimulateTagLowFrequency(int period, int gap, int ledcontrol); +void SimulateTagLowFrequency( uint16_t period, uint32_t gap, uint8_t ledcontrol); +//void SimulateTagLowFrequencyA(int period, int gap); + void CmdHIDsimTAG(int hi, int lo, int ledcontrol); + void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); + void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); + void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); @@@ -134,7 -133,6 +137,7 @@@ void CopyIndala224toT55x7(int uid1, in void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode); void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode ); void T55xxReadTrace(void); +void TurnReadLFOn(); int DemodPCF7931(uint8_t **outBlocks); int IsBlock0PCF7931(uint8_t *Block); int IsBlock1PCF7931(uint8_t *Block); diff --combined armsrc/iso14443a.c index f2fa1ff2,f2fa1ff2..fe5533e0 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@@ -2301,8 -2301,8 +2301,6 @@@ void Mifare1ksim(uint8_t flags, uint8_ } if(cardSTATE == MFEMUL_NOFIELD) continue; -- //Now, get data -- res = EmGetCmd(receivedCmd, &len, receivedCmd_par); if (res == 2) { //Field is off! cardSTATE = MFEMUL_NOFIELD; @@@ -2373,7 -2373,7 +2371,7 @@@ uint32_t nr = bytes_to_num(&receivedCmd[4], 4); //Collect AR/NR -- if(ar_nr_collected < 2){ ++ if(ar_nr_collected < 2 && cardAUTHSC == 2){ if(ar_nr_responses[2] != ar) {// Avoid duplicates... probably not necessary, ar should vary. ar_nr_responses[ar_nr_collected*4] = cuid; @@@ -2381,6 -2381,6 +2379,11 @@@ ar_nr_responses[ar_nr_collected*4+2] = ar; ar_nr_responses[ar_nr_collected*4+3] = nr; ar_nr_collected++; ++ } ++ // Interactive mode flag, means we need to send ACK ++ if(flags & FLAG_INTERACTIVE && ar_nr_collected == 2) ++ { ++ finished = true; } } @@@ -2528,7 -2528,7 +2531,7 @@@ mf_crypto1_encrypt(pcs, response, 18, response_par); EmSendCmdPar(response, 18, response_par); numReads++; -- if(exitAfterNReads > 0 && numReads == exitAfterNReads) { ++ if(exitAfterNReads > 0 && numReads >= exitAfterNReads) { Dbprintf("%d reads done, exiting", numReads); finished = true; } @@@ -2648,12 -2648,12 +2651,12 @@@ if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK { //May just aswell send the collected ar_nr in the response aswell -- cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_responses,ar_nr_collected*4*4); ++ cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,1,0,&ar_nr_responses,ar_nr_collected*4*4); } -- if(flags & FLAG_NR_AR_ATTACK) ++ if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 ) { -- if(ar_nr_collected > 1) { ++ if(ar_nr_collected > 1 ) { Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:"); Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x", ar_nr_responses[0], // UID @@@ -2665,7 -2665,7 +2668,7 @@@ ); } else { Dbprintf("Failed to obtain two AR/NR pairs!"); -- if(ar_nr_collected >0) { ++ if(ar_nr_collected > 0 ) { Dbprintf("Only got these: UID=%08x, nonce=%08x, AR1=%08x, NR1=%08x", ar_nr_responses[0], // UID ar_nr_responses[1], //NT diff --combined armsrc/lfops.c index 16e46c8b,468f5830..887e8404 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@@ -37,15 -37,15 +37,15 @@@ void ModThenAcquireRawAdcSamples125k(in sample_config sc = { 0,0,1, divisor_used, 0}; setSamplingConfig(&sc); - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); + /* Make sure the tag is reset */ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(2500); LFSetupFPGAForADC(sc.divisor, 1); - // And a little more time for the tag to fully power up - SpinDelay(2000); + // And a little more time for the tag to fully power up + SpinDelay(2000); // now modulate the reader field while(*command != '\0' && *command != ' ') { @@@ -72,6 -72,8 +72,6 @@@ DoAcquisition_config(false); } - - /* blank r/w tag data stream ...0000000000000000 01111111 1010101010101010101010101010101010101010101010101010101010101010 @@@ -379,7 -381,7 +379,7 @@@ void WriteTItag(uint32_t idhi, uint32_ DbpString("Now use tiread to check"); } -void SimulateTagLowFrequency(int period, int gap, int ledcontrol) +void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol) { int i; uint8_t *tab = BigBuf_get_addr(); @@@ -392,11 -394,12 +392,12 @@@ AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - #define SHORT_COIL() LOW(GPIO_SSC_DOUT) - #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { + //wait until SSC_CLK goes HIGH while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@@ -404,7 -407,6 +405,6 @@@ } WDT_HIT(); } - if (ledcontrol) LED_D_ON(); @@@ -415,17 -417,18 +415,18 @@@ if (ledcontrol) LED_D_OFF(); - + //wait until SSC_CLK goes LOW while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); return; } WDT_HIT(); - } - + } + i++; if(i == period) { + i = 0; if (gap) { SHORT_COIL(); @@@ -440,8 -443,9 +441,9 @@@ void SimulateTagLowFrequencyBidir(int d { } - // compose fc/8 fc/10 waveform - static void fc(int c, int *n) { + // compose fc/8 fc/10 waveform (FSK2) + static void fc(int c, int *n) + { uint8_t *dest = BigBuf_get_addr(); int idx; @@@ -449,20 -453,21 +451,21 @@@ if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples + + // an fc/8 encoded bit is a bit pattern of 11110000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@@ -470,9 -475,11 +473,11 @@@ } } - // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples + // an fc/10 encoded bit is a bit pattern of 1111100000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; @@@ -481,11 -488,39 +486,39 @@@ dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; } } } + // compose fc/X fc/Y waveform (FSKx) + static void fcAll(uint8_t fc, int *n, uint8_t clock, uint16_t *modCnt) + { + uint8_t *dest = BigBuf_get_addr(); + uint8_t halfFC = fc/2; + uint8_t wavesPerClock = clock/fc; + uint8_t mod = clock % fc; //modifier + uint8_t modAdj = fc/mod; //how often to apply modifier + bool modAdjOk = !(fc % mod); //if (fc % mod==0) modAdjOk=TRUE; + // loop through clock - step field clock + for (uint8_t idx=0; idx < wavesPerClock; idx++){ + // put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + memset(dest+(*n), 0, fc-halfFC); //in case of odd number use extra here + memset(dest+(*n)+(fc-halfFC), 1, halfFC); + *n += fc; + } + if (mod>0) (*modCnt)++; + if ((mod>0) && modAdjOk){ //fsk2 + if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave + memset(dest+(*n), 0, fc-halfFC); + memset(dest+(*n)+(fc-halfFC), 1, halfFC); + *n += fc; + } + } + if (mod>0 && !modAdjOk){ //fsk1 + memset(dest+(*n), 0, mod-(mod/2)); + memset(dest+(*n)+(mod-(mod/2)), 1, mod/2); + *n += mod; + } + } // prepare a waveform pattern in the buffer based on the ID given then // simulate a HID tag until the button is pressed @@@ -503,7 -538,7 +536,7 @@@ void CmdHIDsimTAG(int hi, int lo, int l */ if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); + DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags"); return; } fc(0,&n); @@@ -543,6 -578,150 +576,150 @@@ LED_A_OFF(); } + // prepare a waveform pattern in the buffer based on the ID given then + // simulate a FSK tag until the button is pressed + // arg1 contains fcHigh and fcLow, arg2 contains invert and clock + void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) + { + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + uint16_t modCnt = 0; + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + for (i=0; i> 8; + uint8_t carrier = arg1 & 0xFF; + uint8_t invert = arg2 & 0xFF; + uint8_t curPhase = 0; + for (i=0; i0){ @@@ -811,20 -990,10 +988,20 @@@ * To compensate antenna falling times shorten the write times * and enlarge the gap ones. */ -#define START_GAP 250 -#define WRITE_GAP 160 -#define WRITE_0 144 // 192 -#define WRITE_1 400 // 432 for T55x7; 448 for E5550 +#define START_GAP 30*8 // 10 - 50fc 250 +#define WRITE_GAP 20*8 // 8 - 30fc +#define WRITE_0 24*8 // 16 - 31fc 24fc 192 +#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 + +// VALUES TAKEN FROM EM4x function: SendForward +// START_GAP = 440; (55*8) cycles at 125Khz (8us = 1cycle) +// WRITE_GAP = 128; (16*8) +// WRITE_1 = 256 32*8; (32*8) + +// These timings work for 4469/4269/4305 (with the 55*8 above) +// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8); + +#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) // Write one bit to card void T55xxWriteBit(int bit) @@@ -832,7 -1001,7 +1009,7 @@@ FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - if (bit == 0) + if (!bit) SpinDelayUs(WRITE_0); else SpinDelayUs(WRITE_1); @@@ -843,11 -1012,16 +1020,11 @@@ // Write one card block in page 0, no lock void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - //unsigned int i; //enio adjustment 12/10/14 - uint32_t i; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + uint32_t i = 0; - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); // Now start writting FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@@ -883,17 -1057,27 +1060,17 @@@ // Read one card block in page 0 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { + uint32_t i = 0; uint8_t *dest = BigBuf_get_addr(); - //int m=0, i=0; //enio adjustment 12/10/14 - uint32_t m=0, i=0; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting + uint16_t bufferlength = BigBuf_max_traceLen(); + if ( bufferlength > T55xx_SAMPLES_SIZE ) + bufferlength = T55xx_SAMPLES_SIZE; + + memset(dest, 0x80, bufferlength); + + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@@ -912,40 -1096,53 +1089,40 @@@ T55xxWriteBit(Block & i); // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + TurnReadLFOn(); // Now do the acquisition i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; - i++; - if (i >= m) break; + ++i; + LED_D_OFF(); + if (i >= bufferlength) break; } } + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); } // Read card traceability data (page 1) void T55xxReadTrace(void){ - uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + uint32_t i = 0; + uint8_t *dest = BigBuf_get_addr(); + uint16_t bufferlength = BigBuf_max_traceLen(); + if ( bufferlength > T55xx_SAMPLES_SIZE ) + bufferlength = T55xx_SAMPLES_SIZE; - // Now start writting + memset(dest, 0x80, bufferlength); + + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@@ -954,34 -1151,25 +1131,34 @@@ T55xxWriteBit(1); //Page 1 // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + TurnReadLFOn(); // Now do the acquisition - i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - + ++i; + LED_D_OFF(); + + if (i >= bufferlength) break; + } + } + + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); +} + +void TurnReadLFOn(){ + //FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + // Give it a bit of time for the resonant antenna to settle. + //SpinDelay(30); + SpinDelayUs(9*150); } /*-------------- Cloning routines -----------*/ @@@ -1286,10 -1474,9 +1463,10 @@@ void CopyIndala224toT55x7(int uid1, in #define max(x,y) ( x GraphBuffer[0]) { + if(dest[1] > dest[0]) { while(i < GraphTraceLen) { - if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax) + if( !(dest[i] > dest[i-1]) && dest[i] > lmax) break; i++; } @@@ -1319,7 -1507,7 +1496,7 @@@ } else { while(i < GraphTraceLen) { - if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin) + if( !(dest[i] < dest[i-1]) && v[i] < lmin) break; i++; } @@@ -1333,7 -1521,7 +1510,7 @@@ for (bitidx = 0; i < GraphTraceLen; i++) { - if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin)) + if ( (dest[i-1] > dest[i] && dir == 1 && dest[i] > lmax) || (dest[i-1] < dest[i] && dir == 0 && dest[i] < lmin)) { lc = i - lastval; lastval = i; @@@ -1400,7 -1588,7 +1577,7 @@@ } if(i < GraphTraceLen) { - if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; + if (dest[i-1] > dest[i]) dir=0; else dir = 1; } } @@@ -1528,7 -1716,7 +1705,7 @@@ void ReadPCF7931() tries++; if (BUTTON_PRESS()) return; } while (num_blocks != max_blocks); - end: + end: Dbprintf("-----------------------------------------"); Dbprintf("Memory content:"); Dbprintf("-----------------------------------------"); @@@ -1707,14 -1895,9 +1884,14 @@@ void EM4xLogin(uint32_t Password) void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { + uint8_t *dest = BigBuf_get_addr(); + uint16_t bufferlength = BigBuf_max_traceLen(); + uint32_t i = 0; + + // Clear destination buffer before sending the command 0x80 = average. + memset(dest, 0x80, bufferlength); + uint8_t fwd_bit_count; - uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; //If password mode do login if (PwdMode == 1) EM4xLogin(Pwd); @@@ -1723,6 -1906,9 +1900,6 @@@ fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); fwd_bit_count += Prepare_Addr( Address ); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); // Now set up the SSC to get the ADC samples that are now streaming at us. @@@ -1738,12 -1924,10 +1915,12 @@@ } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } + ++i; + if (i >= bufferlength) break; + } + } + + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); } diff --combined client/cmddata.c index 8b29dc9c,95c7dc87..cea3bcfe --- a/client/cmddata.c +++ b/client/cmddata.c @@@ -32,12 -32,6 +32,12 @@@ static int CmdHelp(const char *Cmd) //by marshmellow void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx) { + if (buff == NULL) + return; + + if ( size >= MAX_DEMOD_BUF_LEN) + size = MAX_DEMOD_BUF_LEN; + size_t i = 0; for (; i < size; i++){ DemodBuffer[i]=buff[startIdx++]; @@@ -55,7 -49,7 +55,7 @@@ int CmdSetDebugMode(const char *Cmd } //by marshmellow - void printDemodBuff() + void printDemodBuff(void) { uint32_t i = 0; int bitLen = DemodBufferLen; @@@ -90,7 -84,28 +90,28 @@@ return; } - + int CmdPrintDemodBuff(const char *Cmd) + { + char hex; + char printBuff[512]={0x00}; + uint8_t numBits = DemodBufferLen & 0xFFF0; + sscanf(Cmd, "%c", &hex); + if (hex == 'h'){ + PrintAndLog("Usage: data printdemodbuffer [x]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" x output in hex (omit for binary output)"); + return 0; + } + if (hex == 'x'){ + numBits = binarraytohex(printBuff, (char *)DemodBuffer, numBits); + if (numBits==0) return 0; + PrintAndLog("DemodBuffer: %s",printBuff); + } else { + printDemodBuff(); + } + return 1; + } int CmdAmp(const char *Cmd) { int i, rising, falling; @@@ -135,20 -150,19 +156,19 @@@ * Updates the Graph trace with 0/1 values * * Arguments: - * c : 0 or 1 + * c : 0 or 1 (or invert) */ - //this method is dependant on all highs and lows to be the same(or clipped) this creates issues[marshmellow] it also ignores the clock + //this method ignores the clock + + //this function strictly converts highs and lows to 1s and 0s for each sample in the graphbuffer int Cmdaskdemod(const char *Cmd) { int i; int c, high = 0, low = 0; - // TODO: complain if we do not give 2 arguments here ! - // (AL - this doesn't make sense! we're only using one argument!!!) sscanf(Cmd, "%i", &c); - /* Detect high and lows and clock */ - // (AL - clock???) + /* Detect high and lows */ for (i = 0; i < GraphTraceLen; ++i) { if (GraphBuffer[i] > high) @@@ -178,9 -192,9 +198,9 @@@ * down) */ //[marhsmellow] change == to >= for high and <= for low for fuzz - if ((GraphBuffer[i] == high) && (GraphBuffer[i - 1] == c)) { + if ((GraphBuffer[i] >= high) && (GraphBuffer[i - 1] == c)) { GraphBuffer[i] = 1 - c; - } else if ((GraphBuffer[i] == low) && (GraphBuffer[i - 1] == (1 - c))){ + } else if ((GraphBuffer[i] <= low) && (GraphBuffer[i - 1] == (1 - c))){ GraphBuffer[i] = c; } else { /* No transition */ @@@ -191,6 -205,23 +211,23 @@@ return 0; } + //this function strictly converts >1 to 1 and <1 to 0 for each sample in the graphbuffer + int CmdGetBitStream(const char *Cmd) + { + int i; + CmdHpf(Cmd); + for (i = 0; i < GraphTraceLen; i++) { + if (GraphBuffer[i] >= 1) { + GraphBuffer[i] = 1; + } else { + GraphBuffer[i] = 0; + } + } + RepaintGraphWindow(); + return 0; + } + + //by marshmellow void printBitStream(uint8_t BitStream[], uint32_t bitLen) { @@@ -506,9 -537,33 +543,33 @@@ int CmdBiphaseDecodeRaw(const char *Cmd PrintAndLog("Biphase Decoded using offset: %d - # errors:%d - data:",offset,errCnt); printBitStream(BitStream, size); PrintAndLog("\nif bitstream does not look right try offset=1"); + if (offset == 1) setDemodBuf(DemodBuffer,DemodBufferLen-1,1); //remove first bit from raw demod return 1; } + // set demod buffer back to raw after biphase demod + void setBiphaseDemodBuf(uint8_t *BitStream, size_t size) + { + uint8_t rawStream[512]={0x00}; + size_t i=0; + uint8_t curPhase=0; + if (size > 256) { + PrintAndLog("ERROR - Biphase Demod Buffer overrun"); + return; + } + for (size_t idx=0; idx>2; + uint32_t FC = 0; + uint32_t Card = 0; + uint32_t raw1 = bytebits_to_byte(DemodBuffer+ans,32); + uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32); + uint32_t raw3 = bytebits_to_byte(DemodBuffer+ans+64, 32); + + if (fmtLen==36){ + FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1); + Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5); + PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card); + } else if(fmtLen==26){ + FC = ((ByteStream[3] & 0x7F)<<1) | (ByteStream[4]>>7); + Card = ((ByteStream[4]&0x7F)<<9) | (ByteStream[5]<<1) | (ByteStream[6]>>7); + PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card); + } else { + PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",fmtLen); + } + PrintAndLog("Raw: %08x%08x%08x", raw1,raw2,raw3); + setBiphaseDemodBuf(DemodBuffer+ans, 96); + return 1; + } + //by marshmellow - see ASKrawDemod int Cmdaskrawdemod(const char *Cmd) { @@@ -840,9 -989,9 +995,9 @@@ int FSKrawDemod(const char *Cmd, bool v //raw fsk demod no manchester decoding no start bit finding just get binary from wave //set defaults int rfLen = 0; - int invert=0; - int fchigh=0; - int fclow=0; + int invert = 0; + int fchigh = 0; + int fclow = 0; //set options from parameters entered with the command sscanf(Cmd, "%i %i %i %i", &rfLen, &invert, &fchigh, &fclow); @@@ -861,7 -1010,7 +1016,7 @@@ uint16_t fcs=0; uint8_t dummy=0; if (fchigh==0 || fclow == 0){ - fcs=countFC(BitStream, BitLen, &dummy); + fcs = countFC(BitStream, BitLen, &dummy); if (fcs==0){ fchigh=10; fclow=8; @@@ -884,8 -1033,9 +1039,9 @@@ if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size if (verbose) { PrintAndLog("FSK decoded bitstream:"); - printBitStream(BitStream,size); + printBitStream(BitStream,size); } + return 1; } else{ if (verbose) PrintAndLog("no FSK data found"); @@@ -1043,7 -1193,7 +1199,7 @@@ int CmdFSKdemodParadox(const char *Cmd uint32_t rawLo = bytebits_to_byte(BitStream+idx+64,32); uint32_t rawHi = bytebits_to_byte(BitStream+idx+32,32); uint32_t rawHi2 = bytebits_to_byte(BitStream+idx,32); - + PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x - RAW: %08x%08x%08x", hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF, rawHi2, rawHi, rawLo); setDemodBuf(BitStream,BitLen,idx); @@@ -1495,9 -1645,14 +1651,14 @@@ int PSKDemod(const char *Cmd, bool verb } uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; size_t BitLen = getFromGraphBuf(BitStream); - if (BitLen==0) return 0; + if (BitLen==0) return -1; + uint8_t carrier=countPSK_FC(BitStream, BitLen); + if (carrier!=2 && carrier!=4 && carrier!=8){ + //invalid carrier + return -1; + } int errCnt=0; - errCnt = pskRawDemod(BitStream, &BitLen,&clk,&invert); + errCnt = pskRawDemod(BitStream, &BitLen, &clk, &invert); if (errCnt > maxErr){ if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return -1; @@@ -1625,8 -1780,7 +1786,8 @@@ int NRZrawDemod(const char *Cmd, bool v if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; } - PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); + if (verbose) + PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); //prime demod buffer for output setDemodBuf(BitStream,BitLen,0); @@@ -1634,11 -1788,11 +1795,11 @@@ PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); } if (verbose) { - PrintAndLog("NRZ demoded bitstream:"); - // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); + PrintAndLog("NRZ demoded bitstream:"); + // Now output the bitstream to the scrollback by line of 16 bits + printDemodBuff(); } - return 1; + return 1; } int CmdNRZrawDemod(const char *Cmd) @@@ -1650,11 -1804,11 +1811,11 @@@ PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data nrzrawdemod = demod a nrz/direct tag from GraphBuffer"); - PrintAndLog(" : data nrzrawdemod 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data nrzrawdemod 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data nrzrawdemod 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); - PrintAndLog(" : data nrzrawdemod 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod nr = demod a nrz/direct tag from GraphBuffer"); + PrintAndLog(" : data rawdemod nr 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod nr 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data rawdemod nr 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); + PrintAndLog(" : data rawdemod nr 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); return 0; } return NRZrawDemod(Cmd, TRUE); @@@ -1674,11 -1828,11 +1835,11 @@@ int CmdPSK1rawDemod(const char *Cmd PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data psk1rawdemod = demod a psk1 tag from GraphBuffer"); - PrintAndLog(" : data psk1rawdemod 32 = demod a psk1 tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data psk1rawdemod 32 1 = demod a psk1 tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data psk1rawdemod 1 = demod a psk1 tag from GraphBuffer while inverting data"); - PrintAndLog(" : data psk1rawdemod 64 1 0 = demod a psk1 tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod p1 = demod a psk1 tag from GraphBuffer"); + PrintAndLog(" : data rawdemod p1 32 = demod a psk1 tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod p1 32 1 = demod a psk1 tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data rawdemod p1 1 = demod a psk1 tag from GraphBuffer while inverting data"); + PrintAndLog(" : data rawdemod p1 64 1 0 = demod a psk1 tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); return 0; } errCnt = PSKDemod(Cmd, TRUE); @@@ -1708,14 -1862,14 +1869,14 @@@ int CmdPSK2rawDemod(const char *Cmd PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data psk2rawdemod = demod a psk2 tag from GraphBuffer, autodetect clock"); - PrintAndLog(" : data psk2rawdemod 32 = demod a psk2 tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data psk2rawdemod 32 1 = demod a psk2 tag from GraphBuffer using a clock of RF/32 and inverting output"); - PrintAndLog(" : data psk2rawdemod 1 = demod a psk2 tag from GraphBuffer, autodetect clock and invert output"); - PrintAndLog(" : data psk2rawdemod 64 1 0 = demod a psk2 tag from GraphBuffer using a clock of RF/64, inverting output and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod p2 = demod a psk2 tag from GraphBuffer, autodetect clock"); + PrintAndLog(" : data rawdemod p2 32 = demod a psk2 tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod p2 32 1 = demod a psk2 tag from GraphBuffer using a clock of RF/32 and inverting output"); + PrintAndLog(" : data rawdemod p2 1 = demod a psk2 tag from GraphBuffer, autodetect clock and invert output"); + PrintAndLog(" : data rawdemod p2 64 1 0 = demod a psk2 tag from GraphBuffer using a clock of RF/64, inverting output and allowing 0 demod errors"); return 0; } - errCnt=PSKDemod(Cmd, 1); + errCnt=PSKDemod(Cmd, TRUE); if (errCnt<0){ if (g_debugMode) PrintAndLog("Error demoding: %d",errCnt); return 0; @@@ -1834,6 -1988,7 +1995,7 @@@ int CmdHide(const char *Cmd return 0; } + //zero mean GraphBuffer int CmdHpf(const char *Cmd) { int i; @@@ -2423,6 -2578,7 +2585,7 @@@ static command_t CommandTable[] //{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"}, {"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"}, {"askem410xdemod",CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"}, + {"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"}, //{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"}, //{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"}, {"autocorr", CmdAutoCorr, 1, " -- Autocorrelation over window"}, @@@ -2440,6 -2596,7 +2603,7 @@@ {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, //{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, + {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, {"hide", CmdHide, 1, "Hide graph window"}, @@@ -2455,6 -2612,7 +2619,7 @@@ //{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, + {"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"}, {"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, //{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"}, //{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"}, diff --combined client/cmddata.h index c7dbf297,6866bcb1..48bd0d91 --- a/client/cmddata.h +++ b/client/cmddata.h @@@ -14,12 -14,13 +14,14 @@@ command_t * CmdDataCommands(); int CmdData(const char *Cmd); + void printDemodBuff(void); + void printBitStream(uint8_t BitStream[], uint32_t bitLen); void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx); - void printDemodBuff(); + int CmdAmp(const char *Cmd); int Cmdaskdemod(const char *Cmd); int CmdAskEM410xDemod(const char *Cmd); + int CmdG_Prox_II_Demod(const char *Cmd); int Cmdaskrawdemod(const char *Cmd); int Cmdaskmandemod(const char *Cmd); int CmdAutoCorr(const char *Cmd); @@@ -39,6 -40,7 +41,7 @@@ int CmdFSKrawdemod(const char *Cmd) int CmdPSK1rawDemod(const char *Cmd); int CmdPSK2rawDemod(const char *Cmd); int CmdGrid(const char *Cmd); + int CmdGetBitStream(const char *Cmd); int CmdHexsamples(const char *Cmd); int CmdHide(const char *Cmd); int CmdHpf(const char *Cmd); @@@ -70,7 -72,6 +73,7 @@@ int NRZrawDemod(const char *Cmd, bool v extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; extern int DemodBufferLen; +extern uint8_t g_debugMode; #define BIGBUF_SIZE 40000 #endif diff --combined client/cmdlf.c index 849b96ef,79d6787b..9d62b2a8 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@@ -28,6 -28,7 +28,7 @@@ #include "cmdlft55xx.h" #include "cmdlfpcf7931.h" #include "cmdlfio.h" + #include "lfdemod.h" static int CmdHelp(const char *Cmd); @@@ -488,12 -489,7 +489,12 @@@ int CmdLFRead(const char *Cmd //And ship it to device UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K}; SendCommand(&c); - WaitForResponse(CMD_ACK,NULL); + //WaitForResponse(CMD_ACK,NULL); + if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { + PrintAndLog("command execution time out"); + return 1; + } + return 0; } @@@ -514,11 -510,11 +515,11 @@@ int CmdLFSnoop(const char *Cmd static void ChkBitstream(const char *str) { int i; - + /* convert to bitstream if necessary */ for (i = 0; i < (int)(GraphTraceLen / 2); i++){ if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) { - CmdBitstream(str); + CmdGetBitStream(""); break; } } @@@ -526,33 -522,379 +527,379 @@@ //appears to attempt to simulate manchester int CmdLFSim(const char *Cmd) { - int i,j; + int i,j; static int gap; sscanf(Cmd, "%i", &gap); /* convert to bitstream if necessary */ + ChkBitstream(Cmd); - printf("Sending [%d bytes]", GraphTraceLen); - for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { + //can send 512 bits at a time (1 byte sent per bit...) + printf("Sending [%d bytes]", GraphTraceLen); + for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; - for (j = 0; j < USB_CMD_DATA_SIZE; j++) { + for (j = 0; j < USB_CMD_DATA_SIZE; j++) { c.d.asBytes[j] = GraphBuffer[i+j]; } SendCommand(&c); WaitForResponse(CMD_ACK,NULL); - printf("."); + printf("."); } - printf("\n"); - PrintAndLog("Starting to simulate"); + printf("\n"); + PrintAndLog("Starting to simulate"); UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}}; SendCommand(&c); return 0; } + int usage_lf_simfsk(void) + { + //print help + PrintAndLog("Usage: lf simfsk [c ] [i] [H ] [L ] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" H Manually set the larger Field Clock"); + PrintAndLog(" L Manually set the smaller Field Clock"); + //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + PrintAndLog("\n NOTE: if you set one clock manually set them all manually"); + return 0; + } + + int usage_lf_simask(void) + { + //print help + PrintAndLog("Usage: lf simask [c ] [i] [m|r] [s] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" m sim ask/manchester"); + PrintAndLog(" r sim ask/raw"); + PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; + } + + int usage_lf_simpsk(void) + { + //print help + PrintAndLog("Usage: lf simpsk [1|2|3] [c ] [i] [r ] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" 1 set PSK1 (default)"); + PrintAndLog(" 2 set PSK2"); + PrintAndLog(" 3 set PSK3"); + PrintAndLog(" r 2|4|8 are valid carriers: default = 2"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; + } + + // by marshmellow - sim ask data given clock, fcHigh, fcLow, invert + // - allow pull data from DemodBuffer + int CmdLFfskSim(const char *Cmd) + { + //might be able to autodetect FC and clock from Graphbuffer if using demod buffer + //will need FChigh, FClow, Clock, and bitstream + uint8_t fcHigh=0, fcLow=0, clk=0; + uint8_t invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; // store entered hex data + uint8_t data[255] = {0x00}; + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simfsk(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'H': + errors |= param_getdec(Cmd,cmdp+1,&fcHigh); + cmdp+=2; + break; + case 'L': + errors |= param_getdec(Cmd,cmdp+1,&fcLow); + cmdp+=2; + break; + //case 's': + // separator=1; + // cmdp++; + // break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data"); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simfsk(); + } + + if (dataLen == 0){ //using DemodBuffer + if (clk==0 || fcHigh==0 || fcLow==0){ //manual settings must set them all + uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0); + if (ans==0){ + if (!fcHigh) fcHigh=10; + if (!fcLow) fcLow=8; + if (!clk) clk=50; + } + } + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 50; + if (fcHigh == 0) fcHigh = 10; + if (fcLow == 0) fcLow = 8; + + uint16_t arg1, arg2; + arg1 = fcHigh << 8 | fcLow; + arg2 = invert << 8 | clk; + size_t size = DemodBufferLen; + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size = USB_CMD_DATA_SIZE; + } + UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}}; + + memcpy(c.d.asBytes, DemodBuffer, size); + SendCommand(&c); + return 0; + } + + // by marshmellow - sim ask data given clock, invert, manchester or raw, separator + // - allow pull data from DemodBuffer + int CmdLFaskSim(const char *Cmd) + { + //autodetect clock from Graphbuffer if using demod buffer + //will need clock, invert, manchester/raw as m or r, separator as s, and bitstream + uint8_t manchester = 1, separator = 0; + //char cmdp = Cmd[0], par3='m', par4=0; + uint8_t clk=0, invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; + uint8_t data[255]= {0x00}; // store entered hex data + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simask(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'm': + manchester=1; + cmdp++; + break; + case 'r': + manchester=0; + cmdp++; + break; + case 's': + separator=1; + cmdp++; + break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data, datalen: %d",dataLen); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simask(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk == 0) clk = GetAskClock("0", false, false); + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 64; + if (manchester == 0) clk = clk/2; //askraw needs to double the clock speed + uint16_t arg1, arg2; + size_t size=DemodBufferLen; + arg1 = clk << 8 | manchester; + arg2 = invert << 8 | separator; + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size = USB_CMD_DATA_SIZE; + } + UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}}; + PrintAndLog("preparing to sim ask data: %d bits", size); + memcpy(c.d.asBytes, DemodBuffer, size); + SendCommand(&c); + return 0; + } + + // by marshmellow - sim psk data given carrier, clock, invert + // - allow pull data from DemodBuffer or parameters + int CmdLFpskSim(const char *Cmd) + { + //might be able to autodetect FC and clock from Graphbuffer if using demod buffer + //will need carrier, Clock, and bitstream + uint8_t carrier=0, clk=0; + uint8_t invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; // store entered hex data + uint8_t data[255] = {0x00}; + int dataLen = 0; + uint8_t cmdp = 0; + uint8_t pskType = 1; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simpsk(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'r': + errors |= param_getdec(Cmd,cmdp+1,&carrier); + cmdp+=2; + break; + case '1': + pskType=1; + cmdp++; + break; + case '2': + pskType=2; + cmdp++; + break; + case '3': + pskType=3; + cmdp++; + break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data"); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if (errors) break; + } + if (cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if (errors) + { + return usage_lf_simpsk(); + } + if (dataLen == 0){ //using DemodBuffer + PrintAndLog("Getting Clocks"); + if (clk==0) clk = GetPskClock("", FALSE, FALSE); + PrintAndLog("clk: %d",clk); + if (!carrier) carrier = GetPskCarrier("", FALSE, FALSE); + PrintAndLog("carrier: %d", carrier); + } else { + setDemodBuf(data, dataLen, 0); + } + + if (clk <= 0) clk = 32; + if (carrier == 0) carrier = 2; + if (pskType != 1){ + if (pskType == 2){ + //need to convert psk2 to psk1 data before sim + psk2TOpsk1(DemodBuffer, DemodBufferLen); + } else { + PrintAndLog("Sorry, PSK3 not yet available"); + } + } + uint16_t arg1, arg2; + arg1 = clk << 8 | carrier; + arg2 = invert; + size_t size=DemodBufferLen; + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size=USB_CMD_DATA_SIZE; + } + UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, size}}; + PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", size); + memcpy(c.d.asBytes, DemodBuffer, size); + SendCommand(&c); + + return 0; + } + int CmdLFSimBidir(const char *Cmd) { // Set ADC to twice the carrier for a slight supersampling @@@ -564,6 -906,7 +911,7 @@@ } /* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */ + /* int CmdLFSimManchester(const char *Cmd) { static int clock, gap; @@@ -584,7 -927,7 +932,7 @@@ CmdLFSim(gapstring); return 0; } - + */ int CmdVchDemod(const char *Cmd) { @@@ -728,6 -1071,11 +1076,11 @@@ int CmdLFfind(const char *Cmd PrintAndLog("\nValid EM410x ID Found!"); return 1; } + ans=CmdG_Prox_II_Demod(""); + if (ans>0) { + PrintAndLog("\nValid G Prox II ID Found!"); + return 1; + } PrintAndLog("\nNo Known Tags Found!\n"); if (testRaw=='u' || testRaw=='U'){ //test unknown tag formats (raw mode) @@@ -760,27 -1108,28 +1113,30 @@@ static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, - {"cmdread", CmdLFCommandRead, 0, " <'0' period> <'1' period> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"}, {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, + {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, + {"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"}, + {"io", CmdLFIO, 1, "{ IOPROX RFIDs... }"}, + {"pcf7931", CmdLFPCF7931, 1, "{ PCF7931 RFIDs... }"}, + {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, + {"t55xx", CmdLFT55XX, 1, "{ T55X7 RFIDs... }"}, + {"config", CmdLFSetConfig, 0, "Set config for LF sampling, bit/sample, decimation, frequency"}, + + {"cmdread", CmdLFCommandRead, 0, " <'0' period> <'1' period> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"}, {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"}, - {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, - {"io", CmdLFIO, 1, "{ ioProx tags... }"}, {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, {"indalaclone", CmdIndalaClone, 0, " ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"}, {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, + {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, - {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, + //{"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, - {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, - {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"}, {"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"}, - {"t55xx", CmdLFT55XX, 1, "{ T55xx RFIDs... }"}, - {"pcf7931", CmdLFPCF7931, 1, "{PCF7931 RFIDs...}"}, {NULL, NULL, 0, NULL} }; diff --combined client/lualibs/commands.lua index 6f309001,ad8f6e00..ef9b8f18 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@@ -48,8 -48,13 +48,13 @@@ local _commands = CMD_EM4X_READ_WORD = 0x0218, CMD_EM4X_WRITE_WORD = 0x0219, CMD_IO_DEMOD_FSK = 0x021A, - CMD_IO_CLONE_TAG = 0x021B, - CMD_EM410X_DEMOD = 0x021c, + CMD_IO_CLONE_TAG = 0x021B, + CMD_EM410X_DEMOD = 0x021c, + CMD_SET_LF_SAMPLING_CONFIG = 0x021d, + CMD_FSK_SIM_TAG = 0x021E, + CMD_ASK_SIM_TAG = 0x021F, + CMD_PSK_SIM_TAG = 0x0220, + --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ --// For the 13.56 MHz tags @@@ -148,10 -153,10 +153,10 @@@ local _reverse_lookup,k,v = {} -for k, v in pairs(_commands) do - _reverse_lookup[v] = k -end -_commands.tostring = function(command) + for k, v in pairs(_commands) do + _reverse_lookup[v] = k + end + _commands.tostring = function(command) if(type(command) == 'number') then return ("%s (%d)"):format(_reverse_lookup[command]or "ERROR UNDEFINED!", command) end @@@ -212,6 -217,7 +217,6 @@@ function Command:getBytes( local data = self.data local cmd = self.cmd local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3 - return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data); end - return _commands + return _commands diff --combined include/usb_cmd.h index ec162b4e,aab631da..c3951320 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@@ -89,9 -89,12 +89,12 @@@ typedef struct #define CMD_EM4X_WRITE_WORD 0x0219 #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B - #define CMD_EM410X_DEMOD 0x021c + #define CMD_EM410X_DEMOD 0x021c // Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d + #define CMD_FSK_SIM_TAG 0x021E + #define CMD_ASK_SIM_TAG 0x021F + #define CMD_PSK_SIM_TAG 0x0220 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ @@@ -125,12 -128,11 +128,12 @@@ #define CMD_READER_LEGIC_RF 0x0388 #define CMD_WRITER_LEGIC_RF 0x0389 #define CMD_EPA_PACE_COLLECT_NONCE 0x038A +//#define CMD_EPA_ 0x038B #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 -#define CMD_READER_ICLASS_REPLAY 0x0395 +#define CMD_READER_ICLASS_REPLAY 0x0395 #define CMD_ICLASS_ISO14443A_WRITE 0x0397 #define CMD_ICLASS_EML_MEMSET 0x0398 @@@ -161,11 -163,9 +164,11 @@@ #define CMD_MIFARE_NESTED 0x0612 #define CMD_MIFARE_READBL 0x0620 -#define CMD_MIFAREU_READBL 0x0720 +#define CMD_MIFAREU_READBL 0x0720 + #define CMD_MIFARE_READSC 0x0621 -#define CMD_MIFAREU_READCARD 0x0721 +#define CMD_MIFAREU_READCARD 0x0721 + #define CMD_MIFARE_WRITEBL 0x0622 #define CMD_MIFAREU_WRITEBL 0x0722 #define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 @@@ -198,7 -198,7 +201,7 @@@ //Iclass reader flags -#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 #define FLAG_ICLASS_READER_GET_CC 0x02