From: marshmellow42 Date: Fri, 10 Nov 2017 20:56:52 +0000 (-0500) Subject: fix lf search bugs when no tag is on antenna X-Git-Tag: v3.1.0~128^2~1 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/217cfb6b29773989774cbe573af0372df09f056b?ds=inline fix lf search bugs when no tag is on antenna cotag read could enter endless loop, now cancels if the next bit doesn't appear em4x05 detection would loop due to a threshold never being met, now has a dump out after 1000 samples tested. fixed some indenting in hitag2 while i was reviewing that code for potential endless loops... --- diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 7702025b..aec01860 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -1217,7 +1217,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { int reset_sof; int tag_sof; int t_wait = HITAG_T_WAIT_MAX; - bool bStop; + bool bStop = false; bool bQuitTraceFull = false; FpgaDownloadAndGo(FPGA_BITSTREAM_LF); @@ -1324,7 +1324,6 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { frame_count = 0; response = 0; lastbit = 1; - bStop = false; // Tag specific configuration settings (sof, timings, etc.) if (htf < 10){ @@ -1369,46 +1368,46 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { // By default reset the transmission buffer tx = txbuf; switch(htf) { - case RHT2F_PASSWORD: { - bStop = !hitag2_password(rx,rxlen,tx,&txlen); - } break; - case RHT2F_AUTHENTICATE: { - bStop = !hitag2_authenticate(rx,rxlen,tx,&txlen); - } break; - case RHT2F_CRYPTO: { - bStop = !hitag2_crypto(rx,rxlen,tx,&txlen, false); - } break; - case RHT2F_TEST_AUTH_ATTEMPTS: { - bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen); - } break; - case RHT2F_UID_ONLY: { - bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen); - attempt_count++; //attempt 3 times to get uid then quit - if (!bStop && attempt_count == 3) bStop = true; - } break; - default: { - Dbprintf("Error, unknown function: %d",htf); - return; - } break; + case RHT2F_PASSWORD: { + bStop = !hitag2_password(rx,rxlen,tx,&txlen); + } break; + case RHT2F_AUTHENTICATE: { + bStop = !hitag2_authenticate(rx,rxlen,tx,&txlen); + } break; + case RHT2F_CRYPTO: { + bStop = !hitag2_crypto(rx,rxlen,tx,&txlen, false); + } break; + case RHT2F_TEST_AUTH_ATTEMPTS: { + bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen); + } break; + case RHT2F_UID_ONLY: { + bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen); + attempt_count++; //attempt 3 times to get uid then quit + if (!bStop && attempt_count == 3) bStop = true; + } break; + default: { + Dbprintf("Error, unknown function: %d",htf); + return; + } break; } - + // Send and store the reader command // Disable timer 1 with external trigger to avoid triggers during our own modulation AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - + // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the // falling edge occured halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units while(AT91C_BASE_TC0->TC_CV < T0*(t_wait+(HITAG_T_TAG_HALF_PERIOD*lastbit))); - + //Dbprintf("DEBUG: Sending reader frame"); // Transmit the reader frame hitag_reader_send_frame(tx,txlen); - // Enable and reset external trigger in timer for capturing future frames + // Enable and reset external trigger in timer for capturing future frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Add transmitted frame to total count @@ -1521,7 +1520,11 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); //Dbprintf("frame received: %d",frame_count); //DbpString("All done"); - cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); + if (bSuccessful) + cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); + else + cmd_send(CMD_ACK,bSuccessful,0,0,0,0); + } void WriterHitag(hitag_function htf, hitag_data* htd, int page) { diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 641c02e8..4344742b 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1159,7 +1159,7 @@ void T55xxResetRead(void) { TurnReadLFOn(READ_GAP); // Acquisition - DoPartialAcquisition(0, true, BigBuf_max_traceLen()); + DoPartialAcquisition(0, true, BigBuf_max_traceLen(), 0); // Turn the field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off @@ -1291,7 +1291,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { // Acquisition // Now do the acquisition - DoPartialAcquisition(0, true, 12000); + DoPartialAcquisition(0, true, 12000, 0); // Turn the field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off @@ -1690,7 +1690,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { SendForward(fwd_bit_count); WaitUS(400); // Now do the acquisition - DoPartialAcquisition(20, true, 6000); + DoPartialAcquisition(20, true, 6000, 1000); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_A_OFF(); @@ -1723,7 +1723,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) { WaitUS(6500); //Capture response if one exists - DoPartialAcquisition(20, true, 6000); + DoPartialAcquisition(20, true, 6000, 1000); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_A_OFF(); diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index 5d1f9248..643b3168 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -119,7 +119,7 @@ void LFSetupFPGAForADC(int divisor, bool lf_field) * @param silent - is true, now outputs are made. If false, dbprints the status * @return the number of bits occupied by the samples. */ -uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold, bool silent, int bufsize) +uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold, bool silent, int bufsize, int cancel_after) { //. uint8_t *dest = BigBuf_get_addr(); @@ -140,6 +140,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag uint32_t sample_sum =0 ; uint32_t sample_total_numbers =0 ; uint32_t sample_total_saved =0 ; + uint32_t cancel_counter = 0; while(!BUTTON_PRESS() && !usb_poll_validate_length() ) { WDT_HIT(); @@ -151,9 +152,11 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; LED_D_OFF(); // threshold either high or low values 128 = center 0. if trigger = 178 - if ((trigger_threshold > 0) && (sample < (trigger_threshold+128)) && (sample > (128-trigger_threshold))) // + if ((trigger_threshold > 0) && (sample < (trigger_threshold+128)) && (sample > (128-trigger_threshold))) { // + if (cancel_after > 0) cancel_counter++; + if (cancel_after == cancel_counter) break; continue; - + } trigger_threshold = 0; sample_total_numbers++; @@ -213,7 +216,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag */ uint32_t DoAcquisition_default(int trigger_threshold, bool silent) { - return DoAcquisition(1,8,0,trigger_threshold,silent,0); + return DoAcquisition(1,8,0,trigger_threshold,silent,0,0); } uint32_t DoAcquisition_config(bool silent, int sample_size) { @@ -222,11 +225,12 @@ uint32_t DoAcquisition_config(bool silent, int sample_size) ,config.averaging ,config.trigger_threshold ,silent - ,sample_size); + ,sample_size + ,0); } -uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size) { - return DoAcquisition(1,8,0,trigger_threshold,silent,sample_size); +uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size, int cancel_after) { + return DoAcquisition(1,8,0,trigger_threshold,silent,sample_size,cancel_after); } uint32_t ReadLF(bool activeField, bool silent, int sample_size) @@ -329,8 +333,8 @@ uint32_t doCotagAcquisitionManchester() { uint8_t sample = 0, firsthigh = 0, firstlow = 0; uint16_t sample_counter = 0, period = 0; uint8_t curr = 0, prev = 0; - - while (!BUTTON_PRESS() && !usb_poll_validate_length() && (sample_counter < bufsize) ) { + uint16_t noise_counter = 0; + while (!BUTTON_PRESS() && !usb_poll_validate_length() && (sample_counter < bufsize) && (noiseCounter < (COTAG_T1<<1)) ) { WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; @@ -343,14 +347,20 @@ uint32_t doCotagAcquisitionManchester() { // find first peak if ( !firsthigh ) { - if (sample < COTAG_ONE_THRESHOLD) + if (sample < COTAG_ONE_THRESHOLD) { + noise_counter++; continue; + } + noise_counter = 0; firsthigh = 1; } if ( !firstlow ){ - if (sample > COTAG_ZERO_THRESHOLD ) + if (sample > COTAG_ZERO_THRESHOLD ) { + noise_counter++; continue; + } + noise_counter=0; firstlow = 1; } diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h index 0531e0c9..ea044f3c 100644 --- a/armsrc/lfsampling.h +++ b/armsrc/lfsampling.h @@ -21,7 +21,7 @@ uint32_t SampleLF(bool silent, int sample_size); uint32_t SnoopLF(); // adds sample size to default options -uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size); +uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size, int cancel_after); /** * @brief Does sample acquisition, ignoring the config values set in the sample_config. diff --git a/client/cmdlf.c b/client/cmdlf.c index eb664a11..cdfbee2d 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -945,7 +945,7 @@ int CmdLFfind(const char *Cmd) PrintAndLog("\nValid EM4x05/EM4x69 Chip Found\nUse lf em 4x05readword/dump commands to read\n"); return 1; } - ans=CmdLFHitagReader("26"); + ans=CmdLFHitagReader("26"); // 26 = RHT2F_UID_ONLY if (ans==0) { return 1; } diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index f5dfee35..e6a25764 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -950,7 +950,6 @@ int EM4x05ReadWord_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *wordDa } int testLen = (GraphTraceLen < 1000) ? GraphTraceLen : 1000; if (graphJustNoise(GraphBuffer, testLen)) { - PrintAndLog("no tag not found"); return -1; } //attempt demod: diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 103f2b77..73c02a14 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -239,6 +239,7 @@ int CmdLFHitagReader(const char *Cmd) { c.arg[0] = htf; // Send the command to the proxmark + clearCommandBuffer(); SendCommand(&c); UsbCommand resp;