From: marshmellow42 Date: Fri, 13 Mar 2015 15:20:00 +0000 (-0400) Subject: Merge remote-tracking branch 'upstream/master' X-Git-Tag: show~2^2~4 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/5279085ae711148fe1e7318e5b8572da7d8616d6?hp=d9d41e0f3f765639dd31c4dcf26ec18dbf646fd4 Merge remote-tracking branch 'upstream/master' --- diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index f2fa1ff2..ac839cfd 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1890,8 +1890,9 @@ void ReaderIso14443a(UsbCommand *c) { iso14a_command_t param = c->arg[0]; uint8_t *cmd = c->d.asBytes; - size_t len = c->arg[1]; - size_t lenbits = c->arg[2]; + size_t len = c->arg[1] & 0xffff; + size_t lenbits = c->arg[1] >> 16; + uint32_t timeout = c->arg[2]; uint32_t arg0 = 0; byte_t buf[USB_CMD_DATA_SIZE]; uint8_t par[MAX_PARITY_SIZE]; @@ -1916,7 +1917,7 @@ void ReaderIso14443a(UsbCommand *c) } if(param & ISO14A_SET_TIMEOUT) { - iso14a_set_timeout(c->arg[2]); + iso14a_set_timeout(timeout); } if(param & ISO14A_APDU) { diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 468f5830..16c42855 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -16,6 +16,7 @@ #include "string.h" #include "lfdemod.h" #include "lfsampling.h" +#include "usb_cdc.h" /** @@ -401,7 +402,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) for(;;) { //wait until SSC_CLK goes HIGH while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - if(BUTTON_PRESS()) { + if(BUTTON_PRESS() || usb_poll()) { DbpString("Stopped"); return; } diff --git a/client/Makefile b/client/Makefile index 20e17d7d..6ec34469 100644 --- a/client/Makefile +++ b/client/Makefile @@ -16,34 +16,39 @@ LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthre LDFLAGS = $(COMMON_FLAGS) CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 LUAPLATFORM = generic + ifneq (,$(findstring MINGW,$(platform))) -CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 -MOC = $(QTDIR)/bin/moc -LUAPLATFORM = mingw + CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui + MOC = $(QTDIR)/bin/moc + LUAPLATFORM = mingw + ifneq ($(wildcard $(QTDIR)/include/QtWidgets),) + CXXFLAGS += -I$(QTDIR)/include/QtWidgets + QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets + else + QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 + endif else ifeq ($(platform),Darwin) -CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 -QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) -MOC = $(shell pkg-config --variable=moc_location QtCore) -LUAPLATFORM = macosx + CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 + QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) + MOC = $(shell pkg-config --variable=moc_location QtCore) + LUAPLATFORM = macosx else -CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 -QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) -MOC = $(shell pkg-config --variable=moc_location QtCore) -LDLIBS += -ldl - -# Below is a variant you can use if you have problems compiling with QT5 on ubuntu. see http://www.proxmark.org/forum/viewtopic.php?id=1661 for more info. -#MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc -LUAPLATFORM = linux + CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 + QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) + MOC = $(shell pkg-config --variable=moc_location QtCore) + LDLIBS += -ldl + # Below is a variant you can use if you have problems compiling with QT5 on ubuntu. see http://www.proxmark.org/forum/viewtopic.php?id=1661 for more info. + #MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc + LUAPLATFORM = linux endif ifneq ($(QTLDLIBS),) -QTGUI = $(OBJDIR)/proxgui.o $(OBJDIR)/proxguiqt.o $(OBJDIR)/proxguiqt.moc.o -CFLAGS += -DHAVE_GUI -LINK.o = $(LINK.cpp) + QTGUI = $(OBJDIR)/proxgui.o $(OBJDIR)/proxguiqt.o $(OBJDIR)/proxguiqt.moc.o + CFLAGS += -DHAVE_GUI + LINK.o = $(LINK.cpp) else -QTGUI = guidummy.o + QTGUI = guidummy.o endif CORESRCS = uart.c \ diff --git a/client/cmdhf.c b/client/cmdhf.c index 074a37e2..22063bbb 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -62,19 +62,21 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) snprintf(exp,size,"ANTICOLL-2"); break; } } - case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; - case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break; - case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; - case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; - case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; - case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; - case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; - case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A(%d)",cmd[1]); break; - case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break; - case MIFARE_MAGICMODE: snprintf(exp,size,"MAGIC"); break; - default: snprintf(exp,size,"?"); break; + case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; + case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break; + case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; + case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; + case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; + case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; + case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; + case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A(%d)",cmd[1]); break; + case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break; + case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break; + case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break; + case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break; + default: snprintf(exp,size,"?"); break; } return; } diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 744b3875..d36ebb8b 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -560,7 +560,7 @@ int CmdHF14ACmdRaw(const char *cmd) { timeout = temp; i+=3; while(cmd[i]!=' ' && cmd[i]!='\0') { i++; } - i+=2; + i-=2; break; default: PrintAndLog("Invalid option"); @@ -605,6 +605,7 @@ int CmdHF14ACmdRaw(const char *cmd) { if(active) c.arg[0] |= ISO14A_NO_SELECT; } + if(bTimeout){ #define MAX_TIMEOUT 40542464 // (2^32-1) * (8*16) / 13560000Hz * 1000ms/s = c.arg[0] |= ISO14A_SET_TIMEOUT; @@ -612,7 +613,7 @@ int CmdHF14ACmdRaw(const char *cmd) { timeout = MAX_TIMEOUT; PrintAndLog("Set timeout to 40542 seconds (11.26 hours). The max we can wait for response"); } - c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us) + c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us) } if(power) c.arg[0] |= ISO14A_NO_DISCONNECT; diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index d0852ea5..c16b9674 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1554,15 +1554,14 @@ int CmdHF14AMfCLoad(const char *Cmd) if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1; if (fillFromEmulator) { - flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) { if (mfEmlGetMem(buf8, blockNum, 1)) { PrintAndLog("Cant get block: %d", blockNum); return 2; } - - if (blockNum == 2) flags = 0; - if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence + if (blockNum == 1) flags = 0; // just write + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field. if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { PrintAndLog("Cant set magic card block: %d", blockNum); @@ -1587,7 +1586,6 @@ int CmdHF14AMfCLoad(const char *Cmd) } blockNum = 0; - flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; while(!feof(f)){ memset(buf, 0, sizeof(buf)); @@ -1597,7 +1595,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 2; } - if (strlen(buf) < 32){ + if (strlen(buf) < 32) { if(strlen(buf) && feof(f)) break; PrintAndLog("File content error. Block data must include 32 HEX symbols"); @@ -1606,8 +1604,9 @@ int CmdHF14AMfCLoad(const char *Cmd) for (i = 0; i < 32; i += 2) sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); - if (blockNum == 2) flags = 0; - if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence + if (blockNum == 1) flags = 0; // just write + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field. if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { PrintAndLog("Can't set magic card block: %d", blockNum); diff --git a/common/protocols.h b/common/protocols.h index 1dd66185..01b738c2 100644 --- a/common/protocols.h +++ b/common/protocols.h @@ -115,7 +115,9 @@ NXP/Philips CUSTOM COMMANDS #define MIFARE_AUTH_KEYA 0x60 #define MIFARE_AUTH_KEYB 0x61 -#define MIFARE_MAGICMODE 0x40 +#define MIFARE_MAGICWUPC1 0x40 +#define MIFARE_MAGICWUPC2 0x43 +#define MIFARE_MAGICWIPEC 0x41 #define MIFARE_CMD_INC 0xC0 #define MIFARE_CMD_DEC 0xC1 #define MIFARE_CMD_RESTORE 0xC2 diff --git a/fpga/fpga_hf.bit b/fpga/fpga_hf.bit index 4910e6ac..20fb2bd4 100644 Binary files a/fpga/fpga_hf.bit and b/fpga/fpga_hf.bit differ diff --git a/fpga/hi_iso14443a.v b/fpga/hi_iso14443a.v index 46adda12..ccb51d8f 100644 --- a/fpga/hi_iso14443a.v +++ b/fpga/hi_iso14443a.v @@ -112,34 +112,26 @@ end // for noise reduction and edge detection. // store 4 previous samples: reg [7:0] input_prev_4, input_prev_3, input_prev_2, input_prev_1; -// convert to signed signals (and multiply by two for samples at t-4 and t) -wire signed [10:0] input_prev_4_times_2 = {0, 0, input_prev_4, 0}; -wire signed [10:0] input_prev_3_times_1 = {0, 0, 0, input_prev_3}; -wire signed [10:0] input_prev_1_times_1 = {0, 0, 0, input_prev_1}; -wire signed [10:0] adc_d_times_2 = {0, 0, adc_d, 0}; - -wire signed [10:0] tmp_1, tmp_2; -wire signed [10:0] adc_d_filtered; -integer i; - -assign tmp_1 = input_prev_4_times_2 + input_prev_3_times_1; -assign tmp_2 = input_prev_1_times_1 + adc_d_times_2; - + always @(negedge adc_clk) begin - // for (i = 3; i > 0; i = i - 1) - // begin - // input_shift[i] <= input_shift[i-1]; - // end - // input_shift[0] <= adc_d; input_prev_4 <= input_prev_3; input_prev_3 <= input_prev_2; input_prev_2 <= input_prev_1; input_prev_1 <= adc_d; end -// assign adc_d_filtered = (input_shift[3] << 1) + input_shift[2] - input_shift[0] - (adc_d << 1); -assign adc_d_filtered = tmp_1 - tmp_2; +// adc_d_filtered = 2*input_prev4 + 1*input_prev3 + 0*input_prev2 - 1*input_prev1 - 2*input +// = (2*input_prev4 + input_prev3) - (2*input + input_prev1) +wire [8:0] input_prev_4_times_2 = input_prev_4 << 1; +wire [8:0] adc_d_times_2 = adc_d << 1; + +wire [9:0] tmp1 = input_prev_4_times_2 + input_prev_3; +wire [9:0] tmp2 = adc_d_times_2 + input_prev_1; + +// convert intermediate signals to signed and calculate the filter output +wire signed [10:0] adc_d_filtered = {1'b0, tmp1} - {1'b0, tmp2}; + //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -194,11 +186,13 @@ reg [3:0] mod_detect_reset_time; always @(negedge adc_clk) begin if (mod_type == `READER_LISTEN) - // (our) reader signal changes at t=1, tag response expected n*16+4 ticks later, further delayed by - // 3 ticks ADC conversion. - // 1 + 4 + 3 = 8 + // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by + // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks). + // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e. + // at mod_detect_reset_time+4 and mod_detect_reset_time+12 (-4 ticks). + // 9 + 4 + 3 + 7 - 4 = 19. 19 mod 16 = 3 begin - mod_detect_reset_time <= 4'd8; + mod_detect_reset_time <= 4'd4; end else if (mod_type == `SNIFFER) @@ -207,10 +201,10 @@ begin if (~pre_after_hysteresis && after_hysteresis && deep_modulation) // reader signal rising edge detected at negedge_cnt[3:0]. This signal had been delayed // 9 ticks by the RF part + 3 ticks by the A/D converter + 1 tick to assign to after_hysteresis. - // The tag will respond n*16 + 4 ticks later + 3 ticks A/D converter delay. - // - 9 - 3 - 1 + 4 + 3 = -6 + // Then the same as above. + // - 9 - 3 - 1 + 4 + 3 + 7 - 4 = -3 begin - mod_detect_reset_time <= negedge_cnt[3:0] - 4'd4; + mod_detect_reset_time <= negedge_cnt[3:0] - 4'd3; end end end @@ -224,12 +218,14 @@ reg signed [10:0] rx_mod_falling_edge_max; reg signed [10:0] rx_mod_rising_edge_max; reg curbit; +`define EDGE_DETECT_THRESHOLD 5 + always @(negedge adc_clk) begin if(negedge_cnt[3:0] == mod_detect_reset_time) begin // detect modulation signal: if modulating, there must have been a falling AND a rising edge - if (rx_mod_falling_edge_max > 5 && rx_mod_rising_edge_max > 5) + if ((rx_mod_falling_edge_max > `EDGE_DETECT_THRESHOLD) && (rx_mod_rising_edge_max < -`EDGE_DETECT_THRESHOLD)) curbit <= 1'b1; // modulation else curbit <= 1'b0; // no modulation @@ -246,8 +242,8 @@ begin end else begin - if (-adc_d_filtered > rx_mod_rising_edge_max) - rx_mod_rising_edge_max <= -adc_d_filtered; + if (adc_d_filtered < rx_mod_rising_edge_max) + rx_mod_rising_edge_max <= adc_d_filtered; end end @@ -273,7 +269,7 @@ end //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// PM3 -> Tag: +// PM3 -> Reader: // a delay line to ensure that we send the (emulated) tag's answer at the correct time according to ISO14443-3 reg [31:0] mod_sig_buf; reg [4:0] mod_sig_ptr; @@ -297,7 +293,7 @@ end //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// PM3 -> Tag, internal timing: +// PM3 -> Reader, internal timing: // a timer for the 1172 cycles fdt (Frame Delay Time). Start the timer with a rising edge of the reader's signal. // set fdt_elapsed when we no longer need to delay data. Set fdt_indicator when we can start sending data. // Note: the FPGA only takes care for the 1172 delay. To achieve an additional 1236-1172=64 ticks delay, the ARM must send @@ -477,11 +473,10 @@ end //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// FPGA -> ARM communication: +// FPGA <-> ARM communication: // generate a ssp clock and ssp frame signal for the synchronous transfer from/to the ARM reg ssp_clk; reg ssp_frame; -reg [2:0] ssp_frame_counter; always @(negedge adc_clk) begin