From: Merlokbr@gmail.com <Merlokbr@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Date: Sat, 7 Jul 2012 15:29:51 +0000 (+0000)
Subject: hf 14a snoop optimized and added parameters. hf 14a sniff - not work.
X-Git-Tag: v1.0.0~165
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/5cd9ec01e0d6594f7f0f5869f116d8816047d4cb
hf 14a snoop optimized and added parameters. hf 14a sniff - not work.
---
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 25b3c51c..7830265f 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -706,7 +706,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
#ifdef WITH_ISO14443a
case CMD_SNOOP_ISO_14443a:
- SnoopIso14443a();
+ SnoopIso14443a(c->arg[0]);
break;
case CMD_READER_ISO_14443a:
ReaderIso14443a(c, &ack);
@@ -764,7 +764,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
// mifare sniffer
case CMD_MIFARE_SNIFFER:
- SniffMifare();
+ SniffMifare(c->arg[0]);
break;
#endif
diff --git a/armsrc/apps.h b/armsrc/apps.h
index 05037421..5468a977 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -126,16 +126,16 @@ void ReadSTMemoryIso14443(uint32_t parameter,uint32_t dwLast);
void RAMFUNC SnoopIso14443(void);
/// iso14443a.h
-void RAMFUNC SnoopIso14443a(void);
+void RAMFUNC SnoopIso14443a(uint8_t param);
void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd); // ## simulate iso14443a tag
void ReaderIso14443a(UsbCommand * c, UsbCommand * ack);
// Also used in iclass.c
-int LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader);
+int RAMFUNC LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader);
uint32_t GetParity(const uint8_t * pbtCmd, int iLen);
void iso14a_set_trigger(int enable);
void iso14a_clear_tracelen(void);
void iso14a_set_tracing(int enable);
-void RAMFUNC SniffMifare(void);
+void RAMFUNC SniffMifare(uint8_t param);
// mifarecmd.h
void ReaderMifare(uint32_t parameter);
diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index a82c2899..4bdbb810 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -101,7 +101,7 @@ void AppendCrc14443a(uint8_t* data, int len)
}
// The function LogTrace() is also used by the iClass implementation in iClass.c
-int LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader)
+int RAMFUNC LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader)
{
// Return when trace is full
if (traceLen >= TRACE_SIZE) return FALSE;
@@ -568,166 +568,149 @@ static RAMFUNC int ManchesterDecoding(int v)
// triggering so that we start recording at the point that the tag is moved
// near the reader.
//-----------------------------------------------------------------------------
-void RAMFUNC SnoopIso14443a(void)
-{
-// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values
-// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values
-// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values
-// #define DMA_BUFFER_SIZE 4096 // original (working as of 21/2/09) values
-// #define TRACE_SIZE 2000 // original (working as of 21/2/09) values
-
- // We won't start recording the frames that we acquire until we trigger;
- // a good trigger condition to get started is probably when we see a
- // response from the tag.
- int triggered = FALSE; // FALSE to wait first for card
-
- // The command (reader -> tag) that we're receiving.
+void RAMFUNC SnoopIso14443a(uint8_t param) {
+ // param:
+ // bit 0 - trigger from first card answer
+ // bit 1 - trigger from first reader 7-bit request
+
+ LEDsoff();
+ // init trace buffer
+ traceLen = 0;
+ memset(trace, 0x44, TRACE_SIZE);
+
+ // We won't start recording the frames that we acquire until we trigger;
+ // a good trigger condition to get started is probably when we see a
+ // response from the tag.
+ // triggered == FALSE -- to wait first for card
+ int triggered = !(param & 0x03);
+
+ // The command (reader -> tag) that we're receiving.
// The length of a received command will in most cases be no more than 18 bytes.
// So 32 should be enough!
- uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
- // The response (tag -> reader) that we're receiving.
- uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
-
- // As we receive stuff, we copy it from receivedCmd or receivedResponse
- // into trace, along with its length and other annotations.
- //uint8_t *trace = (uint8_t *)BigBuf;
-
- traceLen = 0; // uncommented to fix ISSUE 15 - gerhard - jan2011
-
- // The DMA buffer, used to stream samples from the FPGA
- int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
- int lastRxCounter;
- int8_t *upTo;
- int smpl;
- int maxBehindBy = 0;
-
- // Count of samples received so far, so that we can include timing
- // information in the trace buffer.
- int samples = 0;
- int rsamples = 0;
-
- memset(trace, 0x44, TRACE_SIZE);
-
- // Set up the demodulator for tag -> reader responses.
- Demod.output = receivedResponse;
- Demod.len = 0;
- Demod.state = DEMOD_UNSYNCD;
-
- // Setup for the DMA.
- FpgaSetupSsc();
- upTo = dmaBuf;
- lastRxCounter = DMA_BUFFER_SIZE;
- FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
-
- // And the reader -> tag commands
- memset(&Uart, 0, sizeof(Uart));
- Uart.output = receivedCmd;
- Uart.byteCntMax = 32; // was 100 (greg)////////////////////////////////////////////////////////////////////////
- Uart.state = STATE_UNSYNCD;
+ uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
+ // The response (tag -> reader) that we're receiving.
+ uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
- // And put the FPGA in the appropriate mode
- // Signal field is off with the appropriate LED
- LED_D_OFF();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+ // As we receive stuff, we copy it from receivedCmd or receivedResponse
+ // into trace, along with its length and other annotations.
+ //uint8_t *trace = (uint8_t *)BigBuf;
+
+ // The DMA buffer, used to stream samples from the FPGA
+ int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
+ int8_t *data = dmaBuf;
+ int maxDataLen = 0;
+ int dataLen = 0;
+ // Set up the demodulator for tag -> reader responses.
+ Demod.output = receivedResponse;
+ Demod.len = 0;
+ Demod.state = DEMOD_UNSYNCD;
- // And now we loop, receiving samples.
- for(;;) {
- LED_A_ON();
- WDT_HIT();
- int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
- (DMA_BUFFER_SIZE-1);
- if(behindBy > maxBehindBy) {
- maxBehindBy = behindBy;
- if(behindBy > 400) {
- Dbprintf("blew circular buffer! behindBy=0x%x", behindBy);
- goto done;
- }
- }
- if(behindBy < 1) continue;
+ // Set up the demodulator for the reader -> tag commands
+ memset(&Uart, 0, sizeof(Uart));
+ Uart.output = receivedCmd;
+ Uart.byteCntMax = 32; // was 100 (greg)//////////////////
+ Uart.state = STATE_UNSYNCD;
- LED_A_OFF();
- smpl = upTo[0];
- upTo++;
- lastRxCounter -= 1;
- if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
- upTo -= DMA_BUFFER_SIZE;
- lastRxCounter += DMA_BUFFER_SIZE;
- AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
- AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
- }
+ // Setup for the DMA.
+ FpgaSetupSsc();
+ FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
- samples += 4;
- if(MillerDecoding((smpl & 0xF0) >> 4)) {
- rsamples = samples - Uart.samples;
- LED_C_ON();
- if(triggered) {
- trace[traceLen++] = ((rsamples >> 0) & 0xff);
- trace[traceLen++] = ((rsamples >> 8) & 0xff);
- trace[traceLen++] = ((rsamples >> 16) & 0xff);
- trace[traceLen++] = ((rsamples >> 24) & 0xff);
- trace[traceLen++] = ((Uart.parityBits >> 0) & 0xff);
- trace[traceLen++] = ((Uart.parityBits >> 8) & 0xff);
- trace[traceLen++] = ((Uart.parityBits >> 16) & 0xff);
- trace[traceLen++] = ((Uart.parityBits >> 24) & 0xff);
- trace[traceLen++] = Uart.byteCnt;
- memcpy(trace+traceLen, receivedCmd, Uart.byteCnt);
- traceLen += Uart.byteCnt;
- if(traceLen > TRACE_SIZE) break;
- }
- /* And ready to receive another command. */
- Uart.state = STATE_UNSYNCD;
- /* And also reset the demod code, which might have been */
- /* false-triggered by the commands from the reader. */
- Demod.state = DEMOD_UNSYNCD;
- LED_B_OFF();
- }
+ // And put the FPGA in the appropriate mode
+ // Signal field is off with the appropriate LED
+ LED_D_OFF();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
- if(ManchesterDecoding(smpl & 0x0F)) {
- rsamples = samples - Demod.samples;
- LED_B_ON();
-
- // timestamp, as a count of samples
- trace[traceLen++] = ((rsamples >> 0) & 0xff);
- trace[traceLen++] = ((rsamples >> 8) & 0xff);
- trace[traceLen++] = ((rsamples >> 16) & 0xff);
- trace[traceLen++] = 0x80 | ((rsamples >> 24) & 0xff);
- trace[traceLen++] = ((Demod.parityBits >> 0) & 0xff);
- trace[traceLen++] = ((Demod.parityBits >> 8) & 0xff);
- trace[traceLen++] = ((Demod.parityBits >> 16) & 0xff);
- trace[traceLen++] = ((Demod.parityBits >> 24) & 0xff);
- // length
- trace[traceLen++] = Demod.len;
- memcpy(trace+traceLen, receivedResponse, Demod.len);
- traceLen += Demod.len;
- if(traceLen > TRACE_SIZE) break;
-
- triggered = TRUE;
-
- // And ready to receive another response.
- memset(&Demod, 0, sizeof(Demod));
- Demod.output = receivedResponse;
- Demod.state = DEMOD_UNSYNCD;
- LED_C_OFF();
- }
+ // Count of samples received so far, so that we can include timing
+ // information in the trace buffer.
+ rsamples = 0;
+ // And now we loop, receiving samples.
+ while(true) {
+ if(BUTTON_PRESS()) {
+ DbpString("cancelled by button");
+ goto done;
+ }
- if(BUTTON_PRESS()) {
- DbpString("cancelled_a");
- goto done;
- }
- }
+ LED_A_ON();
+ WDT_HIT();
- DbpString("COMMAND FINISHED");
+ int register readBufDataP = data - dmaBuf;
+ int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
+ if (readBufDataP <= dmaBufDataP){
+ dataLen = dmaBufDataP - readBufDataP;
+ } else {
+ dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP + 1;
+ }
+ // test for length of buffer
+ if(dataLen > maxDataLen) {
+ maxDataLen = dataLen;
+ if(dataLen > 400) {
+ Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
+ goto done;
+ }
+ }
+ if(dataLen < 1) continue;
+
+ // primary buffer was stopped( <-- we lost data!
+ if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
+ AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
+ AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
+ Dbprintf("RxEmpty ERROR!!! %d", dataLen); // temporary
+ }
+ // secondary buffer sets as primary, secondary buffer was stopped
+ if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
+ AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
+ }
+
+ LED_A_OFF();
+
+ rsamples += 4;
+ if(MillerDecoding((data[0] & 0xF0) >> 4)) {
+ LED_C_ON();
+
+ // check - if there is a short 7bit request from reader
+ if ((!triggered) && (param & 0x02) && (Uart.byteCnt == 1) && (Uart.bitCnt = 9)) triggered = TRUE;
+
+ if(triggered) {
+ if (!LogTrace(receivedCmd, Uart.byteCnt, 0 - Uart.samples, Uart.parityBits, TRUE)) break;
+ }
+ /* And ready to receive another command. */
+ Uart.state = STATE_UNSYNCD;
+ /* And also reset the demod code, which might have been */
+ /* false-triggered by the commands from the reader. */
+ Demod.state = DEMOD_UNSYNCD;
+ LED_B_OFF();
+ }
+
+ if(ManchesterDecoding(data[0] & 0x0F)) {
+ LED_B_ON();
+
+ if (!LogTrace(receivedResponse, Demod.len, 0 - Demod.samples, Demod.parityBits, FALSE)) break;
+
+ if ((!triggered) && (param & 0x01)) triggered = TRUE;
+
+ // And ready to receive another response.
+ memset(&Demod, 0, sizeof(Demod));
+ Demod.output = receivedResponse;
+ Demod.state = DEMOD_UNSYNCD;
+ LED_C_OFF();
+ }
+
+ data++;
+ if(data > dmaBuf + DMA_BUFFER_SIZE) {
+ data = dmaBuf;
+ }
+ } // main cycle
+
+ DbpString("COMMAND FINISHED");
done:
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
- Dbprintf("maxBehindBy=%x, Uart.state=%x, Uart.byteCnt=%x", maxBehindBy, Uart.state, Uart.byteCnt);
- Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
- LED_A_OFF();
- LED_B_OFF();
- LED_C_OFF();
- LED_D_OFF();
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
+ Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x", maxDataLen, Uart.state, Uart.byteCnt);
+ Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%08x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
+ LEDsoff();
}
//-----------------------------------------------------------------------------
@@ -2369,17 +2352,16 @@ lbWORK: if (len == 0) break;
// MIFARE sniffer.
//
//-----------------------------------------------------------------------------
-void RAMFUNC SniffMifare(void) {
+void RAMFUNC SniffMifare(uint8_t param) {
+ // param:
+ // bit 0 - trigger from first card answer
+ // bit 1 - trigger from first reader 7-bit request
+
LEDsoff();
// init trace buffer
traceLen = 0;
memset(trace, 0x44, TRACE_SIZE);
- // We won't start recording the frames that we acquire until we trigger;
- // a good trigger condition to get started is probably when we see a
- // response from the tag.
- int triggered = FALSE; // FALSE to wait first for card
-
// The command (reader -> tag) that we're receiving.
// The length of a received command will in most cases be no more than 18 bytes.
// So 32 should be enough!
@@ -2393,10 +2375,10 @@ void RAMFUNC SniffMifare(void) {
// The DMA buffer, used to stream samples from the FPGA
int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
- int lastRxCounter;
- int8_t *upTo;
- int smpl;
- int maxBehindBy = 0;
+ int8_t *data = dmaBuf;
+ int maxDataLen = 0;
+ int dataLen = 0;
+// data = dmaBuf;
// Set up the demodulator for tag -> reader responses.
Demod.output = receivedResponse;
@@ -2411,8 +2393,6 @@ void RAMFUNC SniffMifare(void) {
// Setup for the DMA.
FpgaSetupSsc();
- upTo = dmaBuf;
- lastRxCounter = DMA_BUFFER_SIZE;
FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
// And put the FPGA in the appropriate mode
@@ -2426,37 +2406,54 @@ void RAMFUNC SniffMifare(void) {
rsamples = 0;
// And now we loop, receiving samples.
while(true) {
+ if(BUTTON_PRESS()) {
+ DbpString("cancelled by button");
+ goto done;
+ }
+
LED_A_ON();
WDT_HIT();
- int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
- (DMA_BUFFER_SIZE-1);
- if(behindBy > maxBehindBy) {
- maxBehindBy = behindBy;
- if(behindBy > 400) {
- Dbprintf("blew circular buffer! behindBy=0x%x", behindBy);
+
+ int register readBufDataP = data - dmaBuf;
+ int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
+ if (readBufDataP <= dmaBufDataP){
+ dataLen = dmaBufDataP - readBufDataP;
+ } else {
+ dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP + 1;
+ }
+ // test for length of buffer
+ if(dataLen > maxDataLen) {
+ maxDataLen = dataLen;
+ if(dataLen > 400) {
+ Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
goto done;
}
}
- if(behindBy < 1) continue;
+ if(dataLen < 1) continue;
- LED_A_OFF();
-
- smpl = upTo[0];
- upTo++;
- lastRxCounter -= 1;
- if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
- upTo -= DMA_BUFFER_SIZE;
- lastRxCounter += DMA_BUFFER_SIZE;
- AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
+ // primary buffer was stopped( <-- we lost data!
+ if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
+ AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
+ AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
+ Dbprintf("RxEmpty ERROR!!! %d", dataLen); // temporary
+ }
+ // secondary buffer sets as primary, secondary buffer was stopped
+ if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
}
+
+ LED_A_OFF();
rsamples += 4;
- if(MillerDecoding((smpl & 0xF0) >> 4)) {
+ if(MillerDecoding((data[0] & 0xF0) >> 4)) {
LED_C_ON();
- if(triggered) {
- if (!LogTrace(receivedCmd, Uart.byteCnt, -1 * Uart.samples, Uart.parityBits, TRUE)) break;
+ // check - if there is a short 7bit request from reader
+ if ((Uart.byteCnt == 1) && (Uart.bitCnt = 9)) {
+
}
+ if (!LogTrace(receivedCmd, Uart.byteCnt, 0 - Uart.samples, Uart.parityBits, TRUE)) break;
+
/* And ready to receive another command. */
Uart.state = STATE_UNSYNCD;
/* And also reset the demod code, which might have been */
@@ -2465,12 +2462,10 @@ void RAMFUNC SniffMifare(void) {
LED_B_OFF();
}
- if(ManchesterDecoding(smpl & 0x0F)) {
+ if(ManchesterDecoding(data[0] & 0x0F)) {
LED_B_ON();
- if (!LogTrace(receivedResponse, Demod.len, -1 * Demod.samples, Demod.parityBits, FALSE)) break;
-
- triggered = TRUE;
+ if (!LogTrace(receivedResponse, Demod.len, 0 - Demod.samples, Demod.parityBits, FALSE)) break;
// And ready to receive another response.
memset(&Demod, 0, sizeof(Demod));
@@ -2479,9 +2474,9 @@ void RAMFUNC SniffMifare(void) {
LED_C_OFF();
}
- if(BUTTON_PRESS()) {
- DbpString("button cancelled");
- goto done;
+ data++;
+ if(data > dmaBuf + DMA_BUFFER_SIZE) {
+ data = dmaBuf;
}
} // main cycle
@@ -2489,7 +2484,7 @@ void RAMFUNC SniffMifare(void) {
done:
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
- Dbprintf("maxBehindBy=%x, Uart.state=%x, Uart.byteCnt=%x", maxBehindBy, Uart.state, Uart.byteCnt);
+ Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x", maxDataLen, Uart.state, Uart.byteCnt);
Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
LEDsoff();
}
\ No newline at end of file
diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h
index 40c87ae9..d35d8f20 100644
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@@ -93,6 +93,5 @@ extern void iso14a_set_trigger(int enable);
extern void iso14a_clear_tracelen(void);
extern void iso14a_set_tracing(int enable);
-extern int LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader);
#endif /* __ISO14443A_H */
diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index cf7570dd..5937fcad 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -284,9 +284,26 @@ int CmdHF14ASim(const char *Cmd)
return 0;
}
-int CmdHF14ASnoop(const char *Cmd)
-{
- UsbCommand c = {CMD_SNOOP_ISO_14443a};
+int CmdHF14ASnoop(const char *Cmd) {
+ int param = 0;
+
+ if (param_getchar(Cmd, 0) == 'h') {
+ PrintAndLog("It get data from the field and saves it into command buffer.");
+ PrintAndLog("Buffer accessible from command hf 14a list.");
+ PrintAndLog("Usage: hf 14a snoop [c][r]");
+ PrintAndLog("c - triggered by first data from card");
+ PrintAndLog("r - triggered by first 7-bit request from reader (REQ,WUP,...)");
+ PrintAndLog("sample: hf 14a snoop c r");
+ return 0;
+ }
+
+ for (int i = 0; i < 2; i++) {
+ char ctmp = param_getchar(Cmd, i);
+ if (ctmp == 'c' || ctmp == 'C') param |= 0x01;
+ if (ctmp == 'r' || ctmp == 'R') param |= 0x02;
+ }
+
+ UsbCommand c = {CMD_SNOOP_ISO_14443a, {param, 0, 0}};
SendCommand(&c);
return 0;
}