From: Martin Holst Swende Date: Tue, 24 Mar 2015 10:10:16 +0000 (+0100) Subject: Merge pull request #82 from marshmellow42/master X-Git-Tag: show^0 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/90a8b82fb4ffc8f25038bb3ed10082cf913d50bb?hp=29a795417777b7c4f4313b6915c5aa4726ce3429 Merge pull request #82 from marshmellow42/master lf ata55x7 commands and more --- diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 3e670f0b..6e0b58b3 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -648,7 +648,7 @@ void UsbPacketReceived(uint8_t *packet, int len) setSamplingConfig((sample_config *) c->d.asBytes); break; case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: - cmd_send(CMD_ACK,SampleLF(),0,0,0,0); + cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0); break; case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 2a5573d1..7bbc739d 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1030,10 +1030,12 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) * To compensate antenna falling times shorten the write times * and enlarge the gap ones. */ -#define START_GAP 250 -#define WRITE_GAP 160 -#define WRITE_0 144 // 192 -#define WRITE_1 400 // 432 for T55x7; 448 for E5550 +#define START_GAP 50*8 // 10 - 50fc 250 +#define WRITE_GAP 20*8 // - 30fc 160 +#define WRITE_0 24*8 // 16 - 63fc 54fc 144 +#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400 + +#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) // Write one bit to card void T55xxWriteBit(int bit) @@ -1052,16 +1054,11 @@ void T55xxWriteBit(int bit) // Write one card block in page 0, no lock void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - //unsigned int i; //enio adjustment 12/10/14 - uint32_t i; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + uint32_t i = 0; - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); // Now start writting FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@ -1094,30 +1091,28 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); } +void TurnReadLFOn(){ + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + // Give it a bit of time for the resonant antenna to settle. + SpinDelayUs(8*150); +} + + // Read one card block in page 0 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { + uint32_t i = 0; uint8_t *dest = BigBuf_get_addr(); - //int m=0, i=0; //enio adjustment 12/10/14 - uint32_t m=0, i=0; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + uint16_t bufferlength = BigBuf_max_traceLen(); + if ( bufferlength > T55xx_SAMPLES_SIZE ) + bufferlength = T55xx_SAMPLES_SIZE; - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + // Clear destination buffer before sending the command + memset(dest, 0x80, bufferlength); - // Now start writting + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@ -1136,53 +1131,40 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) T55xxWriteBit(Block & i); // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - + TurnReadLFOn(); // Now do the acquisition i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; i++; - if (i >= m) break; + LED_D_OFF(); + if (i >= bufferlength) break; } } + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); } // Read card traceability data (page 1) void T55xxReadTrace(void){ + + uint32_t i = 0; uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; + uint16_t bufferlength = BigBuf_max_traceLen(); + if ( bufferlength > T55xx_SAMPLES_SIZE ) + bufferlength= T55xx_SAMPLES_SIZE; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); + memset(dest, 0x80, bufferlength); - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@ -1191,25 +1173,26 @@ void T55xxReadTrace(void){ T55xxWriteBit(1); //Page 1 // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + TurnReadLFOn(); // Now do the acquisition - i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; i++; - if (i >= m) break; + LED_D_OFF(); + + if (i >= bufferlength) break; } } + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); } /*-------------- Cloning routines -----------*/ diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index 6094bd34..120c0801 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -224,21 +224,21 @@ uint32_t DoAcquisition_config( bool silent) ,silent); } -uint32_t ReadLF(bool activeField) +uint32_t ReadLF(bool activeField, bool silent) { - printConfig(); + if (!silent) printConfig(); LFSetupFPGAForADC(config.divisor, activeField); // Now call the acquisition routine - return DoAcquisition_config(false); + return DoAcquisition_config(silent); } /** * Initializes the FPGA for reader-mode (field on), and acquires the samples. * @return number of bits sampled **/ -uint32_t SampleLF() +uint32_t SampleLF(bool printCfg) { - return ReadLF(true); + return ReadLF(true, printCfg); } /** * Initializes the FPGA for snoop-mode (field off), and acquires the samples. @@ -247,5 +247,5 @@ uint32_t SampleLF() uint32_t SnoopLF() { - return ReadLF(false); + return ReadLF(false, true); } diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h index 9ab458f8..6c671ec8 100644 --- a/armsrc/lfsampling.h +++ b/armsrc/lfsampling.h @@ -5,7 +5,7 @@ * Initializes the FPGA for reader-mode (field on), and acquires the samples. * @return number of bits sampled **/ -uint32_t SampleLF(); +uint32_t SampleLF(bool silent); /** * Initializes the FPGA for snoop-mode (field off), and acquires the samples. diff --git a/client/cmddata.c b/client/cmddata.c index a3d58523..7854fa51 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -33,6 +33,12 @@ static int CmdHelp(const char *Cmd); //by marshmellow void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx) { + if (buff == NULL) + return; + + if ( size >= MAX_DEMOD_BUF_LEN) + size = MAX_DEMOD_BUF_LEN; + size_t i = 0; for (; i < size; i++){ DemodBuffer[i]=buff[startIdx++]; @@ -279,18 +285,101 @@ void printEM410x(uint32_t hi, uint64_t id) //output 40 bit em id PrintAndLog("EM TAG ID : %010llx", id); PrintAndLog("Unique TAG ID: %010llx", id2lo); + PrintAndLog(""); + PrintAndLog("Possible de-scramble patterns"); + PrintAndLog("HoneyWell IdentKey"); PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF); - PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFF); + PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF); PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF)); PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF)); + PrintAndLog("DEZ 3.5B : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF)); + PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF)); PrintAndLog("DEZ 14/IK2 : %014lld",id); PrintAndLog("DEZ 15/IK3 : %015lld",id2lo); PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF)); + PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld", + (id2lo & 0xf000000000) >> 36, + (id2lo & 0x0f00000000) >> 32, + (id2lo & 0x00f0000000) >> 28, + (id2lo & 0x000f000000) >> 24, + (id2lo & 0x0000f00000) >> 20, + (id2lo & 0x00000f0000) >> 16, + (id2lo & 0x000000f000) >> 12, + (id2lo & 0x0000000f00) >> 8, + (id2lo & 0x00000000f0) >> 4, + (id2lo & 0x000000000f) + ); + + PrintAndLog(""); + uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00; + PrintAndLog("Pattern Paxton : %0d", paxton); + + uint32_t p1id = (id & 0xFFFFFF); + uint8_t arr[32] = {0x00}; + int i =0; + int j = 23; + for (; i < 24; ++i, --j ){ + arr[i] = (p1id >> i) & 1; + } + + uint32_t p1 = 0; + + p1 |= arr[23] << 21; + p1 |= arr[22] << 23; + p1 |= arr[21] << 20; + p1 |= arr[20] << 22; + + p1 |= arr[19] << 18; + p1 |= arr[18] << 16; + p1 |= arr[17] << 19; + p1 |= arr[16] << 17; + + p1 |= arr[15] << 13; + p1 |= arr[14] << 15; + p1 |= arr[13] << 12; + p1 |= arr[12] << 14; + + p1 |= arr[11] << 6; + p1 |= arr[10] << 2; + p1 |= arr[9] << 7; + p1 |= arr[8] << 1; + + p1 |= arr[7] << 0; + p1 |= arr[6] << 8; + p1 |= arr[5] << 11; + p1 |= arr[4] << 3; + + p1 |= arr[3] << 10; + p1 |= arr[2] << 4; + p1 |= arr[1] << 5; + p1 |= arr[0] << 9; + PrintAndLog("Pattern 1 : 0x%X - %d", p1, p1); + + uint16_t sebury1 = id & 0xFFFF; + uint8_t sebury2 = (id >> 16) & 0x7F; + uint32_t sebury3 = id & 0x7FFFFF; + PrintAndLog("Pattern Sebury : %d %d %d (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3); } } return; } + +int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo) +{ + int ans = ASKmanDemod(Cmd, FALSE, FALSE); + if (!ans) return 0; + + size_t idx=0; + if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, hi, lo)){ + if (g_debugMode){ + PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen); + printDemodBuff(); + } + return 1; + } + return 0; +} //by marshmellow //takes 3 arguments - clock, invert and maxErr as integers //attempts to demodulate ask while decoding manchester @@ -311,17 +400,9 @@ int CmdAskEM410xDemod(const char *Cmd) PrintAndLog(" : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors"); return 0; } - int ans = ASKmanDemod(Cmd, FALSE, FALSE); - if (!ans) return 0; - - uint64_t lo =0; - uint32_t hi =0; - size_t idx=0; - if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, &hi, &lo)){ - if (g_debugMode){ - PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen); - printDemodBuff(); - } + uint32_t hi; + uint64_t lo; + if (AskEm410xDemod(Cmd, &hi, &lo)) { PrintAndLog("EM410x pattern found: "); printEM410x(hi, lo); return 1; @@ -477,6 +558,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd) PrintAndLog("Usage: data biphaserawdecode [offset] [invert] [maxErr]"); PrintAndLog(" Converts 10 or 01 to 1 and 11 or 00 to 0"); PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)"); + PrintAndLog(" --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester"); PrintAndLog(""); PrintAndLog(" [offset <0|1>], set to 0 not to adjust start position or to 1 to adjust decode start position"); PrintAndLog(" [invert <0|1>], set to 1 to invert output"); @@ -639,6 +721,8 @@ int Cmdaskbiphdemod(const char *Cmd) PrintAndLog(" NOTE: can be entered as first, second or last argument"); PrintAndLog(" NOTE: any other arg must have previous args set to work"); PrintAndLog(""); + PrintAndLog(" NOTE: --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester"); + PrintAndLog(""); PrintAndLog(" sample: data rawdemod ab = demod an ask/biph tag from GraphBuffer"); PrintAndLog(" : data rawdemod ab a = demod an ask/biph tag from GraphBuffer, amplified"); PrintAndLog(" : data rawdemod ab 1 32 = demod an ask/biph tag from GraphBuffer using an offset of 1 and a clock of RF/32"); @@ -1339,7 +1423,19 @@ int CmdFSKdemodIO(const char *Cmd) uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4 uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ; uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9 - PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); + uint8_t crc = bytebits_to_byte(BitStream+idx+54,8); + uint16_t calccrc = 0; + + for (uint8_t i=1; i<6; ++i){ + calccrc += bytebits_to_byte(BitStream+idx+9*i,8); + //PrintAndLog("%d", calccrc); + } + calccrc &= 0xff; + calccrc = 0xff - calccrc; + + char *crcStr = (crc == calccrc) ? "crc ok": "!crc"; + + PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr); setDemodBuf(BitStream,64,idx); if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64); @@ -1859,21 +1955,19 @@ int NRZrawDemod(const char *Cmd, bool verbose) int errCnt=0; errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr); if (errCnt > maxErr){ - if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; } if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) - if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; } - PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); + if (verbose || g_debugMode) PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); //prime demod buffer for output setDemodBuf(BitStream,BitLen,0); - if (errCnt>0 && verbose){ - PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); - } - if (verbose) { + if (errCnt>0 && (verbose || g_debugMode)) PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); + if (verbose || g_debugMode) { PrintAndLog("NRZ demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits printDemodBuff(); @@ -1977,7 +2071,7 @@ int CmdRawDemod(const char *Cmd) PrintAndLog(" as 'h', prints the help for the specific modulation"); PrintAndLog(" see specific modulation help for optional parameters"); PrintAndLog(""); - PrintAndLog(" sample: data rawdemod fs h = print help for ask/raw demod"); + PrintAndLog(" sample: data rawdemod fs h = print help specific to fsk demod"); PrintAndLog(" : data rawdemod fs = demod GraphBuffer using: fsk - autodetect"); PrintAndLog(" : data rawdemod ab = demod GraphBuffer using: ask/biphase - autodetect"); PrintAndLog(" : data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect"); @@ -2106,57 +2200,64 @@ uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b) return val; } -int CmdSamples(const char *Cmd) +int getSamples(const char *Cmd, bool silent) { - //If we get all but the last byte in bigbuf, - // we don't have to worry about remaining trash - // in the last byte in case the bits-per-sample - // does not line up on byte boundaries - uint8_t got[BIGBUF_SIZE-1] = { 0 }; + //If we get all but the last byte in bigbuf, + // we don't have to worry about remaining trash + // in the last byte in case the bits-per-sample + // does not line up on byte boundaries - int n = strtol(Cmd, NULL, 0); - if (n == 0) - n = sizeof(got); + uint8_t got[BIGBUF_SIZE-1] = { 0 }; - if (n > sizeof(got)) - n = sizeof(got); + int n = strtol(Cmd, NULL, 0); - PrintAndLog("Reading %d bytes from device memory\n", n); - GetFromBigBuf(got,n,0); - PrintAndLog("Data fetched"); - UsbCommand response; - WaitForResponse(CMD_ACK, &response); - uint8_t bits_per_sample = 8; + if (n == 0) + n = sizeof(got); - //Old devices without this feature would send 0 at arg[0] - if(response.arg[0] > 0) - { - sample_config *sc = (sample_config *) response.d.asBytes; - PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample - , sc->decimation); - bits_per_sample = sc->bits_per_sample; - } - if(bits_per_sample < 8) - { - PrintAndLog("Unpacking..."); - BitstreamOut bout = { got, bits_per_sample * n, 0}; - int j =0; - for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) { - uint8_t sample = getByte(bits_per_sample, &bout); - GraphBuffer[j] = ((int) sample )- 128; - } - GraphTraceLen = j; - PrintAndLog("Unpacked %d samples" , j ); - }else - { - for (int j = 0; j < n; j++) { - GraphBuffer[j] = ((int)got[j]) - 128; - } - GraphTraceLen = n; - } + if (n > sizeof(got)) + n = sizeof(got); - RepaintGraphWindow(); - return 0; + PrintAndLog("Reading %d bytes from device memory\n", n); + GetFromBigBuf(got,n,0); + PrintAndLog("Data fetched"); + UsbCommand response; + WaitForResponse(CMD_ACK, &response); + uint8_t bits_per_sample = 8; + + //Old devices without this feature would send 0 at arg[0] + if(response.arg[0] > 0) + { + sample_config *sc = (sample_config *) response.d.asBytes; + PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample + , sc->decimation); + bits_per_sample = sc->bits_per_sample; + } + if(bits_per_sample < 8) + { + PrintAndLog("Unpacking..."); + BitstreamOut bout = { got, bits_per_sample * n, 0}; + int j =0; + for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) { + uint8_t sample = getByte(bits_per_sample, &bout); + GraphBuffer[j] = ((int) sample )- 128; + } + GraphTraceLen = j; + PrintAndLog("Unpacked %d samples" , j ); + }else + { + for (int j = 0; j < n; j++) { + GraphBuffer[j] = ((int)got[j]) - 128; + } + GraphTraceLen = n; + } + + RepaintGraphWindow(); + return 0; +} + +int CmdSamples(const char *Cmd) +{ + return getSamples(Cmd, false); } int CmdTuneSamples(const char *Cmd) @@ -2652,60 +2753,52 @@ int CmdZerocrossings(const char *Cmd) static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"amp", CmdAmp, 1, "Amplify peaks"}, + {"help", CmdHelp, 1, "This help"}, + {"amp", CmdAmp, 1, "Amplify peaks"}, //{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"}, - {"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"}, - {"askem410xdemod",CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"}, - {"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"}, - //{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"}, - //{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"}, - {"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"}, + {"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"}, + {"askem410xdemod", CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"}, + {"askgproxiidemod", CmdG_Prox_II_Demod, 1, "Demodulate a G Prox II tag from GraphBuffer"}, + {"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"}, {"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] [invert<0|1>] Biphase decode bin stream in DemodBuffer (offset = 0|1 bits to shift the decode start)"}, - {"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"}, + {"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"}, //{"bitstream", CmdBitstream, 1, "[clock rate] -- Convert waveform into a bitstream"}, - {"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"}, - {"dec", CmdDec, 1, "Decimate samples"}, - {"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"}, + {"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"}, + {"dec", CmdDec, 1, "Decimate samples"}, + {"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"}, //{"fskdemod", CmdFSKdemod, 1, "Demodulate graph window as a HID FSK"}, - {"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"}, + {"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"}, //{"fskfcdetect", CmdFSKfcDetect, 1, "Try to detect the Field Clock of an FSK wave"}, - {"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"}, - {"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"}, - {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, - {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, - //{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, - {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, - {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, - {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, - {"hide", CmdHide, 1, "Hide graph window"}, - {"hpf", CmdHpf, 1, "Remove DC offset from trace"}, - {"load", CmdLoad, 1, " -- Load trace (to graph window"}, - {"ltrim", CmdLtrim, 1, " -- Trim samples from left of trace"}, - {"rtrim", CmdRtrim, 1, " -- Trim samples from right of trace"}, + {"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"}, + {"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"}, + {"fskpyramiddemod", CmdFSKdemodPyramid, 1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, + {"fskparadoxdemod", CmdFSKdemodParadox, 1, "Demodulate a Paradox FSK tag from GraphBuffer"}, + {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, + {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, + {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, + {"hide", CmdHide, 1, "Hide graph window"}, + {"hpf", CmdHpf, 1, "Remove DC offset from trace"}, + {"load", CmdLoad, 1, " -- Load trace (to graph window"}, + {"ltrim", CmdLtrim, 1, " -- Trim samples from left of trace"}, + {"rtrim", CmdRtrim, 1, " -- Trim samples from right of trace"}, //{"mandemod", CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"}, - {"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"}, - {"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"}, - {"norm", CmdNorm, 1, "Normalize max/min to +/-128"}, - //{"nrzdetectclock",CmdDetectNRZClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, - //{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"}, - {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, - //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, - {"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"}, - {"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, - //{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"}, - //{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"}, - {"rawdemod", CmdRawDemod, 1, "[modulation] ... -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, - {"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"}, - {"save", CmdSave, 1, " -- Save trace (from graph window)"}, - {"scale", CmdScale, 1, " -- Set cursor display scale"}, - {"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"}, - {"shiftgraphzero",CmdGraphShiftZero, 1, " -- Shift 0 for Graphed wave + or - shift value"}, + {"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"}, + {"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"}, + {"norm", CmdNorm, 1, "Normalize max/min to +/-128"}, + {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, + {"printdemodbuffer",CmdPrintDemodBuff, 1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"}, + {"pskindalademod", CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, + {"rawdemod", CmdRawDemod, 1, "[modulation] ... -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, + {"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"}, + {"save", CmdSave, 1, " -- Save trace (from graph window)"}, + {"scale", CmdScale, 1, " -- Set cursor display scale"}, + {"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"}, + {"shiftgraphzero", CmdGraphShiftZero, 1, " -- Shift 0 for Graphed wave + or - shift value"}, //{"threshold", CmdThreshold, 1, " -- Maximize/minimize every value in the graph window depending on threshold"}, - {"dirthreshold", CmdDirectionalThreshold, 1, " -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."}, - {"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"}, - {"undec", CmdUndec, 1, "Un-decimate samples by 2"}, - {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"}, + {"dirthreshold", CmdDirectionalThreshold, 1, " -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."}, + {"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"}, + {"undec", CmdUndec, 1, "Un-decimate samples by 2"}, + {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmddata.h b/client/cmddata.h index 831d35f3..f6b4b950 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -63,12 +63,16 @@ int CmdThreshold(const char *Cmd); int CmdDirectionalThreshold(const char *Cmd); int CmdZerocrossings(const char *Cmd); int CmdIndalaDecode(const char *Cmd); +int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo); int ASKbiphaseDemod(const char *Cmd, bool verbose); int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch); int ASKrawDemod(const char *Cmd, bool verbose); int FSKrawDemod(const char *Cmd, bool verbose); int PSKDemod(const char *Cmd, bool verbose); int NRZrawDemod(const char *Cmd, bool verbose); +void printEM410x(uint32_t hi, uint64_t id); +int getSamples(const char *Cmd, bool silent); + #define MAX_DEMOD_BUF_LEN (1024*128) extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; diff --git a/client/cmdlf.c b/client/cmdlf.c index 039a33d5..0fab2adf 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -362,6 +362,7 @@ int usage_lf_read() PrintAndLog("Usage: lf read"); PrintAndLog("Options: "); PrintAndLog(" h This help"); + PrintAndLog(" s silent run no printout"); PrintAndLog("This function takes no arguments. "); PrintAndLog("Use 'lf config' to set parameters."); return 0; @@ -481,13 +482,15 @@ int CmdLFSetConfig(const char *Cmd) int CmdLFRead(const char *Cmd) { - uint8_t cmdp =0; - if(param_getchar(Cmd, cmdp) == 'h') + uint8_t cmdp = 0; + bool arg1 = false; + if (param_getchar(Cmd, cmdp) == 'h') { return usage_lf_read(); } + if (param_getchar(Cmd, cmdp) == 's') arg1 = true; //suppress print //And ship it to device - UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K}; + UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}}; SendCommand(&c); WaitForResponse(CMD_ACK,NULL); return 0; @@ -1016,7 +1019,7 @@ int CmdLFfind(const char *Cmd) int ans=0; char cmdp = param_getchar(Cmd, 0); char testRaw = param_getchar(Cmd, 1); - if (strlen(Cmd) > 2 || cmdp == 'h' || cmdp == 'H') { + if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: lf search <0|1> [u]"); PrintAndLog(" , if not set, try reading data from tag."); PrintAndLog(" [Search for Unknown tags] , if not set, reads only known tags."); @@ -1037,50 +1040,60 @@ int CmdLFfind(const char *Cmd) return 0; } if (cmdp == 'u' || cmdp == 'U') testRaw = 'u'; + PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag"); PrintAndLog("False Positives ARE possible\n"); PrintAndLog("\nChecking for known tags:\n"); + ans=CmdFSKdemodIO(""); if (ans>0) { PrintAndLog("\nValid IO Prox ID Found!"); return 1; } + ans=CmdFSKdemodPyramid(""); if (ans>0) { PrintAndLog("\nValid Pyramid ID Found!"); return 1; } + ans=CmdFSKdemodParadox(""); if (ans>0) { PrintAndLog("\nValid Paradox ID Found!"); return 1; } + ans=CmdFSKdemodAWID(""); if (ans>0) { PrintAndLog("\nValid AWID ID Found!"); return 1; } + ans=CmdFSKdemodHID(""); if (ans>0) { PrintAndLog("\nValid HID Prox ID Found!"); return 1; } + //add psk and indala ans=CmdIndalaDecode(""); if (ans>0) { PrintAndLog("\nValid Indala ID Found!"); return 1; } + ans=CmdAskEM410xDemod(""); if (ans>0) { PrintAndLog("\nValid EM410x ID Found!"); return 1; } + ans=CmdG_Prox_II_Demod(""); if (ans>0) { PrintAndLog("\nValid G Prox II ID Found!"); return 1; } + PrintAndLog("\nNo Known Tags Found!\n"); if (testRaw=='u' || testRaw=='U'){ //test unknown tag formats (raw mode) @@ -1127,7 +1140,7 @@ static command_t CommandTable[] = {"io", CmdLFIO, 1, "{ ioProx tags... }"}, {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, {"indalaclone", CmdIndalaClone, 0, " ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"}, - {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, + {"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index f6671bcd..b915aa5a 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -43,163 +43,24 @@ int CmdEMdemodASK(const char *Cmd) */ int CmdEM410xRead(const char *Cmd) { - int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low; - int parity[4]; - char id[11] = {0x00}; - char id2[11] = {0x00}; - int retested = 0; - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]; - high = low = 0; - - /* Detect high and lows and clock */ - for (i = 0; i < GraphTraceLen; i++) - { - if (GraphBuffer[i] > high) - high = GraphBuffer[i]; - else if (GraphBuffer[i] < low) - low = GraphBuffer[i]; - } - - /* get clock */ - clock = GetAskClock(Cmd, false, false); - - /* parity for our 4 columns */ - parity[0] = parity[1] = parity[2] = parity[3] = 0; - header = rows = 0; - - // manchester demodulate - bit = bit2idx = 0; - for (i = 0; i < (int)(GraphTraceLen / clock); i++) - { - hithigh = 0; - hitlow = 0; - first = 1; - - /* Find out if we hit both high and low peaks */ - for (j = 0; j < clock; j++) - { - if (GraphBuffer[(i * clock) + j] >= high) - hithigh = 1; - else if (GraphBuffer[(i * clock) + j] <= low) - hitlow = 1; - - /* it doesn't count if it's the first part of our read - because it's really just trailing from the last sequence */ - if (first && (hithigh || hitlow)) - hithigh = hitlow = 0; - else - first = 0; - - if (hithigh && hitlow) - break; - } - - /* If we didn't hit both high and low peaks, we had a bit transition */ - if (!hithigh || !hitlow) - bit ^= 1; - - BitStream[bit2idx++] = bit; - } - -retest: - /* We go till 5 before the graph ends because we'll get that far below */ - for (i = 1; i < bit2idx - 5; i++) - { - /* Step 2: We have our header but need our tag ID */ - if (header == 9 && rows < 10) - { - /* Confirm parity is correct */ - if ((BitStream[i] ^ BitStream[i+1] ^ BitStream[i+2] ^ BitStream[i+3]) == BitStream[i+4]) - { - /* Read another byte! */ - sprintf(id+rows, "%x", (8 * BitStream[i]) + (4 * BitStream[i+1]) + (2 * BitStream[i+2]) + (1 * BitStream[i+3])); - sprintf(id2+rows, "%x", (8 * BitStream[i+3]) + (4 * BitStream[i+2]) + (2 * BitStream[i+1]) + (1 * BitStream[i])); - rows++; - - /* Keep parity info */ - parity[0] ^= BitStream[i]; - parity[1] ^= BitStream[i+1]; - parity[2] ^= BitStream[i+2]; - parity[3] ^= BitStream[i+3]; - - /* Move 4 bits ahead */ - i += 4; - } - - /* Damn, something wrong! reset */ - else - { - PrintAndLog("Thought we had a valid tag but failed at word %d (i=%d)", rows + 1, i); - - /* Start back rows * 5 + 9 header bits, -1 to not start at same place */ - i -= 9 + (5 * rows) - 5; - - rows = header = 0; - } - } - - /* Step 3: Got our 40 bits! confirm column parity */ - else if (rows == 10) - { - /* We need to make sure our 4 bits of parity are correct and we have a stop bit */ - if (BitStream[i] == parity[0] && BitStream[i+1] == parity[1] && - BitStream[i+2] == parity[2] && BitStream[i+3] == parity[3] && - BitStream[i+4] == 0) - { - /* Sweet! */ - PrintAndLog("EM410x Tag ID: %s", id); - PrintAndLog("Unique Tag ID: %s", id2); - - global_em410xId = id; - - /* Stop any loops */ - return 1; - } - - /* Crap! Incorrect parity or no stop bit, start all over */ - else - { - rows = header = 0; - - /* Go back 59 bits (9 header bits + 10 rows at 4+1 parity) */ - i -= 59; - } - } - - /* Step 1: get our header */ - else if (header < 9) - { - /* Need 9 consecutive 1's */ - if (BitStream[i] == 1) - header++; - - /* We don't have a header, not enough consecutive 1 bits */ - else - header = 0; - } - } - - /* if we've already retested after flipping bits, return */ - if (retested++){ - PrintAndLog("Failed to decode"); + uint32_t hi=0; + uint64_t lo=0; + + if(!AskEm410xDemod("", &hi, &lo)) return 0; + PrintAndLog("EM410x pattern found: "); + printEM410x(hi, lo); + if (hi){ + PrintAndLog ("EM410x XL pattern found"); return 0; - } - - /* if this didn't work, try flipping bits */ - for (i = 0; i < bit2idx; i++) - BitStream[i] ^= 1; - - goto retest; + } + char id[12] = {0x00}; + sprintf(id, "%010llx",lo); + + global_em410xId = id; + return 1; } -/* emulate an EM410X tag - * Format: - * 1111 1111 1 <-- standard non-repeatable header - * XXXX [row parity bit] <-- 10 rows of 5 bits for our 40 bit tag ID - * .... - * CCCC <-- each bit here is parity for the 10 bits above in corresponding column - * 0 <-- stop bit, end of tag - */ +// emulate an EM410X tag int CmdEM410xSim(const char *Cmd) { int i, n, j, binary[4], parity[4]; @@ -282,28 +143,25 @@ int CmdEM410xSim(const char *Cmd) */ int CmdEM410xWatch(const char *Cmd) { - char cmdp = param_getchar(Cmd, 0); - int read_h = (cmdp == 'h'); do { if (ukbhit()) { printf("\naborted via keyboard!\n"); break; } - CmdLFRead(read_h ? "h" : ""); - CmdSamples("6000"); - } while ( - !CmdEM410xRead("") - ); + CmdLFRead("s"); + getSamples("8192",true); //capture enough to get 2 full messages + } while (!CmdEM410xRead("")); + return 0; } int CmdEM410xWatchnSpoof(const char *Cmd) { CmdEM410xWatch(Cmd); - PrintAndLog("# Replaying : %s",global_em410xId); - CmdEM410xSim(global_em410xId); - return 0; + PrintAndLog("# Replaying captured ID: %s",global_em410xId); + CmdLFaskSim(""); + return 0; } /* Read the transmitted data of an EM4x50 tag diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index a719c7ad..da3ee1a9 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -13,128 +13,1098 @@ #include "proxmark3.h" #include "ui.h" #include "graph.h" +#include "cmdmain.h" #include "cmdparser.h" #include "cmddata.h" #include "cmdlf.h" #include "cmdlft55xx.h" +#include "util.h" +#include "data.h" +#include "lfdemod.h" +#include "../common/crc.h" +#include "../common/iso14443crc.h" +#include "cmdhf14a.h" + +#define CONFIGURATION_BLOCK 0x00 +#define TRACE_BLOCK 0x01 + +// Default configuration +t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00}; + +int usage_t55xx_config(){ + PrintAndLog("Usage: lf t55xx config [d ] [i 1] [o ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate"); + PrintAndLog(" d Set demodulation FSK / ASK / PSK / NZ / Biphase / Biphase A"); + PrintAndLog(" i [1] Invert data signal, defaults to normal"); + PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx config d FSK - FSK demodulation"); + PrintAndLog(" lf t55xx config d FSK i 1 - FSK demodulation, inverse data"); + PrintAndLog(" lf t55xx config d FSK i 1 o 3 - FSK demodulation, inverse data, offset=3,start from position 3 to decode data"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_read(){ + PrintAndLog("Usage: lf t55xx read "); + PrintAndLog(" , block number to read. Between 0-7"); + PrintAndLog(" , OPTIONAL password (8 hex characters)"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx read 0 - read data from block 0"); + PrintAndLog(" lf t55xx read 0 feedbeef - read data from block 0 password feedbeef"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_write(){ + PrintAndLog("Usage: lf t55xx wr [password]"); + PrintAndLog(" , block number to read. Between 0-7"); + PrintAndLog(" , 4 bytes of data to write (8 hex characters)"); + PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex characters)"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx wd 3 11223344 - write 11223344 to block 3"); + PrintAndLog(" lf t55xx wd 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_trace() { + PrintAndLog("Usage: lf t55xx trace [1]"); + PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag."); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx trace"); + PrintAndLog(" lf t55xx trace 1"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_info() { + PrintAndLog("Usage: lf t55xx info [1]"); + PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag."); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx info"); + PrintAndLog(" lf t55xx info 1"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_dump(){ + PrintAndLog("Usage: lf t55xx dump "); + PrintAndLog(" , OPTIONAL password 4bytes (8 hex symbols)"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx dump"); + PrintAndLog(" lf t55xx dump feedbeef"); + PrintAndLog(""); + return 0; +} +int usage_t55xx_detect(){ + PrintAndLog("Usage: lf t55xx detect"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx detect"); + PrintAndLog(" lf t55xx detect 1"); + PrintAndLog(""); + return 0; +} static int CmdHelp(const char *Cmd); +int CmdT55xxSetConfig(const char *Cmd) { -int CmdReadBlk(const char *Cmd) -{ - int Block = 8; //default to invalid block - UsbCommand c; + uint8_t offset = 0; + bool errors = FALSE; + uint8_t cmdp = 0; + char modulation[5] = {0x00}; + char tmp = 0x00; + uint8_t bitRate = 0; + uint8_t rates[9] = {8,16,32,40,50,64,100,128,0}; + while(param_getchar(Cmd, cmdp) != 0x00 && !errors) + { + tmp = param_getchar(Cmd, cmdp); + switch(tmp) + { + case 'h': + case 'H': + return usage_t55xx_config(); + case 'b': + errors |= param_getdec(Cmd, cmdp+1, &bitRate); + if ( !errors){ + uint8_t i = 0; + for (; i < 9; i++){ + if (rates[i]==bitRate) { + config.bitrate = i; + break; + } + } + if (i==9) errors = TRUE; + } + cmdp+=2; + break; + case 'd': + param_getstr(Cmd, cmdp+1, modulation); + cmdp += 2; - sscanf(Cmd, "%d", &Block); + if ( strcmp(modulation, "FSK" ) == 0) + config.modulation = DEMOD_FSK; + else if ( strcmp(modulation, "FSK1" ) == 0) + config.modulation = DEMOD_FSK1; + else if ( strcmp(modulation, "FSK1a" ) == 0) + config.modulation = DEMOD_FSK1a; + else if ( strcmp(modulation, "FSK2" ) == 0) + config.modulation = DEMOD_FSK2; + else if ( strcmp(modulation, "FSK2a" ) == 0) + config.modulation = DEMOD_FSK2a; + else if ( strcmp(modulation, "ASK" ) == 0) + config.modulation = DEMOD_ASK; + else if ( strcmp(modulation, "NRZ" ) == 0) + config.modulation = DEMOD_NRZ; + else if ( strcmp(modulation, "PSK1" ) == 0) + config.modulation = DEMOD_PSK1; + else if ( strcmp(modulation, "PSK2" ) == 0) + config.modulation = DEMOD_PSK2; + else if ( strcmp(modulation, "PSK3" ) == 0) + config.modulation = DEMOD_PSK3; + else if ( strcmp(modulation, "BIa" ) == 0) + config.modulation = DEMOD_BIa; + else if ( strcmp(modulation, "BI" ) == 0) + config.modulation = DEMOD_BI; + else { + PrintAndLog("Unknown modulation '%s'", modulation); + errors = TRUE; + } + break; + case 'i': + config.inverted = param_getchar(Cmd,cmdp+1) == '1'; + cmdp+=2; + break; + case 'o': + errors |= param_getdec(Cmd, cmdp+1, &offset); + if ( !errors ) + config.offset = offset; + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + } - if (Block > 7) { - PrintAndLog("Block must be between 0 and 7"); - return 1; - } + // No args + if (cmdp == 0) { + printConfiguration( config ); + return 0; + } + //Validations + if (errors) + return usage_t55xx_config(); - PrintAndLog("Reading block %d", Block); + config.block0 = 0; + printConfiguration ( config ); + return 0; +} - c.cmd = CMD_T55XX_READ_BLOCK; - c.d.asBytes[0] = 0x0; //Normal mode - c.arg[0] = 0; - c.arg[1] = Block; - c.arg[2] = 0; - SendCommand(&c); - return 0; +int CmdT55xxReadBlock(const char *Cmd) { + int block = -1; + int password = 0xFFFFFFFF; //default to blank Block 7 + + char cmdp = param_getchar(Cmd, 0); + if (cmdp == 'h' || cmdp == 'H') + return usage_t55xx_read(); + + int res = sscanf(Cmd, "%d %x", &block, &password); + + if ( res < 1 || res > 2 ) + return usage_t55xx_read(); + + + if ((block < 0) | (block > 7)) { + PrintAndLog("Block must be between 0 and 7"); + return 1; + } + + UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, 0}}; + c.d.asBytes[0] = 0x0; + + //Password mode + if ( res == 2 ) { + c.arg[2] = password; + c.d.asBytes[0] = 0x1; + } + + SendCommand(&c); + if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { + PrintAndLog("command execution time out"); + return 2; + } + + uint8_t got[12000]; + GetFromBigBuf(got,sizeof(got),0); + WaitForResponse(CMD_ACK,NULL); + setGraphBuf(got, 12000); + DemodBufferLen=0; + if (!DecodeT55xxBlock()) return 3; + char blk[10]={0}; + sprintf(blk,"%d", block); + printT55xxBlock(blk); + return 0; } -int CmdReadBlkPWD(const char *Cmd) -{ - int Block = 8; //default to invalid block - int Password = 0xFFFFFFFF; //default to blank Block 7 - UsbCommand c; +bool DecodeT55xxBlock(){ + + char buf[8] = {0x00}; + char *cmdStr = buf; + int ans = 0; + uint8_t bitRate[8] = {8,16,32,40,50,64,100,128}; - sscanf(Cmd, "%d %x", &Block, &Password); + DemodBufferLen = 0x00; - if (Block > 7) { - PrintAndLog("Block must be between 0 and 7"); - return 1; - } + switch( config.modulation ){ + case DEMOD_FSK: + //CmdLtrim("26"); + sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 ); + CmdLtrim(cmdStr); + sprintf(cmdStr,"%d %d", bitRate[config.bitrate], config.inverted ); + ans = FSKrawDemod(cmdStr, FALSE); + break; + case DEMOD_FSK1: + //CmdLtrim("26"); + sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 ); + CmdLtrim(cmdStr); + sprintf(cmdStr,"%d 1 8 5", bitRate[config.bitrate] ); + ans = FSKrawDemod(cmdStr, FALSE); + break; + case DEMOD_FSK1a: + //CmdLtrim("26"); + sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 ); + CmdLtrim(cmdStr); + sprintf(cmdStr,"%d 0 8 5", bitRate[config.bitrate] ); + ans = FSKrawDemod(cmdStr, FALSE); + break; + case DEMOD_FSK2: + //CmdLtrim("26"); + sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 ); + CmdLtrim(cmdStr); + sprintf(cmdStr,"%d 0 10 8", bitRate[config.bitrate] ); + ans = FSKrawDemod(cmdStr, FALSE); + break; + case DEMOD_FSK2a: + //CmdLtrim("26"); + sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 ); + CmdLtrim(cmdStr); + sprintf(cmdStr,"%d 1 10 8", bitRate[config.bitrate] ); + ans = FSKrawDemod(cmdStr, FALSE); + break; + case DEMOD_ASK: + sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted ); + ans = ASKmanDemod(cmdStr, FALSE, FALSE); + break; + case DEMOD_PSK1: + sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted ); + ans = PSKDemod(cmdStr, FALSE); + break; + case DEMOD_PSK2: + sprintf(cmdStr,"%d 1", bitRate[config.bitrate] ); + ans = PSKDemod(cmdStr, FALSE); + psk1TOpsk2(DemodBuffer, DemodBufferLen); + break; + case DEMOD_PSK3: + sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted ); + ans = PSKDemod(cmdStr, FALSE); + psk1TOpsk2(DemodBuffer, DemodBufferLen); + break; + case DEMOD_NRZ: + sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted ); + ans = NRZrawDemod(cmdStr, FALSE); + break; + case DEMOD_BI: + sprintf(cmdStr,"0 %d 0 1", bitRate[config.bitrate] ); + ans = ASKbiphaseDemod(cmdStr, FALSE); + break; + case DEMOD_BIa: + sprintf(cmdStr,"0 %d 1 1", bitRate[config.bitrate] ); + ans = ASKbiphaseDemod(cmdStr, FALSE); + break; + default: + return FALSE; + } + return (bool) ans; +} - PrintAndLog("Reading block %d with password %08X", Block, Password); +int CmdT55xxDetect(const char *Cmd){ - c.cmd = CMD_T55XX_READ_BLOCK; - c.d.asBytes[0] = 0x1; //Password mode - c.arg[0] = 0; - c.arg[1] = Block; - c.arg[2] = Password; - SendCommand(&c); - return 0; + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') + return usage_t55xx_detect(); + + if (strlen(Cmd)==0) + AquireData( CONFIGURATION_BLOCK ); + + if ( !tryDetectModulation() ) + PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'"); + + return 0; } -int CmdWriteBlk(const char *Cmd) -{ - int Block = 8; //default to invalid block - int Data = 0xFFFFFFFF; //default to blank Block - UsbCommand c; +// detect configuration? +bool tryDetectModulation(){ + char cmdStr[8] = {0}; + uint8_t hits = 0; + t55xx_conf_block_t tests[15]; + + if (GetFskClock("", FALSE, FALSE)){ + uint8_t fc1 = 0, fc2 = 0, clk=0; + fskClocks(&fc1, &fc2, &clk, FALSE); + sprintf(cmdStr,"%d", clk/2); + CmdLtrim(cmdStr); + if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset)){ + tests[hits].modulation = DEMOD_FSK; + if (fc1==8 && fc2 == 5) + tests[hits].modulation = DEMOD_FSK1a; + else if (fc1==10 && fc2 == 8) + tests[hits].modulation = DEMOD_FSK2; - sscanf(Cmd, "%x %d", &Data, &Block); + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_FSK; + if (fc1==8 && fc2 == 5) + tests[hits].modulation = DEMOD_FSK1; + else if (fc1==10 && fc2 == 8) + tests[hits].modulation = DEMOD_FSK2a; - if (Block > 7) { - PrintAndLog("Block must be between 0 and 7"); - return 1; - } + tests[hits].inverted = TRUE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + } else { + if ( ASKmanDemod("0 0 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_ASK; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } - PrintAndLog("Writting block %d with data %08X", Block, Data); + if ( ASKmanDemod("0 1 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_ASK; + tests[hits].inverted = TRUE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + + if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_NRZ; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } - c.cmd = CMD_T55XX_WRITE_BLOCK; - c.d.asBytes[0] = 0x0; //Normal mode - c.arg[0] = Data; - c.arg[1] = Block; - c.arg[2] = 0; - SendCommand(&c); - return 0; + if ( NRZrawDemod("0 1 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_NRZ; + tests[hits].inverted = TRUE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + + if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_PSK1; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + + if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) { + tests[hits].modulation = DEMOD_PSK1; + tests[hits].inverted = TRUE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + + // PSK2 - needs a call to psk1TOpsk2. + if ( PSKDemod("0 0 1", FALSE)) { + psk1TOpsk2(DemodBuffer, DemodBufferLen); + if (test(DEMOD_PSK2, &tests[hits].offset)){ + tests[hits].modulation = DEMOD_PSK2; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + } // inverse waves does not affect this demod + + // PSK3 - needs a call to psk1TOpsk2. + if ( PSKDemod("0 0 1", FALSE)) { + psk1TOpsk2(DemodBuffer, DemodBufferLen); + if (test(DEMOD_PSK3, &tests[hits].offset)){ + tests[hits].modulation = DEMOD_PSK3; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + } // inverse waves does not affect this demod + + if ( ASKbiphaseDemod("0 0 0 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) { + tests[hits].modulation = DEMOD_BI; + tests[hits].inverted = FALSE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BIa, &tests[hits].offset) ) { + tests[hits].modulation = DEMOD_BIa; + tests[hits].inverted = TRUE; + tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); + ++hits; + } + } + if ( hits == 1) { + config.modulation = tests[0].modulation; + config.inverted = tests[0].inverted; + config.offset = tests[0].offset; + config.block0 = tests[0].block0; + printConfiguration( config ); + return TRUE; + } + + if ( hits > 1) { + PrintAndLog("Found [%d] possible matches for modulation.",hits); + for(int i=0; i 3 && modread < 8) return TRUE; + break; + case DEMOD_ASK: + if (modread == DEMOD_ASK) return TRUE; + break; + case DEMOD_PSK1: + if (modread == DEMOD_PSK1) return TRUE; + break; + case DEMOD_PSK2: + if (modread == DEMOD_PSK2) return TRUE; + break; + case DEMOD_PSK3: + if (modread == DEMOD_PSK3) return TRUE; + break; + case DEMOD_NRZ: + if (modread == DEMOD_NRZ) return TRUE; + break; + case DEMOD_BI: + if (modread == DEMOD_BI) return TRUE; + break; + case DEMOD_BIa: + if (modread == DEMOD_BIa) return TRUE; + break; + default: + return FALSE; + } + return FALSE; +} + +bool testBitRate(uint8_t readRate, uint8_t mod){ + uint8_t expected[8] = {8, 16, 32, 40, 50, 64, 100, 128}; + uint8_t detRate = 0; + switch( mod ){ + case DEMOD_FSK: + detRate = GetFskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_FSK1: + detRate = GetFskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_FSK1a: + detRate = GetFskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_FSK2: + detRate = GetFskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_FSK2a: + detRate = GetFskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_ASK: + detRate = GetAskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_PSK1: + detRate = GetPskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_PSK2: + detRate = GetPskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_PSK3: + detRate = GetPskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_NRZ: + detRate = GetNrzClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + case DEMOD_BI: + detRate = GetAskClock("",FALSE, FALSE); + if (expected[readRate] == detRate) { + config.bitrate = readRate; + return TRUE; + } + break; + default: + return FALSE; + } + return FALSE; +} + +bool test(uint8_t mode, uint8_t *offset){ + + if ( !DemodBufferLen) return FALSE; + uint8_t si = 0; + for (uint8_t idx = 0; idx < 64; idx++){ + si = idx; + if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue; + + uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key + uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode + // 2nibble must be zeroed. + // moved test to here, since this gets most faults first. + if ( resv > 0x00) continue; + + uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //new + uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate + uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode + uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; //new + //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //new could check psk cr + uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24 , 30, 31 could be tested for 0 if not extended mode + uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2; + + //if extended mode + bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE; + + if (!extMode){ + if (nml01 || nml02 || xtRate) continue; + } + //test modulation + if (!testModulation(mode, modread)) continue; + + *offset = idx; + if (!testBitRate(bitRate, mode)) continue; + return TRUE; + } + return FALSE; } -int CmdWriteBlkPWD(const char *Cmd) +void printT55xxBlock(const char *demodStr){ + + uint8_t i = config.offset; + uint8_t endpos = 32 + i; + uint32_t blockData = 0; + uint8_t bits[64] = {0x00}; + + if ( !DemodBufferLen) return; + + if ( endpos > DemodBufferLen){ + PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32); + return; + } + + for (; i < endpos; ++i) + bits[i - config.offset]=DemodBuffer[i]; + + blockData = PackBits(0, 32, bits); + PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr); +} + +int special(const char *Cmd) { + uint32_t blockData = 0; + uint8_t bits[32] = {0x00}; + + PrintAndLog("[OFFSET] [DATA] [BINARY]"); + PrintAndLog("----------------------------------------------------"); + int i,j = 0; + for (; j < 64; ++j){ + + for (i = 0; i < 32; ++i) + bits[i]=DemodBuffer[j+i]; + + blockData = PackBits(0, 32, bits); + + PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32)); + } + return 0; +} + +void printConfiguration( t55xx_conf_block_t b){ + PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) ); + PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) ); + PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" ); + PrintAndLog("Offset : %d", b.offset); + PrintAndLog("Block0 : 0x%08X", b.block0); + PrintAndLog(""); +} + +int CmdT55xxWriteBlock(const char *Cmd) { - int Block = 8; //default to invalid block - int Data = 0xFFFFFFFF; //default to blank Block - int Password = 0xFFFFFFFF; //default to blank Block 7 - UsbCommand c; - - sscanf(Cmd, "%x %d %x", &Data, &Block, &Password); - - if (Block > 7) { - PrintAndLog("Block must be between 0 and 7"); - return 1; - } - - PrintAndLog("Writting block %d with data %08X and password %08X", Block, Data, Password); - - c.cmd = CMD_T55XX_WRITE_BLOCK; - c.d.asBytes[0] = 0x1; //Password mode - c.arg[0] = Data; - c.arg[1] = Block; - c.arg[2] = Password; - SendCommand(&c); - return 0; + int block = 8; //default to invalid block + int data = 0xFFFFFFFF; //default to blank Block + int password = 0xFFFFFFFF; //default to blank Block 7 + + char cmdp = param_getchar(Cmd, 0); + if (cmdp == 'h' || cmdp == 'H') { + usage_t55xx_write(); + return 0; + } + + int res = sscanf(Cmd, "%d %x %x",&block, &data, &password); + + if ( res < 2 || res > 3) { + usage_t55xx_write(); + return 1; + } + + if (block > 7) { + PrintAndLog("Block number must be between 0 and 7"); + return 1; + } + + UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}}; + c.d.asBytes[0] = 0x0; + + PrintAndLog("Writing to block: %d data : 0x%08X", block, data); + + //Password mode + if (res == 3) { + c.arg[2] = password; + c.d.asBytes[0] = 0x1; + PrintAndLog("pwd : 0x%08X", password); + } + SendCommand(&c); + return 0; } -int CmdReadTrace(const char *Cmd) +int CmdT55xxReadTrace(const char *Cmd) { + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') + return usage_t55xx_trace(); + + if (strlen(Cmd)==0) + AquireData( TRACE_BLOCK ); + + if (!DecodeT55xxBlock()) return 1; - PrintAndLog("Reading traceability data"); + if ( !DemodBufferLen) return 1; + + RepaintGraphWindow(); + uint8_t repeat = 0; + if (config.offset > 5) + repeat = 32; + uint8_t si = config.offset+repeat; + uint32_t bl0 = PackBits(si, 32, DemodBuffer); + uint32_t bl1 = PackBits(si+32, 32, DemodBuffer); + + uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8; + uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8; + uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5; + uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3; + uint32_t year = PackBits(si, 4, DemodBuffer); si += 4; + uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2; + uint32_t lotid = PackBits(si, 12, DemodBuffer); si += 12; + uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5; + uint32_t dw = PackBits(si, 15, DemodBuffer); + + year += 2000; + + PrintAndLog(""); + PrintAndLog("-- T55xx Trace Information ----------------------------------"); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl); + PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d) - %s", mfc, mfc, getTagInfo(mfc)); + PrintAndLog(" CID : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid)); + PrintAndLog(" ICR IC Revision : %d",icr ); + PrintAndLog(" Manufactured"); + PrintAndLog(" Year/Quarter : %d/%d",year, quarter ); + PrintAndLog(" Lot ID : %d", lotid ); + PrintAndLog(" Wafer number : %d", wafer); + PrintAndLog(" Die Number : %d", dw); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Raw Data - Page 1"); + PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) ); + PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) ); + PrintAndLog("-------------------------------------------------------------"); - UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}}; - SendCommand(&c); + if ( acl != 0xE0 ) + PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. "); + /* + TRACE - BLOCK O + Bits Definition HEX + 1-8 ACL Allocation class (ISO/IEC 15963-1) 0xE0 + 9-16 MFC Manufacturer ID (ISO/IEC 7816-6) 0x15 Atmel Corporation + 17-21 CID 0x1 = Atmel ATA5577M1 0x2 = Atmel ATA5577M2 + 22-24 ICR IC revision + 25-28 YEAR (BCD encoded) 9 (= 2009) + 29-30 QUARTER 1,2,3,4 + 31-32 LOT ID + + TRACE - BLOCK 1 + 1-12 LOT ID + 13-17 Wafer number + 18-32 DW, die number sequential + */ + return 0; } +int CmdT55xxInfo(const char *Cmd){ + /* + Page 0 Block 0 Configuration data. + Normal mode + Extended mode + */ + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') + return usage_t55xx_info(); + + if (strlen(Cmd)==0) + AquireData( CONFIGURATION_BLOCK ); + + if (!DecodeT55xxBlock()) return 1; + + if ( !DemodBufferLen) return 1; + + uint8_t si = config.offset; + uint32_t bl0 = PackBits(si, 32, DemodBuffer); + + uint32_t safer = PackBits(si, 4, DemodBuffer); si += 4; + uint32_t resv = PackBits(si, 7, DemodBuffer); si += 7; + uint32_t dbr = PackBits(si, 3, DemodBuffer); si += 3; + uint32_t extend = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t datamod = PackBits(si, 5, DemodBuffer); si += 5; + uint32_t pskcf = PackBits(si, 2, DemodBuffer); si += 2; + uint32_t aor = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t otp = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t maxblk = PackBits(si, 3, DemodBuffer); si += 3; + uint32_t pwd = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t sst = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t fw = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t inv = PackBits(si, 1, DemodBuffer); si += 1; + uint32_t por = PackBits(si, 1, DemodBuffer); si += 1; + + PrintAndLog(""); + PrintAndLog("-- T55xx Configuration & Tag Information --------------------"); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Safer key : %s", GetSaferStr(safer)); + PrintAndLog(" reserved : %d", resv); + PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr)); + PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No"); + PrintAndLog(" Modulation : %s", GetModulationStr(datamod)); + PrintAndLog(" PSK clock frequency : %d", pskcf); + PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No"); + PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" ); + PrintAndLog(" Max block : %d", maxblk); + PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No"); + PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No"); + PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No"); + PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No"); + PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No"); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Raw Data - Page 0"); + PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) ); + PrintAndLog("-------------------------------------------------------------"); + + return 0; +} + +int CmdT55xxDump(const char *Cmd){ + + char s[20] = {0x00}; + uint8_t pwd[4] = {0x00}; + + char cmdp = param_getchar(Cmd, 0); + if ( cmdp == 'h' || cmdp == 'H') { + usage_t55xx_dump(); + return 0; + } + + bool hasPwd = ( strlen(Cmd) > 0); + if ( hasPwd ){ + if (param_gethex(Cmd, 0, pwd, 8)) { + PrintAndLog("password must include 8 HEX symbols"); + return 1; + } + } + + for ( int i = 0; i <8; ++i){ + memset(s,0,sizeof(s)); + if ( hasPwd ) { + sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]); + } else { + sprintf(s,"%d", i); + } + CmdT55xxReadBlock(s); + } + return 0; +} + +int AquireData( uint8_t block ){ + + UsbCommand c; + + if ( block == CONFIGURATION_BLOCK ) + c.cmd = CMD_T55XX_READ_BLOCK; + else if (block == TRACE_BLOCK ) + c.cmd = CMD_T55XX_READ_TRACE; + + c.arg[0] = 0x00; + c.arg[1] = 0x00; + c.arg[2] = 0x00; + c.d.asBytes[0] = 0x0; + + //Password mode + // if ( res == 2 ) { + // c.arg[2] = password; + // c.d.asBytes[0] = 0x1; + // } + + SendCommand(&c); + if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { + PrintAndLog("command execution time out"); + return 1; + } + + uint8_t got[12000]; + GetFromBigBuf(got,sizeof(got),0); + WaitForResponse(CMD_ACK,NULL); + setGraphBuf(got, 12000); + return 0; +} + +char * GetBitRateStr(uint32_t id){ + static char buf[40]; + char *retStr = buf; + switch (id){ + case 0: + sprintf(retStr,"%d - RF/8",id); + break; + case 1: + sprintf(retStr,"%d - RF/16",id); + break; + case 2: + sprintf(retStr,"%d - RF/32",id); + break; + case 3: + sprintf(retStr,"%d - RF/40",id); + break; + case 4: + sprintf(retStr,"%d - RF/50",id); + break; + case 5: + sprintf(retStr,"%d - RF/64",id); + break; + case 6: + sprintf(retStr,"%d - RF/100",id); + break; + case 7: + sprintf(retStr,"%d - RF/128",id); + break; + default: + sprintf(retStr,"%d - (Unknown)",id); + break; + } + + return buf; +} + +char * GetSaferStr(uint32_t id){ + static char buf[40]; + char *retStr = buf; + + sprintf(retStr,"%d",id); + if (id == 6) { + sprintf(retStr,"%d - passwd",id); + } + if (id == 9 ){ + sprintf(retStr,"%d - testmode",id); + } + + return buf; +} +char * GetModulationStr( uint32_t id){ + static char buf[40]; + char *retStr = buf; + + switch (id){ + case 0: + sprintf(retStr,"%d - DIRECT (ASK/NRZ)",id); + break; + case 1: + sprintf(retStr,"%d - PSK 1 phase change when input changes",id); + break; + case 2: + sprintf(retStr,"%d - PSK 2 phase change on bitclk if input high",id); + break; + case 3: + sprintf(retStr,"%d - PSK 3 phase change on rising edge of input",id); + break; + case 4: + sprintf(retStr,"%d - FSK 1 RF/8 RF/5",id); + break; + case 5: + sprintf(retStr,"%d - FSK 2 RF/8 RF/10",id); + break; + case 6: + sprintf(retStr,"%d - FSK 1a RF/5 RF/8",id); + break; + case 7: + sprintf(retStr,"%d - FSK 2a RF/10 RF/8",id); + break; + case 8: + sprintf(retStr,"%d - Manschester",id); + break; + case 16: + sprintf(retStr,"%d - Biphase",id); + break; + case 0x18: + sprintf(retStr,"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id); + break; + case 17: + sprintf(retStr,"%d - Reserved",id); + break; + default: + sprintf(retStr,"0x%02X (Unknown)",id); + break; + } + return buf; +} + +char * GetModelStrFromCID(uint32_t cid){ + + static char buf[10]; + char *retStr = buf; + + if (cid == 1) sprintf(retStr,"ATA5577M1"); + if (cid == 2) sprintf(retStr,"ATA5577M2"); + return buf; +} + +char * GetSelectedModulationStr( uint8_t id){ + + static char buf[16]; + char *retStr = buf; + + switch (id){ + case DEMOD_FSK: + sprintf(retStr,"FSK"); + break; + case DEMOD_FSK1: + sprintf(retStr,"FSK1"); + break; + case DEMOD_FSK1a: + sprintf(retStr,"FSK1a"); + break; + case DEMOD_FSK2: + sprintf(retStr,"FSK2"); + break; + case DEMOD_FSK2a: + sprintf(retStr,"FSK2a"); + break; + case DEMOD_ASK: + sprintf(retStr,"ASK"); + break; + case DEMOD_NRZ: + sprintf(retStr,"DIRECT/NRZ"); + break; + case DEMOD_PSK1: + sprintf(retStr,"PSK1"); + break; + case DEMOD_PSK2: + sprintf(retStr,"PSK2"); + break; + case DEMOD_PSK3: + sprintf(retStr,"PSK3"); + break; + case DEMOD_BI: + sprintf(retStr,"BIPHASE"); + break; + case DEMOD_BIa: + sprintf(retStr,"BIPHASEa - (CDP)"); + break; + default: + sprintf(retStr,"(Unknown)"); + break; + } + return buf; +} + +uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){ + + int i = start; + int j = len-1; + + if (len > 32) return 0; + + uint32_t tmp = 0; + for (; j >= 0; --j, ++i) + tmp |= bits[i] << j; + + return tmp; +} + static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"readblock", CmdReadBlk, 1, " -- Read T55xx block data (page 0)"}, - {"readblockPWD", CmdReadBlkPWD, 1, " -- Read T55xx block data in password mode(page 0)"}, - {"writeblock", CmdWriteBlk, 1, " -- Write T55xx block data (page 0)"}, - {"writeblockPWD", CmdWriteBlkPWD, 1, " -- Write T55xx block data in password mode(page 0)"}, - {"readtrace", CmdReadTrace, 1, "Read T55xx traceability data (page 1)"}, + {"help", CmdHelp, 1, "This help"}, + {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"}, + {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."}, + {"read", CmdT55xxReadBlock, 0, " [password] -- Read T55xx block data (page 0) [optional password]"}, + {"write", CmdT55xxWriteBlock,0, " [password] -- Write T55xx block data (page 0) [optional password]"}, + {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"}, + {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"}, + {"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"}, + {"special", special, 0, "Show block changes with 64 different offsets"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index 25503e87..a64b1eda 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -10,12 +10,57 @@ #ifndef CMDLFT55XX_H__ #define CMDLFT55XX_H__ +typedef struct { + enum { + DEMOD_NRZ = 0x00, + DEMOD_PSK1 = 0x01, + DEMOD_PSK2 = 0x02, + DEMOD_PSK3 = 0x03, + DEMOD_FSK1 = 0x04, + DEMOD_FSK1a = 0x05, + DEMOD_FSK2 = 0x06, + DEMOD_FSK2a = 0x07, + DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs) + DEMOD_ASK = 0x08, + DEMOD_BI = 0x10, + DEMOD_BIa = 0x18, + } modulation; + bool inverted; + uint8_t offset; + uint32_t block0; + enum { + RF_8 = 0x00, + RF_16 = 0x01, + RF_32 = 0x02, + RF_40 = 0x03, + RF_50 = 0x04, + RF_64 = 0x05, + RF_100 = 0x06, + RF_128 = 0x07, + } bitrate; +} t55xx_conf_block_t; + int CmdLFT55XX(const char *Cmd); +int CmdT55xxSetConfig(const char *Cmd); +int CmdT55xxReadBlock(const char *Cmd); +int CmdT55xxWriteBlock(const char *Cmd); +int CmdT55xxReadTrace(const char *Cmd); +int CmdT55xxInfo(const char *Cmd); +int CmdT55xxDetect(const char *Cmd); + +char * GetBitRateStr(uint32_t id); +char * GetSaferStr(uint32_t id); +char * GetModulationStr( uint32_t id); +char * GetModelStrFromCID(uint32_t cid); +char * GetSelectedModulationStr( uint8_t id); +uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream); +void printT55xxBlock(const char *demodStr); +void printConfiguration( t55xx_conf_block_t b); -int CmdReadBlk(const char *Cmd); -int CmdReadBlkPWD(const char *Cmd); -int CmdWriteBlk(const char *Cmd); -int CmdWriteBLkPWD(const char *Cmd); -int CmdReadTrace(const char *Cmd); +bool DecodeT55xxBlock(); +bool tryDetectModulation(); +bool test(uint8_t mode, uint8_t *offset); +int special(const char *Cmd); +int AquireData( uint8_t block ); #endif diff --git a/client/scripts/test_t55x7_ask.lua b/client/scripts/test_t55x7_ask.lua new file mode 100644 index 00000000..569d4260 --- /dev/null +++ b/client/scripts/test_t55x7_ask.lua @@ -0,0 +1,139 @@ +local cmds = require('commands') +local getopt = require('getopt') +local bin = require('bin') +local utils = require('utils') + +local format=string.format +local floor=math.floor + +example =[[ + 1. script run test_t55x7_ask +]] +author = "Iceman" +usage = "script run test_t55x7_ask" +desc =[[ +This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 +The outlined procedure is as following: + +--ASK + 00 00 80 40 +-- max 2 +-- manchester +-- bit rate + +"lf t55xx write 0 00008040" +"lf t55xx detect" +"lf t55xx info" + +Loop: + change the configuretion block 0 with: + -xx 00 xxxx = RF/8 + -xx 04 xxxx = RF/16 + -xx 08 xxxx = RF/32 + -xx 0C xxxx = RF/40 + -xx 10 xxxx = RF/50 + -xx 14 xxxx = RF/64 + -xx 18 xxxx = RF/100 + -xx 1C xxxx = RF/128 + + +testsuit for the ASK/MANCHESTER demod + +Arguments: + -h : this help +]] + +local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds +local DEBUG = true -- the debug flag + +--BLOCK 0 = 00008040 ASK / MAN +local config1 = '00' +local config2 = '8040' + +local procedurecmds = { + [1] = '%s%02X%s', + [2] = 'lf t55xx detect', + [3] = 'lf t55xx info', +} +--- +-- A debug printout-function +function dbg(args) + if not DEBUG then + return + end + + if type(args) == "table" then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end +-- +-- Exit message +function ExitMsg(msg) + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print(msg) + print() +end + +function test() + local y + for y = 0x0, 0x1d, 0x4 do + for _ = 1, #procedurecmds do + local pcmd = procedurecmds[_] + + if #pcmd == 0 then + + elseif _ == 1 then + + local config = pcmd:format(config1, y, config2) + dbg(('lf t55xx write 0 %s'):format(config)) + config = tonumber(config,16) + + local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config} + local err = core.SendCommand(writecmd:getBytes()) + if err then return oops(err) end + local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) + + else + dbg(pcmd) + core.console( pcmd ) + end + end + core.clearCommandBuffer() + end + print( string.rep('--',20) ) +end + +local function main(args) + + print( string.rep('--',20) ) + print( string.rep('--',20) ) + + -- Arguments for the script + for o, arg in getopt.getopt(args, 'h') do + if o == "h" then return help() end + end + + core.clearCommandBuffer() + test() + print( string.rep('--',20) ) +end +main(args) \ No newline at end of file diff --git a/client/scripts/test_t55x7_bi.lua b/client/scripts/test_t55x7_bi.lua new file mode 100644 index 00000000..a1793ba6 --- /dev/null +++ b/client/scripts/test_t55x7_bi.lua @@ -0,0 +1,133 @@ +local cmds = require('commands') +local getopt = require('getopt') +local bin = require('bin') +local utils = require('utils') + +example =[[ + 1. script run test_t55x7_bi +]] +author = "Iceman" +usage = "script run test_t55x7_bi" +desc =[[ +This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040 +The outlined procedure is as following: + +--BIPHASE 00010040 +-- + +"lf t55xx write 0 00010040" +"lf t55xx detect" +"lf t55xx info" + +Loop: + change the configuretion block 0 with: + -xx01xxxx = RF/8 + -xx05xxxx = RF/16 + -xx09xxxx = RF/32 + -xx0Dxxxx = RF/40 + -xx11xxxx = RF/50 + -xx15xxxx = RF/64 + -xx19xxxx = RF/100 + -xx1Dxxxx = RF/128 + + +testsuit for the BIPHASE demod + +Arguments: + -h : this help +]] + +local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds +local DEBUG = true -- the debug flag + +--BLOCK 0 = 00010040 BIPHASE +local config1 = '00' +local config2 = '0040' + +local procedurecmds = { + [1] = '%s%02X%s', + [2] = 'lf t55xx detect', + [3] = 'lf t55xx info', +} +--- +-- A debug printout-function +function dbg(args) + if not DEBUG then + return + end + + if type(args) == "table" then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end +-- +-- Exit message +function ExitMsg(msg) + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print(msg) + print() +end + +function test() + local y + for y = 1, 0x1D, 4 do + for _ = 1, #procedurecmds do + local pcmd = procedurecmds[_] + + if #pcmd == 0 then + + elseif _ == 1 then + + local config = pcmd:format(config1, y, config2) + dbg(('lf t55xx wr 0 %s'):format(config)) + + config = tonumber(config,16) + local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config} + local err = core.SendCommand(writecmd:getBytes()) + if err then return oops(err) end + local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) + else + dbg(pcmd) + core.console( pcmd ) + end + end + core.clearCommandBuffer() + end + print( string.rep('--',20) ) + +end + +local function main(args) + + print( string.rep('--',20) ) + print( string.rep('--',20) ) + + -- Arguments for the script + for o, arg in getopt.getopt(args, 'h') do + if o == "h" then return help() end + end + + core.clearCommandBuffer() + test() + print( string.rep('--',20) ) +end +main(args) diff --git a/client/scripts/test_t55x7_fsk.lua b/client/scripts/test_t55x7_fsk.lua new file mode 100644 index 00000000..f42dd147 --- /dev/null +++ b/client/scripts/test_t55x7_fsk.lua @@ -0,0 +1,139 @@ +local cmds = require('commands') +local getopt = require('getopt') +local bin = require('bin') +local utils = require('utils') + +example =[[ + 1. script run test_t55x7_fsk +]] +author = "Iceman" +usage = "script run test_t55x7_fsk" +desc =[[ +This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 +The outlined procedure is as following: + +--ASK + 00 00 80 40 +-- max 2 blocks +-- FSK1 +-- bit rate + +"lf t55xx write 0 00007040" +"lf t55xx detect" +"lf t55xx info" + +Loop: + change the configuretion block 0 with: + -xx 00 xxxx = RF/8 + -xx 04 xxxx = RF/16 + -xx 08 xxxx = RF/32 + -xx 0C xxxx = RF/40 + -xx 10 xxxx = RF/50 + -xx 14 xxxx = RF/64 + -xx 18 xxxx = RF/100 + -xx 1C xxxx = RF/128 + + +testsuit for the ASK/MANCHESTER demod + +Arguments: + -h : this help +]] + +local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds +local DEBUG = true -- the debug flag + +--BLOCK 0 = 00008040 FSK +local config1 = '00' +local config2 = '040' + +local procedurecmds = { + [1] = '%s%02X%X%s', + [2] = 'lf t55xx detect', + [3] = 'lf t55xx info', +} +--- +-- A debug printout-function +function dbg(args) + if not DEBUG then + return + end + + if type(args) == "table" then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end +-- +-- Exit message +function ExitMsg(msg) + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print(msg) + print() +end + +function test(modulation) + local y + for y = 0x0, 0x1d, 0x4 do + for _ = 1, #procedurecmds do + local pcmd = procedurecmds[_] + + if #pcmd == 0 then + + elseif _ == 1 then + + local config = pcmd:format(config1, y, modulation, config2) + dbg(('lf t55xx write 0 %s'):format(config)) + + config = tonumber(config,16) + local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config} + local err = core.SendCommand(writecmd:getBytes()) + if err then return oops(err) end + local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) + + else + dbg(pcmd) + core.console( pcmd ) + end + end + core.clearCommandBuffer() + end + print( string.rep('--',20) ) +end + +local function main(args) + + print( string.rep('--',20) ) + print( string.rep('--',20) ) + + -- Arguments for the script + for o, arg in getopt.getopt(args, 'h') do + if o == "h" then return help() end + end + + core.clearCommandBuffer() + test(4) + test(5) + test(6) + test(7) + print( string.rep('--',20) ) +end +main(args) \ No newline at end of file diff --git a/client/scripts/test_t55x7_psk.lua b/client/scripts/test_t55x7_psk.lua index 1b964094..cbd78e87 100644 --- a/client/scripts/test_t55x7_psk.lua +++ b/client/scripts/test_t55x7_psk.lua @@ -2,15 +2,14 @@ local cmds = require('commands') local getopt = require('getopt') local bin = require('bin') local utils = require('utils') -local dumplib = require('html_dumplib') example =[[ - 1. script run tracetest - 2. script run tracetest -o + 1. script run test_t55x7_psk + 2. script run test_t55x7_psk -o ]] author = "Iceman" -usage = "script run test_t55x7_psk -o " +usage = "script run test_t55x7_psk" desc =[[ This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 The outlined procedure is as following: @@ -39,26 +38,35 @@ In all 12 individual test for the PSK demod Arguments: -h : this help - -o : logfile name ]] local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local DEBUG = true -- the debug flag ---BLOCK 0 = 00088040 -local config1 = '0008' -local config2 = '40' +-- local procedurecmds = { + -- [1] = '%s%s%s%s', + -- [2] = 'lf read', + -- --[3] = '', + -- [3] = 'data samples', + -- [4] = 'data pskdetectclock', + -- [5] = 'data psknrzrawdemod', + -- [6] = 'data pskindalademod', +-- } + +-- --BLOCK 0 = 00 08 80 40 PSK + -- ----------- + -- 08------- bitrate + -- 8----- modulation PSK1 + -- 0---- PSK ClockRate + -- 40 max 2 blocks + local procedurecmds = { - [1] = '%s%s%s%s', - [2] = 'lf read', + [1] = '00%02X%X%X40', + [2] = 'lf t55xx detect', --[3] = '', - [3] = 'data samples', - [4] = 'data pskdetectclock', - [5] = 'data psknrzrawdemod', - [6] = 'data pskindalademod', + [3] = 'lf t55xx info', } - --- -- A debug printout-function function dbg(args) @@ -97,45 +105,39 @@ function ExitMsg(msg) print() end -function pskTest(modulation) - local y - for y = 0, 8, 4 do - for _ = 1, #procedurecmds do - local cmd = procedurecmds[_] - - if #cmd == 0 then - - elseif _ == 1 then - - dbg("Writing to T55x7 TAG") - - local configdata = cmd:format( config1, modulation , y, config2) +function test(modulation) + local bitrate + local clockrate + for bitrate = 0x0, 0x1d, 0x4 do + + for clockrate = 0,8,4 do + + for _ = 1, #procedurecmds do + local cmd = procedurecmds[_] - dbg( configdata) + if #cmd == 0 then - local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = configdata ,arg2 = 0, arg3 = 0} - local err = core.SendCommand(writecommand:getBytes()) - if err then return oops(err) end - local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) - - if response then - local count,cmd,arg0 = bin.unpack('LL',response) - if(arg0==1) then - dbg("Writing success") - else - return nil, "Couldn't read block.." - end + elseif _ == 1 then + + dbg("Writing to T55x7 TAG") + + local config = cmd:format(bitrate, modulation, clockrate) + dbg(('lf t55xx write 0 %s'):format(config)) + + config = tonumber(config,16) + local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config ,arg2 = 0, arg3 = 0} + local err = core.SendCommand(writecommand:getBytes()) + if err then return oops(err) end + local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) + else + dbg(cmd) + core.console( cmd ) end - - else - dbg(cmd) - core.console( cmd ) end + core.clearCommandBuffer() end - core.clearCommandBuffer() end print( string.rep('--',20) ) - end local function main(args) @@ -143,20 +145,16 @@ local function main(args) print( string.rep('--',20) ) print( string.rep('--',20) ) - local outputTemplate = os.date("testpsk_%Y-%m-%d_%H%M%S") - -- Arguments for the script - for o, arg in getopt.getopt(args, 'ho:') do + for o, arg in getopt.getopt(args, 'h') do if o == "h" then return help() end - if o == "o" then outputTemplate = arg end end core.clearCommandBuffer() - pskTest(1) - pskTest(2) - pskTest(3) - pskTest(8) + test(1) -- PSK1 + --test(2) -- PSK2 + --test(3) -- PSK3 print( string.rep('--',20) ) end @@ -170,4 +168,4 @@ main(args) -- XXXXX0XX = PSK RF/2 -- XXXXX4XX = PSK RF/4 - -- XXXXX8XX = PSK RF/8 \ No newline at end of file + -- XXXXX8XX = PSK RF/8 diff --git a/client/scripts/tracetest.lua b/client/scripts/tracetest.lua index e4a9215c..ae4055ae 100644 --- a/client/scripts/tracetest.lua +++ b/client/scripts/tracetest.lua @@ -6,19 +6,20 @@ local dumplib = require('html_dumplib') example =[[ 1. script run tracetest - 2. script run tracetest -o - ]] author = "Iceman" -usage = "script run tracetest -o " +usage = "script run tracetest" desc =[[ This script will load several traces files in ../traces/ folder and do "data load" -"lf search" +"lf search 1 u" + +The following tracefiles will be loaded: + em*.pm3 + m*.pm3 Arguments: -h : this help - -o : logfile name ]] local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds @@ -71,14 +72,14 @@ local function main(args) local tracesEM = "find '../traces/' -iname 'em*.pm3' -type f" local tracesMOD = "find '../traces/' -iname 'm*.pm3' -type f" + local write2File = false local outputTemplate = os.date("testtest_%Y-%m-%d_%H%M%S") -- Arguments for the script - for o, arg in getopt.getopt(args, 'ho:') do + for o, arg in getopt.getopt(args, 'h') do if o == "h" then return help() end - if o == "o" then outputTemplate = arg end end - + core.clearCommandBuffer() local files = {} @@ -97,7 +98,7 @@ local function main(args) end p.close(); - local cmdLFSEARCH = "lf search 1" + local cmdLFSEARCH = "lf search 1 u" -- main loop io.write('Starting to test traces > ') @@ -119,13 +120,6 @@ local function main(args) end io.write('\n') - -- Write dump to files - if not DEBUG then - local bar = dumplib.SaveAsText(emldata, outputTemplate..'.txt') - print(("Wrote output to: %s"):format(bar)) - end - - -- Show info print( string.rep('--',20) ) end diff --git a/common/lfdemod.c b/common/lfdemod.c index 46ac4924..c7acb404 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -75,51 +75,6 @@ uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_ return 0; } - -//by marshmellow -//takes 1s and 0s and searches for EM410x format - output EM ID -uint64_t Em410xDecodeOld(uint8_t *BitStream, size_t *size, size_t *startIdx) -{ - //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future - // otherwise could be a void with no arguments - //set defaults - uint64_t lo=0; - uint32_t i = 0; - if (BitStream[1]>1){ //allow only 1s and 0s - // PrintAndLog("no data found"); - return 0; - } - // 111111111 bit pattern represent start of frame - uint8_t preamble[] = {1,1,1,1,1,1,1,1,1}; - uint32_t idx = 0; - uint32_t parityBits = 0; - uint8_t errChk = 0; - *startIdx = 0; - for (uint8_t extraBitChk=0; extraBitChk<5; extraBitChk++){ - errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx); - if (errChk == 0) return 0; - idx = *startIdx + 9; - for (i=0; i<10;i++){ //loop through 10 sets of 5 bits (50-10p = 40 bits) - parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5); - //check even parity - if (parityTest(parityBits, 5, 0) == 0){ - //parity failed try next bit (in the case of 1111111111) but last 9 = preamble - startIdx++; - errChk = 0; - break; - } - //set uint64 with ID from BitStream - for (uint8_t ii=0; ii<4; ii++){ - lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]); - } - } - if (errChk != 0) return lo; - //skip last 5 bit parity test for simplicity. - // *size = 64; - } - return 0; -} - //by marshmellow //takes 1s and 0s and searches for EM410x format - output EM ID uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo) @@ -143,6 +98,7 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_ errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx); if (errChk == 0) return 0; if (*size>64) FmtLen = 22; + if (*size<64) return 0; idx = *startIdx + 9; for (i=0; i= high && waveHigh){ + smplCnt++; + } else if (BinStream[i] <= low && !waveHigh){ + smplCnt++; + } else { //transition + if ((BinStream[i] >= high && !waveHigh) || (BinStream[i] <= low && waveHigh)){ + if (smplCnt > clk-(clk/4)-1) { //full clock + if (smplCnt > clk + (clk/4)+1) { //too many samples + errCnt++; + BinStream[bitCnt++]=77; + } else if (waveHigh) { + BinStream[bitCnt++] = invert; + BinStream[bitCnt++] = invert; + } else if (!waveHigh) { + BinStream[bitCnt++] = invert ^ 1; + BinStream[bitCnt++] = invert ^ 1; + } + waveHigh ^= 1; + smplCnt = 0; + } else if (smplCnt > (clk/2) - (clk/4)-1) { + if (waveHigh) { + BinStream[bitCnt++] = invert; + } else if (!waveHigh) { + BinStream[bitCnt++] = invert ^ 1; + } + waveHigh ^= 1; + smplCnt = 0; + } else if (!bitCnt) { + //first bit + waveHigh = (BinStream[i] >= high); + smplCnt = 1; + } else { + smplCnt++; + //transition bit oops + } + } else { //haven't hit new high or new low yet + smplCnt++; + } + } + } + *size = bitCnt; + return errCnt; +} + //by marshmellow //takes 3 arguments - clock, invert and maxErr as integers //attempts to demodulate ask only @@ -423,15 +426,22 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max if (*clk==0) return -1; if (start<0) return -1; if (*invert != 0 && *invert != 1) *invert =0; + if (amp==1) askAmp(BinStream, *size); + uint32_t initLoopMax = 200; if (initLoopMax > *size) initLoopMax=*size; // Detect high and lows - //25% fuzz in case highs and lows aren't clipped [marshmellow] + //25% clip in case highs and lows aren't clipped [marshmellow] + uint8_t clip = 75; int high, low, ans; - if (amp==1) askAmp(BinStream, *size); - ans = getHiLo(BinStream, initLoopMax, &high, &low, 75, 75); + ans = getHiLo(BinStream, initLoopMax, &high, &low, clip, clip); if (ans<1) return -1; //just noise + if (DetectCleanAskWave(BinStream, *size, high, low)) { + //PrintAndLog("Clean"); + return cleanAskRawDemod(BinStream, size, *clk, *invert, high, low); + } + //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); int lastBit = 0; //set first clock check uint32_t bitnum = 0; //output counter @@ -443,12 +453,13 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max uint32_t gLen = *size; if (gLen > 500) gLen=500; //if 0 errors allowed then only try first 2 clock cycles as we want a low tolerance - if (!maxErr) gLen=*clk*2; + if (!maxErr) gLen = *clk * 2; uint8_t errCnt =0; uint32_t bestStart = *size; uint32_t bestErrCnt = maxErr; //(*size/1000); uint8_t midBit=0; uint16_t MaxBits=1000; + //PrintAndLog("DEBUG - lastbit - %d",lastBit); //loop to find first wave that works for (iii=start; iii < gLen; ++iii){ @@ -619,7 +630,9 @@ size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow //do nothing with extra garbage } else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves dest[numBits]=1; - } else { //9+ = 10 waves + } else if ((idx-last_transition) > (fchigh+1) && !numBits) { //12 + and first bit = garbage + //do nothing with beginning garbage + } else { //9+ = 10 waves dest[numBits]=0; } last_transition = idx; @@ -643,18 +656,31 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons uint32_t idx=0; size_t numBits=0; uint32_t n=1; - + float lowWaves = (((float)(rfLen))/((float)fclow)); + float highWaves = (((float)(rfLen))/((float)fchigh)); for( idx=1; idx < size; idx++) { if (dest[idx]==lastval) { n++; continue; } + n++; //if lastval was 1, we have a 1->0 crossing - if ( dest[idx-1]==1 ) { - n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow)); - } else {// 0->1 crossing - n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh)); //-1 for fudge factor + if (dest[idx-1]==1) { + if (!numBits && n < (uint8_t)lowWaves) { + n=0; + lastval = dest[idx]; + continue; + } + n=myround2(((float)n)/lowWaves); + } else {// 0->1 crossing + //test first bitsample too small + if (!numBits && n < (uint8_t)highWaves) { + n=0; + lastval = dest[idx]; + continue; + } + n = myround2(((float)n)/highWaves); //-1 for fudge factor } if (n == 0) n = 1; @@ -670,6 +696,17 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons n=0; lastval=dest[idx]; }//end for + + // if valid extra bits at the end were all the same frequency - add them in + if (n > lowWaves && n > highWaves) { + if (dest[idx-2]==1) { + n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow)); + } else { + n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh)); //-1 for fudge factor + } + memset(dest, dest[idx-1]^invert , n); + numBits += n; + } return numBits; } //by marshmellow (from holiman's base) @@ -856,20 +893,70 @@ int PyramiddemodFSK(uint8_t *dest, size_t *size) uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low) { - uint8_t allPeaks=1; + uint16_t allPeaks=1; uint16_t cntPeaks=0; - for (size_t i=20; i<255; i++){ + size_t loopEnd = 572; + if (loopEnd > size) loopEnd = size; + for (size_t i=60; ilow && dest[i]190) return 1; + if (allPeaks == 0){ + if (cntPeaks > 300) return 1; } return allPeaks; } +int DetectStrongAskClock(uint8_t dest[], size_t size) +{ + int clk[]={0,8,16,32,40,50,64,100,128,256}; + size_t idx = 40; + uint8_t high=0; + size_t cnt = 0; + size_t highCnt = 0; + size_t highCnt2 = 0; + for (;idx < size; idx++){ + if (dest[idx]>128) { + if (!high){ + high=1; + if (cnt > highCnt){ + if (highCnt != 0) highCnt2 = highCnt; + highCnt = cnt; + } else if (cnt > highCnt2) { + highCnt2 = cnt; + } + cnt=1; + } else { + cnt++; + } + } else if (dest[idx] <= 128){ + if (high) { + high=0; + if (cnt > highCnt) { + if (highCnt != 0) highCnt2 = highCnt; + highCnt = cnt; + } else if (cnt > highCnt2) { + highCnt2 = cnt; + } + cnt=1; + } else { + cnt++; + } + } + } + uint8_t tol; + for (idx=8; idx>0; idx--){ + tol = clk[idx]/8; + if (clk[idx] >= highCnt - tol && clk[idx] <= highCnt + tol) + return clk[idx]; + if (clk[idx] >= highCnt2 - tol && clk[idx] <= highCnt2 + tol) + return clk[idx]; + } + return -1; +} + // by marshmellow // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping) // maybe somehow adjust peak trimming value based on samples to fix? @@ -892,24 +979,14 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) //test for large clean peaks if (DetectCleanAskWave(dest, size, peak, low)==1){ - uint16_t fcTest=0; - uint8_t mostFC=0; - fcTest=countFC(dest, size, &mostFC); - uint8_t fc1 = fcTest >> 8; - uint8_t fc2 = fcTest & 0xFF; - - for (i=0; i<8; i++){ - if (clk[i] == fc1) { - *clock=fc1; - return 0; - } - if (clk[i] == fc2) { - *clock=fc2; + int ans = DetectStrongAskClock(dest, size); + for (i=7; i>0; i--){ + if (clk[i] == ans) { + *clock=ans; return 0; } } } - int ii; int clkCnt; int tol = 0; @@ -923,6 +1000,7 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) }else{ tol=0; } + if (!maxErr) loopCnt=clk[clkCnt]*2; bestErr[clkCnt]=1000; //try lining up the peaks by moving starting point (try first 256) for (ii=0; ii < loopCnt; ii++){ @@ -1242,11 +1320,10 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) *clk = DetectNRZClock(dest, *size, *clk); if (*clk==0) return -2; uint32_t i; - int high, low, ans; - ans = getHiLo(dest, 1260, &high, &low, 75, 75); //25% fuzz on high 25% fuzz on low - if (ans<1) return -2; //just noise - uint32_t gLen = 256; + uint32_t gLen = 4096; if (gLen>*size) gLen = *size; + int high, low; + if (getHiLo(dest, gLen, &high, &low, 75, 75) < 1) return -3; //25% fuzz on high 25% fuzz on low int lastBit = 0; //set first clock check uint32_t bitnum = 0; //output counter uint8_t tol = 1; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave @@ -1256,6 +1333,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) uint32_t bestErrCnt = maxErr+1; uint32_t bestPeakCnt = 0; uint32_t bestPeakStart=0; + uint8_t bestFirstPeakHigh=0; + uint8_t firstPeakHigh=0; uint8_t curBit=0; uint8_t bitHigh=0; uint8_t errBitHigh=0; @@ -1265,6 +1344,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) //loop to find first wave that works - align to clock for (iii=0; iii < gLen; ++iii){ if ((dest[iii]>=high) || (dest[iii]<=low)){ + if (dest[iii]>=high) firstPeakHigh=1; + else firstPeakHigh=0; lastBit=iii-*clk; peakCnt=0; errCnt=0; @@ -1315,6 +1396,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) //possible good read if (errCnt == 0){ //bestStart = iii; + bestFirstPeakHigh=firstPeakHigh; bestErrCnt = errCnt; bestPeakCnt = peakCnt; bestPeakStart = iii; @@ -1325,6 +1407,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) //bestStart = iii; } if (peakCnt > bestPeakCnt){ + bestFirstPeakHigh=firstPeakHigh; bestPeakCnt=peakCnt; bestPeakStart=iii; } @@ -1337,6 +1420,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) iii=bestPeakStart; lastBit=bestPeakStart-*clk; bitnum=0; + memset(dest, bestFirstPeakHigh^1, bestPeakStart / *clk); + bitnum += (bestPeakStart / *clk); for (i = iii; i < *size; ++i) { //if we found a high bar and we are at a clock bit if ((dest[i] >= high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){ @@ -1386,12 +1471,12 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr) *size=bitnum; } else{ *size=bitnum; - return -1; + return bestErrCnt; } if (bitnum>16){ *size=bitnum; - } else return -1; + } else return -5; return errCnt; } @@ -1689,7 +1774,7 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert) errCnt=0; size_t numBits=0; //set skipped bits - memset(dest+numBits,curPhase^1,firstFullWave / *clock); + memset(dest,curPhase^1,firstFullWave / *clock); numBits += (firstFullWave / *clock); dest[numBits++] = curPhase; //set first read bit for (i = firstFullWave+fullWaveLen-1; i < *size-3; i++){ diff --git a/common/lfdemod.h b/common/lfdemod.h index 8e10a7df..46e2bdd5 100644 --- a/common/lfdemod.h +++ b/common/lfdemod.h @@ -16,6 +16,7 @@ #include int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr); +uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low); int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr); uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo); //uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx); @@ -47,5 +48,6 @@ uint8_t justNoise(uint8_t *BitStream, size_t size); uint8_t countPSK_FC(uint8_t *BitStream, size_t size); int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert); int DetectPSKClock(uint8_t dest[], size_t size, int clock); +void askAmp(uint8_t *BitStream, size_t size); #endif