From: Iceman Date: Tue, 4 Aug 2015 07:34:24 +0000 (+0200) Subject: Merge pull request #4 from gcohen55/ubuntu_makefile X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/a71c68bdf0d117609a1ffd0141d1d682e1ff8e15?hp=8fac5452b851fe2f6427c8eb8fc833018f75d330 Merge pull request #4 from gcohen55/ubuntu_makefile updated makefile, readme --- diff --git a/.gitignore b/.gitignore index 880c092f..ebfb5d96 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,7 @@ proxmark proxmark3 flasher +fpga_compress version.c lua luac diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b7247c2..d5a3e315 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added 'hw status'. This command makes the ARM print out some runtime information. (holiman) - Added 'hw ping'. This command just sends a usb packets and checks if the pm3 is responsive. Can be used to abort certain operations which supports abort over usb. (holiman) -### Changed +### Changed +- Revised workflow for StandAloneMode14a (Craig Young) - Changed lf config's `threshold` to a graph (signed) metric and it will trigger on + or - value set to. (example: set to 50 and recording would begin at first graphed value of >= 50 or <= -50) (marshmellow) - EPA functions (`hf epa`) now support both ISO 14443-A and 14443-B cards (frederikmoellers) - 'hw version' only talks to ARM at startup, after that the info is cached. (pwpiwi) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 03e6eba2..2e1a43af 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -298,18 +298,49 @@ void SendVersion(void) uint32_t compressed_data_section_size = common_area.arg1; cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString)); } + +// measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time. +// Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included. +void printUSBSpeed(uint32_t SpeedTestBufferSize) +{ + Dbprintf("USB Speed:"); + Dbprintf(" Sending %d bytes payload...", SpeedTestBufferSize); + + uint8_t *test_data = BigBuf_get_addr(); + + uint32_t start_time = GetTickCount(); + + LED_B_ON(); + for(size_t i=0; i < SpeedTestBufferSize; i += USB_CMD_DATA_SIZE) { + size_t len = MIN((SpeedTestBufferSize - i), USB_CMD_DATA_SIZE); + cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,0,len,0,test_data,len); + } + LED_B_OFF(); + + uint32_t end_time = GetTickCount(); + + Dbprintf(" Time elapsed: %dms, USB Transfer Speed PM3 -> Client = %d Bytes/s", + end_time - start_time, + 1000* SpeedTestBufferSize / (end_time - start_time)); + +} + /** * Prints runtime information about the PM3. **/ -void SendStatus(void) +void SendStatus(uint32_t SpeedTestBufferSize) { BigBuf_print_status(); Fpga_print_status(); printConfig(); //LF Sampling config + printUSBSpeed(SpeedTestBufferSize); Dbprintf("Various"); - Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL); - Dbprintf(" ToSendMax........%d",ToSendMax); - Dbprintf(" ToSendBit........%d",ToSendBit); + Dbprintf(" MF_DBGLEVEL........%d", MF_DBGLEVEL); + Dbprintf(" ToSendMax..........%d", ToSendMax); + Dbprintf(" ToSendBit..........%d", ToSendBit); + Dbprintf(" ToSend BUFFERSIZE..%d", TOSEND_BUFFER_SIZE); + + cmd_send(CMD_ACK,1,0,0,0,0); } #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF) @@ -343,11 +374,14 @@ void StandAloneMode14a() FpgaDownloadAndGo(FPGA_BITSTREAM_HF); int selected = 0; - int playing = 0; + int playing = 0, iGotoRecord = 0, iGotoClone = 0; int cardRead[OPTS] = {0}; uint8_t readUID[10] = {0}; uint32_t uid_1st[OPTS]={0}; uint32_t uid_2nd[OPTS]={0}; + uint32_t uid_tmp1 = 0; + uint32_t uid_tmp2 = 0; + iso14a_card_select_t hi14a_card[OPTS]; LED(selected + 1, 0); @@ -355,24 +389,17 @@ void StandAloneMode14a() { usb_poll(); WDT_HIT(); - - // Was our button held down or pressed? - int button_pressed = BUTTON_HELD(1000); SpinDelay(300); - // Button was held for a second, begin recording - if (button_pressed > 0 && cardRead[selected] == 0) + if (iGotoRecord == 1 || cardRead[selected] == 0) { + iGotoRecord = 0; LEDsoff(); LED(selected + 1, 0); LED(LED_RED2, 0); // record Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected); - - // wait for button to be released - while(BUTTON_PRESS()) - WDT_HIT(); /* need this delay to prevent catching some weird data */ SpinDelay(500); /* Code for reading from 14a tag */ @@ -383,22 +410,54 @@ void StandAloneMode14a() for ( ; ; ) { WDT_HIT(); - if (!iso14443a_select_card(uid, NULL, &cuid)) + if (BUTTON_PRESS()) { + if (cardRead[selected]) { + Dbprintf("Button press detected -- replaying card in bank[%d]", selected); + break; + } + else if (cardRead[(selected+1)%OPTS]) { + Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS); + selected = (selected+1)%OPTS; + break; // playing = 1; + } + else { + Dbprintf("Button press detected but no stored tag to play. (Ignoring button)"); + SpinDelay(300); + } + } + if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid)) continue; else { Dbprintf("Read UID:"); Dbhexdump(10,uid,0); memcpy(readUID,uid,10*sizeof(uint8_t)); - uint8_t *dst = (uint8_t *)&uid_1st[selected]; + uint8_t *dst = (uint8_t *)&uid_tmp1; // Set UID byte order for (int i=0; i<4; i++) dst[i] = uid[3-i]; - dst = (uint8_t *)&uid_2nd[selected]; + dst = (uint8_t *)&uid_tmp2; for (int i=0; i<4; i++) dst[i] = uid[7-i]; + if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) { + Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping."); + } + else { + if (uid_tmp2) { + Dbprintf("Bank[%d] received a 7-byte UID",selected); + uid_1st[selected] = (uid_tmp1)>>8; + uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8); + } + else { + Dbprintf("Bank[%d] received a 4-byte UID",selected); + uid_1st[selected] = uid_tmp1; + uid_2nd[selected] = uid_tmp2; + } break; } } + } + Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]); + Dbprintf("SAK = %02X",hi14a_card[selected].sak); LEDsoff(); LED(LED_GREEN, 200); LED(LED_ORANGE, 200); @@ -407,18 +466,16 @@ void StandAloneMode14a() LEDsoff(); LED(selected + 1, 0); - // Finished recording - // If we were previously playing, set playing off - // so next button push begins playing what we recorded - playing = 0; + // Next state is replay: + playing = 1; cardRead[selected] = 1; - } - /* MF UID clone */ - else if (button_pressed > 0 && cardRead[selected] == 1) + /* MF Classic UID clone */ + else if (iGotoClone==1) { + iGotoClone=0; LEDsoff(); LED(selected + 1, 0); LED(LED_ORANGE, 250); @@ -453,7 +510,6 @@ void StandAloneMode14a() break; case CMD_MIFARE_CGETBLOCK: MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); - // break; mfCSetUID provides example logic for UID set workflow: @@ -467,7 +523,12 @@ void StandAloneMode14a() */ uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0}; // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo - MifareCGetBlock(0x1F, 1, 0, oldBlock0); + MifareCGetBlock(0x3F, 1, 0, oldBlock0); + if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) { + Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected); + playing = 1; + } + else { Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]); memcpy(newBlock0,oldBlock0,16); // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic) @@ -479,29 +540,27 @@ void StandAloneMode14a() newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3]; // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain MifareCSetBlock(0, 0xFF,0, newBlock0); - MifareCGetBlock(0x1F, 1, 0, testBlock0); + MifareCGetBlock(0x3F, 1, 0, testBlock0); if (memcmp(testBlock0,newBlock0,16)==0) { DbpString("Cloned successfull!"); cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it - } - LEDsoff(); - LED(selected + 1, 0); - // Finished recording - - // If we were previously playing, set playing off - // so next button push begins playing what we recorded playing = 0; + iGotoRecord = 1; + selected = (selected + 1) % OPTS; + } + else { + Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected); + playing = 1; + } + } + LEDsoff(); + LED(selected + 1, 0); } // Change where to record (or begin playing) - else if (button_pressed && cardRead[selected]) + else if (playing==1) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected]) { - // Next option if we were previously playing - if (playing) - selected = (selected + 1) % OPTS; - playing = !playing; - LEDsoff(); LED(selected + 1, 0); @@ -510,19 +569,49 @@ void StandAloneMode14a() { LED(LED_GREEN, 0); DbpString("Playing"); - while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec + for ( ; ; ) { + WDT_HIT(); + int button_action = BUTTON_HELD(1000); + if (button_action == 0) { // No button action, proceed with sim + uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break + uint8_t flags = ( uid_2nd[selected] > 0x00 ) ? FLAG_7B_UID_IN_DATA : FLAG_4B_UID_IN_DATA; + num_to_bytes(uid_1st[selected], 3, data); + num_to_bytes(uid_2nd[selected], 4, data); + Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected); - SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL); + if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) { + DbpString("Mifare Classic"); + SimulateIso14443aTag(1, flags, data); // Mifare Classic + } + else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) { + DbpString("Mifare Ultralight"); + SimulateIso14443aTag(2, flags, data); // Mifare Ultralight + } + else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) { + DbpString("Mifare DESFire"); + SimulateIso14443aTag(3, flags, data); // Mifare DESFire + } + else { + Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation"); + SimulateIso14443aTag(1, flags, data); + } + } + else if (button_action == BUTTON_SINGLE_CLICK) { + selected = (selected + 1) % OPTS; + Dbprintf("Done playing. Switching to record mode on bank %d",selected); + iGotoRecord = 1; + break; } - //cardRead[selected] = 1; - Dbprintf("Done playing [Bank: %u]",selected); + else if (button_action == BUTTON_HOLD) { + Dbprintf("Playtime over. Begin cloning..."); + iGotoClone = 1; + break; + } + WDT_HIT(); + } /* We pressed a button so ignore it here with a delay */ SpinDelay(300); - - // when done, we're done playing, move to next option - selected = (selected + 1) % OPTS; - playing = !playing; LEDsoff(); LED(selected + 1, 0); } @@ -991,7 +1080,7 @@ void UsbPacketReceived(uint8_t *packet, int len) ReaderIso14443a(c); break; case CMD_SIMULATE_TAG_ISO_14443a: - SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID + SimulateIso14443aTag(c->arg[0], c->arg[1], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID break; case CMD_EPA_PACE_COLLECT_NONCE: @@ -1110,7 +1199,7 @@ void UsbPacketReceived(uint8_t *packet, int len) ReaderIClass(c->arg[0]); break; case CMD_READER_ICLASS_REPLAY: - ReaderIClass_Replay(c->arg[0], c->d.asBytes); + ReaderIClass_Replay(c->arg[0], c->d.asBytes); break; case CMD_ICLASS_EML_MEMSET: emlSet(c->d.asBytes,c->arg[0], c->arg[1]); @@ -1180,7 +1269,7 @@ void UsbPacketReceived(uint8_t *packet, int len) SendVersion(); break; case CMD_STATUS: - SendStatus(); + SendStatus(c->arg[0]); break; case CMD_PING: cmd_send(CMD_ACK,0,0,0,0,0); @@ -1197,8 +1286,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_FINISH_WRITE: case CMD_HARDWARE_RESET: usb_disable(); - SpinDelay(1000); - SpinDelay(1000); + SpinDelay(2000); AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; for(;;) { // We're going to reset, and the bootrom will take control. @@ -1270,7 +1358,7 @@ void __attribute__((noreturn)) AppMain(void) LCDInit(); #endif - byte_t rx[sizeof(UsbCommand)]; + byte_t rx[sizeof(UsbCommand)]; size_t rx_len; for(;;) { diff --git a/armsrc/apps.h b/armsrc/apps.h index ff0b3472..5eff4511 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -106,7 +106,7 @@ void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]); /// iso14443a.h void RAMFUNC SniffIso14443a(uint8_t param); -void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data); +void SimulateIso14443aTag(int tagType, int flags, byte_t* data); void ReaderIso14443a(UsbCommand * c); // Also used in iclass.c bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 38688a07..862594e9 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -935,7 +935,7 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { // Main loop of simulated tag: receive commands from reader, decide what // response to send, and send it. //----------------------------------------------------------------------------- -void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) +void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { //Here, we collect UID,NT,AR,NR,UID2,NT2,AR2,NR2 diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index fb8b4d66..0ea66a8d 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -1275,7 +1275,7 @@ void RAMFUNC SnoopIso14443b(void) if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time // is this | 0x01 the error? & 0xfe in https://github.com/Proxmark/proxmark3/issues/103 - if(Handle14443bSamplesDemod(ci | 0x01, cq | 0x01)) { + if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) { //Use samples as a time measurement if(tracing) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 73fb8a5a..13c4a5b8 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1138,6 +1138,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // bit 2 - need HALT after sequence // bit 3 - need init FPGA and field before sequence // bit 4 - need reset FPGA and LED + // bit 5 - need to set datain instead of issuing USB reply (called via ARM for StandAloneMode14a) uint8_t workFlags = arg0; uint8_t blockNo = arg2; @@ -1197,6 +1198,11 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai } LED_B_ON(); + if (workFlags & 0x20) { + if (isOK) + memcpy(datain, data, 18); + } + else cmd_send(CMD_ACK,isOK,0,0,data,18); LED_B_OFF(); diff --git a/armsrc/util.c b/armsrc/util.c index 8576ddce..1dd8dc75 100644 --- a/armsrc/util.c +++ b/armsrc/util.c @@ -304,11 +304,12 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers void StartTickCount() { -// must be 0x40, but on my cpu - included divider is optimal -// 0x20 - 1 ms / bit -// 0x40 - 2 ms / bit - - AT91C_BASE_RTTC->RTTC_RTMR = AT91C_RTTC_RTTRST + 0x001D; // was 0x003B + // This timer is based on the slow clock. The slow clock frequency is between 22kHz and 40kHz. + // We can determine the actual slow clock frequency by looking at the Main Clock Frequency Register. + uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency + // set RealTimeCounter divider to count at 1kHz: + AT91C_BASE_RTTC->RTTC_RTMR = AT91C_RTTC_RTTRST | ((256000 + (mainf/2)) / mainf); + // note: worst case precision is approx 2.5% } /* diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index 060656c2..d9e56693 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -34,7 +34,7 @@ int CmdHF14BList(const char *Cmd) int CmdHF14BSim(const char *Cmd) { - UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B}; + UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443B}; clearCommandBuffer(); SendCommand(&c); return 0; diff --git a/client/cmdhw.c b/client/cmdhw.c index 5f25241c..16be8bbe 100644 --- a/client/cmdhw.c +++ b/client/cmdhw.c @@ -18,6 +18,7 @@ #include "cmdhw.h" #include "cmdmain.h" #include "cmddata.h" +#include "data.h" /* low-level hardware control */ @@ -404,18 +405,17 @@ int CmdTune(const char *Cmd) int CmdVersion(const char *Cmd) { - clearCommandBuffer(); - UsbCommand c = {CMD_VERSION}; + UsbCommand c = {CMD_VERSION}; static UsbCommand resp = {0, {0, 0, 0}}; if (resp.arg[0] == 0 && resp.arg[1] == 0) { // no cached information available - SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { - PrintAndLog("Prox/RFID mark3 RFID instrument"); - PrintAndLog((char*)resp.d.asBytes); - lookupChipID(resp.arg[0], resp.arg[1]); - } + SendCommand(&c); + if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + PrintAndLog("Prox/RFID mark3 RFID instrument"); + PrintAndLog((char*)resp.d.asBytes); + lookupChipID(resp.arg[0], resp.arg[1]); + } } else { PrintAndLog("[[[ Cached information ]]]\n"); PrintAndLog("Prox/RFID mark3 RFID instrument"); @@ -428,11 +428,21 @@ int CmdVersion(const char *Cmd) int CmdStatus(const char *Cmd) { - UsbCommand c = {CMD_STATUS}; + uint8_t speed_test_buffer[USB_CMD_DATA_SIZE]; + sample_buf = speed_test_buffer; + #define USB_SPEED_TEST_SIZE (100*USB_CMD_DATA_SIZE) + + clearCommandBuffer(); + UsbCommand c = {CMD_STATUS, {USB_SPEED_TEST_SIZE}}; SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { + PrintAndLog("Status command failed. USB Speed Test timed out"); + } return 0; } + int CmdPing(const char *Cmd) { clearCommandBuffer(); diff --git a/client/cmdmain.c b/client/cmdmain.c index 377fdc2c..f0963d1e 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -121,9 +121,8 @@ void storeCommand(UsbCommand *command) int getCommand(UsbCommand* response) { //If head == tail, there's nothing to read, or if we just got initialized - if(cmd_head == cmd_tail){ - return 0; - } + if(cmd_head == cmd_tail) return 0; + //Pick out the next unread command UsbCommand* last_unread = &cmdBuffer[cmd_tail]; memcpy(response, last_unread, sizeof(UsbCommand)); @@ -131,7 +130,6 @@ int getCommand(UsbCommand* response) cmd_tail = (cmd_tail +1 ) % CMD_BUFFER_SIZE; return 1; - } /** @@ -145,27 +143,26 @@ int getCommand(UsbCommand* response) */ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) { - UsbCommand resp; - - if (response == NULL) - response = &resp; + UsbCommand resp; + if (response == NULL) + response = &resp; - // Wait until the command is received - for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) { + // Wait until the command is received + for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) { while(getCommand(response)) { - if(response->cmd == cmd){ - return true; - } - } - msleep(10); // XXX ugh - if (dm_seconds == 200) { // Two seconds elapsed - PrintAndLog("Waiting for a response from the proxmark..."); - PrintAndLog("Don't forget to cancel its operation first by pressing on the button"); - } + if(response->cmd == cmd){ + return true; + } + } + msleep(10); // XXX ugh + if (dm_seconds == 200) { // Two seconds elapsed + PrintAndLog("Waiting for a response from the proxmark..."); + PrintAndLog("Don't forget to cancel its operation first by pressing on the button"); + } } - return false; + return false; } bool WaitForResponse(uint32_t cmd, UsbCommand* response) { @@ -203,12 +200,11 @@ void UsbCommandReceived(UsbCommand *UC) case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: { memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]); + return; } break; - default: - break; + default: break; } - storeCommand(UC); } diff --git a/client/flash.c b/client/flash.c index d2163d9a..576f0d27 100644 --- a/client/flash.c +++ b/client/flash.c @@ -276,7 +276,7 @@ static int get_proxmark_state(uint32_t *state) { UsbCommand c; c.cmd = CMD_DEVICE_INFO; - SendCommand(&c); + SendCommand(&c); UsbCommand resp; ReceiveCommand(&resp); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index dfada01d..c77477e8 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -23,14 +23,24 @@ typedef BYTE uint8_t; #define PACKED __attribute__((packed)) #endif +#define USB_CMD_DATA_SIZE 512 + typedef struct { - uint32_t cmd; - uint32_t arg[3]; + uint64_t cmd; + uint64_t arg[3]; union { - uint8_t asBytes[48]; - uint32_t asDwords[12]; + uint8_t asBytes[USB_CMD_DATA_SIZE]; + uint32_t asDwords[USB_CMD_DATA_SIZE/4]; } d; } PACKED UsbCommand; +// A struct used to send sample-configs over USB +typedef struct{ + uint8_t decimation; + uint8_t bits_per_sample; + bool averaging; + int divisor; + int trigger_threshold; +} sample_config; // For the bootloader #define CMD_DEVICE_INFO 0x0000 @@ -53,7 +63,6 @@ typedef struct { #define CMD_STATUS 0x0108 #define CMD_PING 0x0109 - // For low-frequency tags #define CMD_READ_TI_TYPE 0x0202 #define CMD_WRITE_TI_TYPE 0x0203 @@ -83,6 +92,7 @@ typedef struct { #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B #define CMD_EM410X_DEMOD 0x021c +// Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F @@ -95,6 +105,7 @@ typedef struct { #define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693 0x0300 #define CMD_READ_SRI512_TAG 0x0303 #define CMD_READ_SRIX4K_TAG 0x0304 +#define CMD_ISO_14443B_COMMAND 0x0305 #define CMD_READER_ISO_15693 0x0310 #define CMD_SIMTAG_ISO_15693 0x0311 #define CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693 0x0312 @@ -102,6 +113,7 @@ typedef struct { #define CMD_ISO_15693_COMMAND_DONE 0x0314 #define CMD_ISO_15693_FIND_AFI 0x0315 #define CMD_ISO_15693_DEBUG 0x0316 +#define CMD_LF_SNOOP_RAW_ADC_SAMPLES 0x0317 // For Hitag2 transponders #define CMD_SNOOP_HITAG 0x0370 @@ -122,6 +134,9 @@ typedef struct { #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 +#define CMD_READER_ICLASS_REPLAY 0x0395 +#define CMD_ICLASS_ISO14443A_WRITE 0x0397 +#define CMD_ICLASS_EML_MEMSET 0x0398 // For measurements of the antenna tuning #define CMD_MEASURE_ANTENNA_TUNING 0x0400 @@ -138,8 +153,11 @@ typedef struct { #define CMD_MIFARE_EML_MEMSET 0x0602 #define CMD_MIFARE_EML_MEMGET 0x0603 #define CMD_MIFARE_EML_CARDLOAD 0x0604 -#define CMD_MIFARE_EML_CSETBLOCK 0x0605 -#define CMD_MIFARE_EML_CGETBLOCK 0x0606 + +// magic chinese card commands +#define CMD_MIFARE_CSETBLOCK 0x0605 +#define CMD_MIFARE_CGETBLOCK 0x0606 +#define CMD_MIFARE_CIDENT 0x0607 #define CMD_SIMULATE_MIFARE_CARD 0x0610 @@ -147,14 +165,53 @@ typedef struct { #define CMD_MIFARE_NESTED 0x0612 #define CMD_MIFARE_READBL 0x0620 +#define CMD_MIFAREU_READBL 0x0720 #define CMD_MIFARE_READSC 0x0621 +#define CMD_MIFAREU_READCARD 0x0721 #define CMD_MIFARE_WRITEBL 0x0622 +#define CMD_MIFAREU_WRITEBL 0x0722 +#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 + #define CMD_MIFARE_CHKKEYS 0x0623 #define CMD_MIFARE_SNIFFER 0x0630 +//ultralightC +#define CMD_MIFAREUC_AUTH 0x0724 +//0x0725 and 0x0726 no longer used +#define CMD_MIFAREUC_SETPWD 0x0727 + + +// mifare desfire +#define CMD_MIFARE_DESFIRE_READBL 0x0728 +#define CMD_MIFARE_DESFIRE_WRITEBL 0x0729 +#define CMD_MIFARE_DESFIRE_AUTH1 0x072a +#define CMD_MIFARE_DESFIRE_AUTH2 0x072b +#define CMD_MIFARE_DES_READER 0x072c +#define CMD_MIFARE_DESFIRE_INFO 0x072d +#define CMD_MIFARE_DESFIRE 0x072e + +#define CMD_MIFARE_COLLECT_NONCES 0x072f #define CMD_UNKNOWN 0xFFFF + +//Mifare simulation flags +#define FLAG_INTERACTIVE 0x01 +#define FLAG_4B_UID_IN_DATA 0x02 +#define FLAG_7B_UID_IN_DATA 0x04 +#define FLAG_NR_AR_ATTACK 0x08 + + +//Iclass reader flags +#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_CC 0x02 +#define FLAG_ICLASS_READER_CSN 0x04 +#define FLAG_ICLASS_READER_CONF 0x08 +#define FLAG_ICLASS_READER_AA 0x10 +#define FLAG_ICLASS_READER_ONE_TRY 0x20 + + + // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: /* Whether a bootloader that understands the common_area is present */ #define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0) diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 2f4a7ea3..fdc2b18d 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -154,10 +154,10 @@ local _commands = { local _reverse_lookup,k,v = {} - for k, v in pairs(_commands) do - _reverse_lookup[v] = k - end - _commands.tostring = function(command) +for k, v in pairs(_commands) do + _reverse_lookup[v] = k +end +_commands.tostring = function(command) if(type(command) == 'number') then return ("%s (%d)"):format(_reverse_lookup[command]or "ERROR UNDEFINED!", command) end @@ -173,7 +173,6 @@ Command = { self.__index = self o.cmd = o.cmd or _commands.CMD_UNKNOWN - --o.arg1 = "test" o.arg1 = o.arg1 or 0 o.arg2 = o.arg2 or 0 o.arg3 = o.arg3 or 0 @@ -195,14 +194,14 @@ Command = { else print(("WARNING; data was NOT a (hex-) string, but was %s"):format(type(data))) end - o.data = data - + o.data = data return o end, - parse = function (packet) - local count,cmd,arg1,arg2,arg3,data = bin.unpack('LLLLH512',packet) + parse = function(packet) + local count, cmd, arg1, arg2, arg3, data = bin.unpack('LLLLH512', packet) return Command:new{cmd = cmd, arg1 = arg1, arg2 = arg2, arg3 = arg3, data = data} - end, + end + } function Command:__tostring() local output = ("%s\r\nargs : (%s, %s, %s)\r\ndata:\r\n%s\r\n"):format( diff --git a/client/lualibs/utils.lua b/client/lualibs/utils.lua index da179758..698017d9 100644 --- a/client/lualibs/utils.lua +++ b/client/lualibs/utils.lua @@ -69,6 +69,18 @@ local Utils = return outResults end, + ----ISO14443-B CRC + Crc14b = function(s) + if s == nil then return nil end + if #s == 0 then return nil end + if type(s) == 'string' then + local utils = require('utils') + local ascii = utils.ConvertHexToAscii(s) + local hashed = core.iso14443b_crc(ascii) + return utils.ConvertAsciiToHex(hashed) + end + return nil + end, ------------ CRC-16 ccitt checksums -- Takes a hex string and calculates a crc16 @@ -181,20 +193,18 @@ local Utils = --- -- Convert Byte array to string of hex ConvertBytesToHex = function(bytes) - if #bytes == 0 then - return '' - end + if bytes == nil then return '' end + if #bytes == 0 then return '' end local s={} - for i = 1, #(bytes) do + for i = 1, #bytes do s[i] = string.format("%02X",bytes[i]) end return table.concat(s) end, -- Convert byte array to string with ascii ConvertBytesToAscii = function(bytes) - if #bytes == 0 then - return '' - end + if bytes == nil then return '' end + if #bytes == 0 then return '' end local s={} for i = 1, #(bytes) do s[i] = string.char(bytes[i]) @@ -233,13 +243,23 @@ local Utils = end, ConvertHexToAscii = function(s) + if s == nil then return '' end + if #s == 0 then return '' end local t={} - if s == nil then return t end - if #s == 0 then return t end for k in s:gmatch"(%x%x)" do table.insert(t, string.char(tonumber(k,16))) end - return table.concat(t) + return table.concat(t) + end, + + ConvertAsciiToHex = function(s) + if s == nil then return '' end + if #s == 0 then return '' end + local t={} + for k in s:gmatch"(.)" do + table.insert(t, string.format("%02X", string.byte(k))) + end + return table.concat(t) end, Chars2num = function(s) diff --git a/client/scripting.c b/client/scripting.c index 75760663..63d7f44e 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -18,6 +18,7 @@ #include "util.h" #include "nonce2key/nonce2key.h" #include "../common/iso15693tools.h" +#include "iso14443crc.h" #include "../common/crc16.h" #include "../common/crc64.h" #include "../common/sha1.h" @@ -52,12 +53,11 @@ static int l_SendCommand(lua_State *L){ const char *data = luaL_checklstring(L, 1, &size); if(size != sizeof(UsbCommand)) { - printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand)); + printf("Got data size %d, expected %d" , size, sizeof(UsbCommand)); lua_pushstring(L,"Wrong data size"); return 1; } -// UsbCommand c = (*data); SendCommand((UsbCommand* )data); return 0; // no return values } @@ -100,7 +100,7 @@ static int l_WaitForResponseTimeout(lua_State *L){ if(WaitForResponseTimeout(cmd, &response, ms_timeout)) { //Push it as a string - lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand)); + lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand)); return 1;// return 1 to signal one return value }else{ @@ -229,6 +229,28 @@ static int l_iso15693_crc(lua_State *L) return 1; } +static int l_iso14443b_crc(lua_State *L) +{ + /* void ComputeCrc14443(int CrcType, + const unsigned char *Data, int Length, + unsigned char *TransmitFirst, + unsigned char *TransmitSecond) + */ + unsigned char buf[USB_CMD_DATA_SIZE]; + size_t len = 0; + const char *data = luaL_checklstring(L, 1, &len); + if (USB_CMD_DATA_SIZE < len) + len = USB_CMD_DATA_SIZE-2; + + for (int i = 0; i < len; i += 2) { + sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]); + } + ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]); + + lua_pushlstring(L, (const char *)&buf, len+2); + return 1; +} + /* Simple AES 128 cbc hook up to OpenSSL. params: key, input @@ -483,6 +505,7 @@ int set_pm3_libraries(lua_State *L) {"clearCommandBuffer", l_clearCommandBuffer}, {"console", l_CmdConsole}, {"iso15693_crc", l_iso15693_crc}, + {"iso14443b_crc", l_iso14443b_crc}, {"aes128_decrypt", l_aes128decrypt_cbc}, {"aes128_decrypt_ecb", l_aes128decrypt_ecb}, {"aes128_encrypt", l_aes128encrypt_cbc}, diff --git a/client/scripts/14araw.lua b/client/scripts/14araw.lua index 0ce98656..a2e6ff53 100644 --- a/client/scripts/14araw.lua +++ b/client/scripts/14araw.lua @@ -155,9 +155,7 @@ end -- Sends an instruction to do nothing, only disconnect function disconnect() - local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a, - arg1 = 0, -- Nothing - } + local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a, arg1 = 0, } -- We can ignore the response here, no ACK is returned for this command -- Check /armsrc/iso14443a.c, ReaderIso14443a() for details return lib14a.sendToDevice(command,true) diff --git a/client/scripts/tnp3sim.lua b/client/scripts/tnp3sim.lua index 4e10eb75..fa9d1c22 100644 --- a/client/scripts/tnp3sim.lua +++ b/client/scripts/tnp3sim.lua @@ -30,17 +30,6 @@ local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local DEBUG = false -- the debug flag local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20' -local band = bit32.band -local bor = bit32.bor -local lshift = bit32.lshift -local rshift = bit32.rshift -local byte = string.byte -local char = string.char -local sub = string.sub -local format = string.format - - - local band = bit32.band local bor = bit32.bor local lshift = bit32.lshift @@ -71,6 +60,7 @@ end -- This is only meant to be used when errors occur function oops(err) print("ERROR: ",err) + return nil,err end --- -- Usage help diff --git a/client/uart.c b/client/uart.c index 4b2fee99..e3a6a57b 100644 --- a/client/uart.c +++ b/client/uart.c @@ -370,9 +370,9 @@ serial_port uart_open(const char* pcPortName) { memset(&sp->dcb, 0, sizeof(DCB)); sp->dcb.DCBlength = sizeof(DCB); if(!BuildCommDCBA("baud=9600 data=8 parity=N stop=1",&sp->dcb)) { - uart_close(sp); - return INVALID_SERIAL_PORT; - } + uart_close(sp); + return INVALID_SERIAL_PORT; + } // Update the active serial port if(!SetCommState(sp->hPort,&sp->dcb)) { diff --git a/common/usb_cdc.c b/common/usb_cdc.c index 3c6e9282..dbd1c995 100644 --- a/common/usb_cdc.c +++ b/common/usb_cdc.c @@ -235,31 +235,32 @@ void usb_disable() { //* \brief This function Activates the USB device //*---------------------------------------------------------------------------- void usb_enable() { - // Set the PLL USB Divider - AT91C_BASE_CKGR->CKGR_PLLR |= AT91C_CKGR_USBDIV_1 ; - - // Specific Chip USB Initialisation - // Enables the 48MHz USB clock UDPCK and System Peripheral USB Clock - AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_UDP; - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_UDP); - - // Enable UDP PullUp (USB_DP_PUP) : enable & Clear of the corresponding PIO - // Set in PIO mode and Configure in Output - AT91C_BASE_PIOA->PIO_PER = GPIO_USB_PU; // Set in PIO mode + // Set the PLL USB Divider + AT91C_BASE_CKGR->CKGR_PLLR |= AT91C_CKGR_USBDIV_1 ; + + // Specific Chip USB Initialisation + // Enables the 48MHz USB clock UDPCK and System Peripheral USB Clock + AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_UDP; + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_UDP); + + // Enable UDP PullUp (USB_DP_PUP) : enable & Clear of the corresponding PIO + // Set in PIO mode and Configure in Output + AT91C_BASE_PIOA->PIO_PER = GPIO_USB_PU; // Set in PIO mode AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; // Configure as Output - - // Clear for set the Pullup resistor + + // Clear for set the Pullup resistor AT91C_BASE_PIOA->PIO_CODR = GPIO_USB_PU; - - // Disconnect and reconnect USB controller for 100ms - usb_disable(); - - // Wait for a short while - for (volatile size_t i=0; i<0x100000; i++); - // Reconnect USB reconnect - AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU; - AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; + // Disconnect and reconnect USB controller for 100ms + usb_disable(); + + // Wait for a short while + for (volatile size_t i=0; i<0x100000; i++); + //sleep(1); + + // Reconnect USB reconnect + AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU; + AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; } //*---------------------------------------------------------------------------- @@ -314,26 +315,27 @@ bool usb_poll_validate_length() //* \brief Read available data from Endpoint OUT //*---------------------------------------------------------------------------- uint32_t usb_read(byte_t* data, size_t len) { - byte_t bank = btReceiveBank; + byte_t bank = btReceiveBank; uint32_t packetSize, nbBytesRcv = 0; - uint32_t time_out = 0; + uint32_t time_out = 0; while (len) { if (!usb_check()) break; if ( pUdp->UDP_CSR[AT91C_EP_OUT] & bank ) { packetSize = MIN(pUdp->UDP_CSR[AT91C_EP_OUT] >> 16, len); - len -= packetSize; + len -= packetSize; while(packetSize--) data[nbBytesRcv++] = pUdp->UDP_FDR[AT91C_EP_OUT]; + pUdp->UDP_CSR[AT91C_EP_OUT] &= ~(bank); - if (bank == AT91C_UDP_RX_DATA_BK0) { + + if (bank == AT91C_UDP_RX_DATA_BK0) bank = AT91C_UDP_RX_DATA_BK1; - } else { - bank = AT91C_UDP_RX_DATA_BK0; - } + else + bank = AT91C_UDP_RX_DATA_BK0; } - if (time_out++ == 0x1fff) break; + if (time_out++ == 0x1fff) break; } btReceiveBank = bank; @@ -345,11 +347,11 @@ uint32_t usb_read(byte_t* data, size_t len) { //* \brief Send through endpoint 2 //*---------------------------------------------------------------------------- uint32_t usb_write(const byte_t* data, const size_t len) { - size_t length = len; + size_t length = len; uint32_t cpt = 0; - if (!length) return 0; - if (!usb_check()) return 0; + if (!length) return 0; + if (!usb_check()) return 0; // Send the first packet cpt = MIN(length, AT91C_EP_IN_SIZE-1); @@ -365,16 +367,18 @@ uint32_t usb_write(const byte_t* data, const size_t len) { // Wait for the the first bank to be sent while (!(pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP)) { if (!usb_check()) return length; - } + } pUdp->UDP_CSR[AT91C_EP_IN] &= ~(AT91C_UDP_TXCOMP); + while (pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP); + pUdp->UDP_CSR[AT91C_EP_IN] |= AT91C_UDP_TXPKTRDY; } // Wait for the end of transfer while (!(pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP)) { if (!usb_check()) return length; - } + } pUdp->UDP_CSR[AT91C_EP_IN] &= ~(AT91C_UDP_TXCOMP); while (pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP);