From 1c8fbeb93e82f6aafb885b57b9afbfadcf85c171 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 21 Oct 2015 09:12:33 +0200 Subject: [PATCH] ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command with password to wake tag up and be able to do a "LF SEARCH" etc on it. CHG: Minor code changes on T55X7 code. Default password is back to 'FF FF FF FF', REM: removed @marshmellow42 's wakeup option in "lf t55x7 read", --- BASICALLY: if a T55X7 tag has following bits set: AOR - send wakeup command with pwd, to enable LF interacting with it. PWD - send read/write/trace/info command with pwd. No need to send wakeup. --- armsrc/appmain.c | 2 +- armsrc/lfops.c | 63 +++++++++++-------- armsrc/lfsampling.c | 43 +++++++------ client/cmdlft55xx.c | 143 ++++++++++++++++---------------------------- client/cmdlft55xx.h | 2 +- 5 files changed, 113 insertions(+), 140 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 4ccb8edc..8b8f2594 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -921,7 +921,7 @@ void UsbPacketReceived(uint8_t *packet, int len) setSamplingConfig((sample_config *) c->d.asBytes); break; case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: - cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0); + cmd_send(CMD_ACK, SampleLF(c->arg[0]),0,0,0,0); break; case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c070b87c..1d452fd3 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1197,7 +1197,8 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod // Read one card block in page 0 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { LED_A_ON(); - uint8_t PwdMode = arg0 & 0xFF; + uint8_t PwdMode = arg0 & 0x01; + uint8_t Page = arg0 & 0x02; uint32_t i = 0; //clear buffer now so it does not interfere with timing later @@ -1215,7 +1216,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { // Opcode 10 T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 + T55xxWriteBit(Page); //Page 0 if (PwdMode){ // Send Pwd @@ -1245,33 +1246,45 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { // Read card traceability data (page 1) void T55xxReadTrace(void){ - LED_A_ON(); + // LED_A_ON(); - //clear buffer now so it does not interfere with timing later - BigBuf_Clear_ext(false); + // uint8_t PwdMode = arg0 & 0xFF; + // uint32_t i = 0; + + // //clear buffer now so it does not interfere with timing later + // BigBuf_Clear_ext(false); - // Set up FPGA, 125kHz - LFSetupFPGAForADC(95, true); + // // Set up FPGA, 125kHz + // LFSetupFPGAForADC(95, true); - // Trigger T55x7 Direct Access Mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode 11 - T55xxWriteBit(1); - T55xxWriteBit(1); //Page 1 - - // Turn field on to read the response - TurnReadLFOn(READ_GAP); + // // Trigger T55x7 Direct Access Mode + // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + // SpinDelayUs(START_GAP); + + // // Opcode 11 + // T55xxWriteBit(1); + // T55xxWriteBit(1); //Page 1 + + // if (PwdMode){ + // // Send Pwd + // for (i = 0x80000000; i != 0; i >>= 1) + // T55xxWriteBit(Pwd & i); + // } + + // // Send a zero bit separation + // T55xxWriteBit(0); + + // // Turn field on to read the response + // TurnReadLFOn(READ_GAP); - // Acquisition - doT55x7Acquisition(); + // // Acquisition + // doT55x7Acquisition(); - // turn field off - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - cmd_send(CMD_ACK,0,0,0,0,0); - LED_A_OFF(); - LED_B_OFF(); + // // turn field off + // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + // cmd_send(CMD_ACK,0,0,0,0,0); + // LED_A_OFF(); + // LED_B_OFF(); } void T55xxWakeUp(uint32_t Pwd){ @@ -1294,7 +1307,7 @@ void T55xxWakeUp(uint32_t Pwd){ T55xxWriteBit(Pwd & i); // Turn field on to read the response - TurnReadLFOn(READ_GAP); + TurnReadLFOn(20*1000); } /*-------------- Cloning routines -----------*/ diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index 3a70c340..83579cca 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -121,11 +121,11 @@ void LFSetupFPGAForADC(int divisor, bool lf_field) */ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold,bool silent) { - //. + //bigbuf, to hold the aquired raw data signal uint8_t *dest = BigBuf_get_addr(); - int bufsize = BigBuf_max_traceLen(); + uint16_t bufsize = BigBuf_max_traceLen(); - memset(dest, 0, bufsize); + BigBuf_Clear_ext(false); if(bits_per_sample < 1) bits_per_sample = 1; if(bits_per_sample > 8) bits_per_sample = 8; @@ -244,7 +244,6 @@ uint32_t SampleLF(bool printCfg) * Initializes the FPGA for snoop-mode (field off), and acquires the samples. * @return number of bits sampled **/ - uint32_t SnoopLF() { return ReadLF(false, true); } @@ -256,9 +255,9 @@ uint32_t SnoopLF() { void doT55x7Acquisition(void){ #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) - #define T55xx_READ_UPPER_THRESHOLD 128+40 // 50 + #define T55xx_UPPER_THRESHOLD 128+40 // 50 #define T55xx_READ_TOL 5 - //#define T55xx_READ_LOWER_THRESHOLD 128-40 //-50 + #define T55xx_LOWER_THRESHOLD 128-40 //-50 uint8_t *dest = BigBuf_get_addr(); uint16_t bufsize = BigBuf_max_traceLen(); @@ -267,39 +266,37 @@ void doT55x7Acquisition(void){ bufsize = T55xx_SAMPLES_SIZE; uint16_t i = 0; - uint16_t nosignal = 0; bool startFound = false; bool highFound = false; - uint8_t curSample = 0; + uint8_t sample = 0; uint8_t firstSample = 0; while(!BUTTON_PRESS()) { - WDT_HIT(); - if ( nosignal == 0xFFFF ) break; - + WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; + AT91C_BASE_SSC->SSC_THR = 0x00; LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + LED_D_OFF(); + // find first high sample - if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) { - if (curSample > firstSample) - firstSample = curSample; - highFound = true; + if (!startFound && sample > T55xx_UPPER_THRESHOLD) { + if (sample > firstSample) + firstSample = sample; + highFound = TRUE; } else if (!highFound) { - nosignal++; continue; } // skip until samples begin to change - if (startFound || curSample < firstSample-T55xx_READ_TOL){ + if (startFound || sample < firstSample - T55xx_READ_TOL){ if (!startFound) dest[i++] = firstSample; - startFound = true; - dest[i++] = curSample; - LED_D_OFF(); + startFound = TRUE; + dest[i++] = sample; + + // exit condition. if (i >= bufsize) break; } } diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 28956fdc..f3add53d 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -50,12 +50,11 @@ int usage_t55xx_config(){ return 0; } int usage_t55xx_read(){ - PrintAndLog("Usage: lf t55xx read b p "); + PrintAndLog("Usage: lf t55xx read b p "); PrintAndLog("Options:"); PrintAndLog(" b , block number to read. Between 0-7"); PrintAndLog(" p , OPTIONAL password 4bytes (8 hex symbols)"); PrintAndLog(" o, OPTIONAL override safety check"); - PrintAndLog(" w, OPTIONAL wakeup"); PrintAndLog(" ****WARNING****"); PrintAndLog(" Use of read with password on a tag not configured for a pwd"); PrintAndLog(" can damage the tag"); @@ -226,52 +225,42 @@ int CmdT55xxSetConfig(const char *Cmd) { } // No args - if (cmdp == 0) { - printConfiguration( config ); - return 0; - } + if (cmdp == 0) return printConfiguration( config ); + //Validations - if (errors) - return usage_t55xx_config(); + if (errors) return usage_t55xx_config(); config.block0 = 0; - printConfiguration ( config ); - return 0; + return printConfiguration ( config ); } int CmdT55xxReadBlock(const char *Cmd) { uint8_t block = 255; - uint8_t wake = 0; - uint8_t usepwd = 0; - uint32_t password = 0xFFFFFFFF; //default to blank Block 7 - uint8_t override = 0; + uint32_t password = 0; //default to blank Block 7 + bool usepwd = FALSE; + bool override = FALSE; + bool errors = FALSE; uint8_t cmdp = 0; - bool errors = false; while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch(param_getchar(Cmd, cmdp)) { case 'h': case 'H': - return usage_t55xx_read(); + return usage_t55xx_read(); case 'b': case 'B': errors |= param_getdec(Cmd, cmdp+1, &block); - cmdp+=2; + cmdp += 2; break; case 'o': case 'O': - override = 1; + override = TRUE; cmdp++; break; case 'p': case 'P': - password = param_get32ex(Cmd, cmdp+1, 0, 10); - usepwd = 1; - cmdp+=2; - break; - case 'w': - case 'W': - wake = 1; - cmdp++; + password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16); + usepwd = TRUE; + cmdp += 2; break; default: PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); @@ -280,11 +269,8 @@ int CmdT55xxReadBlock(const char *Cmd) { } } if (errors) return usage_t55xx_read(); - if (wake && !usepwd) { - PrintAndLog("Wake command must use a pwd"); - return 1; - } - if ((block > 7) && !wake) { + + if ( block > 7 ) { PrintAndLog("Block must be between 0 and 7"); return 1; } @@ -292,13 +278,10 @@ int CmdT55xxReadBlock(const char *Cmd) { UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}}; //Password mode - if ( usepwd || wake ) { + if ( usepwd ) { + // try reading the config block and verify that PWD bit is set before doing this! - if ( wake || override ) { - c.arg[0] = (wake<<8) & usepwd; - if ( !wake && override ) - PrintAndLog("Safety Check Overriden - proceeding despite risk"); - } else { + if ( !override ) { AquireData( CONFIGURATION_BLOCK ); if ( !tryDetectModulation() ) { PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits."); @@ -306,6 +289,9 @@ int CmdT55xxReadBlock(const char *Cmd) { } else { PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password..."); } + } else { + PrintAndLog("Safety Check Overriden - proceeding despite risk"); + c.arg[0] = usepwd; } } @@ -320,14 +306,11 @@ int CmdT55xxReadBlock(const char *Cmd) { GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); setGraphBuf(got, sizeof(got)); - //DemodBufferLen=0; + if (!DecodeT55xxBlock()) return 3; + char blk[10]={0}; - if ( wake ) { - sprintf(blk,"wake"); - } else { - sprintf(blk,"%d", block); - } + sprintf(blk,"%d", block); printT55xxBlock(blk); return 0; } @@ -390,8 +373,7 @@ bool DecodeT55xxBlock(){ int CmdT55xxDetect(const char *Cmd){ char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') - return usage_t55xx_detect(); + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_detect(); if (strlen(Cmd)==0) AquireData( CONFIGURATION_BLOCK ); @@ -683,17 +665,17 @@ void printT55xxBlock(const char *blockNum){ } for (; i < endpos; ++i) - bits[i - config.offset]=DemodBuffer[i]; + bits[i - config.offset] = DemodBuffer[i]; blockData = PackBits(0, 32, bits); - PrintAndLog("[%s] 0x%08X %s", blockNum, blockData, sprint_bin(bits,32)); + PrintAndLog("%s | %08X | %s", blockNum, blockData, sprint_bin(bits,32)); } int special(const char *Cmd) { uint32_t blockData = 0; uint8_t bits[32] = {0x00}; - PrintAndLog("[OFFSET] [DATA] [BINARY]"); + PrintAndLog("OFFSET | DATA | BINARY"); PrintAndLog("----------------------------------------------------"); int i,j = 0; for (; j < 64; ++j){ @@ -703,32 +685,29 @@ int special(const char *Cmd) { blockData = PackBits(0, 32, bits); - PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32)); + PrintAndLog("%02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32)); } return 0; } -void printConfiguration( t55xx_conf_block_t b){ +int printConfiguration( t55xx_conf_block_t b){ PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) ); PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) ); PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" ); PrintAndLog("Offset : %d", b.offset); PrintAndLog("Block0 : 0x%08X", b.block0); PrintAndLog(""); + return 0; } -int CmdT55xxWriteBlock(const char *Cmd) -{ +int CmdT55xxWriteBlock(const char *Cmd) { int block = 8; //default to invalid block int data = 0xFFFFFFFF; //default to blank Block int password = 0xFFFFFFFF; //default to blank Block 7 char cmdp = param_getchar(Cmd, 0); - if (cmdp == 'h' || cmdp == 'H') { - usage_t55xx_write(); - return 0; - } - + if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_write(); + int res = sscanf(Cmd, "%d %x %x",&block, &data, &password); if ( res < 2 || res > 3) { @@ -762,12 +741,10 @@ int CmdT55xxWriteBlock(const char *Cmd) return 0; } -int CmdT55xxReadTrace(const char *Cmd) -{ +int CmdT55xxReadTrace(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') - return usage_t55xx_trace(); + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace(); if (strlen(Cmd)==0) AquireData( TRACE_BLOCK ); @@ -852,8 +829,7 @@ int CmdT55xxInfo(const char *Cmd){ */ char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') - return usage_t55xx_info(); + if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info(); if (strlen(Cmd)==0) AquireData( CONFIGURATION_BLOCK ); @@ -909,12 +885,8 @@ int CmdT55xxDump(const char *Cmd){ char s[20] = {0x00}; uint8_t pwd[4] = {0x00}; - char cmdp = param_getchar(Cmd, 0); - if ( cmdp == 'h' || cmdp == 'H') { - usage_t55xx_dump(); - return 0; - } + if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump(); bool hasPwd = ( strlen(Cmd) > 0); if ( hasPwd ){ @@ -937,25 +909,17 @@ int CmdT55xxDump(const char *Cmd){ } int AquireData( uint8_t block ){ - - UsbCommand c; - if ( block == CONFIGURATION_BLOCK ) - c.cmd = CMD_T55XX_READ_BLOCK; - else if (block == TRACE_BLOCK ) - c.cmd = CMD_T55XX_READ_TRACE; - - c.arg[0] = 0x00; - c.arg[1] = 0x00; - c.arg[2] = 0x00; - c.d.asBytes[0] = 0x0; - - //Password mode - // if ( res == 2 ) { - // c.arg[2] = password; - // c.d.asBytes[0] = 0x1; - // } - + uint32_t password = 0; + UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, password}}; + + if ( block == CONFIGURATION_BLOCK ) { + c.arg[0] = 0x00 | 0x01; + } + else if (block == TRACE_BLOCK ) { + c.arg[0] = 0x02 | 0x01; + } + clearCommandBuffer(); SendCommand(&c); if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { @@ -1136,7 +1100,7 @@ void t55x7_create_config_block( int tagtype ){ } int CmdT55xxWakeUp(const char *Cmd) { - uint32_t password = 0xFFFFFFFF; //default to blank Block 7 + uint32_t password = 0; uint8_t cmdp = 0; bool errors = false; while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { @@ -1146,7 +1110,7 @@ int CmdT55xxWakeUp(const char *Cmd) { return usage_t55xx_wakup(); case 'p': case 'P': - password = param_get32ex(Cmd, cmdp+1, 0, 10); + password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16); cmdp+=2; break; default: @@ -1156,9 +1120,8 @@ int CmdT55xxWakeUp(const char *Cmd) { } } if (errors) return usage_t55xx_wakup(); - - UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}}; + UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}}; clearCommandBuffer(); SendCommand(&c); PrintAndLog("Wake up command sent. Try read now"); diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index d8e516e8..0fe1b0be 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -76,7 +76,7 @@ char * GetModelStrFromCID(uint32_t cid); char * GetSelectedModulationStr( uint8_t id); uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream); void printT55xxBlock(const char *demodStr); -void printConfiguration( t55xx_conf_block_t b); +int printConfiguration( t55xx_conf_block_t b); bool DecodeT55xxBlock(); bool tryDetectModulation(); -- 2.39.2