From 66837a0302678f4c5036b9c6a607731b9a8460de Mon Sep 17 00:00:00 2001
From: marshmellow42 <marshmellowrf@gmail.com>
Date: Fri, 30 Oct 2015 23:23:27 -0400
Subject: [PATCH] Add lf t55xx resetread cmd + fix clone cmds
resetread cmd to determine start of streaming bits of ata5577 or
compatible chips...
fixed lf clone bugs introduced while refactoring recently...
---
armsrc/appmain.c | 6 ++--
armsrc/apps.h | 1 +
armsrc/lfops.c | 58 +++++++++++++++++++++++++++---------
armsrc/lfsampling.c | 7 ++---
armsrc/lfsampling.h | 2 +-
client/cmdlft55xx.c | 38 ++++++++++++++++-------
client/cmdlft55xx.h | 1 +
client/hid-flasher/usb_cmd.h | 2 +-
client/lualibs/commands.lua | 2 +-
include/usb_cmd.h | 2 +-
10 files changed, 84 insertions(+), 35 deletions(-)
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 68d2551f..6e08ba66 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -983,9 +983,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_T55XX_WAKEUP:
T55xxWakeUp(c->arg[0]);
break;
- //case CMD_T55XX_READ_TRACE:
- // T55xxReadTrace();
- // break;
+ case CMD_T55XX_RESET_READ:
+ T55xxResetRead();
+ break;
case CMD_PCF7931_READ:
ReadPCF7931();
break;
diff --git a/armsrc/apps.h b/armsrc/apps.h
index f81f7bac..de32ef54 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -79,6 +79,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); //
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
+void T55xxResetRead(void);
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxWakeUp(uint32_t Pwd);
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 8f611179..ffccff83 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -1110,8 +1110,34 @@ void T55xxWriteBit(int bit) {
SpinDelayUs(WRITE_GAP);
}
+// Send T5577 reset command then read stream (see if we can identify the start of the stream)
+void T55xxResetRead(void) {
+ LED_A_ON();
+ // Set up FPGA, 125kHz
+ LFSetupFPGAForADC(95, true);
+
+ // Trigger T55x7 in mode.
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelayUs(START_GAP);
+
+ // reset tag - op code 00
+ T55xxWriteBit(0);
+ T55xxWriteBit(0);
+
+ // Turn field on to read the response
+ TurnReadLFOn(READ_GAP);
+
+ // Acquisition
+ doT55x7Acquisition(39999);
+
+ // Turn the field off
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ cmd_send(CMD_ACK,0,0,0,0,0);
+ LED_A_OFF();
+}
+
// Write one card block in page 0, no lock
-void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
+void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
LED_A_ON();
bool PwdMode = arg & 0x1;
uint8_t Page = (arg & 0x2)>>1;
@@ -1153,10 +1179,15 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- cmd_send(CMD_ACK,0,0,0,0,0);
LED_A_OFF();
}
+// Write one card block in page 0, no lock
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
+ T55xxWriteBlockExt(Data, Block, Pwd, arg);
+ cmd_send(CMD_ACK,0,0,0,0,0);
+}
+
// Read one card block in page 0
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
LED_A_ON();
@@ -1199,7 +1230,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
TurnReadLFOn(READ_GAP);
// Acquisition
- doT55x7Acquisition();
+ doT55x7Acquisition(12000);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
@@ -1234,8 +1265,10 @@ void T55xxWakeUp(uint32_t Pwd){
void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
// write last block first and config block last (if included)
- for (uint8_t i = numblocks; i > startblock; i--)
- T55xxWriteBlock(blockdata[i-1],i-1,0,0);
+ for (uint8_t i = numblocks+startblock; i > startblock; i--) {
+ Dbprintf("write- Blk: %d, d:%08X",i-1,blockdata[i-1]);
+ T55xxWriteBlockExt(blockdata[i-1],i-1,0,0);
+ }
}
// Copy HID id to card and setup block 0 config
@@ -1253,7 +1286,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
// Build the 6 data blocks for supplied 84bit ID
last_block = 6;
// load preamble (1D) & long format identifier (9E manchester encoded)
- data[1] = 0x1D96A900 | manchesterEncode2Bytes((hi2 >> 16) & 0xF);
+ data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF);
// load raw id from hi2, hi, lo to data blocks (manchester encoded)
data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
data[3] = manchesterEncode2Bytes(hi >> 16);
@@ -1269,7 +1302,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
// Build the 3 data blocks for supplied 44bit ID
last_block = 3;
// load preamble
- data[1] = 0x1D000000 | manchesterEncode2Bytes(hi & 0xFFF);
+ data[1] = 0x1D000000 | (manchesterEncode2Bytes(hi) & 0xFFFFFF);
data[2] = manchesterEncode2Bytes(lo >> 16);
data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
}
@@ -1286,8 +1319,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
DbpString("DONE!");
}
-void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT)
-{
+void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) {
uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
LED_D_ON();
@@ -1311,8 +1343,7 @@ void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
DbpString("DONE!");
}
// Clone Indala 224-bit tag by UID to T55x7
-void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7)
-{
+void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7) {
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
@@ -1328,8 +1359,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
#define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40
-void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
-{
+void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
int i, id_bit;
uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID
@@ -1389,7 +1419,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
LED_D_ON();
// Write EM410x ID
- uint32_t data[] = {0, id>>32, id & 0xFFFF};
+ uint32_t data[] = {0, id>>32, id & 0xFFFFFFFF};
if (card) {
clock = (card & 0xFF00) >> 8;
clock = (clock == 0) ? 64 : clock;
diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c
index 91572563..4a968776 100644
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@@ -253,17 +253,16 @@ uint32_t SnoopLF()
* acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
-void doT55x7Acquisition(void){
+void doT55x7Acquisition(size_t sample_size) {
- #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
#define T55xx_READ_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_TOL 5
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
- if ( bufsize > T55xx_SAMPLES_SIZE )
- bufsize = T55xx_SAMPLES_SIZE;
+ if ( bufsize > sample_size )
+ bufsize = sample_size;
//memset(dest, 0, bufsize);
diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h
index a88def55..bd8ad1d0 100644
--- a/armsrc/lfsampling.h
+++ b/armsrc/lfsampling.h
@@ -5,7 +5,7 @@
* acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
-void doT55x7Acquisition(void);
+void doT55x7Acquisition(size_t sample_size);
/**
* Initializes the FPGA for reader-mode (field on), and acquires the samples.
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index c133726b..b11a6494 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -1165,18 +1165,36 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
return tmp;
}
+int CmdResetRead(const char *Cmd) {
+ UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};
+
+ clearCommandBuffer();
+ SendCommand(&c);
+ if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
+ PrintAndLog("command execution time out");
+ return 0;
+ }
+
+ uint8_t got[39999];
+ GetFromBigBuf(got,sizeof(got),0);
+ WaitForResponse(CMD_ACK,NULL);
+ setGraphBuf(got, sizeof(got));
+ return 1;
+}
+
static command_t CommandTable[] =
{
- {"help", CmdHelp, 1, "This help"},
- {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
- {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
- {"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
- {"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
- {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
- {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
- {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
- {"special", special, 0, "Show block changes with 64 different offsets"},
- {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
+ {"help", CmdHelp, 1, "This help"},
+ {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
+ {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
+ {"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
+ {"resetread",CmdResetRead, 0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"},
+ {"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
+ {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
+ {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
+ {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
+ {"special", special, 0, "Show block changes with 64 different offsets"},
+ {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
{NULL, NULL, 0, NULL}
};
diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h
index a9ee0317..cd50f99a 100644
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@@ -47,6 +47,7 @@ int CmdT55xxWriteBlock(const char *Cmd);
int CmdT55xxReadTrace(const char *Cmd);
int CmdT55xxInfo(const char *Cmd);
int CmdT55xxDetect(const char *Cmd);
+int CmdResetRead(const char *Cmd);
char * GetBitRateStr(uint32_t id);
char * GetSaferStr(uint32_t id);
diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h
index 8f67e82b..c8b576fd 100644
--- a/client/hid-flasher/usb_cmd.h
+++ b/client/hid-flasher/usb_cmd.h
@@ -73,7 +73,7 @@ typedef struct {
#define CMD_INDALA_CLONE_TAG_L 0x0213
#define CMD_T55XX_READ_BLOCK 0x0214
#define CMD_T55XX_WRITE_BLOCK 0x0215
-//#define CMD_T55XX_READ_TRACE 0x0216
+#define CMD_T55XX_RESET_READ 0x0216
#define CMD_PCF7931_READ 0x0217
#define CMD_EM4X_READ_WORD 0x0218
#define CMD_EM4X_WRITE_WORD 0x0219
diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua
index 8f43ea9e..8cdcfb34 100644
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@@ -44,7 +44,7 @@ local _commands = {
CMD_INDALA_CLONE_TAG_L = 0x0213,
CMD_T55XX_READ_BLOCK = 0x0214,
CMD_T55XX_WRITE_BLOCK = 0x0215,
- --//CMD_T55XX_READ_TRACE = 0x0216,
+ CMD_T55XX_RESET_READ = 0x0216,
CMD_PCF7931_READ = 0x0217,
CMD_EM4X_READ_WORD = 0x0218,
CMD_EM4X_WRITE_WORD = 0x0219,
diff --git a/include/usb_cmd.h b/include/usb_cmd.h
index 53917606..3b6cb291 100644
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@@ -85,7 +85,7 @@ typedef struct{
#define CMD_INDALA_CLONE_TAG_L 0x0213
#define CMD_T55XX_READ_BLOCK 0x0214
#define CMD_T55XX_WRITE_BLOCK 0x0215
-//#define CMD_T55XX_READ_TRACE 0x0216
+#define CMD_T55XX_RESET_READ 0x0216
#define CMD_PCF7931_READ 0x0217
#define CMD_PCF7931_WRITE 0x0222
#define CMD_EM4X_READ_WORD 0x0218
--
2.39.5