From c0f15a05b36450c0182462d6d9d093c04c602b67 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sun, 21 Feb 2016 17:44:25 +0100
Subject: [PATCH] ADD:  Marshmellows fixes for "lf t55xx" and "lf cmdread"  
 ref: https://github.com/Proxmark/proxmark3/pull/166/files

---
 CHANGELOG.md        |  1 +
 armsrc/BigBuf.c     |  7 ++++++-
 armsrc/BigBuf.h     |  1 +
 armsrc/lfops.c      | 21 +++++++++++++++++----
 armsrc/lfsampling.c |  5 ++---
 armsrc/pcf7931.c    |  2 ++
 client/cmddata.c    |  6 +++---
 client/cmdlft55xx.c | 21 +++++++++------------
 client/graph.c      |  6 +++++-
 9 files changed, 46 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b6882d0..65e161c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
   - Updated the Reveng 1.30 sourcecode to 1.31 from Reveng projecthomepage (iceman)
 
 ### Added
+- Added a LF ASK Sequence Terminator detection option to the standard ask demod - and applied it to `lf search u`, `lf t55xx detect`, and `data rawdemod am s` (marshmellow)
 - `lf awid bruteforce <facilitycode>` - Simple bruteforce attack against a AWID reader.
 - `lf t55xx bruteforce <start password> <end password> [i <*.dic>]` - Simple bruteforce attack to find password - (iceman and others)
 - `lf viking clone`- clone viking tag to t55x7 or Q5 from 4byte hex ID input 
diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c
index b3a9a132..851cf390 100644
--- a/armsrc/BigBuf.c
+++ b/armsrc/BigBuf.c
@@ -27,7 +27,7 @@ static uint16_t BigBuf_hi = BIGBUF_SIZE;
 static uint8_t *emulator_memory = NULL;
 
 // trace related variables
-static uint16_t traceLen;
+static uint16_t traceLen = 0;
 int tracing = 1; //Last global one.. todo static?
 
 // get the address of BigBuf
@@ -61,6 +61,10 @@ void BigBuf_Clear_ext(bool verbose)
 		Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
 }
 
+void BigBuf_Clear_keep_EM(void)
+{
+	memset(BigBuf,0,BigBuf_hi);
+}
 
 // allocate a chunk of memory from BigBuf. We allocate high memory first. The unallocated memory
 // at the beginning of BigBuf is always for traces/samples
@@ -239,6 +243,7 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP
 	return TRUE;
 }
 
+
 // Emulator memory
 uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
 	uint8_t* mem = BigBuf_get_EM_addr();
diff --git a/armsrc/BigBuf.h b/armsrc/BigBuf.h
index 3f1b05c2..347c1a4c 100644
--- a/armsrc/BigBuf.h
+++ b/armsrc/BigBuf.h
@@ -26,6 +26,7 @@ extern uint8_t *BigBuf_get_EM_addr(void);
 extern uint16_t BigBuf_max_traceLen(void);
 extern void BigBuf_Clear(void);
 extern void BigBuf_Clear_ext(bool verbose);
+extern void BigBuf_Clear_keep_EM(void);
 extern uint8_t *BigBuf_malloc(uint16_t);
 extern void BigBuf_free(void);
 extern void BigBuf_free_keep_EM(void);
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 2f757f1f..2e2cfd57 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -17,7 +17,7 @@
 #include "lfdemod.h"
 #include "lfsampling.h"
 #include "protocols.h"
-#include "usb_cdc.h" //test
+#include "usb_cdc.h" // for usb_poll_validate_length
 
 /**
  * Function to do a modulation and then get samples.
@@ -37,6 +37,8 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint
 
 	sample_config sc = { 0,0,1, divisor_used, 0};
 	setSamplingConfig(&sc);
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
 
 	/* Make sure the tag is reset */
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@@ -725,6 +727,9 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
+
 	while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
 
 		WDT_HIT();
@@ -815,6 +820,8 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	uint8_t *dest = BigBuf_get_addr();
 	size_t size; 
 	int idx=0;
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 
@@ -905,6 +912,8 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
 	int clk=0, invert=0, errCnt=0, maxErr=20;
 	uint32_t hi=0;
 	uint64_t lo=0;
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 
@@ -966,7 +975,11 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	uint16_t number=0;
 	uint8_t crc = 0;
 	uint16_t calccrc = 0;
-	// Configure to go in 125Khz listen mode
+
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
+	
+// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 
 	while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
@@ -1095,7 +1108,7 @@ void T55xxWriteBit(int bit) {
 void T55xxResetRead(void) {
 	LED_A_ON();
 	//clear buffer now so it does not interfere with timing later
-	BigBuf_Clear_ext(false);
+	BigBuf_Clear_keep_EM();
 
 	// Set up FPGA, 125kHz
 	LFSetupFPGAForADC(95, true);
@@ -1602,7 +1615,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
 	uint16_t bufsize = BigBuf_max_traceLen();
 	uint32_t i = 0;
 
-	//clear buffer now so it does not interfere with timing later
+	// Clear destination buffer before sending the command
 	BigBuf_Clear_ext(false);
 	
 	//If password mode do login
diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c
index 3a502eb6..8a6e6b05 100644
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@@ -10,7 +10,7 @@
 #include "apps.h"
 #include "util.h"
 #include "string.h"
-
+#include "usb_cdc.h" // for usb_poll_validate_length
 #include "lfsampling.h"
 
 sample_config config = { 1, 8, 1, 95, 0 } ;
@@ -103,7 +103,6 @@ void LFSetupFPGAForADC(int divisor, bool lf_field)
 	FpgaSetupSsc();
 }
 
-
 /**
  * Does the sample acquisition. If threshold is specified, the actual sampling
  * is not commenced until the threshold has been reached.
@@ -125,7 +124,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag
 	uint8_t *dest = BigBuf_get_addr();
     uint16_t bufsize = BigBuf_max_traceLen();
 
-	BigBuf_Clear_ext(false);
+	//BigBuf_Clear_ext(false);	  //creates issues with cmdread (marshmellow)
 
 	if(bits_per_sample < 1) bits_per_sample = 1;
 	if(bits_per_sample > 8) bits_per_sample = 8;
diff --git a/armsrc/pcf7931.c b/armsrc/pcf7931.c
index 4d45a69c..24a871aa 100644
--- a/armsrc/pcf7931.c
+++ b/armsrc/pcf7931.c
@@ -28,6 +28,8 @@ int DemodPCF7931(uint8_t **outBlocks) {
 	int num_blocks = 0;
 	int lmin=128, lmax=128;
 	uint8_t dir;
+	//clear read buffer
+	BigBuf_Clear_keep_EM();
 
 	LFSetupFPGAForADC(95, true);
 	DoAcquisition_default(0, true);
diff --git a/client/cmddata.c b/client/cmddata.c
index d1a685e6..2c12e2bb 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -613,7 +613,7 @@ int CmdG_Prox_II_Demod(const char *Cmd)
 		if ((idx+1) % 5 == 0){
 			//spacer bit - should be 0
 			if (DemodBuffer[startIdx+idx] != 0) {
-				if (g_debugMode) PrintAndLog("Error spacer not 0: %d, pos: %d",DemodBuffer[startIdx+idx],startIdx+idx);
+				if (g_debugMode) PrintAndLog("Error spacer not 0: %u, pos: %u", (unsigned int)DemodBuffer[startIdx+idx],(unsigned int)(startIdx+idx));
 				return 0;
 			}
 			continue;
@@ -628,14 +628,14 @@ int CmdG_Prox_II_Demod(const char *Cmd)
 		ByteStream[ByteCnt] = ByteStream[ByteCnt] | (DemodBuffer[startIdx+idx]<<bitCnt);
 		bitCnt++;
 		if (bitCnt % 8 == 0){
-			if (g_debugMode) PrintAndLog("byte %d: %02x",ByteCnt,ByteStream[ByteCnt]);
+			if (g_debugMode) PrintAndLog("byte %u: %02x", (unsigned int)ByteCnt, ByteStream[ByteCnt]);
 			bitCnt=0;
 			ByteCnt++;
 		}
 	}
 	for (uint8_t i = 0; i < ByteCnt; i++){
 		ByteStream[i] ^= xorKey; //xor
-		if (g_debugMode) PrintAndLog("byte %d after xor: %02x", i, ByteStream[i]);
+		if (g_debugMode) PrintAndLog("byte %u after xor: %02x", (unsigned int)i, ByteStream[i]);
 	}
 	//now ByteStream contains 64 bytes of decrypted raw tag data
 	// 
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 2efe0c22..bc30d7e3 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -1397,21 +1397,18 @@ int CmdT55xxBruteForce(const char *Cmd) {
 	char buf[9];
 	char filename[FILE_PATH_SIZE]={0};
 	int	keycnt = 0;
-	int c;
+	int ch;
 	uint8_t stKeyBlock = 20;
 	uint8_t *keyBlock = NULL, *p = NULL;
-	keyBlock = calloc(stKeyBlock, 6);
-	if (keyBlock == NULL) return 1;
-	
     uint32_t start_password = 0x00000000; //start password
     uint32_t end_password   = 0xFFFFFFFF; //end   password
     bool found = false;
 
     char cmdp = param_getchar(Cmd, 0);
-    if (cmdp == 'h' || cmdp == 'H') {
-		free(keyBlock);
-		return usage_t55xx_bruteforce();
-	}
+	if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();
+
+	keyBlock = calloc(stKeyBlock, 6);
+	if (keyBlock == NULL) return 1;
 
 	if (cmdp == 'i' || cmdp == 'I') {
 	
@@ -1472,8 +1469,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
 		for (uint16_t c = 0; c < keycnt; ++c ) {
 	
 			if (ukbhit()) {
-				c = getchar();
-				(void)c;
+				ch = getchar();
+				(void)ch;
 				printf("\naborted via keyboard!\n");
 				free(keyBlock);
 				return 0;
@@ -1523,8 +1520,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
 		printf(".");
 		fflush(stdout);
 		if (ukbhit()) {
-			c = getchar();
-			(void)c;
+			ch = getchar();
+			(void)ch;
 			printf("\naborted via keyboard!\n");
 			free(keyBlock);
 			return 0;
diff --git a/client/graph.c b/client/graph.c
index 06279848..c22b7a3d 100644
--- a/client/graph.c
+++ b/client/graph.c
@@ -143,7 +143,11 @@ int GetAskClock(const char str[], bool printAns, bool verbose)
 			PrintAndLog("Failed to copy from graphbuffer");
 		return -1;
 	}
-	int start = DetectASKClock(grph, size, &clock, 20);
+	bool st = DetectST(grph, &size, &clock);
+	int start = 0;
+	if (st == false) {
+		start = DetectASKClock(grph, size, &clock, 20);
+	}
 	// Only print this message if we're not looping something
 	if (printAns){
 		PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start);
-- 
2.39.2