From 81ee3409f9c56badb3548beb24bbb65469e3274c Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Wed, 5 Dec 2012 20:45:42 +0000 Subject: [PATCH 01/16] added so-called 'driver' for windows --- armsrc/usb_cdc.c | 4 ++-- driver/proxmark3.inf | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 driver/proxmark3.inf diff --git a/armsrc/usb_cdc.c b/armsrc/usb_cdc.c index 85c5d493..b8aee5a4 100644 --- a/armsrc/usb_cdc.c +++ b/armsrc/usb_cdc.c @@ -51,8 +51,8 @@ const char devDescriptor[] = { 0x00, // bDeviceSubclass: CDC class sub code 0x00, // bDeviceProtocol: CDC Device protocol 0x08, // bMaxPacketSize0 - 0xeb,0x03, // Vendor ID (random numbers) - 0x25,0x61, // Product ID (random numbers) + 0x2d,0x2d, // Vendor ID (--) + 0x4d,0x50, // Product ID (PM), transmitted in reverse 0x01,0x00, // Device release number (0001) 0x01, // iManufacturer // 0x01 0x00, // iProduct diff --git a/driver/proxmark3.inf b/driver/proxmark3.inf new file mode 100644 index 00000000..601b2d8f --- /dev/null +++ b/driver/proxmark3.inf @@ -0,0 +1,32 @@ +[Version] +Signature="$Windows NT$" +Class=Ports +ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} +Provider=%ProviderName% +DriverVer=10/15/2009,1.0.0.0 + +[MANUFACTURER] +%ProviderName%=DeviceList, NTx86, NTamd64 + +[DeviceList.NTx86] +%DeviceName%=DriverInstall,USB\VID_2d2d&PID_504d + +[DeviceList.NTamd64] +%DeviceName%=DriverInstall,USB\VID_2d2d&PID_504d + +[DriverInstall] +include=mdmcpq.inf +CopyFiles=FakeModemCopyFileSection +AddReg=LowerFilterAddReg,SerialPropPageAddReg + +[DriverInstall.Services] +include = mdmcpq.inf +AddService = usbser, 0x00000002, LowerFilter_Service_Inst + +; This adds the serial port property tab to the device properties dialog +[SerialPropPageAddReg] +HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider" + +[Strings] +ProviderName = "proxmark.org" +DeviceName = "Proxmark3" -- 2.39.5 From d0b14ad5e71ea33e9d0a5f226522df98142d552c Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Thu, 6 Dec 2012 22:17:27 +0000 Subject: [PATCH 02/16] fixed missing header --- client/cmdhfepa.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index 62680eff..c6db746c 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -15,6 +15,7 @@ #include "cmdparser.h" #include "common.h" #include "cmdmain.h" +#include "sleep.h" #include "cmdhfepa.h" -- 2.39.5 From af65f5f71df8019e34e885070c99e31b06ccce55 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 07:21:00 +0000 Subject: [PATCH 03/16] fixed read uart for windows --- client/proxmark3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/proxmark3.c b/client/proxmark3.c index cff94903..a649576d 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -67,6 +67,7 @@ static void *uart_receiver(void *targ) { size_t cmd_count; while (arg->run) { + rxlen = sizeof(UsbCommand); if (uart_receive(sp,rx,&rxlen)) { if ((rxlen % sizeof(UsbCommand)) != 0) { PrintAndLog("ERROR: received %zd bytes, which does not seem to be one or more command(s)\n",rxlen); -- 2.39.5 From 1282b0e6917006ece024a18517b062accdf74a7f Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 09:51:22 +0000 Subject: [PATCH 04/16] minor output change --- client/proxmark3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/proxmark3.c b/client/proxmark3.c index a649576d..e9d64c88 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -70,7 +70,7 @@ static void *uart_receiver(void *targ) { rxlen = sizeof(UsbCommand); if (uart_receive(sp,rx,&rxlen)) { if ((rxlen % sizeof(UsbCommand)) != 0) { - PrintAndLog("ERROR: received %zd bytes, which does not seem to be one or more command(s)\n",rxlen); + PrintAndLog("ERROR: received %03zd bytes, which does not seem to be one or more command(s)\n",rxlen ); continue; } cmd_count = rxlen / sizeof(UsbCommand); -- 2.39.5 From 985ef1c31561626dae17750741c49f3b9cca85b6 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 11:01:55 +0000 Subject: [PATCH 05/16] temporarely disabled QT for winows, no clue why it gives a failure --- client/Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/client/Makefile b/client/Makefile index ef1155ec..364070e8 100644 --- a/client/Makefile +++ b/client/Makefile @@ -19,7 +19,12 @@ CFLAGS = -std=gnu99 -I. -I../include -I../common -I/opt/local/include -Wall -Wno ifneq (,$(findstring MINGW,$(platform))) CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 -MOC = moc +MOC = $(QTDIR)/moc +#################################################### +# Disabled gui for Windows, can someone with more +# knowledge about QT fix this problem?? +#################################################### +QTLDLIBS= else ifeq ($(platform),Darwin) CXXFLAGS = -I/Library/Frameworks/QtGui.framework/Versions/Current/Headers -I/Library/Frameworks/QtCore.framework/Versions/Current/Headers QTLDLIBS = -framework QtGui -framework QtCore -- 2.39.5 From f0ba6342218d4eb264668655e3c24ad74d99c0f4 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 12:22:05 +0000 Subject: [PATCH 06/16] receiving/sending moved to one thread --- client/proxmark3.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/client/proxmark3.c b/client/proxmark3.c index e9d64c88..38a97716 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -25,14 +25,21 @@ #include "ui.h" static serial_port sp; +static UsbCommand txcmd; +static bool txcmd_pending = false; void SendCommand(UsbCommand *c) { #if 0 printf("Sending %d bytes\n", sizeof(UsbCommand)); #endif - if (!uart_send(sp,(byte_t*)c,sizeof(UsbCommand))) { - ERR("Sending bytes to proxmark failed"); +/* + if (txcmd_pending) { + ERR("Sending command failed, previous command is still pending"); } +*/ + while(txcmd_pending); + txcmd = *c; + txcmd_pending = true; } struct receiver_arg { @@ -79,6 +86,13 @@ static void *uart_receiver(void *targ) { UsbCommandReceived((UsbCommand*)(rx+(i*sizeof(UsbCommand)))); } } + + if(txcmd_pending) { + if (!uart_send(sp,(byte_t*)&txcmd,sizeof(UsbCommand))) { + PrintAndLog("Sending bytes to proxmark failed"); + } + txcmd_pending = false; + } } pthread_exit(NULL); -- 2.39.5 From fe7bfa785696615de44fd896214182446a664646 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 12:51:19 +0000 Subject: [PATCH 07/16] Windows7 working now! ugly fix for inaccurate Windows timer, quickfix for receiving multiple frames --- client/cmdmain.c | 6 +++--- client/proxmark3.c | 15 ++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/client/cmdmain.c b/client/cmdmain.c index edff9f8e..434f9e6e 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -59,9 +59,9 @@ int CmdQuit(const char *Cmd) bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) { // Wait until the command is received - for(size_t i=0; received_command != cmd && i < ms_timeout; i++) { - msleep(1); // XXX ugh - if (i == 2000) { + for(size_t i=0; received_command != cmd && i < ms_timeout/10; i++) { + msleep(10); // XXX ugh + if (i == 200) { // Two seconds elapsed PrintAndLog("Waiting for a response from the proxmark..."); PrintAndLog("Don't forget to cancel its operation first by pressing on the button"); } diff --git a/client/proxmark3.c b/client/proxmark3.c index 38a97716..949013ec 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -67,6 +67,7 @@ struct main_loop_arg { //} byte_t rx[0x1000000]; +byte_t* prx = rx; static void *uart_receiver(void *targ) { struct receiver_arg *arg = (struct receiver_arg*)targ; @@ -75,18 +76,19 @@ static void *uart_receiver(void *targ) { while (arg->run) { rxlen = sizeof(UsbCommand); - if (uart_receive(sp,rx,&rxlen)) { - if ((rxlen % sizeof(UsbCommand)) != 0) { - PrintAndLog("ERROR: received %03zd bytes, which does not seem to be one or more command(s)\n",rxlen ); + if (uart_receive(sp,prx,&rxlen)) { + prx += rxlen; + if (((prx-rx) % sizeof(UsbCommand)) != 0) { continue; } - cmd_count = rxlen / sizeof(UsbCommand); -// printf("received %zd bytes, which represents %zd commands\n",rxlen, cmd_count); + cmd_count = (prx-rx) / sizeof(UsbCommand); + // printf("received %d bytes, which represents %d commands\n",(prx-rx), cmd_count); for (size_t i=0; i Date: Fri, 7 Dec 2012 22:37:22 +0000 Subject: [PATCH 08/16] fixed 'hf mf' command and some others --- client/cmdhfepa.c | 2 +- client/cmdhfmf.c | 2 +- client/mifarehost.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index c6db746c..41f801e7 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -88,7 +88,7 @@ int CmdHelp(const char *Cmd) int CmdHFEPA(const char *Cmd) { // flush - while (!WaitForResponseTimeout(CMD_ACK,NULL,500)); + WaitForResponseTimeout(CMD_ACK,NULL,100); // parse CmdsParse(CommandTable, Cmd); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 5927616b..cea95ff0 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1676,7 +1676,7 @@ static command_t CommandTable[] = int CmdHFMF(const char *Cmd) { // flush - while (!WaitForResponseTimeout(CMD_ACK,NULL,500)); + WaitForResponseTimeout(CMD_ACK,NULL,100); CmdsParse(CommandTable, Cmd); return 0; diff --git a/client/mifarehost.c b/client/mifarehost.c index 22b2a328..825e06d8 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -65,7 +65,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo memset(resultKeys, 0x00, 16 * 6); // flush queue - while (!WaitForResponseTimeout(CMD_ACK,NULL,500)); + WaitForResponseTimeout(CMD_ACK,NULL,100); UsbCommand c = {CMD_MIFARE_NESTED, {blockNo, keyType, trgBlockNo + trgKeyType * 0x100}}; memcpy(c.d.asBytes, key, 6); -- 2.39.5 From 80501bad5b7155e77374ca56ce50e35ebd64c1a4 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Fri, 7 Dec 2012 22:41:41 +0000 Subject: [PATCH 09/16] tryout.... changed to 64-bit command arguments in stead of 32-bit --- include/usb_cmd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/usb_cmd.h b/include/usb_cmd.h index b3c52d1d..45acfe42 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -36,7 +36,7 @@ typedef struct { typedef struct { uint32_t cmd; - uint32_t arg[3]; + uint64_t arg[3]; union { uint8_t asBytes[USB_CMD_DATA_SIZE]; uint32_t asDwords[USB_CMD_DATA_SIZE/4]; -- 2.39.5 From 9440213d6b05ca9f5c7b1158f91654708448d776 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Sun, 9 Dec 2012 13:00:19 +0000 Subject: [PATCH 10/16] fixed 64-bit cmd/arg for windows --- armsrc/appmain.c | 3 ++- armsrc/cmd.c | 4 ++-- client/cmdmain.c | 23 +++++++++++++++-------- include/usb_cmd.h | 4 ++-- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index a7c830fa..bdd04757 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -79,7 +79,8 @@ void ToSendStuffBit(int b) void DbpString(char *str) { - cmd_send(CMD_DEBUG_PRINT_STRING,strlen(str),0,0,(byte_t*)str,strlen(str)); + byte_t len = strlen(str); + cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len); // /* this holds up stuff unless we're connected to usb */ // if (!UsbConnected()) // return; diff --git a/armsrc/cmd.c b/armsrc/cmd.c index f64b4e40..c414bc39 100644 --- a/armsrc/cmd.c +++ b/armsrc/cmd.c @@ -58,13 +58,13 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, byte_t* // Compose the outgoing command frame txcmd.cmd = cmd; txcmd.arg[0] = arg0; - txcmd.arg[1] = arg1; + txcmd.arg[1] = arg1; txcmd.arg[2] = arg2; // Add the (optional) content to the frame, with a maximum size of USB_CMD_DATA_SIZE if (data && len) { memcpy(txcmd.d.asBytes,data,MIN(len,USB_CMD_DATA_SIZE)); - } + } // Send frame and make sure all bytes are transmitted if (usb_write((byte_t*)&txcmd,sizeof(UsbCommand)) != 0) return false; diff --git a/client/cmdmain.c b/client/cmdmain.c index 434f9e6e..2fdaabc1 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -23,6 +23,7 @@ #include "cmdhw.h" #include "cmdlf.h" #include "cmdmain.h" +#include "util.h" unsigned int current_command = CMD_UNKNOWN; unsigned int received_command = CMD_UNKNOWN; @@ -99,17 +100,23 @@ void CommandReceived(char *Cmd) { //----------------------------------------------------------------------------- void UsbCommandReceived(UsbCommand *UC) { + // Debug + // printf("UsbCommand length[len=%d]\n",sizeof(UsbCommand)); + // printf(" cmd[len=%d]: %x\n",sizeof(UC->cmd),UC->cmd); + // printf(" arg0[len=%d]: %x\n",sizeof(UC->arg[0]),UC->arg[0]); + // printf(" arg1[len=%d]: %x\n",sizeof(UC->arg[1]),UC->arg[1]); + // printf(" arg2[len=%d]: %x\n",sizeof(UC->arg[2]),UC->arg[2]); + // printf(" data[len=%d]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]); + // printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command); - /* If we recognize a response, return to avoid further processing */ + // If we recognize a response, return to avoid further processing switch(UC->cmd) { - // First check if we are handling a debug message + // First check if we are handling a debug message case CMD_DEBUG_PRINT_STRING: { - char s[100]; - if(UC->arg[0] > 70 || UC->arg[0] < 0) { - UC->arg[0] = 0; - } - memcpy(s, UC->d.asBytes, UC->arg[0]); - s[UC->arg[0]] = '\0'; + char s[USB_CMD_DATA_SIZE+1]; + size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE); + memcpy(s,UC->d.asBytes,len); + s[len] = 0x00; PrintAndLog("#db# %s ", s); return; } break; diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 45acfe42..62c0acd7 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -35,10 +35,10 @@ typedef struct { #define USB_CMD_DATA_SIZE 512 typedef struct { - uint32_t cmd; + uint64_t cmd; uint64_t arg[3]; union { - uint8_t asBytes[USB_CMD_DATA_SIZE]; + uint8_t asBytes[USB_CMD_DATA_SIZE]; uint32_t asDwords[USB_CMD_DATA_SIZE/4]; } d; } PACKED UsbCommand; -- 2.39.5 From ab4da50d99bb4334b86ff9bc8c5795723df37966 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Sun, 9 Dec 2012 21:25:29 +0000 Subject: [PATCH 11/16] added automatically saving the hitag2 memory content to file --- armsrc/hitag2.c | 58 ++++++++++++++++++++++++--------------------- client/cmdlfhitag.c | 55 ++++++++++++++++++++++++++---------------- client/proxmark3.c | 3 ++- 3 files changed, 68 insertions(+), 48 deletions(-) diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 37eb211c..6f5557f6 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -27,6 +27,7 @@ static bool bQuiet; bool bCrypto; bool bAuthenticating; bool bPwd; +bool bSuccessful; struct hitag2_tag { uint32_t uid; @@ -477,8 +478,8 @@ bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) *txlen = 32; memcpy(tx,password,4); bPwd = true; - memcpy(tag.sectors[blocknr],rx,4); - blocknr++; + memcpy(tag.sectors[blocknr],rx,4); + blocknr++; } else { if(blocknr == 1){ @@ -491,7 +492,7 @@ bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) blocknr++; if (blocknr > 7) { DbpString("Read succesful!"); - // We are done... for now + bSuccessful = true; return false; } *txlen = 10; @@ -553,7 +554,7 @@ bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { } if (blocknr > 7) { DbpString("Read succesful!"); - // We are done... for now + bSuccessful = true; return false; } *txlen = 10; @@ -1074,7 +1075,10 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { int t_wait = HITAG_T_WAIT_MAX; bool bStop; bool bQuitTraceFull = false; - + + // Reset the return status + bSuccessful = false; + // Clean up trace and prepare it for storing frames iso14a_set_tracing(TRUE); iso14a_clear_trace(); @@ -1172,26 +1176,26 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { lastbit = 1; bStop = false; - // Tag specific configuration settings (sof, timings, etc.) - if (htf < 10){ - // hitagS settings - reset_sof = 1; - t_wait = 200; - DbpString("Configured for hitagS reader"); - } else if (htf < 20) { - // hitag1 settings - reset_sof = 1; - t_wait = 200; - DbpString("Configured for hitag1 reader"); - } else if (htf < 30) { - // hitag2 settings - reset_sof = 4; - t_wait = HITAG_T_WAIT_2; - DbpString("Configured for hitag2 reader"); + // Tag specific configuration settings (sof, timings, etc.) + if (htf < 10){ + // hitagS settings + reset_sof = 1; + t_wait = 200; + DbpString("Configured for hitagS reader"); + } else if (htf < 20) { + // hitag1 settings + reset_sof = 1; + t_wait = 200; + DbpString("Configured for hitag1 reader"); + } else if (htf < 30) { + // hitag2 settings + reset_sof = 4; + t_wait = HITAG_T_WAIT_2; + DbpString("Configured for hitag2 reader"); } else { - Dbprintf("Error, unknown hitag reader type: %d",htf); - return; - } + Dbprintf("Error, unknown hitag reader type: %d",htf); + return; + } while(!bStop && !BUTTON_PRESS()) { // Watchdog hit @@ -1336,7 +1340,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - -// Dbprintf("frame received: %d",frame_count); -// DbpString("All done"); + Dbprintf("frame received: %d",frame_count); + DbpString("All done"); + cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); } diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 2541ce59..1ee88401 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -30,18 +30,6 @@ int CmdLFHitagList(const char *Cmd) GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); - char filename[256]; - FILE* pf = NULL; - - if (param_getstr(Cmd,0,filename)) { - if (strlen(filename) > 0) { - if ((pf = fopen(filename,"w")) == NULL) { - PrintAndLog("Error: Could not open file [%s]",filename); - return 1; - } - } - } - PrintAndLog("recorded activity:"); PrintAndLog(" ETU :rssi: who bytes"); PrintAndLog("---------+----+----+-----------"); @@ -49,6 +37,9 @@ int CmdLFHitagList(const char *Cmd) int i = 0; int prev = -1; + char filename[256]; + FILE* pf = NULL; + for (;;) { if(i >= 1900) { break; @@ -198,14 +189,14 @@ int CmdLFHitagReader(const char *Cmd) { } break; default: { PrintAndLog("Error: unkown reader function %d",htf); - PrintAndLog("Hitag reader functions",htf); - PrintAndLog(" HitagS (0*)",htf); - PrintAndLog(" Hitag1 (1*)",htf); - PrintAndLog(" Hitag2 (2*)",htf); - PrintAndLog(" 21 (password mode)",htf); - PrintAndLog(" 22 (authentication)",htf); - PrintAndLog(" 23 (authentication) key is in format: ISK high + ISK low",htf); - PrintAndLog(" 25 (test recorded authentications)",htf); + PrintAndLog("Hitag reader functions"); + PrintAndLog(" HitagS (0*)"); + PrintAndLog(" Hitag1 (1*)"); + PrintAndLog(" Hitag2 (2*)"); + PrintAndLog(" 21 (password mode)"); + PrintAndLog(" 22 (authentication)"); + PrintAndLog(" 23 (authentication) key is in format: ISK high + ISK low"); + PrintAndLog(" 25 (test recorded authentications)"); return 1; } break; } @@ -213,7 +204,31 @@ int CmdLFHitagReader(const char *Cmd) { // Copy the hitag2 function into the first argument c.arg[0] = htf; + // Send the command to the proxmark SendCommand(&c); + + UsbCommand resp; + WaitForResponse(CMD_ACK,&resp); + + // Check the return status, stored in the first argument + if (resp.arg[0] == false) return 1; + + uint32_t id = bytes_to_num(resp.d.asBytes,4); + char filename[256]; + FILE* pf = NULL; + + sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff)); + if ((pf = fopen(filename,"wb")) == NULL) { + PrintAndLog("Error: Could not open file [%s]",filename); + return 1; + } + + // Write the 48 tag memory bytes to file and finalize + fwrite(resp.d.asBytes,1,48,pf); + fclose(pf); + + PrintAndLog("Succesfully saved tag memory to [%s]",filename); + return 0; } diff --git a/client/proxmark3.c b/client/proxmark3.c index 949013ec..db37780d 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -196,7 +196,8 @@ static void *main_loop(void *targ) { } int main(int argc, char* argv[]) { - + srand(time(0)); + if (argc < 2) { printf("syntax: %s \n\n",argv[0]); return 1; -- 2.39.5 From fc8c5cdd12428f39dbb67b7e744b2dfdd59b5f23 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Mon, 10 Dec 2012 15:12:32 +0000 Subject: [PATCH 12/16] fixed hitag2 dump if one or more blocks are locked --- armsrc/hitag2.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 6f5557f6..05ac1f5e 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -524,11 +524,27 @@ bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { case 0: { // Stop if there is no answer while we are in crypto mode (after sending NrAr) if (bCrypto) { - DbpString("Authentication failed!"); - return false; - } - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); + // Failed during authentication + if (bAuthenticating) { + DbpString("Authentication failed!"); + return false; + } else { + // Failed reading a block, could be (read/write) locked, skip block and re-authenticate + if (blocknr == 1) { + memcpy(tag.sectors[1],key+2,4); + } else if (blocknr == 2) { + tag.sectors[2][0] = 0x00; + tag.sectors[2][1] = 0x00; + tag.sectors[2][2] = key[0]; + tag.sectors[2][3] = key[1]; + } + blocknr++; + bCrypto = false; + } + } else { + *txlen = 5; + memcpy(tx,"\xc0",nbytes(*txlen)); + } } break; // Received UID, crypto tag answer -- 2.39.5 From ab6bf11f3fbd32163ac79e1e65d15c496d4ff65e Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Mon, 17 Dec 2012 13:21:53 +0000 Subject: [PATCH 13/16] minor fix when reading blocks --- armsrc/hitag2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 05ac1f5e..a2c1d823 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -531,12 +531,17 @@ bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { } else { // Failed reading a block, could be (read/write) locked, skip block and re-authenticate if (blocknr == 1) { + // Write the low part of the key in memory memcpy(tag.sectors[1],key+2,4); } else if (blocknr == 2) { + // Write the high part of the key in memory tag.sectors[2][0] = 0x00; tag.sectors[2][1] = 0x00; tag.sectors[2][2] = key[0]; tag.sectors[2][3] = key[1]; + } else { + // Just put zero's in the memory (of the unreadable block) + memset(tag.sectors[blocknr],0x00,4); } blocknr++; bCrypto = false; -- 2.39.5 From 79a73ab2d1a63fdf75d42774e160a9335d893416 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Wed, 27 Feb 2013 13:23:38 +0000 Subject: [PATCH 14/16] fixed USB GPIO bug reported by gregy, and fixed 'hf 14a reader' command --- armsrc/apps.h | 2 +- armsrc/cmd.c | 6 +-- armsrc/cmd.h | 2 +- armsrc/iso14443a.c | 99 +++++++++++++++++++++++++++++----------------- armsrc/usb_cdc.c | 29 +++++++------- client/cmdhf14a.c | 40 +++++++++---------- client/cmdmain.c | 14 ++++--- 7 files changed, 111 insertions(+), 81 deletions(-) diff --git a/armsrc/apps.h b/armsrc/apps.h index 94bc5b04..5543d585 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -183,7 +183,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd); // cmd.h bool cmd_receive(UsbCommand* cmd); -bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, byte_t* data, size_t len); +bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len); /// util.h diff --git a/armsrc/cmd.c b/armsrc/cmd.c index c414bc39..ff5c4f81 100644 --- a/armsrc/cmd.c +++ b/armsrc/cmd.c @@ -1,7 +1,7 @@ /* * Proxmark send and receive commands * - * Copyright (c) 2010, Roel Verdult + * Copyright (c) 2012, Roel Verdult * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -52,7 +52,7 @@ bool cmd_receive(UsbCommand* cmd) { return true; } -bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, byte_t* data, size_t len) { +bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len) { UsbCommand txcmd; // Compose the outgoing command frame @@ -63,7 +63,7 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, byte_t* // Add the (optional) content to the frame, with a maximum size of USB_CMD_DATA_SIZE if (data && len) { - memcpy(txcmd.d.asBytes,data,MIN(len,USB_CMD_DATA_SIZE)); + memcpy(txcmd.d.asBytes,(byte_t*)data,MIN(len,USB_CMD_DATA_SIZE)); } // Send frame and make sure all bytes are transmitted diff --git a/armsrc/cmd.h b/armsrc/cmd.h index c10a534f..b330a219 100644 --- a/armsrc/cmd.h +++ b/armsrc/cmd.h @@ -38,7 +38,7 @@ #include "usb_cdc.h" bool cmd_receive(UsbCommand* cmd); -bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, byte_t* data, size_t len); +bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len); #endif // _PROXMARK_CMD_H_ diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index d2ebb0c6..7c1db14b 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1636,31 +1636,36 @@ int ReaderReceivePar(uint8_t* receivedAnswer, uint32_t * parptr) /* performs iso14443a anticolision procedure * fills the uid pointer unless NULL * fills resp_data unless NULL */ -int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, uint32_t * cuid_ptr) { +int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, uint32_t* cuid_ptr) { uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP uint8_t sel_all[] = { 0x93,0x20 }; uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 - uint8_t* resp = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET); // was 3560 - tied to other size changes + byte_t uid_resp[4]; + size_t uid_resp_len; uint8_t sak = 0x04; // cascade uid int cascade_level = 0; - int len; - - // clear uid - memset(uid_ptr, 0, 12); - + // Broadcast for a card, WUPA (0x52) will force response from all cards in the field ReaderTransmitShort(wupa); // Receive the ATQA if(!ReaderReceive(resp)) return 0; // Dbprintf("atqa: %02x %02x",resp[0],resp[1]); - if(resp_data) - memcpy(resp_data->atqa, resp, 2); + if(p_hi14a_card) { + memcpy(p_hi14a_card->atqa, resp, 2); + p_hi14a_card->uidlen = 0; + memset(p_hi14a_card->uid,0,10); + } + // clear uid + if (uid_ptr) { + memset(uid_ptr,0,10); + } + // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in // which case we need to make a cascade 2 request and select - this is a long UID // While the UID is not complete, the 3nd bit (from the right) is set in the SAK. @@ -1672,12 +1677,16 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u // SELECT_ALL ReaderTransmit(sel_all,sizeof(sel_all)); if (!ReaderReceive(resp)) return 0; -// Dbprintf("uid: %02x %02x %02x %02x",resp[0],resp[1],resp[2],resp[3]); - - if(uid_ptr) memcpy(uid_ptr + cascade_level*4, resp, 4); - + + // First backup the current uid + memcpy(uid_resp,resp,4); + uid_resp_len = 4; + // Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]); + // calculate crypto UID - if(cuid_ptr) *cuid_ptr = bytes_to_num(resp, 4); + if(cuid_ptr) { + *cuid_ptr = bytes_to_num(uid_resp, 4); + } // Construct SELECT UID command memcpy(sel_uid+2,resp,5); @@ -1687,34 +1696,47 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u // Receive the SAK if (!ReaderReceive(resp)) return 0; sak = resp[0]; + + // Test if more parts of the uid are comming + if ((sak & 0x04) && uid_resp[0] == 0x88) { + // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of: + // http://www.nxp.com/documents/application_note/AN10927.pdf + memcpy(uid_ptr, uid_ptr + 1, 3); + uid_resp_len = 3; + } + + if(uid_ptr) { + memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len); + } + + if(p_hi14a_card) { + memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len); + p_hi14a_card->uidlen += uid_resp_len; + } } - if(resp_data) { - resp_data->sak = sak; - resp_data->ats_len = 0; - } - //-- this byte not UID, it CT. http://www.nxp.com/documents/application_note/AN10927.pdf page 3 - if (uid_ptr[0] == 0x88) { - memcpy(uid_ptr, uid_ptr + 1, 7); - uid_ptr[7] = 0; + + if(p_hi14a_card) { + p_hi14a_card->sak = sak; + p_hi14a_card->ats_len = 0; } - if( (sak & 0x20) == 0) + if( (sak & 0x20) == 0) { return 2; // non iso14443a compliant tag + } // Request for answer to select - if(resp_data) { // JCOP cards - if reader sent RATS then there is no MIFARE session at all!!! + if(p_hi14a_card) { // JCOP cards - if reader sent RATS then there is no MIFARE session at all!!! AppendCrc14443a(rats, 2); ReaderTransmit(rats, sizeof(rats)); if (!(len = ReaderReceive(resp))) return 0; - memcpy(resp_data->ats, resp, sizeof(resp_data->ats)); - resp_data->ats_len = len; + memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats)); + p_hi14a_card->ats_len = len; } // reset the PCB block number iso14_pcb_blocknum = 0; - return 1; } @@ -1774,18 +1796,20 @@ void ReaderIso14443a(UsbCommand * c) iso14a_command_t param = c->arg[0]; uint8_t * cmd = c->d.asBytes; size_t len = c->arg[1]; - uint32_t arg0; - byte_t buf[48]; + uint32_t arg0 = 0; + byte_t buf[USB_CMD_DATA_SIZE]; iso14a_clear_trace(); iso14a_set_tracing(true); - if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(1); + if(param & ISO14A_REQUEST_TRIGGER) { + iso14a_set_trigger(1); + } if(param & ISO14A_CONNECT) { iso14443a_setup(); - arg0 = iso14443a_select_card(buf, (iso14a_card_select_t *)(buf+12), NULL); - cmd_send(CMD_ACK,arg0,0,0,buf,48); + arg0 = iso14443a_select_card(NULL,(iso14a_card_select_t*)buf,NULL); + cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(iso14a_card_select_t)); // UsbSendPacket((void *)ack, sizeof(UsbCommand)); } @@ -1799,7 +1823,7 @@ void ReaderIso14443a(UsbCommand * c) if(param & ISO14A_APDU) { arg0 = iso14_apdu(cmd, len, buf); - cmd_send(CMD_ACK,arg0,0,0,buf,48); + cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf)); // UsbSendPacket((void *)ack, sizeof(UsbCommand)); } @@ -1811,13 +1835,16 @@ void ReaderIso14443a(UsbCommand * c) ReaderTransmit(cmd,len); arg0 = ReaderReceive(buf); // UsbSendPacket((void *)ack, sizeof(UsbCommand)); - cmd_send(CMD_ACK,arg0,0,0,buf,48); + cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf)); } - if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(0); + if(param & ISO14A_REQUEST_TRIGGER) { + iso14a_set_trigger(0); + } - if(param & ISO14A_NO_DISCONNECT) + if(param & ISO14A_NO_DISCONNECT) { return; + } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); diff --git a/armsrc/usb_cdc.c b/armsrc/usb_cdc.c index b8aee5a4..fa1f849e 100644 --- a/armsrc/usb_cdc.c +++ b/armsrc/usb_cdc.c @@ -34,6 +34,7 @@ #include "usb_cdc.h" #include "util.h" +#include "config_gpio.h" #define MIN(a, b) (((a) < (b)) ? (a) : (b)) #define MAX(a, b) (((a) > (b)) ? (a) : (b)) @@ -217,12 +218,12 @@ byte_t btConnection = 0; byte_t btReceiveBank = AT91C_UDP_RX_DATA_BK0; //*---------------------------------------------------------------------------- -//* \fn AT91F_USB_Disable +//* \fn usb_disable //* \brief This function deactivates the USB device //*---------------------------------------------------------------------------- void usb_disable() { - // Disconnect and reconnect USB controller for 100ms - AT91C_BASE_PIOA->PIO_ODR = AT91C_PIO_PA24; + // Disconnect the USB device + AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU; SpinDelay(100); // Clear all lingering interrupts @@ -232,7 +233,7 @@ void usb_disable() { } //*---------------------------------------------------------------------------- -//* \fn AT91F_USB_Enable +//* \fn usb_enable //* \brief This function Activates the USB device //*---------------------------------------------------------------------------- void usb_enable() { @@ -246,25 +247,25 @@ void usb_enable() { // Enable UDP PullUp (USB_DP_PUP) : enable & Clear of the corresponding PIO // Set in PIO mode and Configure in Output - AT91C_BASE_PIOA->PIO_PER = AT91C_PIO_PA16; // Set in PIO mode - AT91C_BASE_PIOA->PIO_OER = AT91C_PIO_PA16; // Configure as Output + AT91C_BASE_PIOA->PIO_PER = GPIO_USB_PU; // Set in PIO mode + AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; // Configure as Output - // Clear for set the Pul up resistor - AT91C_BASE_PIOA->PIO_CODR = AT91C_PIO_PA16; + // Clear for set the Pullup resistor + AT91C_BASE_PIOA->PIO_CODR = GPIO_USB_PU; - // Disconnect and USB device + // Disconnect and reconnect USB controller for 100ms usb_disable(); // Wait for a short while SpinDelay(100); // Reconnect USB reconnect - AT91C_BASE_PIOA->PIO_SODR = AT91C_PIO_PA24; - AT91C_BASE_PIOA->PIO_OER = AT91C_PIO_PA24; + AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU; + AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; } //*---------------------------------------------------------------------------- -//* \fn AT91F_UDP_IsConfigured +//* \fn usb_check //* \brief Test if the device is configured and handle enumeration //*---------------------------------------------------------------------------- bool usb_check() { @@ -295,7 +296,7 @@ bool usb_poll() } //*---------------------------------------------------------------------------- -//* \fn AT91F_UDP_Read +//* \fn usb_read //* \brief Read available data from Endpoint OUT //*---------------------------------------------------------------------------- uint32_t usb_read(byte_t* data, size_t len) { @@ -328,7 +329,7 @@ uint32_t usb_read(byte_t* data, size_t len) { } //*---------------------------------------------------------------------------- -//* \fn AT91F_CDC_Write +//* \fn usb_write //* \brief Send through endpoint 2 //*---------------------------------------------------------------------------- uint32_t usb_write(const byte_t* data, const size_t len) { diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index a82c7e35..79273040 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -168,8 +168,8 @@ int CmdHF14AReader(const char *Cmd) UsbCommand resp; WaitForResponse(CMD_ACK,&resp); - uint8_t * uid = resp.d.asBytes; - iso14a_card_select_t * card = (iso14a_card_select_t *)(uid + 12); + iso14a_card_select_t *card = (iso14a_card_select_t *)resp.d.asBytes; + uint8_t * uid = card->uid; if(resp.arg[0] == 0) { PrintAndLog("iso14443a card select failed"); @@ -177,24 +177,24 @@ int CmdHF14AReader(const char *Cmd) } PrintAndLog("ATQA : %02x %02x", card->atqa[0], card->atqa[1]); - PrintAndLog(" UID : %s", sprint_hex(uid, 12)); + PrintAndLog(" UID : %s", sprint_hex(card->uid, card->uidlen)); PrintAndLog(" SAK : %02x [%d]", card->sak, resp.arg[0]); switch (card->sak) { - case 0x00: PrintAndLog(" SAK : NXP MIFARE Ultralight | Ultralight C"); break; - case 0x04: PrintAndLog(" SAK : NXP MIFARE (various !DESFire !DESFire EV1)"); break; - - case 0x08: PrintAndLog(" SAK : NXP MIFARE CLASSIC 1k | Plus 2k"); break; - case 0x09: PrintAndLog(" SAK : NXP MIFARE Mini 0.3k"); break; - case 0x10: PrintAndLog(" SAK : NXP MIFARE Plus 2k"); break; - case 0x11: PrintAndLog(" SAK : NXP MIFARE Plus 4k"); break; - case 0x18: PrintAndLog(" SAK : NXP MIFARE Classic 4k | Plus 4k"); break; - case 0x20: PrintAndLog(" SAK : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k | JCOP 31/41"); break; - case 0x24: PrintAndLog(" SAK : NXP MIFARE DESFire | DESFire EV1"); break; - case 0x28: PrintAndLog(" SAK : JCOP31 or JCOP41 v2.3.1"); break; - case 0x38: PrintAndLog(" SAK : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); break; - case 0x88: PrintAndLog(" SAK : Infineon MIFARE CLASSIC 1K"); break; - case 0x98: PrintAndLog(" SAK : Gemplus MPCOS"); break; + case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break; + case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break; + + case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k"); break; + case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break; + case 0x10: PrintAndLog("TYPE : NXP MIFARE Plus 2k"); break; + case 0x11: PrintAndLog("TYPE : NXP MIFARE Plus 4k"); break; + case 0x18: PrintAndLog("TYPE : NXP MIFARE Classic 4k | Plus 4k"); break; + case 0x20: PrintAndLog("TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k | JCOP 31/41"); break; + case 0x24: PrintAndLog("TYPE : NXP MIFARE DESFire | DESFire EV1"); break; + case 0x28: PrintAndLog("TYPE : JCOP31 or JCOP41 v2.3.1"); break; + case 0x38: PrintAndLog("TYPE : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); break; + case 0x88: PrintAndLog("TYPE : Infineon MIFARE CLASSIC 1K"); break; + case 0x98: PrintAndLog("TYPE : Gemplus MPCOS"); break; default: ; } if(resp.arg[0] == 1) { @@ -314,9 +314,9 @@ int CmdHF14AReader(const char *Cmd) } } } - } - else - PrintAndLog("proprietary non-iso14443a card found, RATS not supported"); + } else { + PrintAndLog("proprietary non iso14443a-4 card found, RATS not supported"); + } return resp.arg[0]; } diff --git a/client/cmdmain.c b/client/cmdmain.c index 2fdaabc1..62eef122 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -100,13 +100,15 @@ void CommandReceived(char *Cmd) { //----------------------------------------------------------------------------- void UsbCommandReceived(UsbCommand *UC) { + /* // Debug - // printf("UsbCommand length[len=%d]\n",sizeof(UsbCommand)); - // printf(" cmd[len=%d]: %x\n",sizeof(UC->cmd),UC->cmd); - // printf(" arg0[len=%d]: %x\n",sizeof(UC->arg[0]),UC->arg[0]); - // printf(" arg1[len=%d]: %x\n",sizeof(UC->arg[1]),UC->arg[1]); - // printf(" arg2[len=%d]: %x\n",sizeof(UC->arg[2]),UC->arg[2]); - // printf(" data[len=%d]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]); + printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand)); + printf(" cmd[len=%zd]: %llx\n",sizeof(UC->cmd),UC->cmd); + printf(" arg0[len=%zd]: %llx\n",sizeof(UC->arg[0]),UC->arg[0]); + printf(" arg1[len=%zd]: %llx\n",sizeof(UC->arg[1]),UC->arg[1]); + printf(" arg2[len=%zd]: %llx\n",sizeof(UC->arg[2]),UC->arg[2]); + printf(" data[len=%zd]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]); + */ // printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command); // If we recognize a response, return to avoid further processing -- 2.39.5 From 28fdb04fd8d62e46c36f959b373d662f1a146448 Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Thu, 28 Feb 2013 15:11:52 +0000 Subject: [PATCH 15/16] Finally, rewrote bootrom and flasher program, much faster now --- armsrc/Makefile | 2 +- armsrc/appmain.c | 2 +- armsrc/util.h | 3 - bootrom/Makefile | 6 +- bootrom/bootrom.c | 267 ++++++++++-------- bootrom/stdint.h | 27 -- bootrom/usb_hid.c | 524 ----------------------------------- bootrom/usb_hid.h | 29 -- client/Makefile | 15 +- client/cmddata.c | 2 +- client/cmdhf.c | 2 +- client/cmdhf14a.c | 3 +- client/cmdhf14b.c | 2 +- client/cmdhf15.c | 2 +- client/cmdhfepa.c | 2 +- client/cmdhficlass.c | 2 +- client/cmdhflegic.c | 8 +- client/cmdhfmf.h | 2 +- client/cmdhw.c | 2 +- client/cmdlf.c | 4 +- client/cmdlfem4x.c | 2 +- client/cmdlfhid.c | 2 +- client/cmdlfhitag.c | 2 +- client/cmdlfti.c | 4 +- client/data.c | 2 +- client/flash.c | 63 +++-- client/flasher.c | 71 ++++- client/mifarehost.c | 1 - client/mifarehost.h | 2 +- client/proxusb.c | 222 --------------- client/proxusb.h | 34 --- common/Makefile.common | 2 +- {armsrc => common}/cmd.c | 12 +- {armsrc => common}/cmd.h | 0 {armsrc => common}/usb_cdc.c | 6 +- {armsrc => common}/usb_cdc.h | 0 include/common.h | 3 + include/usb_cmd.h | 9 - 38 files changed, 311 insertions(+), 1032 deletions(-) delete mode 100644 bootrom/stdint.h delete mode 100644 bootrom/usb_hid.c delete mode 100644 bootrom/usb_hid.h delete mode 100644 client/proxusb.c delete mode 100644 client/proxusb.h rename {armsrc => common}/cmd.c (89%) rename {armsrc => common}/cmd.h (100%) rename {armsrc => common}/usb_cdc.c (96%) rename {armsrc => common}/usb_cdc.h (100%) diff --git a/armsrc/Makefile b/armsrc/Makefile index 47d56a2e..2e5350bb 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -10,7 +10,7 @@ APP_INCLUDES = apps.h #remove one of the following defines and comment out the relevant line #in the next section to remove that particular feature from compilation -APP_CFLAGS = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG +APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG #-DWITH_LCD #SRC_LCD = fonts.c LCD.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index bdd04757..2bd8caea 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -955,7 +955,7 @@ void __attribute__((noreturn)) AppMain(void) LED_B_OFF(); LED_A_OFF(); - // Init USB device + // Init USB device` usb_enable(); // UsbStart(); diff --git a/armsrc/util.h b/armsrc/util.h index b68c511c..d2a85ba0 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -15,10 +15,7 @@ #include #define RAMFUNC __attribute((long_call, section(".ramfunc"))) - #define BYTEx(x, n) (((x) >> (n * 8)) & 0xff ) -#define MIN(a, b) (((a) < (b)) ? (a) : (b)) -#define MAX(a, b) (((a) > (b)) ? (a) : (b)) #define LED_RED 1 #define LED_ORANGE 2 diff --git a/bootrom/Makefile b/bootrom/Makefile index e2dc0dbd..92373995 100644 --- a/bootrom/Makefile +++ b/bootrom/Makefile @@ -8,15 +8,15 @@ # DO NOT use thumb mode in the phase 1 bootloader since that generates a section with glue code ARMSRC = -THUMBSRC = usb_hid.c bootrom.c +THUMBSRC = cmd.c usb_cdc.c bootrom.c ASMSRC = ram-reset.s flash-reset.s ## There is a strange bug with the linker: Sometimes it will not emit the glue to call ## BootROM from ARM mode. The symbol is emitted, but the section will be filled with ## zeroes. As a temporary workaround, do not use thumb for the phase 2 bootloader ## -- Henryk Plötz 2009-09-01 -ARMSRC := $(ARMSRC) $(THUMBSRC) -THUMBSRC := +# ARMSRC := $(ARMSRC) $(THUMBSRC) +# THUMBSRC := # stdint.h provided locally until GCC 4.5 becomes C99 compliant APP_CFLAGS = -I. diff --git a/bootrom/bootrom.c b/bootrom/bootrom.c index fc1c8a2c..afb49c3c 100644 --- a/bootrom/bootrom.c +++ b/bootrom/bootrom.c @@ -7,7 +7,17 @@ //----------------------------------------------------------------------------- #include -#include "usb_hid.h" +#include "usb_cdc.h" +#include "cmd.h" +//#include "usb_hid.h" + +void DbpString(char *str) { + byte_t len = 0; + while (str[len] != 0x00) { + len++; + } + cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len); +} struct common_area common_area __attribute__((section(".commonarea"))); unsigned int start_addr, end_addr, bootrom_unlocked; @@ -76,110 +86,130 @@ static void ConfigClocks(void) static void Fatal(void) { - for(;;); + LED_D_OFF(); + LED_C_OFF(); + LED_B_OFF(); + LED_A_OFF(); + for(;;); } -void UsbPacketReceived(uint8_t *packet, int len) -{ - int i, dont_ack=0; - UsbCommand *c = (UsbCommand *)packet; - volatile uint32_t *p; - - if(len != sizeof(*c)) { - Fatal(); - } - - switch(c->cmd) { - case CMD_DEVICE_INFO: - dont_ack = 1; - c->cmd = CMD_DEVICE_INFO; - c->arg[0] = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | - DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; - if(common_area.flags.osimage_present) c->arg[0] |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; - UsbSendPacket(packet, len); - break; - - case CMD_SETUP_WRITE: - /* The temporary write buffer of the embedded flash controller is mapped to the - * whole memory region, only the last 8 bits are decoded. - */ - p = (volatile uint32_t *)&_flash_start; - for(i = 0; i < 12; i++) { - p[i+c->arg[0]] = c->d.asDwords[i]; - } - break; - - case CMD_FINISH_WRITE: - p = (volatile uint32_t *)&_flash_start; - for(i = 0; i < 4; i++) { - p[i+60] = c->d.asDwords[i]; - } - - /* Check that the address that we are supposed to write to is within our allowed region */ - if( ((c->arg[0]+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (c->arg[0] < start_addr) ) { - /* Disallow write */ - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } else { - /* Translate address to flash page and do flash, update here for the 512k part */ - AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY | - MC_FLASH_COMMAND_PAGEN((c->arg[0]-(int)&_flash_start)/AT91C_IFLASH_PAGE_SIZE) | - AT91C_MC_FCMD_START_PROG; - } - - uint32_t sr; - - while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY)) - ; - if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) { - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } - break; - - case CMD_HARDWARE_RESET: - USB_D_PLUS_PULLUP_OFF(); - AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; - break; - - case CMD_START_FLASH: - if(c->arg[2] == START_FLASH_MAGIC) bootrom_unlocked = 1; - else bootrom_unlocked = 0; - { - int prot_start = (int)&_bootrom_start; - int prot_end = (int)&_bootrom_end; - int allow_start = (int)&_flash_start; - int allow_end = (int)&_flash_end; - int cmd_start = c->arg[0]; - int cmd_end = c->arg[1]; - - /* Only allow command if the bootrom is unlocked, or the parameters are outside of the protected - * bootrom area. In any case they must be within the flash area. - */ - if( (bootrom_unlocked || ((cmd_start >= prot_end) || (cmd_end < prot_start))) - && (cmd_start >= allow_start) && (cmd_end <= allow_end) ) { - start_addr = cmd_start; - end_addr = cmd_end; - } else { - start_addr = end_addr = 0; - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } - } - break; - - default: - Fatal(); - break; - } - - if(!dont_ack) { - c->cmd = CMD_ACK; - UsbSendPacket(packet, len); - } +void UsbPacketReceived(uint8_t *packet, int len) { + int i, dont_ack=0; + UsbCommand* c = (UsbCommand *)packet; + volatile uint32_t *p; + + if(len != sizeof(UsbCommand)) { + Fatal(); + } + + uint32_t arg0 = (uint32_t)c->arg[0]; + + switch(c->cmd) { + case CMD_DEVICE_INFO: { + dont_ack = 1; +// c->cmd = CMD_DEVICE_INFO; + arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | + DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; + if(common_area.flags.osimage_present) { + arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; + } +// UsbSendPacket(packet, len); + cmd_send(CMD_DEVICE_INFO,arg0,1,2,0,0); + } break; + + case CMD_SETUP_WRITE: { + /* The temporary write buffer of the embedded flash controller is mapped to the + * whole memory region, only the last 8 bits are decoded. + */ + p = (volatile uint32_t *)&_flash_start; + for(i = 0; i < 12; i++) { + p[i+arg0] = c->d.asDwords[i]; + } + } break; + + case CMD_FINISH_WRITE: { + uint32_t* flash_mem = (uint32_t*)(&_flash_start); +// p = (volatile uint32_t *)&_flash_start; + for (size_t j=0; j<2; j++) { + for(i = 0+(64*j); i < 64+(64*j); i++) { + //p[i+60] = c->d.asDwords[i]; + flash_mem[i] = c->d.asDwords[i]; + } + + uint32_t flash_address = arg0 + (0x100*j); + + /* Check that the address that we are supposed to write to is within our allowed region */ + if( ((flash_address+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (flash_address < start_addr) ) { + /* Disallow write */ + dont_ack = 1; + // c->cmd = CMD_NACK; + // UsbSendPacket(packet, len); + cmd_send(CMD_NACK,0,0,0,0,0); + } else { + uint32_t page_n = (flash_address - ((uint32_t)flash_mem)) / AT91C_IFLASH_PAGE_SIZE; + /* Translate address to flash page and do flash, update here for the 512k part */ + AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY | + MC_FLASH_COMMAND_PAGEN(page_n) | + AT91C_MC_FCMD_START_PROG; + // arg0 = (address - ((uint32_t)flash_s)); + } + + // Wait until flashing of page finishes + uint32_t sr; + while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY)); + if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) { + dont_ack = 1; + // c->cmd = CMD_NACK; + cmd_send(CMD_NACK,0,0,0,0,0); + // UsbSendPacket(packet, len); + } + } + } break; + + case CMD_HARDWARE_RESET: { +// USB_D_PLUS_PULLUP_OFF(); + usb_disable(); + AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; + } break; + + case CMD_START_FLASH: { + if(c->arg[2] == START_FLASH_MAGIC) bootrom_unlocked = 1; + else bootrom_unlocked = 0; + { + int prot_start = (int)&_bootrom_start; + int prot_end = (int)&_bootrom_end; + int allow_start = (int)&_flash_start; + int allow_end = (int)&_flash_end; + int cmd_start = c->arg[0]; + int cmd_end = c->arg[1]; + + /* Only allow command if the bootrom is unlocked, or the parameters are outside of the protected + * bootrom area. In any case they must be within the flash area. + */ + if( (bootrom_unlocked || ((cmd_start >= prot_end) || (cmd_end < prot_start))) + && (cmd_start >= allow_start) && (cmd_end <= allow_end) ) { + start_addr = cmd_start; + end_addr = cmd_end; + } else { + start_addr = end_addr = 0; + dont_ack = 1; +// c->cmd = CMD_NACK; +// UsbSendPacket(packet, len); + cmd_send(CMD_NACK,0,0,0,0,0); + } + } + } break; + + default: { + Fatal(); + } break; + } + + if(!dont_ack) { +// c->cmd = CMD_ACK; +// UsbSendPacket(packet, len); + cmd_send(CMD_ACK,arg0,0,0,0,0); + } } static void flash_mode(int externally_entered) @@ -187,16 +217,34 @@ static void flash_mode(int externally_entered) start_addr = 0; end_addr = 0; bootrom_unlocked = 0; + byte_t rx[sizeof(UsbCommand)]; + size_t rx_len; + + usb_enable(); + for (volatile size_t i=0; i<0x100000; i++); + LED_D_ON(); + LED_C_ON(); + LED_B_ON(); + LED_A_ON(); - UsbStart(); +// UsbStart(); for(;;) { WDT_HIT(); - UsbPoll(TRUE); + if (usb_poll()) { + rx_len = usb_read(rx,sizeof(UsbCommand)); + if (rx_len) { +// DbpString("starting to flash"); + UsbPacketReceived(rx,rx_len); + } + } + +// UsbPoll(TRUE); if(!externally_entered && !BUTTON_PRESS()) { /* Perform a reset to leave flash mode */ - USB_D_PLUS_PULLUP_OFF(); +// USB_D_PLUS_PULLUP_OFF(); + usb_disable(); LED_B_ON(); AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; for(;;); @@ -208,7 +256,7 @@ static void flash_mode(int externally_entered) } } -extern char _osimage_entry; +extern uint32_t _osimage_entry; void BootROM(void) { //------------ @@ -252,7 +300,8 @@ void BootROM(void) GPIO_LED_C | GPIO_LED_D; - USB_D_PLUS_PULLUP_OFF(); +// USB_D_PLUS_PULLUP_OFF(); + usb_disable(); LED_D_OFF(); LED_C_ON(); LED_B_OFF(); @@ -297,7 +346,7 @@ void BootROM(void) flash_mode(1); } else if(BUTTON_PRESS()) { flash_mode(0); - } else if(*(uint32_t*)&_osimage_entry == 0xffffffffU) { + } else if(_osimage_entry == 0xffffffffU) { flash_mode(1); } else { // jump to Flash address of the osimage entry point (LSBit set for thumb mode) diff --git a/bootrom/stdint.h b/bootrom/stdint.h deleted file mode 100644 index 78a0b051..00000000 --- a/bootrom/stdint.h +++ /dev/null @@ -1,27 +0,0 @@ -//----------------------------------------------------------------------------- -// Copyright (C) 2010 Hector Martin "marcan" -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// Replacement stdint.h because GCC doesn't come with it yet (C99) -//----------------------------------------------------------------------------- - -#ifndef __STDINT_H -#define __STDINT_H - -typedef signed char int8_t; -typedef short int int16_t; -typedef int int32_t; -typedef long long int int64_t; - -typedef unsigned char uint8_t; -typedef unsigned short int uint16_t; -typedef unsigned int uint32_t; -typedef unsigned long long int uint64_t; - -typedef int intptr_t; -typedef unsigned int uintptr_t; - -#endif /* __STDINT_H */ diff --git a/bootrom/usb_hid.c b/bootrom/usb_hid.c deleted file mode 100644 index 189b4092..00000000 --- a/bootrom/usb_hid.c +++ /dev/null @@ -1,524 +0,0 @@ -//----------------------------------------------------------------------------- -// Jonathan Westhues, split Aug 14 2005 -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// The common USB driver used for both the bootloader and the application. -//----------------------------------------------------------------------------- - -#include "proxmark3.h" -#include "usb_hid.h" - -#define min(a, b) (((a) > (b)) ? (b) : (a)) - -#define USB_REPORT_PACKET_SIZE 64 - -typedef struct PACKED { - uint8_t bmRequestType; - uint8_t bRequest; - uint16_t wValue; - uint16_t wIndex; - uint16_t wLength; -} UsbSetupData; - -#define USB_REQUEST_GET_STATUS 0 -#define USB_REQUEST_CLEAR_FEATURE 1 -#define USB_REQUEST_SET_FEATURE 3 -#define USB_REQUEST_SET_ADDRESS 5 -#define USB_REQUEST_GET_DESCRIPTOR 6 -#define USB_REQUEST_SET_DESCRIPTOR 7 -#define USB_REQUEST_GET_CONFIGURATION 8 -#define USB_REQUEST_SET_CONFIGURATION 9 -#define USB_REQUEST_GET_INTERFACE 10 -#define USB_REQUEST_SET_INTERFACE 11 -#define USB_REQUEST_SYNC_FRAME 12 - -#define USB_DESCRIPTOR_TYPE_DEVICE 1 -#define USB_DESCRIPTOR_TYPE_CONFIGURATION 2 -#define USB_DESCRIPTOR_TYPE_STRING 3 -#define USB_DESCRIPTOR_TYPE_INTERFACE 4 -#define USB_DESCRIPTOR_TYPE_ENDPOINT 5 -#define USB_DESCRIPTOR_TYPE_DEVICE_QUALIFIER 6 -#define USB_DESCRIPTOR_TYPE_OTHER_SPEED_CONF 7 -#define USB_DESCRIPTOR_TYPE_INTERFACE_POWER 8 -#define USB_DESCRIPTOR_TYPE_HID 0x21 -#define USB_DESCRIPTOR_TYPE_HID_REPORT 0x22 - -#define USB_DEVICE_CLASS_HID 0x03 - -static const uint8_t HidReportDescriptor[] = { - 0x06,0xA0,0xFF, // Usage Page (vendor defined) FFA0 - 0x09,0x01, // Usage (vendor defined) - 0xA1,0x01, // Collection (Application) - 0x09,0x02, // Usage (vendor defined) - 0xA1,0x00, // Collection (Physical) - 0x06,0xA1,0xFF, // Usage Page (vendor defined) - - //The,input report - 0x09,0x03, // usage - vendor defined - 0x09,0x04, // usage - vendor defined - 0x15,0x80, // Logical Minimum (-128) - 0x25,0x7F, // Logical Maximum (127) - 0x35,0x00, // Physical Minimum (0) - 0x45,0xFF, // Physical Maximum (255) - 0x75,0x08, // Report Size (8) (bits) - 0x95,0x40, // Report Count (64) (fields) - 0x81,0x02, // Input (Data,Variable,Absolute) - - //The,output report - 0x09,0x05, // usage - vendor defined - 0x09,0x06, // usage - vendor defined - 0x15,0x80, // Logical Minimum (-128) - 0x25,0x7F, // Logical Maximum (127) - 0x35,0x00, // Physical Minimum (0) - 0x45,0xFF, // Physical Maximum (255) - 0x75,0x08, // Report Size (8) (bits) - 0x95,0x40, // Report Count (64) (fields) - 0x91,0x02, // Output (Data,Variable,Absolute) - - 0xC0, // End Collection - - 0xC0, // End Collection -}; - -static const uint8_t DeviceDescriptor[] = { - 0x12, // Descriptor length (18 bytes) - 0x01, // Descriptor type (Device) - 0x10,0x01, // Complies with USB Spec. Release (0110h = release 1.10) - 0x00, // Class code (0) - 0x00, // Subclass code (0) - 0x00, // Protocol (No specific protocol) - 0x08, // Maximum packet size for Endpoint 0 (8 bytes) - 0xc4,0x9a, // Vendor ID (random numbers) - 0x8f,0x4b, // Product ID (random numbers) - 0x01,0x00, // Device release number (0001) - 0x01, // Manufacturer string descriptor index - 0x02, // Product string descriptor index - 0x03, // Serial Number string descriptor index - 0x01, // Number of possible configurations (1) -}; - -static const uint8_t ConfigurationDescriptor[] = { - 0x09, // Descriptor length (9 bytes) - 0x02, // Descriptor type (Configuration) - 0x29,0x00, // Total data length (41 bytes) - 0x01, // Interface supported (1) - 0x01, // Configuration value (1) - 0x00, // Index of string descriptor (None) - 0x80, // Configuration (Bus powered) - 250, // Maximum power consumption (500mA) - - //interface - 0x09, // Descriptor length (9 bytes) - 0x04, // Descriptor type (Interface) - 0x00, // Number of interface (0) - 0x00, // Alternate setting (0) - 0x02, // Number of interface endpoint (2) - 0x03, // Class code (HID) - 0x00, // Subclass code () - 0x00, // Protocol code () - 0x00, // Index of string() - - // class - 0x09, // Descriptor length (9 bytes) - 0x21, // Descriptor type (HID) - 0x00,0x01, // HID class release number (1.00) - 0x00, // Localized country code (None) - 0x01, // # of HID class dscrptr to follow (1) - 0x22, // Report descriptor type (HID) - // Total length of report descriptor - sizeof(HidReportDescriptor),0x00, - - // endpoint 1 - 0x07, // Descriptor length (7 bytes) - 0x05, // Descriptor type (Endpoint) - 0x01, // Encoded address (Respond to OUT) - 0x03, // Endpoint attribute (Interrupt transfer) - 0x08,0x00, // Maximum packet size (8 bytes) - 0x01, // Polling interval (1 ms) - - // endpoint 2 - 0x07, // Descriptor length (7 bytes) - 0x05, // Descriptor type (Endpoint) - 0x82, // Encoded address (Respond to IN) - 0x03, // Endpoint attribute (Interrupt transfer) - 0x08,0x00, // Maximum packet size (8 bytes) - 0x01, // Polling interval (1 ms) -}; - -static const uint8_t StringDescriptor0[] = { - 0x04, // Length - 0x03, // Type is string - 0x09, // English - 0x04, // US -}; - -static const uint8_t StringDescriptor1[] = { - 24, // Length - 0x03, // Type is string - 'J', 0x00, - '.', 0x00, - ' ', 0x00, - 'W', 0x00, - 'e', 0x00, - 's', 0x00, - 't', 0x00, - 'h', 0x00, - 'u', 0x00, - 'e', 0x00, - 's', 0x00, -}; - -static const uint8_t StringDescriptor2[] = { - 54, // Length - 0x03, // Type is string - 'P', 0x00, - 'r', 0x00, - 'o', 0x00, - 'x', 0x00, - 'M', 0x00, - 'a', 0x00, - 'r', 0x00, - 'k', 0x00, - '-', 0x00, - '3', 0x00, - ' ', 0x00, - 'R', 0x00, - 'F', 0x00, - 'I', 0x00, - 'D', 0x00, - ' ', 0x00, - 'I', 0x00, - 'n', 0x00, - 's', 0x00, - 't', 0x00, - 'r', 0x00, - 'u', 0x00, - 'm', 0x00, - 'e', 0x00, - 'n', 0x00, - 't', 0x00, -}; - -// Serial Number -// TODO: Pick yours! Don't forget to modify the length, if needed. -static const uint8_t StringDescriptor3[] = { - 18, // Length - 0x03, // Type is string - 'C', 0x00, - 'h', 0x00, - 'a', 0x00, - 'n', 0x00, - 'g', 0x00, - 'e', 0x00, - 'M', 0x00, - 'e', 0x00, -}; - -static const uint8_t * const StringDescriptors[] = { - StringDescriptor0, - StringDescriptor1, - StringDescriptor2, - StringDescriptor3, -}; - - -static uint8_t UsbBuffer[64]; -static int UsbSoFarCount; - -static uint8_t CurrentConfiguration; - -static void UsbSendEp0(const uint8_t *data, int len) -{ - int thisTime, i; - - do { - thisTime = min(len, 8); - len -= thisTime; - - for(i = 0; i < thisTime; i++) { - AT91C_BASE_UDP->UDP_FDR[0] = *data; - data++; - } - - if(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP) { - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_TXCOMP; - while(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP) - ; - } - - AT91C_BASE_UDP->UDP_CSR[0] |= AT91C_UDP_TXPKTRDY; - - do { - if(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_RX_DATA_BK0) { - // This means that the host is trying to write to us, so - // abandon our write to them. - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_RX_DATA_BK0; - return; - } - } while(!(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP)); - } while(len > 0); - - if(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP) { - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_TXCOMP; - while(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP) - ; - } -} - -static void UsbSendZeroLength(void) -{ - AT91C_BASE_UDP->UDP_CSR[0] |= AT91C_UDP_TXPKTRDY; - - while(!(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP)) - ; - - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_TXCOMP; - - while(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_TXCOMP) - ; -} - -static void UsbSendStall(void) -{ - AT91C_BASE_UDP->UDP_CSR[0] |= AT91C_UDP_FORCESTALL; - - while(!(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_STALLSENT)) - ; - - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_STALLSENT; - - while(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_STALLSENT) - ; -} - -static void HandleRxdSetupData(void) -{ - int i; - UsbSetupData usd; - - for(i = 0; i < sizeof(usd); i++) { - ((uint8_t *)&usd)[i] = AT91C_BASE_UDP->UDP_FDR[0]; - } - - if(usd.bmRequestType & 0x80) { - AT91C_BASE_UDP->UDP_CSR[0] |= AT91C_UDP_DIR; - while(!(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_DIR)) - ; - } - - AT91C_BASE_UDP->UDP_CSR[0] &= ~AT91C_UDP_RXSETUP; - while(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_RXSETUP) - ; - - switch(usd.bRequest) { - case USB_REQUEST_GET_DESCRIPTOR: - if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_DEVICE) { - UsbSendEp0((uint8_t *)&DeviceDescriptor, - min(sizeof(DeviceDescriptor), usd.wLength)); - } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_CONFIGURATION) { - UsbSendEp0((uint8_t *)&ConfigurationDescriptor, - min(sizeof(ConfigurationDescriptor), usd.wLength)); - } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_STRING) { - const uint8_t *s = StringDescriptors[usd.wValue & 0xff]; - UsbSendEp0(s, min(s[0], usd.wLength)); - } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_HID_REPORT) { - UsbSendEp0((uint8_t *)&HidReportDescriptor, - min(sizeof(HidReportDescriptor), usd.wLength)); - } else { - *((uint32_t *)0x00200000) = usd.wValue; - } - break; - - case USB_REQUEST_SET_ADDRESS: - UsbSendZeroLength(); - AT91C_BASE_UDP->UDP_FADDR = AT91C_UDP_FEN | usd.wValue ; - if(usd.wValue != 0) { - AT91C_BASE_UDP->UDP_GLBSTATE = AT91C_UDP_FADDEN; - } else { - AT91C_BASE_UDP->UDP_GLBSTATE = 0; - } - break; - - case USB_REQUEST_GET_CONFIGURATION: - UsbSendEp0(&CurrentConfiguration, sizeof(CurrentConfiguration)); - break; - - case USB_REQUEST_GET_STATUS: { - if(usd.bmRequestType & 0x80) { - uint16_t w = 0; - UsbSendEp0((uint8_t *)&w, sizeof(w)); - } - break; - } - case USB_REQUEST_SET_CONFIGURATION: - CurrentConfiguration = usd.wValue; - if(CurrentConfiguration) { - AT91C_BASE_UDP->UDP_GLBSTATE = AT91C_UDP_CONFG; - AT91C_BASE_UDP->UDP_CSR[1] = AT91C_UDP_EPEDS | - AT91C_UDP_EPTYPE_INT_OUT; - AT91C_BASE_UDP->UDP_CSR[2] = AT91C_UDP_EPEDS | - AT91C_UDP_EPTYPE_INT_IN; - } else { - AT91C_BASE_UDP->UDP_GLBSTATE = AT91C_UDP_FADDEN; - AT91C_BASE_UDP->UDP_CSR[1] = 0; - AT91C_BASE_UDP->UDP_CSR[2] = 0; - } - UsbSendZeroLength(); - break; - - case USB_REQUEST_GET_INTERFACE: { - uint8_t b = 0; - UsbSendEp0(&b, sizeof(b)); - break; - } - - case USB_REQUEST_SET_INTERFACE: - UsbSendZeroLength(); - break; - - case USB_REQUEST_CLEAR_FEATURE: - case USB_REQUEST_SET_FEATURE: - UsbSendStall(); - break; - case USB_REQUEST_SET_DESCRIPTOR: - case USB_REQUEST_SYNC_FRAME: - default: - break; - } -} - -void UsbSendPacket(uint8_t *packet, int len) -{ - int i, thisTime; - - while(len > 0) { - thisTime = min(len, 8); - - for(i = 0; i < thisTime; i++) { - AT91C_BASE_UDP->UDP_FDR[2] = packet[i]; - } - AT91C_BASE_UDP->UDP_CSR[2] |= AT91C_UDP_TXPKTRDY; - - while(!(AT91C_BASE_UDP->UDP_CSR[2] & AT91C_UDP_TXCOMP)) { - WDT_HIT(); - } - - AT91C_BASE_UDP->UDP_CSR[2] &= ~AT91C_UDP_TXCOMP; - - while(AT91C_BASE_UDP->UDP_CSR[2] & AT91C_UDP_TXCOMP) { - WDT_HIT(); - } - - len -= thisTime; - packet += thisTime; - } -} - -static void HandleRxdData(void) -{ - int i, len; - - if(AT91C_BASE_UDP->UDP_CSR[1] & AT91C_UDP_RX_DATA_BK0) { - len = UDP_CSR_BYTES_RECEIVED(AT91C_BASE_UDP->UDP_CSR[1]); - - for(i = 0; i < len; i++) { - UsbBuffer[UsbSoFarCount] = AT91C_BASE_UDP->UDP_FDR[1]; - UsbSoFarCount++; - } - - AT91C_BASE_UDP->UDP_CSR[1] &= ~AT91C_UDP_RX_DATA_BK0; - while(AT91C_BASE_UDP->UDP_CSR[1] & AT91C_UDP_RX_DATA_BK0) { - WDT_HIT(); - } - - if(UsbSoFarCount >= 64) { - UsbPacketReceived(UsbBuffer, UsbSoFarCount); - UsbSoFarCount = 0; - } - } - - if(AT91C_BASE_UDP->UDP_CSR[1] & AT91C_UDP_RX_DATA_BK1) { - len = UDP_CSR_BYTES_RECEIVED(AT91C_BASE_UDP->UDP_CSR[1]); - - for(i = 0; i < len; i++) { - UsbBuffer[UsbSoFarCount] = AT91C_BASE_UDP->UDP_FDR[1]; - UsbSoFarCount++; - } - - AT91C_BASE_UDP->UDP_CSR[1] &= ~AT91C_UDP_RX_DATA_BK1; - while(AT91C_BASE_UDP->UDP_CSR[1] & AT91C_UDP_RX_DATA_BK1) { - WDT_HIT(); - } - - if(UsbSoFarCount >= 64) { - UsbPacketReceived(UsbBuffer, UsbSoFarCount); - UsbSoFarCount = 0; - } - } - - WDT_HIT(); -} - -void UsbStart(void) -{ - volatile int i; - - UsbSoFarCount = 0; - - USB_D_PLUS_PULLUP_OFF(); - - for(i = 0; i < 1000000; i++) - ; - - USB_D_PLUS_PULLUP_ON(); - - if(AT91C_BASE_UDP->UDP_ISR & AT91C_UDP_ENDBUSRES) { - AT91C_BASE_UDP->UDP_ICR = AT91C_UDP_ENDBUSRES; - } -} - -int UsbConnected() -{ - if (AT91C_BASE_UDP->UDP_GLBSTATE & AT91C_UDP_CONFG) - return TRUE; - else - return FALSE; -} - -int UsbPoll(int blinkLeds) -{ - int ret = FALSE; - - if(AT91C_BASE_UDP->UDP_ISR & AT91C_UDP_ENDBUSRES) { - AT91C_BASE_UDP->UDP_ICR = AT91C_UDP_ENDBUSRES; - - // following a reset we should be ready to receive a setup packet - AT91C_BASE_UDP->UDP_RSTEP = 0xf; - AT91C_BASE_UDP->UDP_RSTEP = 0; - - AT91C_BASE_UDP->UDP_FADDR = AT91C_UDP_FEN; - - AT91C_BASE_UDP->UDP_CSR[0] = AT91C_UDP_EPTYPE_CTRL | AT91C_UDP_EPEDS; - - CurrentConfiguration = 0; - - ret = TRUE; - } - - if(AT91C_BASE_UDP->UDP_ISR & UDP_INTERRUPT_ENDPOINT(0)) { - if(AT91C_BASE_UDP->UDP_CSR[0] & AT91C_UDP_RXSETUP) { - HandleRxdSetupData(); - ret = TRUE; - } - } - - if(AT91C_BASE_UDP->UDP_ISR & UDP_INTERRUPT_ENDPOINT(1)) { - HandleRxdData(); - ret = TRUE; - } - - return ret; -} diff --git a/bootrom/usb_hid.h b/bootrom/usb_hid.h deleted file mode 100644 index bbc6cec9..00000000 --- a/bootrom/usb_hid.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef _USB_HID_H_ -#define _USB_HID_H_ - -#include -#include - -//-------------------------------- -// USB defines - -#define USB_D_PLUS_PULLUP_ON() { \ -HIGH(GPIO_USB_PU); \ -AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; \ -} -#define USB_D_PLUS_PULLUP_OFF() AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU - -//-------------------------------- -// USB declarations - -void UsbSendPacket(uint8_t *packet, int len); -int UsbConnected(); -int UsbPoll(int blinkLeds); -void UsbStart(void); - -// This function is provided by the apps/bootrom, and called from UsbPoll -// if data are available. -void UsbPacketReceived(uint8_t *packet, int len); - -#endif // _USB_HID_H_ - diff --git a/client/Makefile b/client/Makefile index 364070e8..4ab1b806 100644 --- a/client/Makefile +++ b/client/Makefile @@ -14,7 +14,7 @@ OBJDIR = obj LDLIBS = -L/opt/local/lib -L/usr/local/lib -lusb -lreadline -lpthread LDFLAGS = $(COMMON_FLAGS) -CFLAGS = -std=gnu99 -I. -I../include -I../common -I/opt/local/include -Wall -Wno-unused-function $(COMMON_FLAGS) -g -O3 +CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -Wall -Wno-unused-function $(COMMON_FLAGS) -g -O4 ifneq (,$(findstring MINGW,$(platform))) CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui @@ -30,7 +30,7 @@ CXXFLAGS = -I/Library/Frameworks/QtGui.framework/Versions/Current/Headers -I/Lib QTLDLIBS = -framework QtGui -framework QtCore MOC = moc else -CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3 +CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) MOC = $(shell pkg-config --variable=moc_location QtCore) endif @@ -67,14 +67,15 @@ CMDSRCS = \ cmdhfmf.c \ cmdhw.c \ cmdlf.c \ - cmdlfem4x.c \ cmdlfhid.c \ + cmdlfem4x.c \ cmdlfhitag.c \ cmdlfti.c \ cmdparser.c \ cmdmain.c \ uart.c + CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o) RM = rm -f @@ -87,16 +88,16 @@ all-static: LDLIBS:=-static $(LDLIBS) all-static: snooper cli flasher proxmark3: LDLIBS+=$(QTLDLIBS) -proxmark3: $(OBJDIR)/proxmark3.o $(CMDOBJS) $(OBJDIR)/proxusb.o $(QTGUI) +proxmark3: $(OBJDIR)/proxmark3.o $(CMDOBJS) $(OBJDIR)/uart.o $(QTGUI) $(CXX) $(CXXFLAGS) $^ $(LDLIBS) -o $@ -snooper: $(OBJDIR)/snooper.o $(CMDOBJS) $(OBJDIR)/proxusb.o $(OBJDIR)/guidummy.o +snooper: $(OBJDIR)/snooper.o $(CMDOBJS) $(OBJDIR)/uart.o $(OBJDIR)/guidummy.o $(CXX) $(CXXFLAGS) $^ $(LDLIBS) -o $@ -cli: $(OBJDIR)/cli.o $(CMDOBJS) $(OBJDIR)/proxusb.o $(OBJDIR)/guidummy.o +cli: $(OBJDIR)/cli.o $(CMDOBJS) $(OBJDIR)/uart.o $(OBJDIR)/guidummy.o $(CXX) $(CXXFLAGS) $^ $(LDLIBS) -o $@ -flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(OBJDIR)/proxusb.o +flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(OBJDIR)/uart.o $(CXX) $(CXXFLAGS) $^ $(LDLIBS) -o $@ $(OBJDIR)/%.o: %.c diff --git a/client/cmddata.c b/client/cmddata.c index 1c58c69b..6c2c7841 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -12,7 +12,7 @@ #include #include #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "ui.h" diff --git a/client/cmdhf.c b/client/cmdhf.c index cfbd9e16..d955fc83 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -9,7 +9,7 @@ //----------------------------------------------------------------------------- #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "graph.h" #include "ui.h" diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 79273040..ad89fe96 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -16,7 +16,7 @@ #include "util.h" #include "iso14443crc.h" #include "data.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "cmdparser.h" @@ -169,7 +169,6 @@ int CmdHF14AReader(const char *Cmd) WaitForResponse(CMD_ACK,&resp); iso14a_card_select_t *card = (iso14a_card_select_t *)resp.d.asBytes; - uint8_t * uid = card->uid; if(resp.arg[0] == 0) { PrintAndLog("iso14443a card select failed"); diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index 9b2fa753..f1238d22 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -14,7 +14,7 @@ #include #include #include "iso14443crc.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "graph.h" diff --git a/client/cmdhf15.c b/client/cmdhf15.c index e1e5e02a..ec898755 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -26,7 +26,7 @@ #include #include #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "graph.h" diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index 41f801e7..d9413cf3 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -9,7 +9,7 @@ //----------------------------------------------------------------------------- #include "util.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "cmdparser.h" diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 944ec498..f807e972 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -14,7 +14,7 @@ #include #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type #include "data.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "cmdparser.h" diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 7a268e92..26a2c724 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -10,7 +10,7 @@ #include #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "ui.h" @@ -324,7 +324,7 @@ int CmdLegicRfSim(const char *Cmd) c.arg[0] = 6; c.arg[1] = 3; c.arg[2] = 0; - sscanf(Cmd, " %i %i %i", &c.arg[0], &c.arg[1], &c.arg[2]); + sscanf(Cmd, " %lli %lli %lli", &c.arg[0], &c.arg[1], &c.arg[2]); SendCommand(&c); return 0; } @@ -332,7 +332,7 @@ int CmdLegicRfSim(const char *Cmd) int CmdLegicRfWrite(const char *Cmd) { UsbCommand c={CMD_WRITER_LEGIC_RF}; - int res = sscanf(Cmd, " 0x%x 0x%x", &c.arg[0], &c.arg[1]); + int res = sscanf(Cmd, " 0x%llx 0x%llx", &c.arg[0], &c.arg[1]); if(res != 2) { PrintAndLog("Please specify the offset and length as two hex strings"); return -1; @@ -344,7 +344,7 @@ int CmdLegicRfWrite(const char *Cmd) int CmdLegicRfFill(const char *Cmd) { UsbCommand cmd ={CMD_WRITER_LEGIC_RF}; - int res = sscanf(Cmd, " 0x%x 0x%x 0x%x", &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]); + int res = sscanf(Cmd, " 0x%llx 0x%llx 0x%llx", &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]); if(res != 3) { PrintAndLog("Please specify the offset, length and value as two hex strings"); return -1; diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h index d7ee5a4b..65b789bf 100644 --- a/client/cmdhfmf.h +++ b/client/cmdhfmf.h @@ -18,7 +18,7 @@ #include "proxmark3.h" #include "iso14443crc.h" #include "data.h" -#include "proxusb.h" +//#include "proxusb.h" #include "ui.h" #include "cmdparser.h" #include "common.h" diff --git a/client/cmdhw.c b/client/cmdhw.c index 991cd532..cdeb48b8 100644 --- a/client/cmdhw.c +++ b/client/cmdhw.c @@ -13,7 +13,7 @@ #include #include #include "ui.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "cmdparser.h" #include "cmdhw.h" diff --git a/client/cmdlf.c b/client/cmdlf.c index 98a6c1f0..00f10088 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -12,7 +12,7 @@ #include #include #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "graph.h" @@ -36,7 +36,7 @@ int CmdLFCommandRead(const char *Cmd) dummy[0]= ' '; UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K}; - sscanf(Cmd, "%i %i %i %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char *) &c.d.asBytes,(char *) &dummy+1); + sscanf(Cmd, "%lli %lli %lli %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char *) &c.d.asBytes,(char *) &dummy+1); // in case they specified 'h' strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy); SendCommand(&c); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 83ed673b..efbd4c48 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -11,7 +11,7 @@ #include #include #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "graph.h" diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c index 93c351f1..d13856f4 100644 --- a/client/cmdlfhid.c +++ b/client/cmdlfhid.c @@ -9,7 +9,7 @@ //----------------------------------------------------------------------------- #include -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "graph.h" diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 1ee88401..c648f6a5 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -12,7 +12,7 @@ #include #include #include "data.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "cmdparser.h" diff --git a/client/cmdlfti.c b/client/cmdlfti.c index 4e8b1150..5a88f579 100644 --- a/client/cmdlfti.c +++ b/client/cmdlfti.c @@ -11,7 +11,7 @@ #include #include #include "crc16.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "data.h" #include "ui.h" @@ -274,7 +274,7 @@ int CmdTIWrite(const char *Cmd) UsbCommand c = {CMD_WRITE_TI_TYPE}; int res = 0; - res = sscanf(Cmd, "0x%x 0x%x 0x%x ", &c.arg[0], &c.arg[1], &c.arg[2]); + res = sscanf(Cmd, "0x%llx 0x%llx 0x%llx ", &c.arg[0], &c.arg[1], &c.arg[2]); if (res == 2) c.arg[2]=0; if (res < 2) PrintAndLog("Please specify the data as two hex strings, optionally the CRC as a third"); diff --git a/client/data.c b/client/data.c index b6639867..51134d48 100644 --- a/client/data.c +++ b/client/data.c @@ -12,7 +12,7 @@ #include #include "data.h" #include "ui.h" -#include "proxusb.h" +//#include "proxusb.h" #include "proxmark3.h" #include "cmdmain.h" diff --git a/client/flash.c b/client/flash.c index 8fe874e5..4d091126 100644 --- a/client/flash.c +++ b/client/flash.c @@ -12,10 +12,16 @@ #include #include #include "sleep.h" -#include "proxusb.h" +//#include "proxusb.h" #include "flash.h" #include "elf.h" #include "proxendian.h" +#include "usb_cmd.h" + +void SendCommand(UsbCommand* txcmd); +void ReceiveCommand(UsbCommand* rxcmd); +void CloseProxmark(); +int OpenProxmark(size_t i); // FIXME: what the fuckity fuck unsigned int current_command = CMD_UNKNOWN; @@ -26,7 +32,7 @@ unsigned int current_command = CMD_UNKNOWN; #define BOOTLOADER_SIZE 0x2000 #define BOOTLOADER_END (FLASH_START + BOOTLOADER_SIZE) -#define BLOCK_SIZE 0x100 +#define BLOCK_SIZE 0x200 static const uint8_t elf_ident[] = { 0x7f, 'E', 'L', 'F', @@ -267,11 +273,11 @@ fail: // Get the state of the proxmark, backwards compatible static int get_proxmark_state(uint32_t *state) { - HidCommand c; + UsbCommand c; c.cmd = CMD_DEVICE_INFO; - SendCommand_(&c); - - HidCommand resp; +// SendCommand_(&c); + SendCommand(&c); + UsbCommand resp; ReceiveCommand(&resp); // Three outcomes: @@ -290,7 +296,7 @@ static int get_proxmark_state(uint32_t *state) *state = resp.arg[0]; break; default: - fprintf(stderr, "Error: Couldn't get proxmark state, bad response type: 0x%04x\n", resp.cmd); + fprintf(stderr, "Error: Couldn't get proxmark state, bad response type: 0x%04llx\n", resp.cmd); return -1; break; } @@ -313,7 +319,7 @@ static int enter_bootloader(void) if (state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) { fprintf(stderr,"Entering bootloader...\n"); - HidCommand c; + UsbCommand c; memset(&c, 0, sizeof (c)); if ((state & DEVICE_INFO_FLAG_BOOTROM_PRESENT) @@ -322,12 +328,12 @@ static int enter_bootloader(void) // New style handover: Send CMD_START_FLASH, which will reset the board // and enter the bootrom on the next boot. c.cmd = CMD_START_FLASH; - SendCommand_(&c); + SendCommand(&c); fprintf(stderr,"(Press and release the button only to abort)\n"); } else { // Old style handover: Ask the user to press the button, then reset the board c.cmd = CMD_HARDWARE_RESET; - SendCommand_(&c); + SendCommand(&c); fprintf(stderr,"Press and hold down button NOW if your bootloader requires it.\n"); } fprintf(stderr,"Waiting for Proxmark to reappear on USB..."); @@ -349,10 +355,10 @@ static int enter_bootloader(void) static int wait_for_ack(void) { - HidCommand ack; + UsbCommand ack; ReceiveCommand(&ack); if (ack.cmd != CMD_ACK) { - printf("Error: Unexpected reply 0x%04x (expected ACK)\n", ack.cmd); + printf("Error: Unexpected reply 0x%04llx (expected ACK)\n", ack.cmd); return -1; } return 0; @@ -372,7 +378,7 @@ int flash_start_flashing(int enable_bl_writes) if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) { // This command is stupid. Why the heck does it care which area we're // flashing, as long as it's not the bootloader area? The mind boggles. - HidCommand c = {CMD_START_FLASH}; + UsbCommand c = {CMD_START_FLASH}; if (enable_bl_writes) { c.arg[0] = FLASH_START; @@ -383,7 +389,8 @@ int flash_start_flashing(int enable_bl_writes) c.arg[1] = FLASH_END; c.arg[2] = 0; } - SendCommand_(&c); + SendCommand(&c); +// SendCommand_(&c); return wait_for_ack(); } else { fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n"); @@ -399,21 +406,26 @@ static int write_block(uint32_t address, uint8_t *data, uint32_t length) memset(block_buf, 0xFF, BLOCK_SIZE); memcpy(block_buf, data, length); - - HidCommand c = {CMD_SETUP_WRITE}; + UsbCommand c; +/* + c.cmd = {CMD_SETUP_WRITE}; for (int i = 0; i < 240; i += 48) { memcpy(c.d.asBytes, block_buf + i, 48); c.arg[0] = i / 4; - SendCommand_(&c); - if (wait_for_ack() < 0) + SendCommand(&c); +// SendCommand_(&c); + if (wait_for_ack() < 0) { return -1; + } } - +*/ c.cmd = CMD_FINISH_WRITE; c.arg[0] = address; - memcpy(c.d.asBytes, block_buf+240, 16); - SendCommand_(&c); - return wait_for_ack(); +// memcpy(c.d.asBytes, block_buf+240, 16); +// SendCommand_(&c); + memcpy(c.d.asBytes, block_buf, length); + SendCommand(&c); + return wait_for_ack(); } // Write a file's segments to Flash @@ -472,7 +484,8 @@ void flash_free(flash_file_t *ctx) // just reset the unit int flash_stop_flashing(void) { - HidCommand c = {CMD_HARDWARE_RESET}; - SendCommand_(&c); - return 0; + UsbCommand c = {CMD_HARDWARE_RESET}; +// SendCommand_(&c); + SendCommand(&c); + return 0; } diff --git a/client/flasher.c b/client/flasher.c index 85aae049..2e8bd2ed 100644 --- a/client/flasher.c +++ b/client/flasher.c @@ -10,12 +10,71 @@ #include #include #include "sleep.h" -#include "proxusb.h" +//#include "proxusb.h" #include "flash.h" +#include "uart.h" +#include "usb_cmd.h" + +static serial_port sp; +static char* serial_port_name; + +void cmd_debug(UsbCommand* UC) { + // Debug + printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand)); + printf(" cmd[len=%zd]: %016llx\n",sizeof(UC->cmd),UC->cmd); + printf(" arg0[len=%zd]: %016llx\n",sizeof(UC->arg[0]),UC->arg[0]); + printf(" arg1[len=%zd]: %016llx\n",sizeof(UC->arg[1]),UC->arg[1]); + printf(" arg2[len=%zd]: %016llx\n",sizeof(UC->arg[2]),UC->arg[2]); + printf(" data[len=%zd]: ",sizeof(UC->d.asBytes)); + for (size_t i=0; i<16; i++) { + printf("%02x",UC->d.asBytes[i]); + } + printf("...\n"); +} + +void SendCommand(UsbCommand* txcmd) { +// printf("send: "); +// cmd_debug(txcmd); + if (!uart_send(sp,(byte_t*)txcmd,sizeof(UsbCommand))) { + printf("Sending bytes to proxmark failed\n"); + exit(1); + } +} + +void ReceiveCommand(UsbCommand* rxcmd) { + byte_t* prxcmd = (byte_t*)rxcmd; + byte_t* prx = prxcmd; + size_t rxlen; + while (true) { + rxlen = sizeof(UsbCommand) - (prx-prxcmd); + if (uart_receive(sp,prx,&rxlen)) { +// printf("received [%zd] bytes\n",rxlen); + prx += rxlen; + if ((prx-prxcmd) >= sizeof(UsbCommand)) { +// printf("received: "); +// cmd_debug(rxcmd); + return; + } + } + } +} + +void CloseProxmark() { + // Clean up the port + uart_close(sp); +} + +int OpenProxmark(size_t i) { + sp = uart_open(serial_port_name); + if (sp == INVALID_SERIAL_PORT) { + return 0; + } + return 1; +} static void usage(char *argv0) { - fprintf(stderr, "Usage: %s [-b] image.elf [image.elf...]\n\n", argv0); + fprintf(stderr, "Usage: %s [-b] image.elf [image.elf...]\n\n", argv0); fprintf(stderr, "\t-b\tEnable flashing of bootloader area (DANGEROUS)\n\n"); fprintf(stderr, "Example: %s path/to/osimage.elf path/to/fpgaimage.elf\n", argv0); } @@ -31,12 +90,12 @@ int main(int argc, char **argv) memset(files, 0, sizeof(files)); - if (argc < 2) { + if (argc < 3) { usage(argv[0]); return -1; } - for (int i = 1; i < argc; i++) { + for (int i = 2; i < argc; i++) { if (argv[i][0] == '-') { if (!strcmp(argv[i], "-b")) { can_write_bl = 1; @@ -55,11 +114,9 @@ int main(int argc, char **argv) } } - usb_init(); - + serial_port_name = argv[1]; fprintf(stderr, "Waiting for Proxmark to appear on USB..."); while (!OpenProxmark(0)) { - sleep(1); fprintf(stderr, "."); } fprintf(stderr, " Found.\n"); diff --git a/client/mifarehost.c b/client/mifarehost.c index 825e06d8..14674b16 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -15,7 +15,6 @@ #include "proxmark3.h" // MIFARE - int compar_int(const void * a, const void * b) { return (*(uint64_t*)b - *(uint64_t*)a); } diff --git a/client/mifarehost.h b/client/mifarehost.h index a264002f..9e026a55 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -15,7 +15,7 @@ #include "cmdmain.h" #include "ui.h" #include "data.h" -#include "proxusb.h" +//#include "proxusb.h" #include "util.h" #include "nonce2key/nonce2key.h" #include "nonce2key/crapto1.h" diff --git a/client/proxusb.c b/client/proxusb.c deleted file mode 100644 index 2f152ace..00000000 --- a/client/proxusb.c +++ /dev/null @@ -1,222 +0,0 @@ -//----------------------------------------------------------------------------- -// Copyright (C) 2009 Michael Gernoth -// Copyright (C) 2010 iZsh -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// USB utilities -//----------------------------------------------------------------------------- - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "sleep.h" -#include "proxusb.h" -#include "proxmark3.h" -#include "usb_cmd.h" - -// It seems to be missing for mingw -#ifndef ETIMEDOUT -#define ETIMEDOUT 116 -#endif - -usb_dev_handle *devh = NULL; -static unsigned int claimed_iface = 0; -unsigned char return_on_error = 0; -unsigned char error_occured = 0; -extern unsigned int current_command; - -void SendCommand_(HidCommand *c) -{ - int ret; - -#if 0 - printf("Sending %d bytes\n", sizeof(HidCommand)); -#endif - current_command = c->cmd; - ret = usb_bulk_write(devh, 0x01, (char*)c, sizeof(HidCommand), 1000); - if (ret<0) { - error_occured = 1; - if (return_on_error) - return; - - fprintf(stderr, "write failed: %s!\nTrying to reopen device...\n", - usb_strerror()); - - if (devh) { - usb_close(devh); - devh = NULL; - } - while(!OpenProxmark(0)) { sleep(1); } - printf(PROXPROMPT); - fflush(NULL); - - return; - } -} - -bool ReceiveCommandPoll(HidCommand *c) -{ - int ret; - - memset(c, 0, sizeof (HidCommand)); - ret = usb_bulk_read(devh, 0x82, (char*)c, sizeof(HidCommand), 500); - if (ret<0) { - if (ret != -ETIMEDOUT) { - error_occured = 1; - if (return_on_error) - return false; - - fprintf(stderr, "read failed: %s(%d)!\nTrying to reopen device...\n", - usb_strerror(), ret); - - if (devh) { - usb_close(devh); - devh = NULL; - } - while(!OpenProxmark(0)) { sleep(1); } - printf(PROXPROMPT); - fflush(NULL); - - return false; - } - } else { - if (ret && (ret < sizeof(HidCommand))) { - fprintf(stderr, "Read only %d instead of requested %d bytes!\n", - ret, (int)sizeof(HidCommand)); - } - } - - return ret > 0; -} - -void ReceiveCommand(HidCommand *c) -{ -// printf("%s()\n", __FUNCTION__); - int retval = 0; - do { - retval = ReceiveCommandPoll(c); - if (retval != 1) printf("ReceiveCommandPoll returned %d\n", retval); - } while(retval<0); -// printf("recv %x\n", c->cmd); -} - -usb_dev_handle* findProxmark(int verbose, unsigned int *iface) -{ - struct usb_bus *busses, *bus; - usb_dev_handle *handle = NULL; - struct prox_unit units[50]; - int iUnit = 0; - - usb_find_busses(); - usb_find_devices(); - - busses = usb_get_busses(); - - for (bus = busses; bus; bus = bus->next) { - struct usb_device *dev; - - for (dev = bus->devices; dev; dev = dev->next) { - struct usb_device_descriptor *desc = &(dev->descriptor); - - if ((desc->idProduct == 0x4b8f) && (desc->idVendor == 0x9ac4)) { - handle = usb_open(dev); - if (!handle) { - if (verbose) - fprintf(stderr, "open fabiled: %s!\n", usb_strerror()); - //return NULL; - continue; - } - *iface = dev->config[0].interface[0].altsetting[0].bInterfaceNumber; - - struct prox_unit unit = {handle, {0}}; - usb_get_string_simple(handle, desc->iSerialNumber, unit.serial_number, sizeof(unit.serial_number)); - units[iUnit++] = unit; - - //return handle; - } - } - } - - if (iUnit > 0) { - int iSelection = 0; - - fprintf(stdout, "\nConnected units:\n"); - - for (int i = 0; i < iUnit; i++) { - struct usb_device * dev = usb_device(units[i].handle); - fprintf(stdout, "\t%d. SN: %s [%s/%s]\n", i+1, units[i].serial_number, dev->bus->dirname, dev->filename); - } - if (iUnit > 1) { - while (iSelection < 1 || iSelection > iUnit) { - fprintf(stdout, "Which unit do you want to connect to? "); - fscanf(stdin, "%d", &iSelection); - } - } - else - iSelection = 1; - iSelection --; - - for (int i = 0; i < iUnit; i++) { - if (iSelection == i) continue; - usb_close(units[i].handle); - units[i].handle = NULL; - } - - return units[iSelection].handle; - } - - return NULL; -} - -usb_dev_handle* OpenProxmark(int verbose) -{ - int ret; - usb_dev_handle *handle = NULL; - unsigned int iface; - - handle = findProxmark(verbose, &iface); - if (!handle) - return NULL; - -#ifdef __linux__ - /* detach kernel driver first */ - ret = usb_detach_kernel_driver_np(handle, iface); - /* don't complain if no driver attached */ - if (ret<0 && ret != -61 && verbose) - fprintf(stderr, "detach kernel driver failed: (%d) %s!\n", ret, usb_strerror()); -#endif - - // Needed for Windows. Optional for Mac OS and Linux - ret = usb_set_configuration(handle, 1); - if (ret < 0) { - if (verbose) - fprintf(stderr, "configuration set failed: %s!\n", usb_strerror()); - return NULL; - } - - ret = usb_claim_interface(handle, iface); - if (ret < 0) { - if (verbose) - fprintf(stderr, "claim failed: %s!\n", usb_strerror()); - return NULL; - } - claimed_iface = iface; - devh = handle; - return handle; -} - -void CloseProxmark(void) -{ - usb_release_interface(devh, claimed_iface); - usb_close(devh); - devh = NULL; -} diff --git a/client/proxusb.h b/client/proxusb.h deleted file mode 100644 index cc34fd48..00000000 --- a/client/proxusb.h +++ /dev/null @@ -1,34 +0,0 @@ -//----------------------------------------------------------------------------- -// Copyright (C) 2010 iZsh -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// USB utilities -//----------------------------------------------------------------------------- - -#ifndef PROXUSB_H__ -#define PROXUSB_H__ - -#include -#include -#include -#include "usb_cmd.h" - -extern unsigned char return_on_error; -extern unsigned char error_occured; - -void SendCommand_(HidCommand *c); -bool ReceiveCommandPoll(HidCommand *c); -void ReceiveCommand(HidCommand *c); -struct usb_dev_handle* FindProxmark(int verbose, unsigned int *iface); -struct usb_dev_handle* OpenProxmark(int verbose); -void CloseProxmark(void); - -struct prox_unit { - usb_dev_handle *handle; - char serial_number[256]; -}; - -#endif diff --git a/common/Makefile.common b/common/Makefile.common index 9ff05c50..2befd456 100644 --- a/common/Makefile.common +++ b/common/Makefile.common @@ -65,7 +65,7 @@ VPATH = . ../common/ ../fpga/ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES) -CFLAGS = -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) +CFLAGS = -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n LIBS = -lgcc diff --git a/armsrc/cmd.c b/common/cmd.c similarity index 89% rename from armsrc/cmd.c rename to common/cmd.c index ff5c4f81..49d9d942 100644 --- a/armsrc/cmd.c +++ b/common/cmd.c @@ -32,7 +32,6 @@ #include "cmd.h" #include "string.h" -#include "util.h" #include "proxmark3.h" //static UsbCommand txcmd; @@ -55,6 +54,10 @@ bool cmd_receive(UsbCommand* cmd) { bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len) { UsbCommand txcmd; + for (size_t i=0; iPIO_ODR = GPIO_USB_PU; - SpinDelay(100); +// SpinDelay(100); // Clear all lingering interrupts if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) { @@ -257,7 +256,8 @@ void usb_enable() { usb_disable(); // Wait for a short while - SpinDelay(100); + for (volatile size_t i=0; i<0x100000; i++); +// SpinDelay(100); // Reconnect USB reconnect AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU; diff --git a/armsrc/usb_cdc.h b/common/usb_cdc.h similarity index 100% rename from armsrc/usb_cdc.h rename to common/usb_cdc.h diff --git a/include/common.h b/include/common.h index 13daa86e..ba286377 100644 --- a/include/common.h +++ b/include/common.h @@ -18,4 +18,7 @@ #include typedef unsigned char byte_t; +#define MIN(a, b) (((a) < (b)) ? (a) : (b)) +#define MAX(a, b) (((a) > (b)) ? (a) : (b)) + #endif diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 62c0acd7..349496b7 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -23,15 +23,6 @@ typedef BYTE uint8_t; #define PACKED __attribute__((packed)) #endif -typedef struct { - uint32_t cmd; - uint32_t arg[3]; - union { - uint8_t asBytes[48]; - uint32_t asDwords[12]; - } d; -} PACKED HidCommand; - #define USB_CMD_DATA_SIZE 512 typedef struct { -- 2.39.5 From 50d6e4abc154916cb4cf62f294700181bfc2abbc Mon Sep 17 00:00:00 2001 From: "roel@libnfc.org" Date: Thu, 28 Feb 2013 16:04:21 +0000 Subject: [PATCH 16/16] douniwan5788: --- client/proxmark3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/proxmark3.c b/client/proxmark3.c index db37780d..5ac7cd0e 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -144,7 +144,7 @@ static void *main_loop(void *targ) { nl = strrchr(script_cmd_buf, '\n'); if (nl) *nl = '\0'; - if ((cmd = (char*) malloc(strlen(script_cmd_buf))) != NULL) + if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) { memset(cmd, 0, strlen(script_cmd_buf)); strcpy(cmd, script_cmd_buf); -- 2.39.5