github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'master' of https://github.com/Proxmark/proxmark3

Browse source 
Conflicts:
	armsrc/iclass.c
	armsrc/lfops.c
	client/cmdlf.c
	common/lfdemod.c
	include/usb_cmd.h
This commit is contained in:
iceman1001 2015-03-30 21:11:37 +02:00
commit 02d352fea7
10 changed files with 4186 additions and 4180 deletions
Download patch file Download diff file Expand all files Collapse all files

28
CHANGELOG.md Normal file
View file

@ -0,0 +1,28 @@
# Change Log
All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [Unreleased][unreleased]
### Changed
- Iclass read, `hf iclass read` now also reads tag config and prints configuration. (holiman)
### Fixed
- Fixed issue #19, problems with LF T55xx commands (marshmellow)
### Added
- Added changelog
## [2.0.0] - 2015-03-25
### Changed
- LF sim operations now abort when new commands arrive over the USB - not required to push the device button anymore.
### Fixed
- Mifare simulation, `hf mf sim` (was broken a long time) (pwpiwi)
- Major improvements in LF area and data operations. (marshmellow, iceman1001)
- Issues regarding LF simulation (pwpiwi)
### Added
- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers don't seem to enforce update. (holiman).
- iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode.

69
armsrc/iclass.c
View file

@ -1628,7 +1628,10 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
static uint8_t act_all[] = { 0x0a };
static uint8_t identify[] = { 0x0c };
static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
static uint8_t readcheck_cc[]= { 0x88, 0x02 };
static uint8_t readcheck_cc[]= { 0x88, 0x02,};
uint8_t resp[ICLASS_BUFFER_SIZE];
uint8_t read_status = 0;
@ -1663,27 +1666,32 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
if(ReaderReceiveIClass(resp) == 8) {
//Save CC (e-purse) in response data
memcpy(card_data+8,resp,8);
//Got both
read_status = 2;
read_status++;
}
return read_status;
}
// Reader iClass Anticollission
void ReaderIClass(uint8_t arg0) {
uint8_t card_data[24]={0};
uint8_t card_data[6 * 8]={0xFF};
uint8_t last_csn[8]={0};
//Read conf block CRC(0x01) => 0xfa 0x22
uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
//Read conf block CRC(0x05) => 0xde 0x64
uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
int read_status= 0;
uint8_t result_status = 0;
bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC;
set_tracing(TRUE);
setupIclassReader();
size_t datasize = 0;
while(!BUTTON_PRESS())
{
@ -1696,15 +1704,40 @@ void ReaderIClass(uint8_t arg0) {
read_status = handshakeIclassTag(card_data);
if(read_status == 0) continue;
if(read_status == 1) datasize = 8;
if(read_status == 2) datasize = 16;
if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC;
//Todo, read the public blocks 1,5 aswell:
//
// 0 : CSN (we already have)
// handshakeIclass returns CSN|CC, but the actual block
// layout is CSN|CONFIG|CC, so here we reorder the data,
// moving CC forward 8 bytes
memcpy(card_data+16,card_data+8, 8);
//Read block 1, config
if(arg0 & FLAG_ICLASS_READER_CONF)
{
if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
{
Dbprintf("Failed to dump config block");
}else
{
result_status |= FLAG_ICLASS_READER_CONF;
}
}
//Read block 5, AA
if(arg0 & FLAG_ICLASS_READER_AA){
if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
{
// Dbprintf("Failed to dump AA block");
}else
{
result_status |= FLAG_ICLASS_READER_AA;
}
}
// 0 : CSN
// 1 : Configuration
// 2 : e-purse (we already have)
// (3,4 write-only)
// 2 : e-purse
// (3,4 write-only, kc and kd)
// 5 Application issuer area
//
//Then we can 'ship' back the 8 * 5 bytes of data,
@ -1714,10 +1747,10 @@ void ReaderIClass(uint8_t arg0) {
//Send back to client, but don't bother if we already sent this
if(memcmp(last_csn, card_data, 8) != 0)
{
if(!get_cc || (get_cc && read_status == 2))
// If caller requires that we get CC, continue until we got it
if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
{
cmd_send(CMD_ACK,read_status,0,0,card_data,datasize);
cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
if(abort_after_read) {
LED_A_OFF();
return;
@ -1725,7 +1758,7 @@ void ReaderIClass(uint8_t arg0) {
//Save that we already sent this....
memcpy(last_csn, card_data, 8);
}
//If 'get_cc' was specified and we didn't get a CC, we'll just keep trying...
}
LED_B_OFF();
}

128
armsrc/lfops.c
View file

@ -73,6 +73,8 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1,
DoAcquisition_config(false);
}
/* blank r/w tag data stream
...0000000000000000 01111111
1010101010101010101010101010101010101010101010101010101010101010
@ -380,7 +382,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
DbpString("Now use tiread to check");
}
void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
{
int i;
uint8_t *tab = BigBuf_get_addr();
@ -894,6 +896,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
//Dbprintf("DEBUG: No Tag");
}
WDT_HIT();
hi = 0;
lo = 0;
clk=0;
invert=0;
@ -912,8 +915,6 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
uint8_t version=0;
uint8_t facilitycode=0;
uint16_t number=0;
uint8_t crc = 0;
uint16_t calccrc = 0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -932,17 +933,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
//| | | | | | |
//01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
//-----------------------------------------------------------------------------
//00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 checksum 11
//00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
//
//Checksum:
//00000000 0 11110000 1 11100000 1 00000001 1 00000011 1 10110110 1 01110101 11
//preamble F0 E0 01 03 B6 75
// How to calc checksum,
// http://www.proxmark.org/forum/viewtopic.php?id=364&p=6
// F0 + E0 + 01 + 03 + B6 = 28A
// 28A & FF = 8A
// FF - 8A = 75
// Checksum: 0x75
//XSF(version)facility:codeone+codetwo
//Handle the data
if(findone){ //only print binary if we are doing one
@ -960,15 +952,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
facilitycode = bytebits_to_byte(dest+idx+18,8) ;
number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
crc = bytebits_to_byte(dest+idx+54,8);
for (uint8_t i=1; i<6; ++i)
calccrc += bytebits_to_byte(dest+idx+9*i,8);
calccrc &= 0xff;
calccrc = 0xff - calccrc;
char *crcStr = (crc == calccrc) ? "ok":"!crc";
Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
// if we're only looking for one tag
if (findone){
if (ledcontrol) LED_A_OFF();
@ -1048,23 +1032,9 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
* and enlarge the gap ones.
*/
#define START_GAP 50*8 // 10 - 50fc 250
#define WRITE_GAP 20*8 // 8 - 30fc
#define WRITE_0 24*8 // 16 - 31fc 24fc 192
#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
// VALUES TAKEN FROM EM4x function: SendForward
// START_GAP = 440; (55*8) cycles at 125Khz (8us = 1cycle)
// WRITE_GAP = 128; (16*8)
// WRITE_1 = 256 32*8; (32*8)
// These timings work for 4469/4269/4305 (with the 55*8 above)
// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8);
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
// Hitag units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier)
// T0 = TIMER_CLOCK1 / 125000 = 192
// 1 Cycle = 8 microseconds(us)
#define WRITE_GAP 20*8 // - 30fc 160
#define WRITE_0 24*8 // 16 - 63fc 54fc 144
#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
@ -1074,7 +1044,7 @@ void T55xxWriteBit(int bit)
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
if (!bit)
if (bit == 0)
SpinDelayUs(WRITE_0);
else
SpinDelayUs(WRITE_1);
@ -1222,19 +1192,10 @@ void T55xxReadTrace(void){
}
cmd_send(CMD_ACK,0,0,0,0,0);
cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
}
void TurnReadLFOn(){
//FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Give it a bit of time for the resonant antenna to settle.
//SpinDelay(30);
SpinDelayUs(8*150);
}
/*-------------- Cloning routines -----------*/
// Copy HID id to card and setup block 0 config
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
@ -1537,16 +1498,10 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
#define max(x,y) ( x<y ? y:x)
int DemodPCF7931(uint8_t **outBlocks) {
uint8_t bits[256] = {0x00};
uint8_t blocks[8][16];
uint8_t *dest = BigBuf_get_addr();
uint8_t BitStream[256];
uint8_t Blocks[8][16];
uint8_t *GraphBuffer = BigBuf_get_addr();
int GraphTraceLen = BigBuf_max_traceLen();
if ( GraphTraceLen > 18000 )
GraphTraceLen = 18000;
int i, j, lastval, bitidx, half_switch;
int clock = 64;
int tolerance = clock / 8;
@ -1557,7 +1512,8 @@ int DemodPCF7931(uint8_t **outBlocks) {
uint8_t dir;
LFSetupFPGAForADC(95, true);
DoAcquisition_default(0, true);
DoAcquisition_default(0, 0);
lmin = 64;
lmax = 192;
@ -1565,9 +1521,9 @@ int DemodPCF7931(uint8_t **outBlocks) {
i = 2;
/* Find first local max/min */
if(dest[1] > dest[0]) {
if(GraphBuffer[1] > GraphBuffer[0]) {
while(i < GraphTraceLen) {
if( !(dest[i] > dest[i-1]) && dest[i] > lmax)
if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax)
break;
i++;
}
@ -1575,7 +1531,7 @@ int DemodPCF7931(uint8_t **outBlocks) {
}
else {
while(i < GraphTraceLen) {
if( !(dest[i] < dest[i-1]) && dest[i] < lmin)
if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin)
break;
i++;
}
@ -1589,7 +1545,7 @@ int DemodPCF7931(uint8_t **outBlocks) {
for (bitidx = 0; i < GraphTraceLen; i++)
{
if ( (dest[i-1] > dest[i] && dir == 1 && dest[i] > lmax) || (dest[i-1] < dest[i] && dir == 0 && dest[i] < lmin))
if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
{
lc = i - lastval;
lastval = i;
@ -1618,14 +1574,14 @@ int DemodPCF7931(uint8_t **outBlocks) {
block_done = 1;
}
else if(half_switch == 1) {
bits[bitidx++] = 0;
BitStream[bitidx++] = 0;
half_switch = 0;
}
else
half_switch++;
} else if (abs(lc-clock) < tolerance) {
// 64TO
bits[bitidx++] = 1;
BitStream[bitidx++] = 1;
} else {
// Error
warnings++;
@ -1639,15 +1595,14 @@ int DemodPCF7931(uint8_t **outBlocks) {
if(block_done == 1) {
if(bitidx == 128) {
for(j=0; j<16; j++) {
blocks[num_blocks][j] = 128*bits[j*8+7]+
64*bits[j*8+6]+
32*bits[j*8+5]+
16*bits[j*8+4]+
8*bits[j*8+3]+
4*bits[j*8+2]+
2*bits[j*8+1]+
bits[j*8];
Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
64*BitStream[j*8+6]+
32*BitStream[j*8+5]+
16*BitStream[j*8+4]+
8*BitStream[j*8+3]+
4*BitStream[j*8+2]+
2*BitStream[j*8+1]+
BitStream[j*8];
}
num_blocks++;
}
@ -1656,14 +1611,17 @@ int DemodPCF7931(uint8_t **outBlocks) {
half_switch = 0;
}
if(i < GraphTraceLen)
dir =(dest[i-1] > dest[i]) ? 0 : 1;
{
if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
else dir = 1;
}
}
if(bitidx==255)
bitidx=0;
warnings = 0;
if(num_blocks == 4) break;
}
memcpy(outBlocks, blocks, 16*num_blocks);
memcpy(outBlocks, Blocks, 16*num_blocks);
return num_blocks;
}
@ -1961,14 +1919,9 @@ void EM4xLogin(uint32_t Password) {
void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
uint8_t *dest = BigBuf_get_addr();
uint16_t bufferlength = BigBuf_max_traceLen();
uint32_t i = 0;
// Clear destination buffer before sending the command 0x80 = average.
memset(dest, 0x80, bufferlength);
uint8_t fwd_bit_count;
uint8_t *dest = BigBuf_get_addr();
int m=0, i=0;
//If password mode do login
if (PwdMode == 1) EM4xLogin(Pwd);
@ -1977,6 +1930,9 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
fwd_bit_count += Prepare_Addr( Address );
m = BigBuf_max_traceLen();
// Clear destination buffer before sending the command
memset(dest, 128, m);
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Now set up the SSC to get the ADC samples that are now streaming at us.
@ -1992,12 +1948,10 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
++i;
if (i >= bufferlength) break;
i++;
if (i >= m) break;
}
}
cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
}

25
client/cmddata.c
View file

@ -86,7 +86,8 @@ void printDemodBuff(void)
DemodBuffer[i+12],
DemodBuffer[i+13],
DemodBuffer[i+14],
DemodBuffer[i+15]);
DemodBuffer[i+15]
);
}
return;
}
@ -260,7 +261,8 @@ void printBitStream(uint8_t BitStream[], uint32_t bitLen)
BitStream[i+12],
BitStream[i+13],
BitStream[i+14],
BitStream[i+15]);
BitStream[i+15]
);
}
return;
}
@ -280,14 +282,13 @@ void printEM410x(uint32_t hi, uint64_t id)
}
if (hi){
//output 88 bit em id
PrintAndLog("EM TAG ID : %06x%016llx", hi, id);
PrintAndLog("\nEM TAG ID : %06x%016llx", hi, id);
} else{
//output 40 bit em id
PrintAndLog("EM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID: %010llx", id2lo);
PrintAndLog("");
PrintAndLog("Possible de-scramble patterns");
PrintAndLog("HoneyWell IdentKey");
PrintAndLog("\nEM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID : %010llx", id2lo);
PrintAndLog("\nPossible de-scramble patterns");
PrintAndLog("HoneyWell IdentKey {");
PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF);
PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF);
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
@ -296,7 +297,6 @@ void printEM410x(uint32_t hi, uint64_t id)
PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
(id2lo & 0xf000000000) >> 36,
(id2lo & 0x0f00000000) >> 32,
@ -309,9 +309,8 @@ void printEM410x(uint32_t hi, uint64_t id)
(id2lo & 0x00000000f0) >> 4,
(id2lo & 0x000000000f)
);
PrintAndLog("");
uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
PrintAndLog("}\nOther : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("Pattern Paxton : %0d", paxton);
uint32_t p1id = (id & 0xFFFFFF);
@ -400,8 +399,8 @@ int CmdAskEM410xDemod(const char *Cmd)
PrintAndLog(" : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return 0;
}
uint32_t hi;
uint64_t lo;
uint32_t hi = 0;
uint64_t lo = 0;
if (AskEm410xDemod(Cmd, &hi, &lo)) {
PrintAndLog("EM410x pattern found: ");
printEM410x(hi, lo);

27
client/cmdhficlass.c
View file

@ -30,6 +30,7 @@
#include "loclass/elite_crack.h"
#include "loclass/fileutils.h"
#include "protocols.h"
#include "usb_cmd.h"
static int CmdHelp(const char *Cmd);
@ -166,29 +167,25 @@ int CmdHFiClassSim(const char *Cmd)
int CmdHFiClassReader(const char *Cmd)
{
UsbCommand c = {CMD_READER_ICLASS, {0}};
UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
SendCommand(&c);
UsbCommand resp;
while(!ukbhit()){
if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t readStatus = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
PrintAndLog("isOk:%02x", isOK);
if( isOK == 0){
PrintAndLog("Readstatus:%02x", readStatus);
if( readStatus == 0){
//Aborted
PrintAndLog("Quitting...");
return 0;
}
if(isOK > 0)
{
PrintAndLog("CSN: %s",sprint_hex(data,8));
}
if(isOK >= 1)
{
PrintAndLog("CC: %s",sprint_hex(data+8,8));
}else{
PrintAndLog("No CC obtained");
if( readStatus & FLAG_ICLASS_READER_CSN) PrintAndLog("CSN: %s",sprint_hex(data,8));
if( readStatus & FLAG_ICLASS_READER_CC) PrintAndLog("CC: %s",sprint_hex(data+16,8));
if( readStatus & FLAG_ICLASS_READER_CONF){
printIclassDumpInfo(data);
}
} else {
PrintAndLog("Command execute timeout");
@ -269,7 +266,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
uint8_t key_sel_p[8] = { 0 };
UsbCommand c = {CMD_READER_ICLASS, {0}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
SendCommand(&c);
@ -284,7 +281,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
uint8_t * data = resp.d.asBytes;
memcpy(CSN,data,8);
memcpy(CCNR,data+8,8);
memcpy(CCNR,data+16,8);
PrintAndLog("isOk:%02x", isOK);

5
client/graph.c
View file

@ -146,7 +146,7 @@ uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose)
}
//uint8_t countPSK_FC(uint8_t *BitStream, size_t size)
carrier = countPSK_FC(grph,size);
carrier = countFC(grph,size,0);
// Only print this message if we're not looping something
if (printAns){
PrintAndLog("Auto-detected PSK carrier rate: %d", carrier);
@ -232,8 +232,7 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose)
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(BitStream);
if (size==0) return 0;
uint8_t dummy = 0;
uint16_t ans = countFC(BitStream, size, &dummy);
uint16_t ans = countFC(BitStream, size, 1);
if (ans==0) {
if (verbose) PrintAndLog("DEBUG: No data found");
return 0;

1
common/ldscript.common
View file

@ -14,6 +14,7 @@ MEMORY
bootphase1 : ORIGIN = 0x00100000, LENGTH = 0x200 /* Phase 1 bootloader: Copies real bootloader to RAM */
bootphase2 : ORIGIN = 0x00100200, LENGTH = 0x2000 - 0x200 /* Main bootloader code, stored in Flash, executed from RAM */
fpgaimage : ORIGIN = 0x00102000, LENGTH = 96k - 0x2000 /* Place where the FPGA image will end up */
//osimage : ORIGIN = 0x00118000, LENGTH = 256K - 96k /* Place where the main OS will end up */
osimage : ORIGIN = 0x00118000, LENGTH = 256K - 96k /* Place where the main OS will end up */
ram : ORIGIN = 0x00200000, LENGTH = 64K - 0x20 /* RAM, minus small common area */
commonarea : ORIGIN = 0x00200000 + 64K - 0x20, LENGTH = 0x20 /* Communication between bootloader and main OS */

20
common/lfdemod.c
View file

@ -88,27 +88,24 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_
return 0;
}
// 111111111 bit pattern represent start of frame
uint8_t preamble[] = {1,1,1,1,1,1,1,1,1};
// include 0 in front to help get start pos
uint8_t preamble[] = {0,1,1,1,1,1,1,1,1,1};
uint32_t idx = 0;
uint32_t parityBits = 0;
uint8_t errChk = 0;
uint8_t FmtLen = 10;
*startIdx = 0;
for (uint8_t extraBitChk=0; extraBitChk<5; extraBitChk++){
errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx);
if (errChk == 0) return 0;
if (*size<64) return 0;
if (*size>64) FmtLen = 22;
if (*size<64) return 0;
errChk = preambleSearch(BitStream, preamble, sizeof(preamble), size, startIdx);
if (errChk == 0 || *size < 64) return 0;
if (*size > 64) FmtLen = 22;
*startIdx += 1; //get rid of 0 from preamble
idx = *startIdx + 9;
for (i=0; i<FmtLen; i++){ //loop through 10 or 22 sets of 5 bits (50-10p = 40 bits or 88 bits)
parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5);
//check even parity
if (parityTest(parityBits, 5, 0) == 0){
//parity failed try next bit (in the case of 1111111111) but last 9 = preamble
startIdx++;
errChk = 0;
break;
//parity failed quit
return 0;
}
//set uint64 with ID from BitStream
for (uint8_t ii=0; ii<4; ii++){
@ -119,7 +116,6 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_
if (errChk != 0) return 1;
//skip last 5 bit parity test for simplicity.
// *size = 64 | 128;
}
return 0;
}

7
common/lfdemod.h
View file

@ -19,7 +19,6 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low);
int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
//uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
int ManchesterEncode(uint8_t *BitStream, size_t size);
int manrawdecode(uint8_t *BitStream, size_t *size);
int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert);
@ -34,20 +33,16 @@ void psk1TOpsk2(uint8_t *BitStream, size_t size);
void psk2TOpsk1(uint8_t *BitStream, size_t size);
int DetectNRZClock(uint8_t dest[], size_t size, int clock);
int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
void pskCleanWave(uint8_t *bitStream, size_t size);
int PyramiddemodFSK(uint8_t *dest, size_t *size);
int AWIDdemodFSK(uint8_t *dest, size_t *size);
size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen);
uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t *mostFC);
uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t fskAdj);
uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow);
int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx);
uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType);
uint8_t justNoise(uint8_t *BitStream, size_t size);
uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
int DetectPSKClock(uint8_t dest[], size_t size, int clock);
void askAmp(uint8_t *BitStream, size_t size);
#endif

6
include/usb_cmd.h
View file

@ -205,7 +205,11 @@ typedef struct{
//Iclass reader flags
#define FLAG_ICLASS_READER_ONLY_ONCE 0x01
#define FLAG_ICLASS_READER_GET_CC 0x02
#define FLAG_ICLASS_READER_CC 0x02
#define FLAG_ICLASS_READER_CSN 0x04
#define FLAG_ICLASS_READER_CONF 0x08
#define FLAG_ICLASS_READER_AA 0x10
// CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: