github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'master' of https://github.com/Proxmark/proxmark3

Browse source 
Conflicts:
	armsrc/lfops.c
	client/cmddata.c
	client/cmdlf.c
	client/cmdlft55xx.c
	client/cmdlft55xx.h
	client/scripts/test_t55x7_bi.lua
This commit is contained in:
iceman1001 2015-03-24 11:45:31 +01:00
commit 0ec548dc21
30 changed files with 1261 additions and 806 deletions
Download patch file Download diff file Expand all files Collapse all files

15
armsrc/BigBuf.c
View file

@ -171,18 +171,19 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_
traceLen += iLen; traceLen += iLen;
// parity bytes // parity bytes
if (parity != NULL && iLen != 0) { if (iLen != 0) {
if (parity != NULL) {
memcpy(trace + traceLen, parity, num_paritybytes); memcpy(trace + traceLen, parity, num_paritybytes);
} else {
memset(trace + traceLen, 0x00, num_paritybytes);
}
} }
traceLen += num_paritybytes; traceLen += num_paritybytes;
if(traceLen +4 < max_traceLen)
{ //If it hadn't been cleared, for whatever reason..
memset(trace+traceLen,0x44, 4);
}
return TRUE; return TRUE;
} }
int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int readerToTag) int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int readerToTag)
{ {
/** /**
@ -224,6 +225,8 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP
return TRUE; return TRUE;
} }
// Emulator memory // Emulator memory
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){ uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
uint8_t* mem = BigBuf_get_EM_addr(); uint8_t* mem = BigBuf_get_EM_addr();

2
armsrc/Makefile
View file

@ -18,7 +18,7 @@ SRC_LF = lfops.c hitag2.c lfsampling.c
SRC_ISO15693 = iso15693.c iso15693tools.c SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443.c SRC_ISO14443b = iso14443.c
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
THUMBSRC = start.c \ THUMBSRC = start.c \

2
armsrc/appmain.c
View file

@ -647,7 +647,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
setSamplingConfig((sample_config *) c->d.asBytes); setSamplingConfig((sample_config *) c->d.asBytes);
break; break;
case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
cmd_send(CMD_ACK,SampleLF(),0,0,0,0); cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
break; break;
case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);

20
armsrc/apps.h
View file

@ -21,6 +21,13 @@
#include "../common/crc32.h" #include "../common/crc32.h"
#include "BigBuf.h" #include "BigBuf.h"
#include "../include/hitag2.h" #include "../include/hitag2.h"
#include "../include/mifare.h"
//#include <openssl/des.h>
//#include <openssl/aes.h>
//#include "des.h"
//#include "aes.h"
#include "desfire.h"
extern const uint8_t OddByteParity[256]; extern const uint8_t OddByteParity[256];
extern int rsamples; // = 0; extern int rsamples; // = 0;
@ -170,7 +177,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
void ReaderMifare(bool first_try); void ReaderMifare(bool first_try);
int32_t dist_nt(uint32_t nt1, uint32_t nt2); int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0,uint8_t *datain); void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
void MifareUC_Auth1(uint8_t arg0, uint8_t *datain); void MifareUC_Auth1(uint8_t arg0, uint8_t *datain);
void MifareUC_Auth2(uint32_t arg0, uint8_t *datain); void MifareUC_Auth2(uint32_t arg0, uint8_t *datain);
void MifareUReadCard(uint8_t arg0, int Pages, uint8_t *datain); void MifareUReadCard(uint8_t arg0, int Pages, uint8_t *datain);
@ -207,6 +214,17 @@ void OnError(uint8_t reason);
// desfire_crypto.h
void *mifare_cryto_preprocess_data (desfiretag_t tag, void *data, size_t *nbytes, off_t offset, int communication_settings);
void *mifare_cryto_postprocess_data (desfiretag_t tag, void *data, ssize_t *nbytes, int communication_settings);
void mifare_cypher_single_block (desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size);
void mifare_cypher_blocks_chained (desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation);
size_t key_block_size (const desfirekey_t key);
size_t padded_data_length (const size_t nbytes, const size_t block_size);
size_t maced_data_length (const desfirekey_t key, const size_t nbytes);
size_t enciphered_data_length (const desfiretag_t tag, const size_t nbytes, int communication_settings);
void cmac_generate_subkeys (desfirekey_t key);
void cmac (const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
/// iso15693.h /// iso15693.h

121
armsrc/iso14443a.c
View file

@ -213,6 +213,12 @@ void AppendCrc14443a(uint8_t* data, int len)
ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1); ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
} }
void AppendCrc14443b(uint8_t* data, int len)
{
ComputeCrc14443(CRC_14443_B,data,len,data+len,data+len+1);
}
//============================================================================= //=============================================================================
// ISO 14443 Type A - Miller decoder // ISO 14443 Type A - Miller decoder
//============================================================================= //=============================================================================
@ -232,13 +238,17 @@ void AppendCrc14443a(uint8_t* data, int len)
static tUart Uart; static tUart Uart;
// Lookup-Table to decide if 4 raw bits are a modulation. // Lookup-Table to decide if 4 raw bits are a modulation.
// We accept two or three consecutive "0" in any position with the rest "1" // We accept the following:
// 0001 - a 3 tick wide pause
// 0011 - a 2 tick wide pause, or a three tick wide pause shifted left
// 0111 - a 2 tick wide pause shifted left
// 1001 - a 2 tick wide pause shifted right
const bool Mod_Miller_LUT[] = { const bool Mod_Miller_LUT[] = {
TRUE, TRUE, FALSE, TRUE, FALSE, FALSE, FALSE, FALSE, FALSE, TRUE, FALSE, TRUE, FALSE, FALSE, FALSE, TRUE,
TRUE, TRUE, FALSE, FALSE, TRUE, FALSE, FALSE, FALSE FALSE, TRUE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE
}; };
#define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x00F0) >> 4]) #define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x000000F0) >> 4])
#define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x000F)]) #define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x0000000F)])
void UartReset() void UartReset()
{ {
@ -248,8 +258,6 @@ void UartReset()
Uart.parityLen = 0; // number of decoded parity bytes Uart.parityLen = 0; // number of decoded parity bytes
Uart.shiftReg = 0; // shiftreg to hold decoded data bits Uart.shiftReg = 0; // shiftreg to hold decoded data bits
Uart.parityBits = 0; // holds 8 parity bits Uart.parityBits = 0; // holds 8 parity bits
Uart.twoBits = 0x0000; // buffer for 2 Bits
Uart.highCnt = 0;
Uart.startTime = 0; Uart.startTime = 0;
Uart.endTime = 0; Uart.endTime = 0;
} }
@ -258,6 +266,7 @@ void UartInit(uint8_t *data, uint8_t *parity)
{ {
Uart.output = data; Uart.output = data;
Uart.parity = parity; Uart.parity = parity;
Uart.fourBits = 0x00000000; // clear the buffer for 4 Bits
UartReset(); UartReset();
} }
@ -265,40 +274,37 @@ void UartInit(uint8_t *data, uint8_t *parity)
static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
{ {
Uart.twoBits = (Uart.twoBits << 8) | bit; Uart.fourBits = (Uart.fourBits << 8) | bit;
if (Uart.state == STATE_UNSYNCD) { // not yet synced if (Uart.state == STATE_UNSYNCD) { // not yet synced
if (Uart.highCnt < 2) { // wait for a stable unmodulated signal Uart.syncBit = 9999; // not set
if (Uart.twoBits == 0xffff) { // The start bit is one ore more Sequence Y followed by a Sequence Z (... 11111111 00x11111). We need to distinguish from
Uart.highCnt++; // Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111)
} else { // we therefore look for a ...xx11111111111100x11111xxxxxx... pattern
Uart.highCnt = 0; // (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's)
} #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000
} else { #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000
Uart.syncBit = 0xFFFF; // not set if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7;
// we look for a ...1111111100x11111xxxxxx pattern (the start bit) else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6;
if ((Uart.twoBits & 0xDF00) == 0x1F00) Uart.syncBit = 8; // mask is 11x11111 xxxxxxxx, else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5;
// check for 00x11111 xxxxxxxx else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 3)) == ISO14443A_STARTBIT_PATTERN >> 3) Uart.syncBit = 4;
else if ((Uart.twoBits & 0xEF80) == 0x8F80) Uart.syncBit = 7; // both masks shifted right one bit, left padded with '1' else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 4)) == ISO14443A_STARTBIT_PATTERN >> 4) Uart.syncBit = 3;
else if ((Uart.twoBits & 0xF7C0) == 0xC7C0) Uart.syncBit = 6; // ... else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 5)) == ISO14443A_STARTBIT_PATTERN >> 5) Uart.syncBit = 2;
else if ((Uart.twoBits & 0xFBE0) == 0xE3E0) Uart.syncBit = 5; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 6)) == ISO14443A_STARTBIT_PATTERN >> 6) Uart.syncBit = 1;
else if ((Uart.twoBits & 0xFDF0) == 0xF1F0) Uart.syncBit = 4; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 7)) == ISO14443A_STARTBIT_PATTERN >> 7) Uart.syncBit = 0;
else if ((Uart.twoBits & 0xFEF8) == 0xF8F8) Uart.syncBit = 3;
else if ((Uart.twoBits & 0xFF7C) == 0xFC7C) Uart.syncBit = 2; if (Uart.syncBit != 9999) { // found a sync bit
else if ((Uart.twoBits & 0xFFBE) == 0xFE3E) Uart.syncBit = 1;
if (Uart.syncBit != 0xFFFF) { // found a sync bit
Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8); Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
Uart.startTime -= Uart.syncBit; Uart.startTime -= Uart.syncBit;
Uart.endTime = Uart.startTime; Uart.endTime = Uart.startTime;
Uart.state = STATE_START_OF_COMMUNICATION; Uart.state = STATE_START_OF_COMMUNICATION;
} }
}
} else { } else {
if (IsMillerModulationNibble1(Uart.twoBits >> Uart.syncBit)) { if (IsMillerModulationNibble1(Uart.fourBits >> Uart.syncBit)) {
if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) { // Modulation in both halves - error if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation in both halves - error
UartReset(); UartReset();
} else { // Modulation in first half = Sequence Z = logic "0" } else { // Modulation in first half = Sequence Z = logic "0"
if (Uart.state == STATE_MILLER_X) { // error - must not follow after X if (Uart.state == STATE_MILLER_X) { // error - must not follow after X
@ -322,7 +328,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
} }
} }
} else { } else {
if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1" if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1"
Uart.bitCount++; Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg
Uart.state = STATE_MILLER_X; Uart.state = STATE_MILLER_X;
@ -358,12 +364,10 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
return TRUE; // we are finished with decoding the raw data sequence return TRUE; // we are finished with decoding the raw data sequence
} else { } else {
UartReset(); // Nothing received - start over UartReset(); // Nothing received - start over
Uart.highCnt = 1;
} }
} }
if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
UartReset(); UartReset();
Uart.highCnt = 1;
} else { // a logic "0" } else { // a logic "0"
Uart.bitCount++; Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
@ -680,6 +684,9 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
// And ready to receive another response. // And ready to receive another response.
DemodReset(); DemodReset();
// And reset the Miller decoder including itS (now outdated) input buffer
UartInit(receivedCmd, receivedCmdPar);
LED_C_OFF(); LED_C_OFF();
} }
TagIsActive = (Demod.state != DEMOD_UNSYNCD); TagIsActive = (Demod.state != DEMOD_UNSYNCD);
@ -1337,7 +1344,7 @@ void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8
} }
// Only transmit parity bit if we transmitted a complete byte // Only transmit parity bit if we transmitted a complete byte
if (j == 8) { if (j == 8 && parity != NULL) {
// Get the parity bit // Get the parity bit
if (parity[i>>3] & (0x80 >> (i&0x0007))) { if (parity[i>>3] & (0x80 >> (i&0x0007))) {
// Sequence X // Sequence X
@ -1631,6 +1638,7 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
} }
} }
void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing) void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
{ {
CodeIso14443aBitsAsReaderPar(frame, bits, par); CodeIso14443aBitsAsReaderPar(frame, bits, par);
@ -1646,11 +1654,13 @@ void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t
} }
} }
void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing) void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
{ {
ReaderTransmitBitsPar(frame, len*8, par, timing); ReaderTransmitBitsPar(frame, len*8, par, timing);
} }
void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing) void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
{ {
// Generate parity and redirect // Generate parity and redirect
@ -1659,6 +1669,7 @@ void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
ReaderTransmitBitsPar(frame, len, par, timing); ReaderTransmitBitsPar(frame, len, par, timing);
} }
void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing) void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
{ {
// Generate parity and redirect // Generate parity and redirect
@ -1719,6 +1730,11 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
memset(uid_ptr,0,10); memset(uid_ptr,0,10);
} }
// check for proprietary anticollision:
if ((resp[0] & 0x1F) == 0) {
return 3;
}
// OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in
// which case we need to make a cascade 2 request and select - this is a long UID // which case we need to make a cascade 2 request and select - this is a long UID
// While the UID is not complete, the 3nd bit (from the right) is set in the SAK. // While the UID is not complete, the 3nd bit (from the right) is set in the SAK.
@ -1851,7 +1867,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
DemodReset(); DemodReset();
UartReset(); UartReset();
NextTransferTime = 2*DELAY_ARM2AIR_AS_READER; NextTransferTime = 2*DELAY_ARM2AIR_AS_READER;
iso14a_set_timeout(1050); // 10ms default iso14a_set_timeout(50*106); // 10ms default
} }
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
@ -1927,15 +1943,38 @@ void ReaderIso14443a(UsbCommand *c)
if(param & ISO14A_RAW) { if(param & ISO14A_RAW) {
if(param & ISO14A_APPEND_CRC) { if(param & ISO14A_APPEND_CRC) {
if(param & ISO14A_TOPAZMODE) {
AppendCrc14443b(cmd,len);
} else {
AppendCrc14443a(cmd,len); AppendCrc14443a(cmd,len);
}
len += 2; len += 2;
if (lenbits) lenbits += 16; if (lenbits) lenbits += 16;
} }
if(lenbits>0) { if(lenbits>0) { // want to send a specific number of bits (e.g. short commands)
if(param & ISO14A_TOPAZMODE) {
int bits_to_send = lenbits;
uint16_t i = 0;
ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity
bits_to_send -= 7;
while (bits_to_send > 0) {
ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity
bits_to_send -= 8;
}
} else {
GetParity(cmd, lenbits/8, par); GetParity(cmd, lenbits/8, par);
ReaderTransmitBitsPar(cmd, lenbits, par, NULL); ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity
}
} else { // want to send complete bytes only
if(param & ISO14A_TOPAZMODE) {
uint16_t i = 0;
ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy
while (i < len) {
ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy
}
} else { } else {
ReaderTransmit(cmd,len, NULL); ReaderTransmit(cmd,len, NULL); // 8 bits, odd parity
}
} }
arg0 = ReaderReceive(buf, par); arg0 = ReaderReceive(buf, par);
cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf)); cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
@ -2302,6 +2341,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
} }
if(cardSTATE == MFEMUL_NOFIELD) continue; if(cardSTATE == MFEMUL_NOFIELD) continue;
//Now, get data
res = EmGetCmd(receivedCmd, &len, receivedCmd_par); res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
if (res == 2) { //Field is off! if (res == 2) { //Field is off!
cardSTATE = MFEMUL_NOFIELD; cardSTATE = MFEMUL_NOFIELD;
@ -2805,7 +2846,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, TRUE)) break; if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, TRUE)) break;
/* And ready to receive another command. */ /* And ready to receive another command. */
UartReset(); UartInit(receivedCmd, receivedCmdPar);
/* And also reset the demod code */ /* And also reset the demod code */
DemodReset(); DemodReset();
@ -2822,6 +2863,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
// And ready to receive another response. // And ready to receive another response.
DemodReset(); DemodReset();
// And reset the Miller decoder including its (now outdated) input buffer
UartInit(receivedCmd, receivedCmdPar);
} }
TagIsActive = (Demod.state != DEMOD_UNSYNCD); TagIsActive = (Demod.state != DEMOD_UNSYNCD);
} }

5
armsrc/iso14443a.h
View file

@ -57,15 +57,14 @@ typedef struct {
// DROP_FIRST_HALF, // DROP_FIRST_HALF,
} state; } state;
uint16_t shiftReg; uint16_t shiftReg;
uint16_t bitCount; int16_t bitCount;
uint16_t len; uint16_t len;
uint16_t byteCntMax; uint16_t byteCntMax;
uint16_t posCnt; uint16_t posCnt;
uint16_t syncBit; uint16_t syncBit;
uint8_t parityBits; uint8_t parityBits;
uint8_t parityLen; uint8_t parityLen;
uint16_t highCnt; uint32_t fourBits;
uint16_t twoBits;
uint32_t startTime, endTime; uint32_t startTime, endTime;
uint8_t *output; uint8_t *output;
uint8_t *parity; uint8_t *parity;

71
armsrc/lfops.c
View file

@ -1085,11 +1085,11 @@ void T55xxWriteBit(int bit)
// Write one card block in page 0, no lock // Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{ {
uint32_t i = 0; uint32_t i = 0;
// Set up FPGA, 125kHz // Set up FPGA, 125kHz
// Wait for config.. (192+8190xPOW)x8 == 67ms // Wait for config.. (192+8190xPOW)x8 == 67ms
LFSetupFPGAForADC(0, true); LFSetupFPGAForADC(0, true);
// Now start writting // Now start writting
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1122,20 +1122,28 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
} }
void TurnReadLFOn(){
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Give it a bit of time for the resonant antenna to settle.
SpinDelayUs(8*150);
}
// Read one card block in page 0 // Read one card block in page 0
void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{ {
uint32_t i = 0; uint32_t i = 0;
uint8_t *dest = BigBuf_get_addr(); uint8_t *dest = BigBuf_get_addr();
uint16_t bufferlength = BigBuf_max_traceLen(); uint16_t bufferlength = BigBuf_max_traceLen();
if ( bufferlength > T55xx_SAMPLES_SIZE ) if ( bufferlength > T55xx_SAMPLES_SIZE )
bufferlength = T55xx_SAMPLES_SIZE; bufferlength = T55xx_SAMPLES_SIZE;
memset(dest, 0x80, bufferlength); // Clear destination buffer before sending the command
memset(dest, 0x80, bufferlength);
// Set up FPGA, 125kHz
// Wait for config.. (192+8190xPOW)x8 == 67ms // Set up FPGA, 125kHz
LFSetupFPGAForADC(0, true); // Wait for config.. (192+8190xPOW)x8 == 67ms
LFSetupFPGAForADC(0, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP); SpinDelayUs(START_GAP);
@ -1154,40 +1162,40 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
T55xxWriteBit(Block & i); T55xxWriteBit(Block & i);
// Turn field on to read the response // Turn field on to read the response
TurnReadLFOn(); TurnReadLFOn();
// Now do the acquisition // Now do the acquisition
i = 0; i = 0;
for(;;) { for(;;) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x43; AT91C_BASE_SSC->SSC_THR = 0x43;
LED_D_ON(); LED_D_ON();
} }
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
++i; i++;
LED_D_OFF(); LED_D_OFF();
if (i >= bufferlength) break; if (i >= bufferlength) break;
} }
} }
cmd_send(CMD_ACK,0,0,0,0,0); cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF(); LED_D_OFF();
} }
// Read card traceability data (page 1) // Read card traceability data (page 1)
void T55xxReadTrace(void){ void T55xxReadTrace(void){
uint32_t i = 0; uint32_t i = 0;
uint8_t *dest = BigBuf_get_addr(); uint8_t *dest = BigBuf_get_addr();
uint16_t bufferlength = BigBuf_max_traceLen(); uint16_t bufferlength = BigBuf_max_traceLen();
if ( bufferlength > T55xx_SAMPLES_SIZE ) if ( bufferlength > T55xx_SAMPLES_SIZE )
bufferlength = T55xx_SAMPLES_SIZE; bufferlength= T55xx_SAMPLES_SIZE;
memset(dest, 0x80, bufferlength); // Clear destination buffer before sending the command
memset(dest, 0x80, bufferlength);
LFSetupFPGAForADC(0, true);
LFSetupFPGAForADC(0, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP); SpinDelayUs(START_GAP);
@ -1196,24 +1204,25 @@ void T55xxReadTrace(void){
T55xxWriteBit(1); //Page 1 T55xxWriteBit(1); //Page 1
// Turn field on to read the response // Turn field on to read the response
TurnReadLFOn(); TurnReadLFOn();
// Now do the acquisition // Now do the acquisition
for(;;) { for(;;) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x43; AT91C_BASE_SSC->SSC_THR = 0x43;
LED_D_ON(); LED_D_ON();
} }
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
++i; i++;
LED_D_OFF(); LED_D_OFF();
if (i >= bufferlength) break; if (i >= bufferlength) break;
} }
} }
cmd_send(CMD_ACK,0,0,0,0,0); cmd_send(CMD_ACK,0,0,0,0,0);
cmd_send(CMD_ACK,0,0,0,0,0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF(); LED_D_OFF();
} }

12
armsrc/lfsampling.c
View file

@ -224,21 +224,21 @@ uint32_t DoAcquisition_config( bool silent)
,silent); ,silent);
} }
uint32_t ReadLF(bool activeField) uint32_t ReadLF(bool activeField, bool silent)
{ {
printConfig(); if (!silent) printConfig();
LFSetupFPGAForADC(config.divisor, activeField); LFSetupFPGAForADC(config.divisor, activeField);
// Now call the acquisition routine // Now call the acquisition routine
return DoAcquisition_config(false); return DoAcquisition_config(silent);
} }
/** /**
* Initializes the FPGA for reader-mode (field on), and acquires the samples. * Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled * @return number of bits sampled
**/ **/
uint32_t SampleLF() uint32_t SampleLF(bool printCfg)
{ {
return ReadLF(true); return ReadLF(true, printCfg);
} }
/** /**
* Initializes the FPGA for snoop-mode (field off), and acquires the samples. * Initializes the FPGA for snoop-mode (field off), and acquires the samples.
@ -247,5 +247,5 @@ uint32_t SampleLF()
uint32_t SnoopLF() uint32_t SnoopLF()
{ {
return ReadLF(false); return ReadLF(false, true);
} }

2
armsrc/lfsampling.h
View file

@ -5,7 +5,7 @@
* Initializes the FPGA for reader-mode (field on), and acquires the samples. * Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled * @return number of bits sampled
**/ **/
uint32_t SampleLF(); uint32_t SampleLF(bool silent);
/** /**
* Initializes the FPGA for snoop-mode (field off), and acquires the samples. * Initializes the FPGA for snoop-mode (field off), and acquires the samples.

109
armsrc/mifarecmd.c
View file

@ -16,7 +16,8 @@
#include "mifarecmd.h" #include "mifarecmd.h"
#include "apps.h" #include "apps.h"
#include "util.h" #include "util.h"
//#include "../client/loclass/des.h"
#include "des.h"
#include "crc.h" #include "crc.h"
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
@ -104,14 +105,14 @@ void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
if(!iso14443a_select_card(uid, NULL, &cuid)) { if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Can't select card"); Dbprintf("Can't select card");
//OnError(0); OnError(0);
return; return;
}; };
if(mifare_ultra_auth1(cuid, dataoutbuf)){ if(mifare_ultra_auth1(cuid, dataoutbuf)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Authentication part1: Fail."); Dbprintf("Authentication part1: Fail.");
//OnError(1); OnError(1);
return; return;
} }
@ -138,7 +139,7 @@ void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
if(mifare_ultra_auth2(cuid, key, dataoutbuf)){ if(mifare_ultra_auth2(cuid, key, dataoutbuf)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Authentication part2: Fail..."); Dbprintf("Authentication part2: Fail...");
//OnError(1); OnError(1);
return; return;
} }
@ -151,13 +152,21 @@ void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
LEDsoff(); LEDsoff();
} }
void MifareUReadBlock(uint8_t arg0,uint8_t *datain) void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{ {
uint8_t blockNo = arg0; uint8_t blockNo = arg0;
byte_t dataout[16] = {0x00}; byte_t dataout[16] = {0x00};
uint8_t uid[10] = {0x00}; uint8_t uid[10] = {0x00};
uint8_t key[8] = {0x00};
uint32_t cuid; uint32_t cuid;
bool usePwd = false;
usePwd = (arg1 == 1);
// use password
if ( usePwd )
memcpy(key, datain, 8);
LED_A_ON(); LED_A_ON();
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
@ -167,22 +176,82 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
int len = iso14443a_select_card(uid, NULL, &cuid); int len = iso14443a_select_card(uid, NULL, &cuid);
if(!len) { if(!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card"); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);
//OnError(1); OnError(1);
return; return;
}; };
// authenticate here.
if ( usePwd ) {
uint8_t a[8] = { 0x01 };
uint8_t b[8] = { 0x00 };
uint8_t enc_b[8] = { 0x00 };
uint8_t ab[16] = { 0x00 };
uint8_t transKey[8] = { 0x00 };
uint16_t len;
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);
if (len == 1) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
OnError(1);
return;
}
// memcpy(dataout, receivedAnswer, 11);
// tag nonce.
memcpy(enc_b,receivedAnswer+1,8);
// decrypt nonce.
des_dec(enc_b, b, key );
Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x", enc_b[0],enc_b[1],enc_b[2],enc_b[3],enc_b[4],enc_b[5],enc_b[6],enc_b[7] );
rol(b,8);
memcpy(ab ,a,8);
memcpy(ab+8,b,8);
Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );
Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );
// encrypt
des_enc(ab, ab, key);
Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );
Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, ab, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
OnError(1);
return;
}
//
memcpy(transKey, receivedAnswer+1, 8);
Dbprintf("TRANSACTIONKEY: %02x %02x %02x %02x %02x %02x %02x %02x", transKey[0],transKey[1],transKey[2],transKey[3],
transKey[4],transKey[5],transKey[6],transKey[7] );
}
len = mifare_ultra_readblock(cuid, blockNo, dataout); len = mifare_ultra_readblock(cuid, blockNo, dataout);
if(len) { if(len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error"); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
//OnError(2); OnError(2);
return; return;
}; };
len = mifare_ultra_halt(cuid); len = mifare_ultra_halt(cuid);
if(len) { if(len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error"); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
//OnError(3); OnError(3);
return; return;
}; };
@ -261,8 +330,8 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain) void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
{ {
// params // params
uint8_t sectorNo = arg0; uint8_t sectorNo = arg0;
int Pages = arg1; int Pages = arg1;
int count_Pages = 0; int count_Pages = 0;
byte_t dataout[176] = {0x00};; byte_t dataout[176] = {0x00};;
@ -283,8 +352,8 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
if (!len) { if (!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Can't select card"); Dbprintf("Can't select card (RC:%d)",len);
//OnError(1); OnError(1);
return; return;
} }
@ -295,7 +364,7 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
if (len) { if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Read block %d error",i); Dbprintf("Read block %d error",i);
//OnError(2); OnError(2);
return; return;
} else { } else {
count_Pages++; count_Pages++;
@ -306,7 +375,7 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
if (len) { if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Halt error"); Dbprintf("Halt error");
//OnError(3); OnError(3);
return; return;
} }
@ -1143,14 +1212,14 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
if(!len) { if(!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Can't select card"); Dbprintf("Can't select card");
//OnError(1); OnError(1);
return; return;
}; };
if(mifare_desfire_des_auth1(cuid, dataout)){ if(mifare_desfire_des_auth1(cuid, dataout)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Authentication part1: Fail."); Dbprintf("Authentication part1: Fail.");
//OnError(4); OnError(4);
return; return;
} }
@ -1173,7 +1242,7 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
if( isOK) { if( isOK) {
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
Dbprintf("Authentication part2: Failed"); Dbprintf("Authentication part2: Failed");
//OnError(4); OnError(4);
return; return;
} }

15
armsrc/mifaredesfire.c
View file

@ -1,5 +1,6 @@
#include "mifaredesfire.h" #include "mifaredesfire.h"
#include "des.h" #include "des.h"
#include "BigBuf.h"
#define MAX_APPLICATION_COUNT 28 #define MAX_APPLICATION_COUNT 28
#define MAX_FILE_COUNT 16 #define MAX_FILE_COUNT 16
@ -23,7 +24,7 @@ bool InitDesfireCard(){
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
iso14a_set_tracing(TRUE); set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(NULL,card,NULL); int len = iso14443a_select_card(NULL,card,NULL);
@ -65,7 +66,7 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
} }
if ( flags & CLEARTRACE ){ if ( flags & CLEARTRACE ){
iso14a_clear_trace(); clear_trace();
} }
if ( flags & INIT ){ if ( flags & INIT ){
@ -109,8 +110,8 @@ void MifareDesfireGetInformation(){
PCB == 0x0A because sending CID byte. PCB == 0x0A because sending CID byte.
CID == 0x00 first card? CID == 0x00 first card?
*/ */
iso14a_clear_trace(); clear_trace();
iso14a_set_tracing(TRUE); set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// card select - information // card select - information
@ -434,8 +435,8 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
size_t wrappedLen = 0; size_t wrappedLen = 0;
uint8_t wCmd[USB_CMD_DATA_SIZE] = {0}; uint8_t wCmd[USB_CMD_DATA_SIZE] = {0};
uint8_t *resp = ((uint8_t *)BigBuf) + RECV_RESP_OFFSET; uint8_t resp[MAX_FRAME_SIZE];
uint8_t *resp_par = ((uint8_t *)BigBuf) + RECV_RESP_PAR_OFFSET; uint8_t par[MAX_PARITY_SIZE];
wrappedLen = CreateAPDU( cmd, cmd_len, wCmd); wrappedLen = CreateAPDU( cmd, cmd_len, wCmd);
@ -444,7 +445,7 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
} }
ReaderTransmit( wCmd, wrappedLen, NULL); ReaderTransmit( wCmd, wrappedLen, NULL);
len = ReaderReceive(resp, resp_par); len = ReaderReceive(resp, par);
if( len == 0x00 ){ if( len == 0x00 ){
if (MF_DBGLEVEL >= 4) { if (MF_DBGLEVEL >= 4) {

2
client/Makefile
View file

@ -94,6 +94,8 @@ CMDSRCS = nonce2key/crapto1.c\
cmdhficlass.c \ cmdhficlass.c \
cmdhfmf.c \ cmdhfmf.c \
cmdhfmfu.c \ cmdhfmfu.c \
cmdhfmfdes.c \
cmdhftopaz.c \
cmdhw.c \ cmdhw.c \
cmdlf.c \ cmdlf.c \
cmdlfio.c \ cmdlfio.c \

416
client/cmddata.c
View file

@ -35,10 +35,10 @@ void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx)
{ {
if (buff == NULL) if (buff == NULL)
return; return;
if ( size >= MAX_DEMOD_BUF_LEN) if ( size >= MAX_DEMOD_BUF_LEN)
size = MAX_DEMOD_BUF_LEN; size = MAX_DEMOD_BUF_LEN;
size_t i = 0; size_t i = 0;
for (; i < size; i++){ for (; i < size; i++){
DemodBuffer[i]=buff[startIdx++]; DemodBuffer[i]=buff[startIdx++];
@ -283,87 +283,103 @@ void printEM410x(uint32_t hi, uint64_t id)
PrintAndLog("EM TAG ID : %06x%016llx", hi, id); PrintAndLog("EM TAG ID : %06x%016llx", hi, id);
} else{ } else{
//output 40 bit em id //output 40 bit em id
PrintAndLog("EM TAG ID : %010llx", id); PrintAndLog("EM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID: %010llx", id2lo); PrintAndLog("Unique TAG ID: %010llx", id2lo);
PrintAndLog("");
PrintAndLog(""); PrintAndLog("Possible de-scramble patterns");
PrintAndLog("Possible de-scramble patterns"); PrintAndLog("HoneyWell IdentKey");
PrintAndLog("HoneyWell IdentKey"); PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF);
PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF); PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF);
PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF); PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF)); PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF));
PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF)); PrintAndLog("DEZ 3.5B : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF));
PrintAndLog("DEZ 3.5B : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF)); PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF)); PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 14/IK2 : %014lld",id); PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo); PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld", PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
(id2lo & 0xf000000000) >> 36, (id2lo & 0xf000000000) >> 36,
(id2lo & 0x0f00000000) >> 32, (id2lo & 0x0f00000000) >> 32,
(id2lo & 0x00f0000000) >> 28, (id2lo & 0x00f0000000) >> 28,
(id2lo & 0x000f000000) >> 24, (id2lo & 0x000f000000) >> 24,
(id2lo & 0x0000f00000) >> 20, (id2lo & 0x0000f00000) >> 20,
(id2lo & 0x00000f0000) >> 16, (id2lo & 0x00000f0000) >> 16,
(id2lo & 0x000000f000) >> 12, (id2lo & 0x000000f000) >> 12,
(id2lo & 0x0000000f00) >> 8, (id2lo & 0x0000000f00) >> 8,
(id2lo & 0x00000000f0) >> 4, (id2lo & 0x00000000f0) >> 4,
(id2lo & 0x000000000f) (id2lo & 0x000000000f)
); );
PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("");
uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
PrintAndLog("Pattern Paxton : %lld (hex %08llX)", paxton, paxton);
uint32_t p1id = (id & 0xFFFFFF); PrintAndLog("");
uint8_t arr[32] = {0x00}; uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
int i =0; PrintAndLog("Pattern Paxton : %0d", paxton);
int j = 23;
for (; i < 24; ++i, --j ){
arr[i] = (p1id >> i) & 1;
}
uint32_t p1 = 0; uint32_t p1id = (id & 0xFFFFFF);
uint8_t arr[32] = {0x00};
int i =0;
int j = 23;
for (; i < 24; ++i, --j ){
arr[i] = (p1id >> i) & 1;
}
p1 |= arr[23] << 21; uint32_t p1 = 0;
p1 |= arr[22] << 23;
p1 |= arr[21] << 20;
p1 |= arr[20] << 22;
p1 |= arr[19] << 18;
p1 |= arr[18] << 16;
p1 |= arr[17] << 19;
p1 |= arr[16] << 17;
p1 |= arr[15] << 13;
p1 |= arr[14] << 15;
p1 |= arr[13] << 12;
p1 |= arr[12] << 14;
p1 |= arr[11] << 6; p1 |= arr[23] << 21;
p1 |= arr[10] << 2; p1 |= arr[22] << 23;
p1 |= arr[9] << 7; p1 |= arr[21] << 20;
p1 |= arr[8] << 1; p1 |= arr[20] << 22;
p1 |= arr[7] << 0; p1 |= arr[19] << 18;
p1 |= arr[6] << 8; p1 |= arr[18] << 16;
p1 |= arr[5] << 11; p1 |= arr[17] << 19;
p1 |= arr[4] << 3; p1 |= arr[16] << 17;
p1 |= arr[3] << 10; p1 |= arr[15] << 13;
p1 |= arr[2] << 4; p1 |= arr[14] << 15;
p1 |= arr[1] << 5; p1 |= arr[13] << 12;
p1 |= arr[0] << 9; p1 |= arr[12] << 14;
PrintAndLog("Pattern 1 : %d (hex %X)", p1, p1);
uint16_t sebury1 = id & 0xFFFF; p1 |= arr[11] << 6;
uint8_t sebury2 = (id >> 16) & 0x7F; p1 |= arr[10] << 2;
uint32_t sebury3 = id & 0x7FFFFF; p1 |= arr[9] << 7;
PrintAndLog("Pattern Sebury : %010d %03d %d (hex: %X %X %X)", sebury3, sebury2, sebury1, sebury3, sebury2, sebury1); p1 |= arr[8] << 1;
}
p1 |= arr[7] << 0;
p1 |= arr[6] << 8;
p1 |= arr[5] << 11;
p1 |= arr[4] << 3;
p1 |= arr[3] << 10;
p1 |= arr[2] << 4;
p1 |= arr[1] << 5;
p1 |= arr[0] << 9;
PrintAndLog("Pattern 1 : 0x%X - %d", p1, p1);
uint16_t sebury1 = id & 0xFFFF;
uint8_t sebury2 = (id >> 16) & 0x7F;
uint32_t sebury3 = id & 0x7FFFFF;
PrintAndLog("Pattern Sebury : %d %d %d (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
}
} }
return; return;
} }
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo)
{
int ans = ASKmanDemod(Cmd, FALSE, FALSE);
if (!ans) return 0;
size_t idx=0;
if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, hi, lo)){
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
printDemodBuff();
}
return 1;
}
return 0;
}
//by marshmellow //by marshmellow
//takes 3 arguments - clock, invert and maxErr as integers //takes 3 arguments - clock, invert and maxErr as integers
//attempts to demodulate ask while decoding manchester //attempts to demodulate ask while decoding manchester
@ -384,17 +400,9 @@ int CmdAskEM410xDemod(const char *Cmd)
PrintAndLog(" : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors"); PrintAndLog(" : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return 0; return 0;
} }
int ans = ASKmanDemod(Cmd, FALSE, FALSE); uint32_t hi;
if (!ans) return 0; uint64_t lo;
if (AskEm410xDemod(Cmd, &hi, &lo)) {
uint64_t lo =0;
uint32_t hi =0;
size_t idx=0;
if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, &hi, &lo)){
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
printDemodBuff();
}
PrintAndLog("EM410x pattern found: "); PrintAndLog("EM410x pattern found: ");
printEM410x(hi, lo); printEM410x(hi, lo);
return 1; return 1;
@ -550,6 +558,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
PrintAndLog("Usage: data biphaserawdecode [offset] [invert] [maxErr]"); PrintAndLog("Usage: data biphaserawdecode [offset] [invert] [maxErr]");
PrintAndLog(" Converts 10 or 01 to 1 and 11 or 00 to 0"); PrintAndLog(" Converts 10 or 01 to 1 and 11 or 00 to 0");
PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)"); PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)");
PrintAndLog(" --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
PrintAndLog(""); PrintAndLog("");
PrintAndLog(" [offset <0|1>], set to 0 not to adjust start position or to 1 to adjust decode start position"); PrintAndLog(" [offset <0|1>], set to 0 not to adjust start position or to 1 to adjust decode start position");
PrintAndLog(" [invert <0|1>], set to 1 to invert output"); PrintAndLog(" [invert <0|1>], set to 1 to invert output");
@ -712,6 +721,8 @@ int Cmdaskbiphdemod(const char *Cmd)
PrintAndLog(" NOTE: <amplify> can be entered as first, second or last argument"); PrintAndLog(" NOTE: <amplify> can be entered as first, second or last argument");
PrintAndLog(" NOTE: any other arg must have previous args set to work"); PrintAndLog(" NOTE: any other arg must have previous args set to work");
PrintAndLog(""); PrintAndLog("");
PrintAndLog(" NOTE: --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
PrintAndLog("");
PrintAndLog(" sample: data rawdemod ab = demod an ask/biph tag from GraphBuffer"); PrintAndLog(" sample: data rawdemod ab = demod an ask/biph tag from GraphBuffer");
PrintAndLog(" : data rawdemod ab a = demod an ask/biph tag from GraphBuffer, amplified"); PrintAndLog(" : data rawdemod ab a = demod an ask/biph tag from GraphBuffer, amplified");
PrintAndLog(" : data rawdemod ab 1 32 = demod an ask/biph tag from GraphBuffer using an offset of 1 and a clock of RF/32"); PrintAndLog(" : data rawdemod ab 1 32 = demod an ask/biph tag from GraphBuffer using an offset of 1 and a clock of RF/32");
@ -741,7 +752,7 @@ int CmdG_Prox_II_Demod(const char *Cmd)
if (ans < 0){ if (ans < 0){
if (g_debugMode) PrintAndLog("Error gProxII_Demod"); if (g_debugMode) PrintAndLog("Error gProxII_Demod");
return 0; return 0;
} }
//got a good demod //got a good demod
uint32_t ByteStream[65] = {0x00}; uint32_t ByteStream[65] = {0x00};
uint8_t xorKey=0; uint8_t xorKey=0;
@ -846,7 +857,7 @@ int AutoCorrelate(int window, bool SaveGrph, bool verbose)
} else if (sum > maxSum){ } else if (sum > maxSum){
maxSum=sum; maxSum=sum;
lastMax = i; lastMax = i;
} }
} }
if (Correlation==0){ if (Correlation==0){
//try again with wider margin //try again with wider margin
@ -862,8 +873,8 @@ int AutoCorrelate(int window, bool SaveGrph, bool verbose)
if (verbose && Correlation > 0) PrintAndLog("Possible Correlation: %d samples",Correlation); if (verbose && Correlation > 0) PrintAndLog("Possible Correlation: %d samples",Correlation);
if (SaveGrph){ if (SaveGrph){
GraphTraceLen = GraphTraceLen - window; GraphTraceLen = GraphTraceLen - window;
memcpy(GraphBuffer, CorrelBuffer, GraphTraceLen * sizeof (int)); memcpy(GraphBuffer, CorrelBuffer, GraphTraceLen * sizeof (int));
RepaintGraphWindow(); RepaintGraphWindow();
} }
return Correlation; return Correlation;
@ -1171,7 +1182,7 @@ int FSKrawDemod(const char *Cmd, bool verbose)
if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size
if (verbose) { if (verbose) {
PrintAndLog("FSK decoded bitstream:"); PrintAndLog("FSK decoded bitstream:");
printBitStream(BitStream,size); printBitStream(BitStream,size);
} }
return 1; return 1;
@ -1266,7 +1277,6 @@ int CmdFSKdemodHID(const char *Cmd)
if(fmtLen==34){ if(fmtLen==34){
cardnum = (lo>>1)&0xFFFF; cardnum = (lo>>1)&0xFFFF;
fc= ((hi&1)<<15)|(lo>>17); fc= ((hi&1)<<15)|(lo>>17);
// this could also be QUADRAKEY. Uses 34bit HID.
} }
if(fmtLen==35){ if(fmtLen==35){
cardnum = (lo>>1)&0xFFFFF; cardnum = (lo>>1)&0xFFFFF;
@ -1413,21 +1423,19 @@ int CmdFSKdemodIO(const char *Cmd)
uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4 uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ; uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ;
uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9 uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9
uint8_t crc = bytebits_to_byte(BitStream+idx+54,8); uint8_t crc = bytebits_to_byte(BitStream+idx+54,8);
uint16_t calccrc = 0; uint16_t calccrc = 0;
for (uint8_t i=1; i<6; ++i){ for (uint8_t i=1; i<6; ++i){
calccrc += bytebits_to_byte(BitStream+idx+9*i,8); calccrc += bytebits_to_byte(BitStream+idx+9*i,8);
PrintAndLog("%d", calccrc); //PrintAndLog("%d", calccrc);
} }
calccrc &= 0xff; calccrc &= 0xff;
calccrc = 0xff - calccrc; calccrc = 0xff - calccrc;
char *crcStr = (crc == calccrc) ? "ok": "!crc"; char *crcStr = (crc == calccrc) ? "crc ok": "!crc";
PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr); PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
setDemodBuf(BitStream,64,idx); setDemodBuf(BitStream,64,idx);
if (g_debugMode){ if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64); PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64);
@ -1947,25 +1955,22 @@ int NRZrawDemod(const char *Cmd, bool verbose)
int errCnt=0; int errCnt=0;
errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr); errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr);
if (errCnt > maxErr){ if (errCnt > maxErr){
if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
return 0; return 0;
} }
if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first)
if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
return 0; return 0;
} }
if (verbose) if (verbose || g_debugMode) PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
//prime demod buffer for output //prime demod buffer for output
setDemodBuf(BitStream,BitLen,0); setDemodBuf(BitStream,BitLen,0);
if (errCnt>0 && verbose){ if (errCnt>0 && (verbose || g_debugMode)) PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); if (verbose || g_debugMode) {
} PrintAndLog("NRZ demoded bitstream:");
if (verbose) { // Now output the bitstream to the scrollback by line of 16 bits
PrintAndLog("NRZ demoded bitstream:"); printDemodBuff();
// Now output the bitstream to the scrollback by line of 16 bits
printDemodBuff();
} }
return 1; return 1;
} }
@ -2066,7 +2071,7 @@ int CmdRawDemod(const char *Cmd)
PrintAndLog(" <help> as 'h', prints the help for the specific modulation"); PrintAndLog(" <help> as 'h', prints the help for the specific modulation");
PrintAndLog(" <options> see specific modulation help for optional parameters"); PrintAndLog(" <options> see specific modulation help for optional parameters");
PrintAndLog(""); PrintAndLog("");
PrintAndLog(" sample: data rawdemod fs h = print help for ask/raw demod"); PrintAndLog(" sample: data rawdemod fs h = print help specific to fsk demod");
PrintAndLog(" : data rawdemod fs = demod GraphBuffer using: fsk - autodetect"); PrintAndLog(" : data rawdemod fs = demod GraphBuffer using: fsk - autodetect");
PrintAndLog(" : data rawdemod ab = demod GraphBuffer using: ask/biphase - autodetect"); PrintAndLog(" : data rawdemod ab = demod GraphBuffer using: ask/biphase - autodetect");
PrintAndLog(" : data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect"); PrintAndLog(" : data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect");
@ -2195,57 +2200,64 @@ uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b)
return val; return val;
} }
int getSamples(const char *Cmd, bool silent)
{
//If we get all but the last byte in bigbuf,
// we don't have to worry about remaining trash
// in the last byte in case the bits-per-sample
// does not line up on byte boundaries
uint8_t got[BIGBUF_SIZE-1] = { 0 };
int n = strtol(Cmd, NULL, 0);
if (n == 0)
n = sizeof(got);
if (n > sizeof(got))
n = sizeof(got);
PrintAndLog("Reading %d bytes from device memory\n", n);
GetFromBigBuf(got,n,0);
PrintAndLog("Data fetched");
UsbCommand response;
WaitForResponse(CMD_ACK, &response);
uint8_t bits_per_sample = 8;
//Old devices without this feature would send 0 at arg[0]
if(response.arg[0] > 0)
{
sample_config *sc = (sample_config *) response.d.asBytes;
PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
, sc->decimation);
bits_per_sample = sc->bits_per_sample;
}
if(bits_per_sample < 8)
{
PrintAndLog("Unpacking...");
BitstreamOut bout = { got, bits_per_sample * n, 0};
int j =0;
for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
uint8_t sample = getByte(bits_per_sample, &bout);
GraphBuffer[j] = ((int) sample )- 128;
}
GraphTraceLen = j;
PrintAndLog("Unpacked %d samples" , j );
}else
{
for (int j = 0; j < n; j++) {
GraphBuffer[j] = ((int)got[j]) - 128;
}
GraphTraceLen = n;
}
RepaintGraphWindow();
return 0;
}
int CmdSamples(const char *Cmd) int CmdSamples(const char *Cmd)
{ {
//If we get all but the last byte in bigbuf, return getSamples(Cmd, false);
// we don't have to worry about remaining trash
// in the last byte in case the bits-per-sample
// does not line up on byte boundaries
uint8_t got[BIGBUF_SIZE-1] = { 0 };
int n = strtol(Cmd, NULL, 0);
if (n == 0)
n = sizeof(got);
if (n > sizeof(got))
n = sizeof(got);
PrintAndLog("Reading %d bytes from device memory\n", n);
GetFromBigBuf(got,n,0);
PrintAndLog("Data fetched");
UsbCommand response;
WaitForResponse(CMD_ACK, &response);
uint8_t bits_per_sample = 8;
//Old devices without this feature would send 0 at arg[0]
if(response.arg[0] > 0)
{
sample_config *sc = (sample_config *) response.d.asBytes;
PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
, sc->decimation);
bits_per_sample = sc->bits_per_sample;
}
if(bits_per_sample < 8)
{
PrintAndLog("Unpacking...");
BitstreamOut bout = { got, bits_per_sample * n, 0};
int j =0;
for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
uint8_t sample = getByte(bits_per_sample, &bout);
GraphBuffer[j] = ((int) sample )- 128;
}
GraphTraceLen = j;
PrintAndLog("Unpacked %d samples" , j );
}else
{
for (int j = 0; j < n; j++) {
GraphBuffer[j] = ((int)got[j]) - 128;
}
GraphTraceLen = n;
}
RepaintGraphWindow();
return 0;
} }
int CmdTuneSamples(const char *Cmd) int CmdTuneSamples(const char *Cmd)
@ -2741,60 +2753,52 @@ int CmdZerocrossings(const char *Cmd)
static command_t CommandTable[] = static command_t CommandTable[] =
{ {
{"help", CmdHelp, 1, "This help"}, {"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"}, {"amp", CmdAmp, 1, "Amplify peaks"},
//{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"}, //{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
{"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"}, {"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
{"askem410xdemod",CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"}, {"askem410xdemod", CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
{"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"}, {"askgproxiidemod", CmdG_Prox_II_Demod, 1, "Demodulate a G Prox II tag from GraphBuffer"},
//{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"}, {"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
//{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"},
{"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
{"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] [invert<0|1>] Biphase decode bin stream in DemodBuffer (offset = 0|1 bits to shift the decode start)"}, {"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] [invert<0|1>] Biphase decode bin stream in DemodBuffer (offset = 0|1 bits to shift the decode start)"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"}, {"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
//{"bitstream", CmdBitstream, 1, "[clock rate] -- Convert waveform into a bitstream"}, //{"bitstream", CmdBitstream, 1, "[clock rate] -- Convert waveform into a bitstream"},
{"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"}, {"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"},
{"dec", CmdDec, 1, "Decimate samples"}, {"dec", CmdDec, 1, "Decimate samples"},
{"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"}, {"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"},
//{"fskdemod", CmdFSKdemod, 1, "Demodulate graph window as a HID FSK"}, //{"fskdemod", CmdFSKdemod, 1, "Demodulate graph window as a HID FSK"},
{"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"}, {"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"},
//{"fskfcdetect", CmdFSKfcDetect, 1, "Try to detect the Field Clock of an FSK wave"}, //{"fskfcdetect", CmdFSKfcDetect, 1, "Try to detect the Field Clock of an FSK wave"},
{"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"}, {"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"},
{"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"}, {"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"},
{"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, {"fskpyramiddemod", CmdFSKdemodPyramid, 1, "Demodulate a Pyramid FSK tag from GraphBuffer"},
{"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, {"fskparadoxdemod", CmdFSKdemodParadox, 1, "Demodulate a Paradox FSK tag from GraphBuffer"},
//{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"},
{"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, {"grid", CmdGrid, 1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"},
{"grid", CmdGrid, 1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"}, {"hexsamples", CmdHexsamples, 0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"},
{"hexsamples", CmdHexsamples, 0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"}, {"hide", CmdHide, 1, "Hide graph window"},
{"hide", CmdHide, 1, "Hide graph window"}, {"hpf", CmdHpf, 1, "Remove DC offset from trace"},
{"hpf", CmdHpf, 1, "Remove DC offset from trace"}, {"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"},
{"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"}, {"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"},
{"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"}, {"rtrim", CmdRtrim, 1, "<location to end trace> -- Trim samples from right of trace"},
{"rtrim", CmdRtrim, 1, "<location to end trace> -- Trim samples from right of trace"},
//{"mandemod", CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"}, //{"mandemod", CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"},
{"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"}, {"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"},
{"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"}, {"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"},
{"norm", CmdNorm, 1, "Normalize max/min to +/-128"}, {"norm", CmdNorm, 1, "Normalize max/min to +/-128"},
//{"nrzdetectclock",CmdDetectNRZClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"},
//{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"}, {"printdemodbuffer",CmdPrintDemodBuff, 1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"},
{"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, {"pskindalademod", CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
//{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, {"rawdemod", CmdRawDemod, 1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},
{"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"}, {"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
{"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, {"save", CmdSave, 1, "<filename> -- Save trace (from graph window)"},
//{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"}, {"scale", CmdScale, 1, "<int> -- Set cursor display scale"},
//{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"}, {"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"},
{"rawdemod", CmdRawDemod, 1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, {"shiftgraphzero", CmdGraphShiftZero, 1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
{"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
{"save", CmdSave, 1, "<filename> -- Save trace (from graph window)"},
{"scale", CmdScale, 1, "<int> -- Set cursor display scale"},
{"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"},
{"shiftgraphzero",CmdGraphShiftZero, 1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
//{"threshold", CmdThreshold, 1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"}, //{"threshold", CmdThreshold, 1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"},
{"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."}, {"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
{"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"}, {"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"},
{"undec", CmdUndec, 1, "Un-decimate samples by 2"}, {"undec", CmdUndec, 1, "Un-decimate samples by 2"},
{"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"}, {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"},
{NULL, NULL, 0, NULL} {NULL, NULL, 0, NULL}
}; };

4
client/cmddata.h
View file

@ -64,12 +64,16 @@ int CmdThreshold(const char *Cmd);
int CmdDirectionalThreshold(const char *Cmd); int CmdDirectionalThreshold(const char *Cmd);
int CmdZerocrossings(const char *Cmd); int CmdZerocrossings(const char *Cmd);
int CmdIndalaDecode(const char *Cmd); int CmdIndalaDecode(const char *Cmd);
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo);
int ASKbiphaseDemod(const char *Cmd, bool verbose); int ASKbiphaseDemod(const char *Cmd, bool verbose);
int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch); int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch);
int ASKrawDemod(const char *Cmd, bool verbose); int ASKrawDemod(const char *Cmd, bool verbose);
int FSKrawDemod(const char *Cmd, bool verbose); int FSKrawDemod(const char *Cmd, bool verbose);
int PSKDemod(const char *Cmd, bool verbose); int PSKDemod(const char *Cmd, bool verbose);
int NRZrawDemod(const char *Cmd, bool verbose); int NRZrawDemod(const char *Cmd, bool verbose);
void printEM410x(uint32_t hi, uint64_t id);
int getSamples(const char *Cmd, bool silent);
#define MAX_DEMOD_BUF_LEN (1024*128) #define MAX_DEMOD_BUF_LEN (1024*128)
extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN];

239
client/cmdhf.c
View file

@ -23,6 +23,8 @@
#include "cmdhficlass.h" #include "cmdhficlass.h"
#include "cmdhfmf.h" #include "cmdhfmf.h"
#include "cmdhfmfu.h" #include "cmdhfmfu.h"
#include "cmdhfmfdes.h"
#include "cmdhftopaz.h"
#include "protocols.h" #include "protocols.h"
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
@ -141,6 +143,26 @@ void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
} }
} }
void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
switch(cmd[0]) {
case TOPAZ_REQA :snprintf(exp, size, "REQA");break;
case TOPAZ_WUPA :snprintf(exp, size, "WUPA");break;
case TOPAZ_RID :snprintf(exp, size, "RID");break;
case TOPAZ_RALL :snprintf(exp, size, "RALL");break;
case TOPAZ_READ :snprintf(exp, size, "READ");break;
case TOPAZ_WRITE_E :snprintf(exp, size, "WRITE-E");break;
case TOPAZ_WRITE_NE :snprintf(exp, size, "WRITE-NE");break;
case TOPAZ_RSEG :snprintf(exp, size, "RSEG");break;
case TOPAZ_READ8 :snprintf(exp, size, "READ8");break;
case TOPAZ_WRITE_E8 :snprintf(exp, size, "WRITE-E8");break;
case TOPAZ_WRITE_NE8 :snprintf(exp, size, "WRITE-NE8");break;
default: snprintf(exp,size,"?"); break;
}
}
/** /**
06 00 = INITIATE 06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID) 0E xx = SELECT ID (xx = Chip-ID)
@ -172,7 +194,34 @@ void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
} }
/** /**
* @brief iso14443B_CRC_Ok Checks CRC in command or response * @brief iso14443A_CRC_check Checks CRC in command or response
* @param isResponse
* @param data
* @param len
* @return 0 : CRC-command, CRC not ok
* 1 : CRC-command, CRC ok
* 2 : Not crc-command
*/
uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
{
uint8_t b1,b2;
if(len <= 2) return 2;
if(isResponse & (len < 6)) return 2;
ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2);
if (b1 != data[len-2] || b2 != data[len-1]) {
return 0;
} else {
return 1;
}
}
/**
* @brief iso14443B_CRC_check Checks CRC in command or response
* @param isResponse * @param isResponse
* @param data * @param data
* @param len * @param len
@ -190,8 +239,9 @@ uint8_t iso14443B_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
ComputeCrc14443(CRC_14443_B, data, len-2, &b1, &b2); ComputeCrc14443(CRC_14443_B, data, len-2, &b1, &b2);
if(b1 != data[len-2] || b2 != data[len-1]) { if(b1 != data[len-2] || b2 != data[len-1]) {
return 0; return 0;
} } else {
return 1; return 1;
}
} }
/** /**
@ -255,11 +305,66 @@ uint8_t iclass_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
} }
} }
uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, uint8_t protocol, bool showWaitCycles)
bool is_last_record(uint16_t tracepos, uint8_t *trace, uint16_t traceLen)
{
return(tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) >= traceLen);
}
bool next_record_is_response(uint16_t tracepos, uint8_t *trace)
{
uint16_t next_records_datalen = *((uint16_t *)(trace + tracepos + sizeof(uint32_t) + sizeof(uint16_t)));
return(next_records_datalen & 0x8000);
}
bool merge_topaz_reader_frames(uint32_t timestamp, uint32_t *duration, uint16_t *tracepos, uint16_t traceLen, uint8_t *trace, uint8_t *frame, uint8_t *topaz_reader_command, uint16_t *data_len)
{
#define MAX_TOPAZ_READER_CMD_LEN 16
uint32_t last_timestamp = timestamp + *duration;
if ((*data_len != 1) || (frame[0] == TOPAZ_WUPA) || (frame[0] == TOPAZ_REQA)) return false;
memcpy(topaz_reader_command, frame, *data_len);
while (!is_last_record(*tracepos, trace, traceLen) && !next_record_is_response(*tracepos, trace)) {
uint32_t next_timestamp = *((uint32_t *)(trace + *tracepos));
*tracepos += sizeof(uint32_t);
uint16_t next_duration = *((uint16_t *)(trace + *tracepos));
*tracepos += sizeof(uint16_t);
uint16_t next_data_len = *((uint16_t *)(trace + *tracepos)) & 0x7FFF;
*tracepos += sizeof(uint16_t);
uint8_t *next_frame = (trace + *tracepos);
*tracepos += next_data_len;
if ((next_data_len == 1) && (*data_len + next_data_len <= MAX_TOPAZ_READER_CMD_LEN)) {
memcpy(topaz_reader_command + *data_len, next_frame, next_data_len);
*data_len += next_data_len;
last_timestamp = next_timestamp + next_duration;
} else {
// rewind and exit
*tracepos = *tracepos - next_data_len - sizeof(uint16_t) - sizeof(uint16_t) - sizeof(uint32_t);
break;
}
uint16_t next_parity_len = (next_data_len-1)/8 + 1;
*tracepos += next_parity_len;
}
*duration = last_timestamp - timestamp;
return true;
}
uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, uint8_t protocol, bool showWaitCycles, bool markCRCBytes)
{ {
bool isResponse; bool isResponse;
uint16_t duration, data_len, parity_len; uint16_t data_len, parity_len;
uint32_t duration;
uint8_t topaz_reader_command[9];
uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp; uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp;
char explanation[30] = {0}; char explanation[30] = {0};
@ -290,29 +395,31 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
uint8_t *parityBytes = trace + tracepos; uint8_t *parityBytes = trace + tracepos;
tracepos += parity_len; tracepos += parity_len;
if (protocol == TOPAZ && !isResponse) {
// topaz reader commands come in 1 or 9 separate frames with 7 or 8 Bits each.
// merge them:
if (merge_topaz_reader_frames(timestamp, &duration, &tracepos, traceLen, trace, frame, topaz_reader_command, &data_len)) {
frame = topaz_reader_command;
}
}
//Check the CRC status //Check the CRC status
uint8_t crcStatus = 2; uint8_t crcStatus = 2;
if (data_len > 2) { if (data_len > 2) {
uint8_t b1, b2; switch (protocol) {
if(protocol == ICLASS) case ICLASS:
{
crcStatus = iclass_CRC_check(isResponse, frame, data_len); crcStatus = iclass_CRC_check(isResponse, frame, data_len);
break;
}else if (protocol == ISO_14443B) case ISO_14443B:
{ case TOPAZ:
crcStatus = iso14443B_CRC_check(isResponse, frame, data_len); crcStatus = iso14443B_CRC_check(isResponse, frame, data_len);
} break;
else if (protocol == ISO_14443A){//Iso 14443a case ISO_14443A:
crcStatus = iso14443A_CRC_check(isResponse, frame, data_len);
ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2); break;
default:
if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { break;
if(!(isResponse & (data_len < 6)))
{
crcStatus = 0;
}
}
} }
} }
//0 CRC-command, CRC not ok //0 CRC-command, CRC not ok
@ -334,19 +441,22 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
uint8_t parityBits = parityBytes[j>>3]; uint8_t parityBits = parityBytes[j>>3];
if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]); snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]);
} else { } else {
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]); snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]);
} }
} }
if(crcStatus == 1)
if (markCRCBytes) {
if(crcStatus == 0 || crcStatus == 1)
{//CRC-command {//CRC-command
char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4)-1; char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4);
(*pos1) = '['; (*pos1) = '[';
char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4)-2; char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4);
(*pos2) = ']'; sprintf(pos2, "%c", ']');
}
} }
if(data_len == 0) if(data_len == 0)
{ {
if(data_len == 0){ if(data_len == 0){
@ -361,18 +471,19 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
if(!isResponse) if(!isResponse)
{ {
if(protocol == ICLASS) switch(protocol) {
annotateIclass(explanation,sizeof(explanation),frame,data_len); case ICLASS: annotateIclass(explanation,sizeof(explanation),frame,data_len); break;
else if (protocol == ISO_14443A) case ISO_14443A: annotateIso14443a(explanation,sizeof(explanation),frame,data_len); break;
annotateIso14443a(explanation,sizeof(explanation),frame,data_len); case ISO_14443B: annotateIso14443b(explanation,sizeof(explanation),frame,data_len); break;
else if(protocol == ISO_14443B) case TOPAZ: annotateTopaz(explanation,sizeof(explanation),frame,data_len); break;
annotateIso14443b(explanation,sizeof(explanation),frame,data_len); default: break;
}
} }
int num_lines = MIN((data_len - 1)/16 + 1, 16); int num_lines = MIN((data_len - 1)/16 + 1, 16);
for (int j = 0; j < num_lines ; j++) { for (int j = 0; j < num_lines ; j++) {
if (j == 0) { if (j == 0) {
PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s", PrintAndLog(" %10d | %10d | %s |%-64s | %s| %s",
(timestamp - first_timestamp), (timestamp - first_timestamp),
(EndOfTransmissionTimestamp - first_timestamp), (EndOfTransmissionTimestamp - first_timestamp),
(isResponse ? "Tag" : "Rdr"), (isResponse ? "Tag" : "Rdr"),
@ -387,20 +498,16 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
} }
} }
if (tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) > traceLen) return traceLen; if (is_last_record(tracepos, trace, traceLen)) return traceLen;
bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000; if (showWaitCycles && !isResponse && next_record_is_response(tracepos, trace)) {
if (showWaitCycles && !isResponse && next_isResponse) {
uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); uint32_t next_timestamp = *((uint32_t *)(trace + tracepos));
if (next_timestamp != 0x44444444) {
PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
(EndOfTransmissionTimestamp - first_timestamp), (EndOfTransmissionTimestamp - first_timestamp),
(next_timestamp - first_timestamp), (next_timestamp - first_timestamp),
" ", " ",
(next_timestamp - EndOfTransmissionTimestamp)); (next_timestamp - EndOfTransmissionTimestamp));
} }
}
return tracepos; return tracepos;
} }
@ -409,34 +516,35 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
int CmdHFList(const char *Cmd) int CmdHFList(const char *Cmd)
{ {
bool showWaitCycles = false; bool showWaitCycles = false;
bool markCRCBytes = false;
char type[40] = {0}; char type[40] = {0};
int tlen = param_getstr(Cmd,0,type); int tlen = param_getstr(Cmd,0,type);
char param = param_getchar(Cmd, 1); char param1 = param_getchar(Cmd, 1);
char param2 = param_getchar(Cmd, 2);
bool errors = false; bool errors = false;
uint8_t protocol = 0; uint8_t protocol = 0;
//Validate params //Validate params
if(tlen == 0)
{ if(tlen == 0) {
errors = true; errors = true;
} }
if(param == 'h' || (param !=0 && param != 'f'))
{ if(param1 == 'h'
|| (param1 != 0 && param1 != 'f' && param1 != 'c')
|| (param2 != 0 && param2 != 'f' && param2 != 'c')) {
errors = true; errors = true;
} }
if(!errors)
{ if(!errors) {
if(strcmp(type, "iclass") == 0) if(strcmp(type, "iclass") == 0) {
{
protocol = ICLASS; protocol = ICLASS;
}else if(strcmp(type, "14a") == 0) } else if(strcmp(type, "14a") == 0) {
{
protocol = ISO_14443A; protocol = ISO_14443A;
} } else if(strcmp(type, "14b") == 0) {
else if(strcmp(type, "14b") == 0)
{
protocol = ISO_14443B; protocol = ISO_14443B;
}else if(strcmp(type,"raw")== 0) } else if(strcmp(type,"topaz")== 0) {
{ protocol = TOPAZ;
} else if(strcmp(type,"raw")== 0) {
protocol = -1;//No crc, no annotations protocol = -1;//No crc, no annotations
}else{ }else{
errors = true; errors = true;
@ -445,13 +553,15 @@ int CmdHFList(const char *Cmd)
if (errors) { if (errors) {
PrintAndLog("List protocol data in trace buffer."); PrintAndLog("List protocol data in trace buffer.");
PrintAndLog("Usage: hf list <protocol> [f]"); PrintAndLog("Usage: hf list <protocol> [f][c]");
PrintAndLog(" f - show frame delay times as well"); PrintAndLog(" f - show frame delay times as well");
PrintAndLog(" c - mark CRC bytes");
PrintAndLog("Supported <protocol> values:"); PrintAndLog("Supported <protocol> values:");
PrintAndLog(" raw - just show raw data without annotations"); PrintAndLog(" raw - just show raw data without annotations");
PrintAndLog(" 14a - interpret data as iso14443a communications"); PrintAndLog(" 14a - interpret data as iso14443a communications");
PrintAndLog(" 14b - interpret data as iso14443b communications"); PrintAndLog(" 14b - interpret data as iso14443b communications");
PrintAndLog(" iclass - interpret data as iclass communications"); PrintAndLog(" iclass - interpret data as iclass communications");
PrintAndLog(" topaz - interpret data as topaz communications");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("example: hf list 14a f"); PrintAndLog("example: hf list 14a f");
PrintAndLog("example: hf list iclass"); PrintAndLog("example: hf list iclass");
@ -459,10 +569,13 @@ int CmdHFList(const char *Cmd)
} }
if (param == 'f') { if (param1 == 'f' || param2 == 'f') {
showWaitCycles = true; showWaitCycles = true;
} }
if (param1 == 'c' || param2 == 'c') {
markCRCBytes = true;
}
uint8_t *trace; uint8_t *trace;
uint16_t tracepos = 0; uint16_t tracepos = 0;
@ -496,7 +609,7 @@ int CmdHFList(const char *Cmd)
while(tracepos < traceLen) while(tracepos < traceLen)
{ {
tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles); tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles, markCRCBytes);
} }
free(trace); free(trace);
@ -514,9 +627,11 @@ static command_t CommandTable[] =
{"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"},
{"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"},
{"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"},
{"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"},
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, {"mfdes", CmdHFMFDes, 1, "{ MIFARE Desfire RFIDs... }"},
{"list", CmdHFList, 1, "List protocol data in trace buffer"}, {"topaz", CmdHFTopaz, 1, "{ TOPAZ (NFC Type 1) RFIDs... }"},
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
{"list", CmdHFList, 1, "List protocol data in trace buffer"},
{NULL, NULL, 0, NULL} {NULL, NULL, 0, NULL}
}; };

58
client/cmdhf14a.c
View file

@ -140,7 +140,7 @@ int CmdHF14AReader(const char *Cmd)
iso14a_card_select_t card; iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status == 0) { if(select_status == 0) {
PrintAndLog("iso14443a card select failed"); PrintAndLog("iso14443a card select failed");
@ -152,6 +152,18 @@ int CmdHF14AReader(const char *Cmd)
return 0; return 0;
} }
if(select_status == 3) {
PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
// disconnect
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return 0;
}
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen)); PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]); PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
@ -497,16 +509,18 @@ int CmdHF14ASnoop(const char *Cmd) {
return 0; return 0;
} }
int CmdHF14ACmdRaw(const char *cmd) { int CmdHF14ACmdRaw(const char *cmd) {
UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
uint8_t reply=1; bool reply=1;
uint8_t crc=0; bool crc = FALSE;
uint8_t power=0; bool power = FALSE;
uint8_t active=0; bool active = FALSE;
uint8_t active_select=0; bool active_select = FALSE;
uint16_t numbits=0; uint16_t numbits=0;
bool bTimeout = FALSE;
uint32_t timeout=0; uint32_t timeout=0;
uint8_t bTimeout=0; bool topazmode = FALSE;
char buf[5]=""; char buf[5]="";
int i=0; int i=0;
uint8_t data[USB_CMD_DATA_SIZE]; uint8_t data[USB_CMD_DATA_SIZE];
@ -522,9 +536,11 @@ int CmdHF14ACmdRaw(const char *cmd) {
PrintAndLog(" -s active signal field ON with select"); PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte"); PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout in ms"); PrintAndLog(" -t timeout in ms");
PrintAndLog(" -T use Topaz protocol to send command");
return 0; return 0;
} }
// strip // strip
while (*cmd==' ' || *cmd=='\t') cmd++; while (*cmd==' ' || *cmd=='\t') cmd++;
@ -533,19 +549,19 @@ int CmdHF14ACmdRaw(const char *cmd) {
if (cmd[i]=='-') { if (cmd[i]=='-') {
switch (cmd[i+1]) { switch (cmd[i+1]) {
case 'r': case 'r':
reply=0; reply = FALSE;
break; break;
case 'c': case 'c':
crc=1; crc = TRUE;
break; break;
case 'p': case 'p':
power=1; power = TRUE;
break; break;
case 'a': case 'a':
active=1; active = TRUE;
break; break;
case 's': case 's':
active_select=1; active_select = TRUE;
break; break;
case 'b': case 'b':
sscanf(cmd+i+2,"%d",&temp); sscanf(cmd+i+2,"%d",&temp);
@ -555,13 +571,16 @@ int CmdHF14ACmdRaw(const char *cmd) {
i-=2; i-=2;
break; break;
case 't': case 't':
bTimeout=1; bTimeout = TRUE;
sscanf(cmd+i+2,"%d",&temp); sscanf(cmd+i+2,"%d",&temp);
timeout = temp; timeout = temp;
i+=3; i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; } while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2; i-=2;
break; break;
case 'T':
topazmode = TRUE;
break;
default: default:
PrintAndLog("Invalid option"); PrintAndLog("Invalid option");
return 0; return 0;
@ -591,10 +610,15 @@ int CmdHF14ACmdRaw(const char *cmd) {
PrintAndLog("Invalid char on input"); PrintAndLog("Invalid char on input");
return 0; return 0;
} }
if(crc && datalen>0 && datalen<sizeof(data)-2) if(crc && datalen>0 && datalen<sizeof(data)-2)
{ {
uint8_t first, second; uint8_t first, second;
if (topazmode) {
ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
} else {
ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second); ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
}
data[datalen++] = first; data[datalen++] = first;
data[datalen++] = second; data[datalen++] = second;
} }
@ -607,7 +631,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
} }
if(bTimeout){ if(bTimeout){
#define MAX_TIMEOUT 40542464 // (2^32-1) * (8*16) / 13560000Hz * 1000ms/s = #define MAX_TIMEOUT 40542464 // = (2^32-1) * (8*16) / 13560000Hz * 1000ms/s
c.arg[0] |= ISO14A_SET_TIMEOUT; c.arg[0] |= ISO14A_SET_TIMEOUT;
if(timeout > MAX_TIMEOUT) { if(timeout > MAX_TIMEOUT) {
timeout = MAX_TIMEOUT; timeout = MAX_TIMEOUT;
@ -615,11 +639,16 @@ int CmdHF14ACmdRaw(const char *cmd) {
} }
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us) c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
} }
if(power) if(power)
c.arg[0] |= ISO14A_NO_DISCONNECT; c.arg[0] |= ISO14A_NO_DISCONNECT;
if(datalen>0) if(datalen>0)
c.arg[0] |= ISO14A_RAW; c.arg[0] |= ISO14A_RAW;
if(topazmode)
c.arg[0] |= ISO14A_TOPAZMODE;
// Max buffer is USB_CMD_DATA_SIZE // Max buffer is USB_CMD_DATA_SIZE
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16); c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen); memcpy(c.d.asBytes,data,datalen);
@ -635,6 +664,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
return 0; return 0;
} }
static void waitCmd(uint8_t iSelect) static void waitCmd(uint8_t iSelect)
{ {
uint8_t *recv; uint8_t *recv;

7
client/cmdhfmfdes.c
View file

@ -12,7 +12,8 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <ctype.h> #include <ctype.h>
#include <openssl/des.h> //#include <openssl/des.h>
#include "loclass/des.h"
#include "cmdmain.h" #include "cmdmain.h"
#include "proxmark3.h" #include "proxmark3.h"
#include "../include/common.h" #include "../include/common.h"
@ -236,7 +237,7 @@ char * GetCardSizeStr( uint8_t fsize ){
uint16_t lsize = 1 << (fsize >>1); uint16_t lsize = 1 << (fsize >>1);
// is LSB set? // is LSB set?
if ( fsize & (1 << 0 ) ) if ( fsize & 1 )
sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize); sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
else else
sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize); sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
@ -251,7 +252,7 @@ char * GetProtocolStr(uint8_t id){
if ( id == 0x05) if ( id == 0x05)
sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id); sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
else else
sprintf(retStr,"0x%02X", id); sprintf(retStr,"0x%02X (Unknown)", id);
return buf; return buf;
} }

24
client/cmdhfmfu.c
View file

@ -7,7 +7,6 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// High frequency MIFARE ULTRALIGHT (C) commands // High frequency MIFARE ULTRALIGHT (C) commands
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
//#include <openssl/des.h>
#include "loclass/des.h" #include "loclass/des.h"
#include "cmdhfmfu.h" #include "cmdhfmfu.h"
#include "cmdhfmf.h" #include "cmdhfmf.h"
@ -391,7 +390,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
//Change key to user defined one //Change key to user defined one
if (cmdp == 'k' || cmdp == 'K'){ if (cmdp == 'k' || cmdp == 'K'){
keyNo = param_get8(Cmd, 1); keyNo = param_get8(Cmd, 1);
if(keyNo >= 4) errors = true; if(keyNo > 4) errors = true;
} }
if (cmdp == 'h' || cmdp == 'H') { if (cmdp == 'h' || cmdp == 'H') {
@ -430,7 +429,6 @@ int CmdHF14AMfucAuth(const char *Cmd){
uint8_t * data= resp.d.asBytes; uint8_t * data= resp.d.asBytes;
if (isOK){ if (isOK){
PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
memcpy(enc_random_b,data+1,8); memcpy(enc_random_b,data+1,8);
} else { } else {
PrintAndLog("Auth failed"); PrintAndLog("Auth failed");
@ -440,10 +438,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
PrintAndLog("Command execute timeout"); PrintAndLog("Command execute timeout");
return 1; return 1;
} }
uint8_t iv[8] = { 0 }; uint8_t iv[8] = { 0 };
// Do we need random ? Right now we use all ones, is that random enough ?
// DES_random_key(&RndA);
PrintAndLog(" RndA :%s",sprint_hex(random_a, 8)); PrintAndLog(" RndA :%s",sprint_hex(random_a, 8));
PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8)); PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8));
@ -490,6 +485,23 @@ int CmdHF14AMfucAuth(const char *Cmd){
if (isOK){ if (isOK){
PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8)); PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
uint8_t foo[8] = { 0 };
uint8_t bar[8] = { 0 };
memcpy(foo, data2+1, 8);
des3_set2key_enc(&ctx, key);
des3_crypt_cbc(&ctx // des3_context *ctx
, DES_DECRYPT // int mode
, 8 // size_t length
, enc_random_b // unsigned char iv[8]
, foo // const unsigned char *input
, bar // unsigned char *output
);
PrintAndLog("BAR:%s",sprint_hex(bar, 8));
} else { } else {
return 2; return 2;
} }

5
client/cmdhfmfu.h
View file

@ -1,6 +1,9 @@
#include "cmdhfmf.h" #include "cmdhfmf.h"
#include "cmdhf14a.h" #include "cmdhf14a.h"
#ifndef CMDHFMFU_H__
#define CMDHFMFU_H__
//standard ultralight //standard ultralight
int CmdHF14AMfUWrBl(const char *Cmd); int CmdHF14AMfUWrBl(const char *Cmd);
int CmdHF14AMfURdBl(const char *Cmd); int CmdHF14AMfURdBl(const char *Cmd);
@ -14,6 +17,6 @@ int CmdHF14AMfucAuth(const char *Cmd);
int CmdHF14AMfUDump(const char *Cmd); int CmdHF14AMfUDump(const char *Cmd);
void rol (uint8_t *data, const size_t len); void rol (uint8_t *data, const size_t len);
int CmdHFMFUltra(const char *Cmd); int CmdHFMFUltra(const char *Cmd);
int CmdHF14AMfUInfo(const char *Cmd); int CmdHF14AMfUInfo(const char *Cmd);
#endif

27
client/cmdlf.c
View file

@ -362,6 +362,7 @@ int usage_lf_read()
PrintAndLog("Usage: lf read"); PrintAndLog("Usage: lf read");
PrintAndLog("Options: "); PrintAndLog("Options: ");
PrintAndLog(" h This help"); PrintAndLog(" h This help");
PrintAndLog(" s silent run no printout");
PrintAndLog("This function takes no arguments. "); PrintAndLog("This function takes no arguments. ");
PrintAndLog("Use 'lf config' to set parameters."); PrintAndLog("Use 'lf config' to set parameters.");
return 0; return 0;
@ -481,13 +482,15 @@ int CmdLFSetConfig(const char *Cmd)
int CmdLFRead(const char *Cmd) int CmdLFRead(const char *Cmd)
{ {
uint8_t cmdp =0; uint8_t cmdp = 0;
if(param_getchar(Cmd, cmdp) == 'h') bool arg1 = false;
if (param_getchar(Cmd, cmdp) == 'h')
{ {
return usage_lf_read(); return usage_lf_read();
} }
if (param_getchar(Cmd, cmdp) == 's') arg1 = true; //suppress print
//And ship it to device //And ship it to device
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K}; UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}};
SendCommand(&c); SendCommand(&c);
//WaitForResponse(CMD_ACK,NULL); //WaitForResponse(CMD_ACK,NULL);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
@ -1041,57 +1044,61 @@ int CmdLFfind(const char *Cmd)
return 0; return 0;
} }
if (cmdp == 'u' || cmdp == 'U') testRaw = 'u'; if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag"); PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
PrintAndLog("False Positives ARE possible\n"); PrintAndLog("False Positives ARE possible\n");
PrintAndLog("\nChecking for known tags:\n"); PrintAndLog("\nChecking for known tags:\n");
ans=CmdFSKdemodIO(""); ans=CmdFSKdemodIO("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid IO Prox ID Found!"); PrintAndLog("\nValid IO Prox ID Found!");
return 1; return 1;
} }
ans=CmdFSKdemodPyramid(""); ans=CmdFSKdemodPyramid("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid Pyramid ID Found!"); PrintAndLog("\nValid Pyramid ID Found!");
return 1; return 1;
} }
ans=CmdFSKdemodParadox(""); ans=CmdFSKdemodParadox("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid Paradox ID Found!"); PrintAndLog("\nValid Paradox ID Found!");
return 1; return 1;
} }
ans=CmdFSKdemodAWID(""); ans=CmdFSKdemodAWID("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid AWID ID Found!"); PrintAndLog("\nValid AWID ID Found!");
return 1; return 1;
} }
ans=CmdFSKdemodHID(""); ans=CmdFSKdemodHID("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid HID Prox ID Found!"); PrintAndLog("\nValid HID Prox ID Found!");
return 1; return 1;
} }
//add psk and indala //add psk and indala
ans=CmdIndalaDecode(""); ans=CmdIndalaDecode("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid Indala ID Found!"); PrintAndLog("\nValid Indala ID Found!");
return 1; return 1;
} }
ans=CmdAskEM410xDemod(""); ans=CmdAskEM410xDemod("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid EM410x ID Found!"); PrintAndLog("\nValid EM410x ID Found!");
return 1; return 1;
} }
ans=CmdG_Prox_II_Demod(""); ans=CmdG_Prox_II_Demod("");
if (ans>0) { if (ans>0) {
PrintAndLog("\nValid G Prox II ID Found!"); PrintAndLog("\nValid G Prox II ID Found!");
return 1; return 1;
} }
PrintAndLog("\nNo Known Tags Found!\n"); PrintAndLog("\nNo Known Tags Found!\n");
if (testRaw=='u' || testRaw=='U'){ if (testRaw=='u' || testRaw=='U'){
//test unknown tag formats (raw mode) //test unknown tag formats (raw mode)
@ -1170,7 +1177,7 @@ static command_t CommandTable[] =
{"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"}, {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
{"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
{"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"}, {"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
{"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
{"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
{"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"}, {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"},

184
client/cmdlfem4x.c
View file

@ -43,163 +43,24 @@ int CmdEMdemodASK(const char *Cmd)
*/ */
int CmdEM410xRead(const char *Cmd) int CmdEM410xRead(const char *Cmd)
{ {
int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low; uint32_t hi=0;
int parity[4]; uint64_t lo=0;
char id[11] = {0x00};
char id2[11] = {0x00};
int retested = 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
high = low = 0;
/* Detect high and lows and clock */ if(!AskEm410xDemod("", &hi, &lo)) return 0;
for (i = 0; i < GraphTraceLen; i++) PrintAndLog("EM410x pattern found: ");
{ printEM410x(hi, lo);
if (GraphBuffer[i] > high) if (hi){
high = GraphBuffer[i]; PrintAndLog ("EM410x XL pattern found");
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
}
/* get clock */
clock = GetAskClock(Cmd, false, false);
/* parity for our 4 columns */
parity[0] = parity[1] = parity[2] = parity[3] = 0;
header = rows = 0;
// manchester demodulate
bit = bit2idx = 0;
for (i = 0; i < (int)(GraphTraceLen / clock); i++)
{
hithigh = 0;
hitlow = 0;
first = 1;
/* Find out if we hit both high and low peaks */
for (j = 0; j < clock; j++)
{
if (GraphBuffer[(i * clock) + j] >= high)
hithigh = 1;
else if (GraphBuffer[(i * clock) + j] <= low)
hitlow = 1;
/* it doesn't count if it's the first part of our read
because it's really just trailing from the last sequence */
if (first && (hithigh || hitlow))
hithigh = hitlow = 0;
else
first = 0;
if (hithigh && hitlow)
break;
}
/* If we didn't hit both high and low peaks, we had a bit transition */
if (!hithigh || !hitlow)
bit ^= 1;
BitStream[bit2idx++] = bit;
}
retest:
/* We go till 5 before the graph ends because we'll get that far below */
for (i = 1; i < bit2idx - 5; i++)
{
/* Step 2: We have our header but need our tag ID */
if (header == 9 && rows < 10)
{
/* Confirm parity is correct */
if ((BitStream[i] ^ BitStream[i+1] ^ BitStream[i+2] ^ BitStream[i+3]) == BitStream[i+4])
{
/* Read another byte! */
sprintf(id+rows, "%x", (8 * BitStream[i]) + (4 * BitStream[i+1]) + (2 * BitStream[i+2]) + (1 * BitStream[i+3]));
sprintf(id2+rows, "%x", (8 * BitStream[i+3]) + (4 * BitStream[i+2]) + (2 * BitStream[i+1]) + (1 * BitStream[i]));
rows++;
/* Keep parity info */
parity[0] ^= BitStream[i];
parity[1] ^= BitStream[i+1];
parity[2] ^= BitStream[i+2];
parity[3] ^= BitStream[i+3];
/* Move 4 bits ahead */
i += 4;
}
/* Damn, something wrong! reset */
else
{
PrintAndLog("Thought we had a valid tag but failed at word %d (i=%d)", rows + 1, i);
/* Start back rows * 5 + 9 header bits, -1 to not start at same place */
i -= 9 + (5 * rows) - 5;
rows = header = 0;
}
}
/* Step 3: Got our 40 bits! confirm column parity */
else if (rows == 10)
{
/* We need to make sure our 4 bits of parity are correct and we have a stop bit */
if (BitStream[i] == parity[0] && BitStream[i+1] == parity[1] &&
BitStream[i+2] == parity[2] && BitStream[i+3] == parity[3] &&
BitStream[i+4] == 0)
{
/* Sweet! */
PrintAndLog("EM410x Tag ID: %s", id);
PrintAndLog("Unique Tag ID: %s", id2);
global_em410xId = id;
/* Stop any loops */
return 1;
}
/* Crap! Incorrect parity or no stop bit, start all over */
else
{
rows = header = 0;
/* Go back 59 bits (9 header bits + 10 rows at 4+1 parity) */
i -= 59;
}
}
/* Step 1: get our header */
else if (header < 9)
{
/* Need 9 consecutive 1's */
if (BitStream[i] == 1)
header++;
/* We don't have a header, not enough consecutive 1 bits */
else
header = 0;
}
}
/* if we've already retested after flipping bits, return */
if (retested++){
PrintAndLog("Failed to decode");
return 0; return 0;
} }
char id[12] = {0x00};
/* if this didn't work, try flipping bits */ sprintf(id, "%010llx",lo);
for (i = 0; i < bit2idx; i++)
BitStream[i] ^= 1; global_em410xId = id;
return 1;
goto retest;
} }
/* emulate an EM410X tag // emulate an EM410X tag
* Format:
* 1111 1111 1 <-- standard non-repeatable header
* XXXX [row parity bit] <-- 10 rows of 5 bits for our 40 bit tag ID
* ....
* CCCC <-- each bit here is parity for the 10 bits above in corresponding column
* 0 <-- stop bit, end of tag
*/
int CmdEM410xSim(const char *Cmd) int CmdEM410xSim(const char *Cmd)
{ {
int i, n, j, binary[4], parity[4]; int i, n, j, binary[4], parity[4];
@ -282,28 +143,25 @@ int CmdEM410xSim(const char *Cmd)
*/ */
int CmdEM410xWatch(const char *Cmd) int CmdEM410xWatch(const char *Cmd)
{ {
char cmdp = param_getchar(Cmd, 0);
int read_h = (cmdp == 'h');
do { do {
if (ukbhit()) { if (ukbhit()) {
printf("\naborted via keyboard!\n"); printf("\naborted via keyboard!\n");
break; break;
} }
CmdLFRead(read_h ? "h" : ""); CmdLFRead("s");
CmdSamples("6000"); getSamples("8192",true); //capture enough to get 2 full messages
} while ( } while (!CmdEM410xRead(""));
!CmdEM410xRead("")
);
return 0; return 0;
} }
int CmdEM410xWatchnSpoof(const char *Cmd) int CmdEM410xWatchnSpoof(const char *Cmd)
{ {
CmdEM410xWatch(Cmd); CmdEM410xWatch(Cmd);
PrintAndLog("# Replaying : %s",global_em410xId); PrintAndLog("# Replaying captured ID: %s",global_em410xId);
CmdEM410xSim(global_em410xId); CmdLFaskSim("");
return 0; return 0;
} }
/* Read the transmitted data of an EM4x50 tag /* Read the transmitted data of an EM4x50 tag

397
client/cmdlft55xx.c
View file

@ -33,11 +33,12 @@ t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offse
int usage_t55xx_config(){ int usage_t55xx_config(){
PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]"); PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");
PrintAndLog("Options:"); PrintAndLog("Options: ");
PrintAndLog(" h This help"); PrintAndLog(" h This help");
PrintAndLog(" d <FSK|ASK|PSK1|PSK2|PSK3|NRZ|BI> Set demodulation"); PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate");
PrintAndLog(" i [1] Inverse data signal, defaults to normal"); PrintAndLog(" d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NZ|BI|BIa> Set demodulation FSK / ASK / PSK / NZ / Biphase / Biphase A");
PrintAndLog(" o [offset] Set offset where data should start decode in bitstream"); PrintAndLog(" i [1] Invert data signal, defaults to normal");
PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Examples:"); PrintAndLog("Examples:");
PrintAndLog(" lf t55xx config d FSK - FSK demodulation"); PrintAndLog(" lf t55xx config d FSK - FSK demodulation");
@ -100,8 +101,7 @@ int usage_t55xx_dump(){
return 0; return 0;
} }
int usage_t55xx_detect(){ int usage_t55xx_detect(){
PrintAndLog("Usage: lf t55xx detect [1]"); PrintAndLog("Usage: lf t55xx detect");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Examples:"); PrintAndLog("Examples:");
PrintAndLog(" lf t55xx detect"); PrintAndLog(" lf t55xx detect");
@ -119,7 +119,8 @@ int CmdT55xxSetConfig(const char *Cmd) {
uint8_t cmdp = 0; uint8_t cmdp = 0;
char modulation[5] = {0x00}; char modulation[5] = {0x00};
char tmp = 0x00; char tmp = 0x00;
uint8_t bitRate = 0;
uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
{ {
tmp = param_getchar(Cmd, cmdp); tmp = param_getchar(Cmd, cmdp);
@ -128,12 +129,34 @@ int CmdT55xxSetConfig(const char *Cmd) {
case 'h': case 'h':
case 'H': case 'H':
return usage_t55xx_config(); return usage_t55xx_config();
case 'b':
errors |= param_getdec(Cmd, cmdp+1, &bitRate);
if ( !errors){
uint8_t i = 0;
for (; i < 9; i++){
if (rates[i]==bitRate) {
config.bitrate = i;
break;
}
}
if (i==9) errors = TRUE;
}
cmdp+=2;
break;
case 'd': case 'd':
param_getstr(Cmd, cmdp+1, modulation); param_getstr(Cmd, cmdp+1, modulation);
cmdp += 2; cmdp += 2;
if ( strcmp(modulation, "FSK" ) == 0) if ( strcmp(modulation, "FSK" ) == 0)
config.modulation = DEMOD_FSK; config.modulation = DEMOD_FSK;
else if ( strcmp(modulation, "FSK1" ) == 0)
config.modulation = DEMOD_FSK1;
else if ( strcmp(modulation, "FSK1a" ) == 0)
config.modulation = DEMOD_FSK1a;
else if ( strcmp(modulation, "FSK2" ) == 0)
config.modulation = DEMOD_FSK2;
else if ( strcmp(modulation, "FSK2a" ) == 0)
config.modulation = DEMOD_FSK2a;
else if ( strcmp(modulation, "ASK" ) == 0) else if ( strcmp(modulation, "ASK" ) == 0)
config.modulation = DEMOD_ASK; config.modulation = DEMOD_ASK;
else if ( strcmp(modulation, "NRZ" ) == 0) else if ( strcmp(modulation, "NRZ" ) == 0)
@ -143,7 +166,9 @@ int CmdT55xxSetConfig(const char *Cmd) {
else if ( strcmp(modulation, "PSK2" ) == 0) else if ( strcmp(modulation, "PSK2" ) == 0)
config.modulation = DEMOD_PSK2; config.modulation = DEMOD_PSK2;
else if ( strcmp(modulation, "PSK3" ) == 0) else if ( strcmp(modulation, "PSK3" ) == 0)
config.modulation = DEMOD_PSK3; config.modulation = DEMOD_PSK3;
else if ( strcmp(modulation, "BIa" ) == 0)
config.modulation = DEMOD_BIa;
else if ( strcmp(modulation, "BI" ) == 0) else if ( strcmp(modulation, "BI" ) == 0)
config.modulation = DEMOD_BI; config.modulation = DEMOD_BI;
else { else {
@ -156,10 +181,10 @@ int CmdT55xxSetConfig(const char *Cmd) {
cmdp+=2; cmdp+=2;
break; break;
case 'o': case 'o':
errors |= param_getdec(Cmd, cmdp+1,&offset); errors |= param_getdec(Cmd, cmdp+1, &offset);
if ( !errors ) if ( !errors )
config.offset = offset; config.offset = offset;
cmdp += 2; cmdp+=2;
break; break;
default: default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
@ -176,9 +201,9 @@ int CmdT55xxSetConfig(const char *Cmd) {
//Validations //Validations
if (errors) if (errors)
return usage_t55xx_config(); return usage_t55xx_config();
config.block0 = 0; config.block0 = 0;
printConfiguration( config ); printConfiguration ( config );
return 0; return 0;
} }
@ -220,94 +245,148 @@ int CmdT55xxReadBlock(const char *Cmd) {
GetFromBigBuf(got,sizeof(got),0); GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL); WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, 12000); setGraphBuf(got, 12000);
DemodBufferLen=0;
DecodeT55xxBlock(); if (!DecodeT55xxBlock()) return 3;
printT55xxBlock(""); char blk[10]={0};
sprintf(blk,"%d", block);
printT55xxBlock(blk);
return 0; return 0;
} }
void DecodeT55xxBlock(){ bool DecodeT55xxBlock(){
char buf[8] = {0x00}; char buf[8] = {0x00};
char *cmdStr = buf; char *cmdStr = buf;
int ans = 0;
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
DemodBufferLen = 0x00; DemodBufferLen = 0x00;
switch( config.modulation ){ switch( config.modulation ){
case DEMOD_FSK: case DEMOD_FSK:
sprintf(cmdStr,"0 %d", config.inverted ); //CmdLtrim("26");
FSKrawDemod(cmdStr, FALSE); sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d %d", bitRate[config.bitrate], config.inverted );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK1:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 1 8 5", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK1a:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 0 8 5", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK2:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 0 10 8", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK2a:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 1 10 8", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break; break;
case DEMOD_ASK: case DEMOD_ASK:
sprintf(cmdStr,"0 %d 1", config.inverted ); sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
ASKmanDemod(cmdStr, FALSE, FALSE); ans = ASKmanDemod(cmdStr, FALSE, FALSE);
break; break;
case DEMOD_PSK1: case DEMOD_PSK1:
sprintf(cmdStr,"0 %d 1", config.inverted ); sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
PSKDemod(cmdStr, FALSE); ans = PSKDemod(cmdStr, FALSE);
break; break;
case DEMOD_PSK2: case DEMOD_PSK2:
sprintf(cmdStr,"0 %d 1", config.inverted ); sprintf(cmdStr,"%d 1", bitRate[config.bitrate] );
PSKDemod(cmdStr, FALSE); ans = PSKDemod(cmdStr, FALSE);
psk1TOpsk2(DemodBuffer, DemodBufferLen); psk1TOpsk2(DemodBuffer, DemodBufferLen);
break; break;
case DEMOD_PSK3: case DEMOD_PSK3:
sprintf(cmdStr,"0 %d 1", config.inverted ); sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
PSKDemod(cmdStr, FALSE); ans = PSKDemod(cmdStr, FALSE);
psk1TOpsk2(DemodBuffer, DemodBufferLen); psk1TOpsk2(DemodBuffer, DemodBufferLen);
break; break;
case DEMOD_NRZ: case DEMOD_NRZ:
sprintf(cmdStr,"0 %d 1", config.inverted ); sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
NRZrawDemod(cmdStr, FALSE); ans = NRZrawDemod(cmdStr, FALSE);
break; break;
case DEMOD_BI: case DEMOD_BI:
sprintf(cmdStr,"0 0 %d 1", config.inverted ); sprintf(cmdStr,"0 %d 0 1", bitRate[config.bitrate] );
ASKbiphaseDemod(cmdStr, FALSE); ans = ASKbiphaseDemod(cmdStr, FALSE);
break;
case DEMOD_BIa:
sprintf(cmdStr,"0 %d 1 1", bitRate[config.bitrate] );
ans = ASKbiphaseDemod(cmdStr, FALSE);
break; break;
default: default:
return; return FALSE;
} }
return (bool) ans;
} }
int CmdT55xxDetect(const char *Cmd){ int CmdT55xxDetect(const char *Cmd){
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
return usage_t55xx_detect(); return usage_t55xx_detect();
if (strlen(Cmd)==0) if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK ); AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() ) if ( !tryDetectModulation() )
PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'"); PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
return 0; return 0;
} }
// detect configuration?
bool tryDetectModulation(){ bool tryDetectModulation(){
char cmdStr[8] = {0};
uint8_t hits = 0; uint8_t hits = 0;
t55xx_conf_block_t tests[15]; t55xx_conf_block_t tests[15];
if (GetFskClock("", FALSE, FALSE)){ if (GetFskClock("", FALSE, FALSE)){
uint8_t fc1 = 0, fc2 = 0, clk=0;
fskClocks(&fc1, &fc2, &clk, FALSE);
sprintf(cmdStr,"%d", clk/2);
CmdLtrim(cmdStr);
if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset)){ if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset)){
tests[hits].modulation = DEMOD_FSK; tests[hits].modulation = DEMOD_FSK;
if (fc1==8 && fc2 == 5)
tests[hits].modulation = DEMOD_FSK1a;
else if (fc1==10 && fc2 == 8)
tests[hits].modulation = DEMOD_FSK2;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset)) { if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_FSK; tests[hits].modulation = DEMOD_FSK;
if (fc1==8 && fc2 == 5)
tests[hits].modulation = DEMOD_FSK1;
else if (fc1==10 && fc2 == 8)
tests[hits].modulation = DEMOD_FSK2a;
tests[hits].inverted = TRUE; tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
} else { } else {
if ( ASKmanDemod("0 0 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) { if ( ASKmanDemod("0 0 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_ASK; tests[hits].modulation = DEMOD_ASK;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
@ -335,14 +414,14 @@ bool tryDetectModulation(){
if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) { if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_PSK1; tests[hits].modulation = DEMOD_PSK1;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) { if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_PSK1; tests[hits].modulation = DEMOD_PSK1;
tests[hits].inverted = TRUE; tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
@ -352,20 +431,10 @@ bool tryDetectModulation(){
if (test(DEMOD_PSK2, &tests[hits].offset)){ if (test(DEMOD_PSK2, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK2; tests[hits].modulation = DEMOD_PSK2;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
} } // inverse waves does not affect this demod
// PSK2 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 1 1", FALSE)) {
psk1TOpsk2(DemodBuffer, DemodBufferLen);
if (test(DEMOD_PSK2, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK2;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
// PSK3 - needs a call to psk1TOpsk2. // PSK3 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 0 1", FALSE)) { if ( PSKDemod("0 0 1", FALSE)) {
@ -373,43 +442,29 @@ bool tryDetectModulation(){
if (test(DEMOD_PSK3, &tests[hits].offset)){ if (test(DEMOD_PSK3, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK3; tests[hits].modulation = DEMOD_PSK3;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
// PSK3 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 1 1", FALSE)) {
psk1TOpsk2(DemodBuffer, DemodBufferLen);
if (test(DEMOD_PSK3, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK3;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
} } // inverse waves does not affect this demod
if ( ASKbiphaseDemod("0 0 0 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) { if ( ASKbiphaseDemod("0 0 0 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) {
tests[hits].modulation = DEMOD_BI; tests[hits].modulation = DEMOD_BI;
tests[hits].inverted = FALSE; tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) { if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BIa, &tests[hits].offset) ) {
tests[hits].modulation = DEMOD_BI; tests[hits].modulation = DEMOD_BIa;
tests[hits].inverted = TRUE; tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer); tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits; ++hits;
} }
} }
if ( hits == 1) { if ( hits == 1) {
config.modulation = tests[0].modulation; config.modulation = tests[0].modulation;
config.inverted = tests[0].inverted; config.inverted = tests[0].inverted;
config.offset = tests[0].offset; config.offset = tests[0].offset;
config.block0 = tests[0].block0;
DecodeT55xxBlock();
if (DemodBufferLen > config.offset + 32)
config.block0 = PackBits(config.offset, 32, DemodBuffer);
printConfiguration( config ); printConfiguration( config );
return TRUE; return TRUE;
} }
@ -430,22 +485,112 @@ bool testModulation(uint8_t mode, uint8_t modread){
if (modread > 3 && modread < 8) return TRUE; if (modread > 3 && modread < 8) return TRUE;
break; break;
case DEMOD_ASK: case DEMOD_ASK:
if (modread == 8) return TRUE; if (modread == DEMOD_ASK) return TRUE;
break; break;
case DEMOD_PSK1: case DEMOD_PSK1:
if (modread == 1) return TRUE; if (modread == DEMOD_PSK1) return TRUE;
break; break;
case DEMOD_PSK2: case DEMOD_PSK2:
if (modread == 2) return TRUE; if (modread == DEMOD_PSK2) return TRUE;
break; break;
case DEMOD_PSK3: case DEMOD_PSK3:
if (modread == 3) return TRUE; if (modread == DEMOD_PSK3) return TRUE;
break; break;
case DEMOD_NRZ: case DEMOD_NRZ:
if (!modread) return TRUE; if (modread == DEMOD_NRZ) return TRUE;
break; break;
case DEMOD_BI: case DEMOD_BI:
if (modread == 16) return TRUE; if (modread == DEMOD_BI) return TRUE;
break;
case DEMOD_BIa:
if (modread == DEMOD_BIa) return TRUE;
break;
default:
return FALSE;
}
return FALSE;
}
bool testBitRate(uint8_t readRate, uint8_t mod){
uint8_t expected[8] = {8, 16, 32, 40, 50, 64, 100, 128};
uint8_t detRate = 0;
switch( mod ){
case DEMOD_FSK:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK1:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK1a:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK2:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK2a:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_ASK:
detRate = GetAskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK1:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK2:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK3:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_NRZ:
detRate = GetNrzClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_BI:
detRate = GetAskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break; break;
default: default:
return FALSE; return FALSE;
@ -456,21 +601,19 @@ bool testModulation(uint8_t mode, uint8_t modread){
bool test(uint8_t mode, uint8_t *offset){ bool test(uint8_t mode, uint8_t *offset){
if ( !DemodBufferLen) return FALSE; if ( !DemodBufferLen) return FALSE;
uint8_t si = 0; uint8_t si = 0;
for (uint8_t idx = 0; idx < 64; ++idx){ for (uint8_t idx = 0; idx < 64; idx++){
si = idx; si = idx;
if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue; if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue;
uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode
// 2nibble must be zeroed. // 2nibble must be zeroed.
// moved test to here, since this gets most faults first. // moved test to here, since this gets most faults first.
if ( resv > 0x00) continue; if ( resv > 0x00) continue;
uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3+3; //new uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //new
//uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate
uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode
uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; //new uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; //new
//uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //new could check psk cr //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //new could check psk cr
@ -483,33 +626,33 @@ bool test(uint8_t mode, uint8_t *offset){
if (!extMode){ if (!extMode){
if (nml01 || nml02 || xtRate) continue; if (nml01 || nml02 || xtRate) continue;
} }
//test modulation //test modulation
if (!testModulation(mode, modread)) continue; if (!testModulation(mode, modread)) continue;
*offset = idx; *offset = idx;
if (!testBitRate(bitRate, mode)) continue;
return TRUE; return TRUE;
} }
return FALSE; return FALSE;
} }
void printT55xxBlock(const char *demodStr){ void printT55xxBlock(const char *demodStr){
uint8_t i = config.offset; uint8_t i = config.offset;
uint8_t endpos = 32 + i; uint8_t endpos = 32 + i;
uint32_t blockData = 0; uint32_t blockData = 0;
uint8_t bits[64] = {0x00}; uint8_t bits[64] = {0x00};
if ( !DemodBufferLen) return; if ( !DemodBufferLen) return;
if ( endpos > DemodBufferLen){ if ( endpos > DemodBufferLen){
PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32); PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);
return; return;
} }
for (; i < endpos; ++i) for (; i < endpos; ++i)
bits[i - config.offset] = DemodBuffer[i]; bits[i - config.offset]=DemodBuffer[i];
blockData = PackBits(0, 32, bits); blockData = PackBits(0, 32, bits);
PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr); PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr);
} }
@ -527,11 +670,7 @@ int special(const char *Cmd) {
bits[i]=DemodBuffer[j+i]; bits[i]=DemodBuffer[j+i];
blockData = PackBits(0, 32, bits); blockData = PackBits(0, 32, bits);
//char indicate[4] = {0x00};
// if ( (blockData >> 24) == 0xE0 )
// sprintf(indicate,"<--");
//PrintAndLog("[%02d] 0x%08X %s %s",j , blockData, sprint_bin(bits,32), indicate);
PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32)); PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32));
} }
return 0; return 0;
@ -539,6 +678,7 @@ int special(const char *Cmd) {
void printConfiguration( t55xx_conf_block_t b){ void printConfiguration( t55xx_conf_block_t b){
PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) ); PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" ); PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );
PrintAndLog("Offset : %d", b.offset); PrintAndLog("Offset : %d", b.offset);
PrintAndLog("Block0 : 0x%08X", b.block0); PrintAndLog("Block0 : 0x%08X", b.block0);
@ -572,7 +712,7 @@ int CmdT55xxWriteBlock(const char *Cmd)
UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}}; UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
c.d.asBytes[0] = 0x0; c.d.asBytes[0] = 0x0;
PrintAndLog("Writing to block: %d data: 0x%08X", block, data); PrintAndLog("Writing to block: %d data : 0x%08X", block, data);
//Password mode //Password mode
if (res == 3) { if (res == 3) {
@ -594,9 +734,9 @@ int CmdT55xxReadTrace(const char *Cmd)
if (strlen(Cmd)==0) if (strlen(Cmd)==0)
AquireData( TRACE_BLOCK ); AquireData( TRACE_BLOCK );
DecodeT55xxBlock(); if (!DecodeT55xxBlock()) return 1;
if (!DemodBufferLen) return 1; if ( !DemodBufferLen) return 1;
RepaintGraphWindow(); RepaintGraphWindow();
uint8_t repeat = 0; uint8_t repeat = 0;
@ -635,8 +775,8 @@ int CmdT55xxReadTrace(const char *Cmd)
PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) ); PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) ); PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
PrintAndLog("-------------------------------------------------------------"); PrintAndLog("-------------------------------------------------------------");
if ( acl != 0xE0 ) if ( acl != 0xE0 )
PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. "); PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
/* /*
TRACE - BLOCK O TRACE - BLOCK O
@ -666,16 +806,16 @@ int CmdT55xxInfo(const char *Cmd){
*/ */
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
return usage_t55xx_info(); return usage_t55xx_info();
if (strlen(Cmd)==0) if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK ); AquireData( CONFIGURATION_BLOCK );
DecodeT55xxBlock(); if (!DecodeT55xxBlock()) return 1;
if ( !DemodBufferLen) return 1;
if (!DemodBufferLen) return 1;
uint8_t si = config.offset; uint8_t si = config.offset;
uint32_t bl0 = PackBits(si, 32, DemodBuffer); uint32_t bl0 = PackBits(si, 32, DemodBuffer);
@ -715,6 +855,7 @@ int CmdT55xxInfo(const char *Cmd){
PrintAndLog(" Raw Data - Page 0"); PrintAndLog(" Raw Data - Page 0");
PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) ); PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );
PrintAndLog("-------------------------------------------------------------"); PrintAndLog("-------------------------------------------------------------");
return 0; return 0;
} }
@ -819,7 +960,7 @@ char * GetBitRateStr(uint32_t id){
} }
char * GetSaferStr(uint32_t id){ char * GetSaferStr(uint32_t id){
static char buf[40]; static char buf[40];
char *retStr = buf; char *retStr = buf;
sprintf(retStr,"%d",id); sprintf(retStr,"%d",id);
@ -833,7 +974,7 @@ char * GetSaferStr(uint32_t id){
return buf; return buf;
} }
char * GetModulationStr( uint32_t id){ char * GetModulationStr( uint32_t id){
static char buf[40]; static char buf[40];
char *retStr = buf; char *retStr = buf;
switch (id){ switch (id){
@ -867,6 +1008,9 @@ char * GetModulationStr( uint32_t id){
case 16: case 16:
sprintf(retStr,"%d - Biphase",id); sprintf(retStr,"%d - Biphase",id);
break; break;
case 0x18:
sprintf(retStr,"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);
break;
case 17: case 17:
sprintf(retStr,"%d - Reserved",id); sprintf(retStr,"%d - Reserved",id);
break; break;
@ -889,13 +1033,25 @@ char * GetModelStrFromCID(uint32_t cid){
char * GetSelectedModulationStr( uint8_t id){ char * GetSelectedModulationStr( uint8_t id){
static char buf[16]; static char buf[16];
char *retStr = buf; char *retStr = buf;
switch (id){ switch (id){
case DEMOD_FSK: case DEMOD_FSK:
sprintf(retStr,"FSK"); sprintf(retStr,"FSK");
break; break;
case DEMOD_FSK1:
sprintf(retStr,"FSK1");
break;
case DEMOD_FSK1a:
sprintf(retStr,"FSK1a");
break;
case DEMOD_FSK2:
sprintf(retStr,"FSK2");
break;
case DEMOD_FSK2a:
sprintf(retStr,"FSK2a");
break;
case DEMOD_ASK: case DEMOD_ASK:
sprintf(retStr,"ASK"); sprintf(retStr,"ASK");
break; break;
@ -910,10 +1066,13 @@ char * GetSelectedModulationStr( uint8_t id){
break; break;
case DEMOD_PSK3: case DEMOD_PSK3:
sprintf(retStr,"PSK3"); sprintf(retStr,"PSK3");
break; break;
case DEMOD_BI: case DEMOD_BI:
sprintf(retStr,"BIPHASE"); sprintf(retStr,"BIPHASE");
break; break;
case DEMOD_BIa:
sprintf(retStr,"BIPHASEa - (CDP)");
break;
default: default:
sprintf(retStr,"(Unknown)"); sprintf(retStr,"(Unknown)");
break; break;
@ -928,17 +1087,17 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
if (len > 32) return 0; if (len > 32) return 0;
uint32_t tmp = 0; uint32_t tmp = 0;
for (; j >= 0; --j, ++i) for (; j >= 0; --j, ++i)
tmp |= bits[i] << j; tmp |= bits[i] << j;
return tmp; return tmp;
} }
static command_t CommandTable[] = static command_t CommandTable[] =
{ {
{"help", CmdHelp, 1, "This help"}, {"help", CmdHelp, 1, "This help"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset)"}, {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
{"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."}, {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
{"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"}, {"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
{"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"}, {"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},

22
client/cmdlft55xx.h
View file

@ -16,13 +16,28 @@ typedef struct {
DEMOD_PSK1 = 0x01, DEMOD_PSK1 = 0x01,
DEMOD_PSK2 = 0x02, DEMOD_PSK2 = 0x02,
DEMOD_PSK3 = 0x03, DEMOD_PSK3 = 0x03,
DEMOD_FSK = 0x04, DEMOD_FSK1 = 0x04,
DEMOD_FSK1a = 0x05,
DEMOD_FSK2 = 0x06,
DEMOD_FSK2a = 0x07,
DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs)
DEMOD_ASK = 0x08, DEMOD_ASK = 0x08,
DEMOD_BI = 0x16, DEMOD_BI = 0x10,
DEMOD_BIa = 0x18,
} modulation; } modulation;
bool inverted; bool inverted;
uint8_t offset; uint8_t offset;
uint32_t block0; uint32_t block0;
enum {
RF_8 = 0x00,
RF_16 = 0x01,
RF_32 = 0x02,
RF_40 = 0x03,
RF_50 = 0x04,
RF_64 = 0x05,
RF_100 = 0x06,
RF_128 = 0x07,
} bitrate;
} t55xx_conf_block_t; } t55xx_conf_block_t;
int CmdLFT55XX(const char *Cmd); int CmdLFT55XX(const char *Cmd);
@ -42,9 +57,10 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream);
void printT55xxBlock(const char *demodStr); void printT55xxBlock(const char *demodStr);
void printConfiguration( t55xx_conf_block_t b); void printConfiguration( t55xx_conf_block_t b);
void DecodeT55xxBlock(); bool DecodeT55xxBlock();
bool tryDetectModulation(); bool tryDetectModulation();
bool test(uint8_t mode, uint8_t *offset); bool test(uint8_t mode, uint8_t *offset);
int special(const char *Cmd); int special(const char *Cmd);
int AquireData( uint8_t block ); int AquireData( uint8_t block );
#endif #endif

2
client/scripts/test_t55x7_bi.lua
View file

@ -129,4 +129,4 @@ local function main(args)
test() test()
print( string.rep('--',20) ) print( string.rep('--',20) )
end end
main(args) main(args)

2
client/scripts/test_t55x7_psk.lua
View file

@ -168,4 +168,4 @@ main(args)
-- XXXXX0XX = PSK RF/2 -- XXXXX0XX = PSK RF/2
-- XXXXX4XX = PSK RF/4 -- XXXXX4XX = PSK RF/4
-- XXXXX8XX = PSK RF/8 -- XXXXX8XX = PSK RF/8

2
common/Makefile.common
View file

@ -71,8 +71,6 @@ LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
LIBS = -lgcc LIBS = -lgcc
LIBS = -lgcc
THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC)) THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC))
ARMOBJ = $(ARMSRC:%.c=$(OBJDIR)/%.o) ARMOBJ = $(ARMSRC:%.c=$(OBJDIR)/%.o)
ASMOBJ = $(patsubst %.s,$(OBJDIR)/%.o,$(ASMSRC)) ASMOBJ = $(patsubst %.s,$(OBJDIR)/%.o,$(ASMSRC))

267
common/lfdemod.c
View file

@ -75,51 +75,6 @@ uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_
return 0; return 0;
} }
//by marshmellow
//takes 1s and 0s and searches for EM410x format - output EM ID
uint64_t Em410xDecodeOld(uint8_t *BitStream, size_t *size, size_t *startIdx)
{
//no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
// otherwise could be a void with no arguments
//set defaults
uint64_t lo=0;
uint32_t i = 0;
if (BitStream[1]>1){ //allow only 1s and 0s
// PrintAndLog("no data found");
return 0;
}
// 111111111 bit pattern represent start of frame
uint8_t preamble[] = {1,1,1,1,1,1,1,1,1};
uint32_t idx = 0;
uint32_t parityBits = 0;
uint8_t errChk = 0;
*startIdx = 0;
for (uint8_t extraBitChk=0; extraBitChk<5; extraBitChk++){
errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx);
if (errChk == 0) return 0;
idx = *startIdx + 9;
for (i=0; i<10;i++){ //loop through 10 sets of 5 bits (50-10p = 40 bits)
parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5);
//check even parity
if (parityTest(parityBits, 5, 0) == 0){
//parity failed try next bit (in the case of 1111111111) but last 9 = preamble
startIdx++;
errChk = 0;
break;
}
//set uint64 with ID from BitStream
for (uint8_t ii=0; ii<4; ii++){
lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]);
}
}
if (errChk != 0) return lo;
//skip last 5 bit parity test for simplicity.
// *size = 64;
}
return 0;
}
//by marshmellow //by marshmellow
//takes 1s and 0s and searches for EM410x format - output EM ID //takes 1s and 0s and searches for EM410x format - output EM ID
uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo) uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo)
@ -144,6 +99,7 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_
if (errChk == 0) return 0; if (errChk == 0) return 0;
if (*size<64) return 0; if (*size<64) return 0;
if (*size>64) FmtLen = 22; if (*size>64) FmtLen = 22;
if (*size<64) return 0;
idx = *startIdx + 9; idx = *startIdx + 9;
for (i=0; i<FmtLen; i++){ //loop through 10 or 22 sets of 5 bits (50-10p = 40 bits or 88 bits) for (i=0; i<FmtLen; i++){ //loop through 10 or 22 sets of 5 bits (50-10p = 40 bits or 88 bits)
parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5); parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5);
@ -309,16 +265,12 @@ int ManchesterEncode(uint8_t *BitStream, size_t size)
//run through 2 times and take least errCnt //run through 2 times and take least errCnt
int manrawdecode(uint8_t * BitStream, size_t *size) int manrawdecode(uint8_t * BitStream, size_t *size)
{ {
uint16_t bitnum=0; uint16_t bitnum=0, MaxBits = 512, errCnt = 0;
uint16_t MaxBits = 500; size_t i, ii;
uint16_t errCnt = 0; uint16_t bestErr = 1000, bestRun = 0;
size_t i=1;
uint16_t bestErr = 1000;
uint16_t bestRun = 0;
size_t ii=1;
if (size == 0) return -1; if (size == 0) return -1;
for (ii=1;ii<3;++ii){ for (ii=0;ii<2;++ii){
i=1; i=0;
for (i=i+ii;i<*size-2;i+=2){ for (i=i+ii;i<*size-2;i+=2){
if(BitStream[i]==1 && (BitStream[i+1]==0)){ if(BitStream[i]==1 && (BitStream[i+1]==0)){
} else if((BitStream[i]==0)&& BitStream[i+1]==1){ } else if((BitStream[i]==0)&& BitStream[i+1]==1){
@ -336,7 +288,7 @@ int manrawdecode(uint8_t * BitStream, size_t *size)
errCnt=bestErr; errCnt=bestErr;
if (errCnt<20){ if (errCnt<20){
ii=bestRun; ii=bestRun;
i=1; i=0;
for (i=i+ii; i < *size-2; i+=2){ for (i=i+ii; i < *size-2; i+=2){
if(BitStream[i] == 1 && (BitStream[i+1] == 0)){ if(BitStream[i] == 1 && (BitStream[i+1] == 0)){
BitStream[bitnum++]=0; BitStream[bitnum++]=0;
@ -356,6 +308,7 @@ int manrawdecode(uint8_t * BitStream, size_t *size)
//by marshmellow //by marshmellow
//take 01 or 10 = 1 and 11 or 00 = 0 //take 01 or 10 = 1 and 11 or 00 = 0
//check for phase errors - should never have 111 or 000 should be 01001011 or 10110100 for 1010 //check for phase errors - should never have 111 or 000 should be 01001011 or 10110100 for 1010
//decodes biphase or if inverted it is AKA conditional dephase encoding AKA differential manchester encoding
int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset, int invert) int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset, int invert)
{ {
uint16_t bitnum=0; uint16_t bitnum=0;
@ -373,7 +326,7 @@ int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset, int invert)
if (!offsetA && offsetB) offset++; if (!offsetA && offsetB) offset++;
for (i=offset; i<*size-3; i+=2){ for (i=offset; i<*size-3; i+=2){
//check for phase error //check for phase error
if (i<*size-3 && BitStream[i+1]==BitStream[i+2]) { if (BitStream[i+1]==BitStream[i+2]) {
BitStream[bitnum++]=77; BitStream[bitnum++]=77;
errCnt++; errCnt++;
} }
@ -413,6 +366,56 @@ void askAmp(uint8_t *BitStream, size_t size)
return; return;
} }
int cleanAskRawDemod(uint8_t *BinStream, size_t *size, int clk, int invert, int high, int low)
{
size_t bitCnt=0, smplCnt=0, errCnt=0;
uint8_t waveHigh = 0;
//PrintAndLog("clk: %d", clk);
for (size_t i=0; i < *size; i++){
if (BinStream[i] >= high && waveHigh){
smplCnt++;
} else if (BinStream[i] <= low && !waveHigh){
smplCnt++;
} else { //transition
if ((BinStream[i] >= high && !waveHigh) || (BinStream[i] <= low && waveHigh)){
if (smplCnt > clk-(clk/4)-1) { //full clock
if (smplCnt > clk + (clk/4)+1) { //too many samples
errCnt++;
BinStream[bitCnt++]=77;
} else if (waveHigh) {
BinStream[bitCnt++] = invert;
BinStream[bitCnt++] = invert;
} else if (!waveHigh) {
BinStream[bitCnt++] = invert ^ 1;
BinStream[bitCnt++] = invert ^ 1;
}
waveHigh ^= 1;
smplCnt = 0;
} else if (smplCnt > (clk/2) - (clk/4)-1) {
if (waveHigh) {
BinStream[bitCnt++] = invert;
} else if (!waveHigh) {
BinStream[bitCnt++] = invert ^ 1;
}
waveHigh ^= 1;
smplCnt = 0;
} else if (!bitCnt) {
//first bit
waveHigh = (BinStream[i] >= high);
smplCnt = 1;
} else {
smplCnt++;
//transition bit oops
}
} else { //haven't hit new high or new low yet
smplCnt++;
}
}
}
*size = bitCnt;
return errCnt;
}
//by marshmellow //by marshmellow
//takes 3 arguments - clock, invert and maxErr as integers //takes 3 arguments - clock, invert and maxErr as integers
//attempts to demodulate ask only //attempts to demodulate ask only
@ -424,15 +427,22 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max
if (*clk==0) return -1; if (*clk==0) return -1;
if (start<0) return -1; if (start<0) return -1;
if (*invert != 0 && *invert != 1) *invert =0; if (*invert != 0 && *invert != 1) *invert =0;
if (amp==1) askAmp(BinStream, *size);
uint32_t initLoopMax = 200; uint32_t initLoopMax = 200;
if (initLoopMax > *size) initLoopMax=*size; if (initLoopMax > *size) initLoopMax=*size;
// Detect high and lows // Detect high and lows
//25% fuzz in case highs and lows aren't clipped [marshmellow] //25% clip in case highs and lows aren't clipped [marshmellow]
uint8_t clip = 75;
int high, low, ans; int high, low, ans;
if (amp==1) askAmp(BinStream, *size); ans = getHiLo(BinStream, initLoopMax, &high, &low, clip, clip);
ans = getHiLo(BinStream, initLoopMax, &high, &low, 75, 75);
if (ans<1) return -1; //just noise if (ans<1) return -1; //just noise
if (DetectCleanAskWave(BinStream, *size, high, low)) {
//PrintAndLog("Clean");
return cleanAskRawDemod(BinStream, size, *clk, *invert, high, low);
}
//PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
int lastBit = 0; //set first clock check int lastBit = 0; //set first clock check
uint32_t bitnum = 0; //output counter uint32_t bitnum = 0; //output counter
@ -444,12 +454,13 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max
uint32_t gLen = *size; uint32_t gLen = *size;
if (gLen > 500) gLen=500; if (gLen > 500) gLen=500;
//if 0 errors allowed then only try first 2 clock cycles as we want a low tolerance //if 0 errors allowed then only try first 2 clock cycles as we want a low tolerance
if (!maxErr) gLen=*clk*2; if (!maxErr) gLen = *clk * 2;
uint8_t errCnt =0; uint8_t errCnt =0;
uint32_t bestStart = *size; uint32_t bestStart = *size;
uint32_t bestErrCnt = maxErr; //(*size/1000); uint32_t bestErrCnt = maxErr; //(*size/1000);
uint8_t midBit=0; uint8_t midBit=0;
uint16_t MaxBits=1000; uint16_t MaxBits=1000;
//PrintAndLog("DEBUG - lastbit - %d",lastBit); //PrintAndLog("DEBUG - lastbit - %d",lastBit);
//loop to find first wave that works //loop to find first wave that works
for (iii=start; iii < gLen; ++iii){ for (iii=start; iii < gLen; ++iii){
@ -620,7 +631,9 @@ size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow
//do nothing with extra garbage //do nothing with extra garbage
} else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves } else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves
dest[numBits]=1; dest[numBits]=1;
} else { //9+ = 10 waves } else if ((idx-last_transition) > (fchigh+1) && !numBits) { //12 + and first bit = garbage
//do nothing with beginning garbage
} else { //9+ = 10 waves
dest[numBits]=0; dest[numBits]=0;
} }
last_transition = idx; last_transition = idx;
@ -644,18 +657,31 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons
uint32_t idx=0; uint32_t idx=0;
size_t numBits=0; size_t numBits=0;
uint32_t n=1; uint32_t n=1;
float lowWaves = (((float)(rfLen))/((float)fclow));
float highWaves = (((float)(rfLen))/((float)fchigh));
for( idx=1; idx < size; idx++) { for( idx=1; idx < size; idx++) {
if (dest[idx]==lastval) { if (dest[idx]==lastval) {
n++; n++;
continue; continue;
} }
n++;
//if lastval was 1, we have a 1->0 crossing //if lastval was 1, we have a 1->0 crossing
if ( dest[idx-1]==1 ) { if (dest[idx-1]==1) {
n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow)); if (!numBits && n < (uint8_t)lowWaves) {
} else {// 0->1 crossing n=0;
n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh)); //-1 for fudge factor lastval = dest[idx];
continue;
}
n=myround2(((float)n)/lowWaves);
} else {// 0->1 crossing
//test first bitsample too small
if (!numBits && n < (uint8_t)highWaves) {
n=0;
lastval = dest[idx];
continue;
}
n = myround2(((float)n)/highWaves); //-1 for fudge factor
} }
if (n == 0) n = 1; if (n == 0) n = 1;
@ -671,6 +697,17 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons
n=0; n=0;
lastval=dest[idx]; lastval=dest[idx];
}//end for }//end for
// if valid extra bits at the end were all the same frequency - add them in
if (n > lowWaves && n > highWaves) {
if (dest[idx-2]==1) {
n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow));
} else {
n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh)); //-1 for fudge factor
}
memset(dest, dest[idx-1]^invert , n);
numBits += n;
}
return numBits; return numBits;
} }
//by marshmellow (from holiman's base) //by marshmellow (from holiman's base)
@ -857,20 +894,70 @@ int PyramiddemodFSK(uint8_t *dest, size_t *size)
uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low) uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low)
{ {
uint8_t allPeaks=1; uint16_t allPeaks=1;
uint16_t cntPeaks=0; uint16_t cntPeaks=0;
for (size_t i=20; i<255; i++){ size_t loopEnd = 572;
if (loopEnd > size) loopEnd = size;
for (size_t i=60; i<loopEnd; i++){
if (dest[i]>low && dest[i]<high) if (dest[i]>low && dest[i]<high)
allPeaks=0; allPeaks=0;
else else
cntPeaks++; cntPeaks++;
} }
if (allPeaks==0){ if (allPeaks == 0){
if (cntPeaks>190) return 1; if (cntPeaks > 300) return 1;
} }
return allPeaks; return allPeaks;
} }
int DetectStrongAskClock(uint8_t dest[], size_t size)
{
int clk[]={0,8,16,32,40,50,64,100,128,256};
size_t idx = 40;
uint8_t high=0;
size_t cnt = 0;
size_t highCnt = 0;
size_t highCnt2 = 0;
for (;idx < size; idx++){
if (dest[idx]>128) {
if (!high){
high=1;
if (cnt > highCnt){
if (highCnt != 0) highCnt2 = highCnt;
highCnt = cnt;
} else if (cnt > highCnt2) {
highCnt2 = cnt;
}
cnt=1;
} else {
cnt++;
}
} else if (dest[idx] <= 128){
if (high) {
high=0;
if (cnt > highCnt) {
if (highCnt != 0) highCnt2 = highCnt;
highCnt = cnt;
} else if (cnt > highCnt2) {
highCnt2 = cnt;
}
cnt=1;
} else {
cnt++;
}
}
}
uint8_t tol;
for (idx=8; idx>0; idx--){
tol = clk[idx]/8;
if (clk[idx] >= highCnt - tol && clk[idx] <= highCnt + tol)
return clk[idx];
if (clk[idx] >= highCnt2 - tol && clk[idx] <= highCnt2 + tol)
return clk[idx];
}
return -1;
}
// by marshmellow // by marshmellow
// not perfect especially with lower clocks or VERY good antennas (heavy wave clipping) // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
// maybe somehow adjust peak trimming value based on samples to fix? // maybe somehow adjust peak trimming value based on samples to fix?
@ -893,24 +980,14 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr)
//test for large clean peaks //test for large clean peaks
if (DetectCleanAskWave(dest, size, peak, low)==1){ if (DetectCleanAskWave(dest, size, peak, low)==1){
uint16_t fcTest=0; int ans = DetectStrongAskClock(dest, size);
uint8_t mostFC=0; for (i=7; i>0; i--){
fcTest=countFC(dest, size, &mostFC); if (clk[i] == ans) {
uint8_t fc1 = fcTest >> 8; *clock=ans;
uint8_t fc2 = fcTest & 0xFF;
for (i=0; i<8; i++){
if (clk[i] == fc1) {
*clock=fc1;
return 0;
}
if (clk[i] == fc2) {
*clock=fc2;
return 0; return 0;
} }
} }
} }
int ii; int ii;
int clkCnt; int clkCnt;
int tol = 0; int tol = 0;
@ -924,6 +1001,7 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr)
}else{ }else{
tol=0; tol=0;
} }
if (!maxErr) loopCnt=clk[clkCnt]*2;
bestErr[clkCnt]=1000; bestErr[clkCnt]=1000;
//try lining up the peaks by moving starting point (try first 256) //try lining up the peaks by moving starting point (try first 256)
for (ii=0; ii < loopCnt; ii++){ for (ii=0; ii < loopCnt; ii++){
@ -1243,11 +1321,10 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
*clk = DetectNRZClock(dest, *size, *clk); *clk = DetectNRZClock(dest, *size, *clk);
if (*clk==0) return -2; if (*clk==0) return -2;
uint32_t i; uint32_t i;
int high, low, ans; uint32_t gLen = 4096;
ans = getHiLo(dest, 1260, &high, &low, 75, 75); //25% fuzz on high 25% fuzz on low
if (ans<1) return -2; //just noise
uint32_t gLen = 256;
if (gLen>*size) gLen = *size; if (gLen>*size) gLen = *size;
int high, low;
if (getHiLo(dest, gLen, &high, &low, 75, 75) < 1) return -3; //25% fuzz on high 25% fuzz on low
int lastBit = 0; //set first clock check int lastBit = 0; //set first clock check
uint32_t bitnum = 0; //output counter uint32_t bitnum = 0; //output counter
uint8_t tol = 1; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave uint8_t tol = 1; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
@ -1257,6 +1334,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
uint32_t bestErrCnt = maxErr+1; uint32_t bestErrCnt = maxErr+1;
uint32_t bestPeakCnt = 0; uint32_t bestPeakCnt = 0;
uint32_t bestPeakStart=0; uint32_t bestPeakStart=0;
uint8_t bestFirstPeakHigh=0;
uint8_t firstPeakHigh=0;
uint8_t curBit=0; uint8_t curBit=0;
uint8_t bitHigh=0; uint8_t bitHigh=0;
uint8_t errBitHigh=0; uint8_t errBitHigh=0;
@ -1266,6 +1345,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
//loop to find first wave that works - align to clock //loop to find first wave that works - align to clock
for (iii=0; iii < gLen; ++iii){ for (iii=0; iii < gLen; ++iii){
if ((dest[iii]>=high) || (dest[iii]<=low)){ if ((dest[iii]>=high) || (dest[iii]<=low)){
if (dest[iii]>=high) firstPeakHigh=1;
else firstPeakHigh=0;
lastBit=iii-*clk; lastBit=iii-*clk;
peakCnt=0; peakCnt=0;
errCnt=0; errCnt=0;
@ -1316,6 +1397,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
//possible good read //possible good read
if (errCnt == 0){ if (errCnt == 0){
//bestStart = iii; //bestStart = iii;
bestFirstPeakHigh=firstPeakHigh;
bestErrCnt = errCnt; bestErrCnt = errCnt;
bestPeakCnt = peakCnt; bestPeakCnt = peakCnt;
bestPeakStart = iii; bestPeakStart = iii;
@ -1326,6 +1408,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
//bestStart = iii; //bestStart = iii;
} }
if (peakCnt > bestPeakCnt){ if (peakCnt > bestPeakCnt){
bestFirstPeakHigh=firstPeakHigh;
bestPeakCnt=peakCnt; bestPeakCnt=peakCnt;
bestPeakStart=iii; bestPeakStart=iii;
} }
@ -1338,6 +1421,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
iii=bestPeakStart; iii=bestPeakStart;
lastBit=bestPeakStart-*clk; lastBit=bestPeakStart-*clk;
bitnum=0; bitnum=0;
memset(dest, bestFirstPeakHigh^1, bestPeakStart / *clk);
bitnum += (bestPeakStart / *clk);
for (i = iii; i < *size; ++i) { for (i = iii; i < *size; ++i) {
//if we found a high bar and we are at a clock bit //if we found a high bar and we are at a clock bit
if ((dest[i] >= high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){ if ((dest[i] >= high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
@ -1387,12 +1472,12 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
*size=bitnum; *size=bitnum;
} else{ } else{
*size=bitnum; *size=bitnum;
return -1; return bestErrCnt;
} }
if (bitnum>16){ if (bitnum>16){
*size=bitnum; *size=bitnum;
} else return -1; } else return -5;
return errCnt; return errCnt;
} }
@ -1690,7 +1775,7 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert)
errCnt=0; errCnt=0;
size_t numBits=0; size_t numBits=0;
//set skipped bits //set skipped bits
memset(dest+numBits,curPhase^1,firstFullWave / *clock); memset(dest,curPhase^1,firstFullWave / *clock);
numBits += (firstFullWave / *clock); numBits += (firstFullWave / *clock);
dest[numBits++] = curPhase; //set first read bit dest[numBits++] = curPhase; //set first read bit
for (i = firstFullWave+fullWaveLen-1; i < *size-3; i++){ for (i = firstFullWave+fullWaveLen-1; i < *size-3; i++){

2
common/lfdemod.h
View file

@ -16,6 +16,7 @@
#include <stdint.h> #include <stdint.h>
int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr); int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low);
int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr); int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo); uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
//uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx); //uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
@ -47,5 +48,6 @@ uint8_t justNoise(uint8_t *BitStream, size_t size);
uint8_t countPSK_FC(uint8_t *BitStream, size_t size); uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert); int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
int DetectPSKClock(uint8_t dest[], size_t size, int clock); int DetectPSKClock(uint8_t dest[], size_t size, int clock);
void askAmp(uint8_t *BitStream, size_t size);
#endif #endif

16
common/protocols.h
View file

@ -168,9 +168,25 @@ NXP/Philips CUSTOM COMMANDS
#define ISO15693_READ_MULTI_SECSTATUS 0x2C #define ISO15693_READ_MULTI_SECSTATUS 0x2C
// Topaz command set:
#define TOPAZ_REQA 0x26 // Request
#define TOPAZ_WUPA 0x52 // WakeUp
#define TOPAZ_RID 0x78 // Read ID
#define TOPAZ_RALL 0x00 // Read All (all bytes)
#define TOPAZ_READ 0x01 // Read (a single byte)
#define TOPAZ_WRITE_E 0x53 // Write-with-erase (a single byte)
#define TOPAZ_WRITE_NE 0x1a // Write-no-erase (a single byte)
// additional commands for Dynamic Memory Model
#define TOPAZ_RSEG 0x10 // Read segment
#define TOPAZ_READ8 0x02 // Read (eight bytes)
#define TOPAZ_WRITE_E8 0x54 // Write-with-erase (eight bytes)
#define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes)
#define ISO_14443A 0 #define ISO_14443A 0
#define ICLASS 1 #define ICLASS 1
#define ISO_14443B 2 #define ISO_14443B 2
#define TOPAZ 3
//-- Picopass fuses //-- Picopass fuses
#define FUSE_FPERS 0x80 #define FUSE_FPERS 0x80

17
include/mifare.h
View file

@ -26,14 +26,15 @@ typedef struct {
} __attribute__((__packed__)) iso14a_card_select_t; } __attribute__((__packed__)) iso14a_card_select_t;
typedef enum ISO14A_COMMAND { typedef enum ISO14A_COMMAND {
ISO14A_CONNECT = 1, ISO14A_CONNECT = (1 << 0),
ISO14A_NO_DISCONNECT = 2, ISO14A_NO_DISCONNECT = (1 << 1),
ISO14A_APDU = 4, ISO14A_APDU = (1 << 2),
ISO14A_RAW = 8, ISO14A_RAW = (1 << 3),
ISO14A_REQUEST_TRIGGER = 0x10, ISO14A_REQUEST_TRIGGER = (1 << 4),
ISO14A_APPEND_CRC = 0x20, ISO14A_APPEND_CRC = (1 << 5),
ISO14A_SET_TIMEOUT = 0x40, ISO14A_SET_TIMEOUT = (1 << 6),
ISO14A_NO_SELECT = 0x80 ISO14A_NO_SELECT = (1 << 7),
ISO14A_TOPAZMODE = (1 << 8)
} iso14a_command_t; } iso14a_command_t;
#endif // _MIFARE_H_ #endif // _MIFARE_H_