github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: "lf search" / "lf hitag" - no more stack overflow in hitag reader

Browse source
This commit is contained in:
iceman1001 2020-06-23 11:13:49 +02:00
commit 1c7de4a8c3
3 changed files with 55 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

52
armsrc/hitag2.c
View file

@ -36,7 +36,7 @@
#include "lfsampling.h" #include "lfsampling.h"
#include "lfdemod.h" #include "lfdemod.h"
#include "commonutil.h" #include "commonutil.h"
#include "appmain.h"
#define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1 #define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1
#define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8))) #define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8)))
@ -1002,15 +1002,20 @@ void SniffHitag2(void) {
size_t periods = 0; size_t periods = 0;
uint8_t periods_bytes[4]; uint8_t periods_bytes[4];
int16_t checked = 0; // int16_t checked = 0;
/*bool waiting_for_first_edge = true;*/ /*bool waiting_for_first_edge = true;*/
LED_C_ON(); LED_C_ON();
uint32_t signal_size = 10000;
while (!BUTTON_PRESS()) { while (!BUTTON_PRESS()) {
// use malloc
initSampleBufferEx(&signal_size, false);
WDT_HIT(); WDT_HIT();
/*
// only every 1000th times, in order to save time when collecting samples. // only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) { if (checked == 1000) {
if (data_available()) { if (data_available()) {
@ -1021,13 +1026,14 @@ void SniffHitag2(void) {
} }
} }
++checked; ++checked;
*/
// Receive frame, watch for at most T0*EOF periods // Receive frame, watch for at most T0*EOF periods
// lf_reset_counter(); // lf_reset_counter();
// Wait "infinite" for reader modulation // Wait "infinite" for reader modulation
periods = lf_detect_gap(20000); periods = lf_detect_gap(10000);
// Test if we detected the first reader modulation edge // Test if we detected the first reader modulation edge
if (periods != 0) { if (periods != 0) {
@ -1042,7 +1048,6 @@ void SniffHitag2(void) {
num_to_bytes(periods, 4, periods_bytes); num_to_bytes(periods, 4, periods_bytes);
LogTrace(periods_bytes, 4, 0, 0, NULL, true); LogTrace(periods_bytes, 4, 0, 0, NULL, true);
} }
} }
lf_finalize(); lf_finalize();
@ -1064,7 +1069,7 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
int response = 0; int response = 0;
uint8_t rx[HITAG_FRAME_LEN] = {0}; uint8_t rx[HITAG_FRAME_LEN] = {0};
size_t rxlen = 0; size_t rxlen = 0;
uint8_t tx[HITAG_FRAME_LEN]; uint8_t tx[HITAG_FRAME_LEN] = {0};
size_t txlen = 0; size_t txlen = 0;
auth_table_len = 0; auth_table_len = 0;
@ -1108,8 +1113,11 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
// int16_t checked = 0; // int16_t checked = 0;
// SIMULATE // SIMULATE
uint32_t signal_size = 10000;
while (BUTTON_PRESS() == false) {
while (!BUTTON_PRESS()) { // use malloc
initSampleBufferEx(&signal_size, true);
LED_D_ON(); LED_D_ON();
@ -1283,9 +1291,9 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
uint32_t command_start = 0, command_duration = 0; uint32_t command_start = 0, command_duration = 0;
uint32_t response_start = 0, response_duration = 0; uint32_t response_start = 0, response_duration = 0;
uint8_t rx[HITAG_FRAME_LEN]; uint8_t rx[HITAG_FRAME_LEN] = {0};
size_t rxlen = 0; size_t rxlen = 0;
uint8_t txbuf[HITAG_FRAME_LEN]; uint8_t txbuf[HITAG_FRAME_LEN] = {0};
uint8_t *tx = txbuf; uint8_t *tx = txbuf;
size_t txlen = 0; size_t txlen = 0;
@ -1430,12 +1438,17 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
size_t nrzs = 0; size_t nrzs = 0;
int16_t checked = 0; int16_t checked = 0;
while (!bStop && !BUTTON_PRESS()) { uint32_t signal_size = 10000;
while (bStop == false && BUTTON_PRESS() == false) {
// use malloc
initSampleBufferEx(&signal_size, true);
WDT_HIT(); WDT_HIT();
// only every 1000th times, in order to save time when collecting samples. // only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) { if (checked == 4000) {
if (data_available()) { if (data_available()) {
checked = -1; checked = -1;
break; break;
@ -1615,13 +1628,13 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
} }
// Pack the response into a byte array // Pack the response into a byte array
for (size_t i = 5; i < nrzs; i++) { for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i]; uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7" if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
DBG Dbprintf("Error in Manchester decoding, abort"); DBG Dbprintf("Error in Manchester decoding, abort");
break; break;
} }
rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++; rxlen++;
} }
@ -1756,10 +1769,14 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
size_t nrzs = 0; size_t nrzs = 0;
int16_t checked = 0; int16_t checked = 0;
while (!bStop && !BUTTON_PRESS()) { uint32_t signal_size = 10000;
while (bStop == false && BUTTON_PRESS() == false) {
// only every 1000th times, in order to save time when collecting samples. // use malloc
if (checked == 1000) { initSampleBufferEx(&signal_size, true);
// only every 4000th times, in order to save time when collecting samples.
if (checked == 4000) {
if (data_available()) { if (data_available()) {
checked = -1; checked = -1;
break; break;
@ -1920,12 +1937,13 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
} }
// Pack the response into a byte array // Pack the response into a byte array
for (size_t i = 5; i < nrzs; i++) { for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i]; uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7" if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
break; break;
} }
rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); // >> 3 instead of div by 8
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++; rxlen++;
} }

50
armsrc/lfadc.c
View file

@ -11,6 +11,7 @@
#include "fpgaloader.h" #include "fpgaloader.h"
#include "ticks.h" #include "ticks.h"
#include "dbprint.h" #include "dbprint.h"
#include "appmain.h"
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) // Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz // TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
@ -72,27 +73,11 @@ void lf_sample_mean(void) {
static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
size_t periods = 0; size_t periods = 0;
volatile uint8_t adc_val;
uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3; uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3;
// int16_t checked = 0;
while (!BUTTON_PRESS()) {
// only every 100th times, in order to save time when collecting samples.
/*
if (checked == 1000) {
if (data_available()) {
break;
} else {
checked = 0;
}
}
++checked;
*/
WDT_HIT();
while (BUTTON_PRESS() == false) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
adc_val = AT91C_BASE_SSC->SSC_RHR; volatile uint8_t adc_val = AT91C_BASE_SSC->SSC_RHR;
periods++; periods++;
if (g_logging) logSampleSimple(adc_val); if (g_logging) logSampleSimple(adc_val);
@ -105,6 +90,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
if (adc_val == 0) { if (adc_val == 0) {
return periods; return periods;
} }
} else { } else {
// Trigger on a modulation swap by observing an edge change // Trigger on a modulation swap by observing an edge change
if (rising_edge) { if (rising_edge) {
@ -125,6 +111,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
if (periods >= max) return 0; if (periods >= max) return 0;
} }
} }
if (g_logging) logSampleSimple(0xFF); if (g_logging) logSampleSimple(0xFF);
return 0; return 0;
} }
@ -161,6 +148,7 @@ bool lf_get_reader_modulation(void) {
} }
void lf_wait_periods(size_t periods) { void lf_wait_periods(size_t periods) {
// wait detect gap
lf_count_edge_periods_ex(periods, true, false); lf_count_edge_periods_ex(periods, true, false);
} }
@ -250,23 +238,22 @@ void lf_finalize(void) {
} }
size_t lf_detect_field_drop(size_t max) { size_t lf_detect_field_drop(size_t max) {
/*
size_t periods = 0; size_t periods = 0;
// int16_t checked = 0; // int16_t checked = 0;
while (!BUTTON_PRESS()) { while (BUTTON_PRESS() == false) {
/* // // only every 1000th times, in order to save time when collecting samples.
// only every 1000th times, in order to save time when collecting samples. // if (checked == 4000) {
if (checked == 1000) { // if (data_available()) {
if (data_available()) { // checked = -1;
checked = -1; // break;
break; // } else {
} else { // checked = 0;
checked = 0; // }
} // }
} // ++checked;
++checked;
*/
WDT_HIT(); WDT_HIT();
@ -284,6 +271,7 @@ size_t lf_detect_field_drop(size_t max) {
if (periods == max) return 0; if (periods == max) return 0;
} }
} }
*/
return 0; return 0;
} }

2
client/src/cmdlfhitag.c
View file

@ -584,7 +584,7 @@ static int CmdLFHitagReader(const char *Cmd) {
clearCommandBuffer(); clearCommandBuffer();
SendCommandMIX(cmd, htf, 0, 0, &htd, sizeof(htd)); SendCommandMIX(cmd, htf, 0, 0, &htd, sizeof(htd));
PacketResponseNG resp; PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 4000)) { if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
PrintAndLogEx(WARNING, "timeout while waiting for reply."); PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }