github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 02:27:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added ledcontrol to lf functions

Browse source
This commit is contained in:
Łukasz Jurczyk 2021-11-18 14:26:41 +01:00
commit 218a4ba2ec
No known key found for this signature in database
GPG key ID: 95B48A1500000000
26 changed files with 432 additions and 426 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -34,6 +34,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Changed `hf mfdes` - detect LRP mode and info updates (@merlokk)
- Fixed `hf mfdes` - increase response buffer length (@merlokk)
- Fixed `SimulateTagLowFrequencyEx` ignoring the `ledcontrol` argument (@zabszk)
- Added ledcontrol argument to LF operations (@zabszk)
## [crimson.4.14434][2021-09-18]
- Fixed `hf mf staticnested` - flashmem / non loop now works (@horrordash)

4
armsrc/Standalone/lf_em4100rswb.c
View file

@ -260,7 +260,7 @@ static int ExecuteMode(int mode, int slot) {
//default first mode is simulate
case LF_RWSB_MODE_READ:
Dbprintf("[=] >> Read mode started <<");
lf_em410x_watch(1, &high[slot], &low[slot]);
lf_em410x_watch(1, &high[slot], &low[slot], true);
LED_Update(mode, slot);
Dbprintf("[=] >> Tag found. Saving. <<");
FlashLEDs(100, 5);
@ -276,7 +276,7 @@ static int ExecuteMode(int mode, int slot) {
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_WRITE:
Dbprintf("[!!] >> Write mode started <<");
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff));
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff), true);
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_BRUTE:
Dbprintf("[=] >> Bruteforce mode started <<");

4
armsrc/Standalone/lf_em4100rwc.c
View file

@ -172,7 +172,7 @@ void RunMod(void) {
state = 3;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - exit to select mode
lf_em410x_watch(1, &high[selected], &low[selected]);
lf_em410x_watch(1, &high[selected], &low[selected], true);
flash_leds(100, 5);
#ifdef WITH_FLASH
SaveIDtoFlash(selected, low[selected]);
@ -208,7 +208,7 @@ void RunMod(void) {
state = 0;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - write ID to tag
copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff), true);
led_slot(selected);
state = 0; // Switch to select mode
}

4
armsrc/Standalone/lf_hidbrute.c
View file

@ -75,7 +75,7 @@ void RunMod(void) {
// record
DbpString("[=] starting recording");
lf_hid_watch(1, &high[selected], &low[selected]);
lf_hid_watch(1, &high[selected], &low[selected], true);
Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
LEDsoff();
@ -95,7 +95,7 @@ void RunMod(void) {
WAIT_BUTTON_RELEASED();
CopyHIDtoT55x7(0, high[selected], low[selected], 0, false, false);
CopyHIDtoT55x7(0, high[selected], low[selected], 0, false, false, true);
Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]);
LEDsoff();

8
armsrc/Standalone/lf_icehid.c
View file

@ -354,21 +354,21 @@ void RunMod(void) {
// since we steal 12800 from bigbuffer, no need to sample it.
size_t size = MIN(28000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
DoAcquisition_config(false, size, true);
res = IceHIDDemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, size);
DoAcquisition_config(false, size, true);
res = IceAWIDdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, size);
DoAcquisition_config(false, size, true);
res = IceIOdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
@ -376,7 +376,7 @@ void RunMod(void) {
}
size = MIN(20000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
DoAcquisition_config(false, size, true);
res = IceEM410xdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();

2
armsrc/Standalone/lf_nexid.c
View file

@ -323,7 +323,7 @@ void RunMod(void) {
size_t size = MIN(16385, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
DoAcquisition_config(false, size, true);
res = demodNexWatch();
if (res == PM3_SUCCESS) {
LED_A_OFF();

2
armsrc/Standalone/lf_proxbrute.c
View file

@ -57,7 +57,7 @@ void RunMod(void) {
DbpString("[=] starting recording");
// findone, high, low
lf_hid_watch(1, &high, &low);
lf_hid_watch(1, &high, &low, true);
Dbprintf("[=] recorded | %x%08x", high, low);

4
armsrc/Standalone/lf_samyrun.c
View file

@ -77,7 +77,7 @@ void RunMod(void) {
// findone, high, low, no ledcontrol (A)
uint32_t hi = 0, lo = 0;
lf_hid_watch(1, &hi, &lo);
lf_hid_watch(1, &hi, &lo, true);
high[selected] = hi;
low[selected] = lo;
@ -121,7 +121,7 @@ void RunMod(void) {
Dbprintf("[=] cloning %x | %x%08x", selected, high[selected], low[selected]);
// high2, high, low, no longFMT
CopyHIDtoT55x7(0, high[selected], low[selected], 0, false, false);
CopyHIDtoT55x7(0, high[selected], low[selected], 0, false, false, true);
DbpString("[=] cloned done");

2
armsrc/Standalone/lf_tharexde.c
View file

@ -219,7 +219,7 @@ void RunMod(void) {
SpinDelay(200);
}
em4x50_handle_commands(&command, tag);
em4x50_handle_commands(&command, tag, true);
// check if new password was found
if (g_Password != reflect32(tag[EM4X50_DEVICE_PASSWORD])) {

99
armsrc/appmain.c
View file

@ -812,7 +812,7 @@ static void PacketReceived(PacketCommandNG *packet) {
bool verbose : 1;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
uint32_t bits = SampleLF(payload->verbose, payload->samples);
uint32_t bits = SampleLF(payload->verbose, payload->samples, true);
reply_ng(CMD_LF_ACQ_RAW_ADC, PM3_SUCCESS, (uint8_t *)&bits, sizeof(bits));
break;
}
@ -831,7 +831,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint16_t period_extra[LF_CMDREAD_MAX_EXTRA_SYMBOLS];
memcpy(symbol_extra, payload->symbol_extra, sizeof(symbol_extra));
memcpy(period_extra, payload->period_extra, sizeof(period_extra));
ModThenAcquireRawAdcSamples125k(payload->delay, payload->period_0, payload->period_1, symbol_extra, period_extra, packet->data.asBytes + sizeof(struct p), payload->verbose, payload->samples);
ModThenAcquireRawAdcSamples125k(payload->delay, payload->period_0, payload->period_1, symbol_extra, period_extra, packet->data.asBytes + sizeof(struct p), payload->verbose, payload->samples, true);
break;
}
case CMD_LF_SNIFF_RAW_ADC: {
@ -840,13 +840,13 @@ static void PacketReceived(PacketCommandNG *packet) {
bool verbose : 1;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
uint32_t bits = SniffLF(payload->verbose, payload->samples);
uint32_t bits = SniffLF(payload->verbose, payload->samples, true);
reply_ng(CMD_LF_SNIFF_RAW_ADC, PM3_SUCCESS, (uint8_t *)&bits, sizeof(bits));
break;
}
case CMD_LF_HID_WATCH: {
uint32_t high, low;
int res = lf_hid_watch(0, &high, &low);
int res = lf_hid_watch(0, &high, &low, true);
reply_ng(CMD_LF_HID_WATCH, res, NULL, 0);
break;
}
@ -877,19 +877,19 @@ static void PacketReceived(PacketCommandNG *packet) {
}
case CMD_LF_HID_CLONE: {
lf_hidsim_t *payload = (lf_hidsim_t *)packet->data.asBytes;
CopyHIDtoT55x7(payload->hi2, payload->hi, payload->lo, payload->longFMT, payload->Q5, payload->EM);
CopyHIDtoT55x7(payload->hi2, payload->hi, payload->lo, payload->longFMT, payload->Q5, payload->EM, true);
break;
}
case CMD_LF_IO_WATCH: {
uint32_t high, low;
int res = lf_io_watch(0, &high, &low);
int res = lf_io_watch(0, &high, &low, true);
reply_ng(CMD_LF_IO_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_WATCH: {
uint32_t high;
uint64_t low;
int res = lf_em410x_watch(0, &high, &low);
int res = lf_em410x_watch(0, &high, &low, true);
reply_ng(CMD_LF_EM410X_WATCH, res, NULL, 0);
break;
}
@ -901,12 +901,12 @@ static void PacketReceived(PacketCommandNG *packet) {
uint32_t low;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low);
int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low, true);
reply_ng(CMD_LF_EM410X_WRITE, res, NULL, 0);
break;
}
case CMD_LF_TI_READ: {
ReadTItag();
ReadTItag(true);
break;
}
case CMD_LF_TI_WRITE: {
@ -916,7 +916,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint16_t crc;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
WriteTItag(payload->high, payload->low, packet->crc);
WriteTItag(payload->high, payload->low, packet->crc, true);
break;
}
case CMD_LF_SIMULATE: {
@ -945,16 +945,16 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t downlink_mode;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
T55xxReadBlock(payload->page, payload->pwdmode, false, payload->blockno, payload->password, payload->downlink_mode);
T55xxReadBlock(payload->page, payload->pwdmode, false, payload->blockno, payload->password, payload->downlink_mode, true);
break;
}
case CMD_LF_T55XX_WRITEBL: {
// uses NG format
T55xxWriteBlock(packet->data.asBytes);
T55xxWriteBlock(packet->data.asBytes, true);
break;
}
case CMD_LF_T55XX_DANGERRAW: {
T55xxDangerousRawTest(packet->data.asBytes);
T55xxDangerousRawTest(packet->data.asBytes, true);
break;
}
case CMD_LF_T55XX_WAKEUP: {
@ -963,19 +963,19 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t flags;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
T55xxWakeUp(payload->password, payload->flags);
T55xxWakeUp(payload->password, payload->flags, true);
break;
}
case CMD_LF_T55XX_RESET_READ: {
T55xxResetRead(packet->data.asBytes[0] & 0xff);
T55xxResetRead(packet->data.asBytes[0] & 0xff, true);
break;
}
case CMD_LF_T55XX_CHK_PWDS: {
T55xx_ChkPwds(packet->data.asBytes[0] & 0xff);
T55xx_ChkPwds(packet->data.asBytes[0] & 0xff, true);
break;
}
case CMD_LF_PCF7931_READ: {
ReadPCF7931();
ReadPCF7931(true);
break;
}
case CMD_LF_PCF7931_WRITE: {
@ -985,7 +985,8 @@ static void PacketReceived(PacketCommandNG *packet) {
packet->data.asBytes[7] - 128, packet->data.asBytes[8] - 128,
packet->oldarg[0],
packet->oldarg[1],
packet->oldarg[2]
packet->oldarg[2],
true
);
break;
}
@ -994,7 +995,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint32_t password;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EM4xLogin(payload->password);
EM4xLogin(payload->password, true);
break;
}
case CMD_LF_EM4X_BF: {
@ -1003,7 +1004,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint32_t n;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EM4xBruteforce(payload->start_pwd, payload->n);
EM4xBruteforce(payload->start_pwd, payload->n, true);
break;
}
case CMD_LF_EM4X_READWORD: {
@ -1013,7 +1014,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t usepwd;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EM4xReadWord(payload->address, payload->password, payload->usepwd);
EM4xReadWord(payload->address, payload->password, payload->usepwd, true);
break;
}
case CMD_LF_EM4X_WRITEWORD: {
@ -1024,7 +1025,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t usepwd;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd);
EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd, true);
break;
}
case CMD_LF_EM4X_PROTECTWORD: {
@ -1034,12 +1035,12 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t usepwd;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EM4xProtectWord(payload->data, payload->password, payload->usepwd);
EM4xProtectWord(payload->data, payload->password, payload->usepwd, true);
break;
}
case CMD_LF_AWID_WATCH: {
uint32_t high, low;
int res = lf_awid_watch(0, &high, &low);
int res = lf_awid_watch(0, &high, &low, true);
reply_ng(CMD_LF_AWID_WATCH, res, NULL, 0);
break;
}
@ -1050,7 +1051,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t blocks[8];
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
CopyVikingtoT55xx(payload->blocks, payload->Q5, payload->EM);
CopyVikingtoT55xx(payload->blocks, payload->Q5, payload->EM, true);
break;
}
case CMD_LF_COTAG_READ: {
@ -1058,43 +1059,43 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t mode;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
Cotag(payload->mode);
Cotag(payload->mode, true);
break;
}
#endif
#ifdef WITH_HITAG
case CMD_LF_HITAG_SNIFF: { // Eavesdrop Hitag tag, args = type
SniffHitag2();
SniffHitag2(true);
// SniffHitag2(packet->oldarg[0]);
reply_ng(CMD_LF_HITAG_SNIFF, PM3_SUCCESS, NULL, 0);
break;
}
case CMD_LF_HITAG_SIMULATE: { // Simulate Hitag tag, args = memory content
SimulateHitag2();
SimulateHitag2(true);
break;
}
case CMD_LF_HITAG_READER: { // Reader for Hitag tags, args = type and function
ReaderHitag((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes);
ReaderHitag((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, true);
break;
}
case CMD_LF_HITAGS_SIMULATE: { // Simulate Hitag s tag, args = memory content
SimulateHitagSTag((bool)packet->oldarg[0], packet->data.asBytes);
SimulateHitagSTag((bool)packet->oldarg[0], packet->data.asBytes, true);
break;
}
case CMD_LF_HITAGS_TEST_TRACES: { // Tests every challenge within the given file
check_challenges((bool)packet->oldarg[0], packet->data.asBytes);
check_challenges((bool)packet->oldarg[0], packet->data.asBytes, true);
break;
}
case CMD_LF_HITAGS_READ: { //Reader for only Hitag S tags, args = key or challenge
ReadHitagS((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes);
ReadHitagS((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, true);
break;
}
case CMD_LF_HITAGS_WRITE: { //writer for Hitag tags args=data to write,page and key or challenge
if ((hitag_function)packet->oldarg[0] < 10) {
WritePageHitagS((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, packet->oldarg[2]);
WritePageHitagS((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, packet->oldarg[2], true);
} else {
WriterHitag((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, packet->oldarg[2]);
WriterHitag((hitag_function)packet->oldarg[0], (hitag_data *)packet->data.asBytes, packet->oldarg[2], true);
}
break;
}
@ -1108,27 +1109,27 @@ static void PacketReceived(PacketCommandNG *packet) {
#ifdef WITH_EM4x50
case CMD_LF_EM4X50_INFO: {
em4x50_info((em4x50_data_t *)packet->data.asBytes);
em4x50_info((em4x50_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_WRITE: {
em4x50_write((em4x50_data_t *)packet->data.asBytes);
em4x50_write((em4x50_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_WRITEPWD: {
em4x50_writepwd((em4x50_data_t *)packet->data.asBytes);
em4x50_writepwd((em4x50_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_READ: {
em4x50_read((em4x50_data_t *)packet->data.asBytes);
em4x50_read((em4x50_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_BRUTE: {
em4x50_brute((em4x50_data_t *)packet->data.asBytes);
em4x50_brute((em4x50_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_LOGIN: {
em4x50_login((uint32_t *)packet->data.asBytes);
em4x50_login((uint32_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_SIM: {
@ -1138,11 +1139,11 @@ static void PacketReceived(PacketCommandNG *packet) {
// destroy the Emulator Memory.
//-----------------------------------------------------------------------------
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
em4x50_sim((uint32_t *)packet->data.asBytes);
em4x50_sim((uint32_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X50_READER: {
em4x50_reader();
em4x50_reader(true);
break;
}
case CMD_LF_EM4X50_ESET: {
@ -1162,34 +1163,34 @@ static void PacketReceived(PacketCommandNG *packet) {
// destroy the Emulator Memory.
//-----------------------------------------------------------------------------
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
em4x50_chk((uint8_t *)packet->data.asBytes);
em4x50_chk((uint8_t *)packet->data.asBytes, true);
break;
}
#endif
#ifdef WITH_EM4x70
case CMD_LF_EM4X70_INFO: {
em4x70_info((em4x70_data_t *)packet->data.asBytes);
em4x70_info((em4x70_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X70_WRITE: {
em4x70_write((em4x70_data_t *)packet->data.asBytes);
em4x70_write((em4x70_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X70_UNLOCK: {
em4x70_unlock((em4x70_data_t *)packet->data.asBytes);
em4x70_unlock((em4x70_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X70_AUTH: {
em4x70_auth((em4x70_data_t *)packet->data.asBytes);
em4x70_auth((em4x70_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X70_WRITEPIN: {
em4x70_write_pin((em4x70_data_t *)packet->data.asBytes);
em4x70_write_pin((em4x70_data_t *)packet->data.asBytes, true);
break;
}
case CMD_LF_EM4X70_WRITEKEY: {
em4x70_write_key((em4x70_data_t *)packet->data.asBytes);
em4x70_write_key((em4x70_data_t *)packet->data.asBytes, true);
break;
}
#endif

166
armsrc/em4x50.c
View file

@ -676,42 +676,42 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
}
// login into EM4x50
void em4x50_login(uint32_t *password) {
void em4x50_login(uint32_t *password, bool ledcontrol) {
em4x50_setup_read();
int status = PM3_EFAILED;
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
status = login(*password);
}
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_LOGIN, status, NULL, 0);
}
// envoke password search
void em4x50_brute(em4x50_data_t *etd) {
void em4x50_brute(em4x50_data_t *etd, bool ledcontrol) {
em4x50_setup_read();
bool bsuccess = false;
uint32_t pwd = 0x0;
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
bsuccess = brute(etd->password1, etd->password2, &pwd);
}
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_BRUTE, bsuccess ? PM3_SUCCESS : PM3_EFAILED, (uint8_t *)(&pwd), sizeof(pwd));
}
// check passwords from dictionary content in flash memory
void em4x50_chk(uint8_t *filename) {
void em4x50_chk(uint8_t *filename, bool ledcontrol) {
int status = PM3_EFAILED;
uint32_t pwd = 0x0;
@ -733,11 +733,11 @@ void em4x50_chk(uint8_t *filename) {
em4x50_setup_read();
// set g_High and g_Low
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
// try to login with current password
for (int i = 0; i < pwd_count; i++) {
@ -765,8 +765,8 @@ void em4x50_chk(uint8_t *filename) {
#endif
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_CHK, status, (uint8_t *)&pwd, sizeof(pwd));
}
@ -849,18 +849,18 @@ static int selective_read(uint32_t addresses, uint32_t *words) {
}
// reads by using "selective read mode" -> bidirectional communication
void em4x50_read(em4x50_data_t *etd) {
void em4x50_read(em4x50_data_t *etd, bool ledcontrol) {
int status = PM3_EFAILED;
uint32_t words[EM4X50_NO_WORDS] = {0x0};
em4x50_setup_read();
// set g_High and g_Low
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
bool blogin = true;
@ -873,23 +873,23 @@ void em4x50_read(em4x50_data_t *etd) {
status = selective_read(etd->addresses, words);
}
LEDsoff();
if (ledcontrol) LEDsoff();
LOW(GPIO_SSC_DOUT);
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_READ, status, (uint8_t *)words, EM4X50_TAG_MAX_NO_BYTES);
}
// collects as much information as possible via selective read mode
void em4x50_info(em4x50_data_t *etd) {
void em4x50_info(em4x50_data_t *etd, bool ledcontrol) {
int status = PM3_EFAILED;
uint32_t words[EM4X50_NO_WORDS] = {0x0};
em4x50_setup_read();
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
bool blogin = true;
// login with given password
@ -902,29 +902,29 @@ void em4x50_info(em4x50_data_t *etd) {
}
}
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_INFO, status, (uint8_t *)words, EM4X50_TAG_MAX_NO_BYTES);
}
// reads data that tag transmits "voluntarily" -> standard read mode
void em4x50_reader(void) {
void em4x50_reader(bool ledcontrol) {
int now = 0;
uint32_t words[EM4X50_NO_WORDS] = {0x0};
em4x50_setup_read();
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
standard_read(&now, words);
}
LEDsoff();
if (ledcontrol) LEDsoff();
LOW(GPIO_SSC_DOUT);
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_READER, now, (uint8_t *)words, 4 * now);
}
@ -1023,17 +1023,17 @@ static int write_password(uint32_t password, uint32_t new_password) {
// write operation process for EM4x50 tag,
// single word is written to given address, verified by selective read operation
// wrong password -> return with PM3_EFAILED
void em4x50_write(em4x50_data_t *etd) {
void em4x50_write(em4x50_data_t *etd, bool ledcontrol) {
int status = PM3_EFAILED;
uint32_t words[EM4X50_NO_WORDS] = {0x0};
em4x50_setup_read();
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
// if password is given try to login first
status = PM3_SUCCESS;
@ -1045,7 +1045,7 @@ void em4x50_write(em4x50_data_t *etd) {
// write word to given address
status = write(etd->word, etd->addresses);
if (status == PM3_ETEAROFF) {
lf_finalize();
lf_finalize(ledcontrol);
return;
}
@ -1075,36 +1075,36 @@ void em4x50_write(em4x50_data_t *etd) {
}
}
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_WRITE, status, (uint8_t *)words, EM4X50_TAG_MAX_NO_BYTES);
}
// simple change of password
void em4x50_writepwd(em4x50_data_t *etd) {
void em4x50_writepwd(em4x50_data_t *etd, bool ledcontrol) {
int status = PM3_EFAILED;
em4x50_setup_read();
LED_C_ON();
if (ledcontrol) LED_C_ON();
if (get_signalproperties() && find_em4x50_tag()) {
LED_C_OFF();
LED_D_ON();
if (ledcontrol) LED_C_OFF();
if (ledcontrol) LED_D_ON();
// login and change password
if (login(etd->password1) == PM3_SUCCESS) {
status = write_password(etd->password1, etd->password2);
if (status == PM3_ETEAROFF) {
lf_finalize();
lf_finalize(ledcontrol);
return;
}
}
}
LEDsoff();
lf_finalize();
if (ledcontrol) LEDsoff();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_WRITEPWD, status, NULL, 0);
}
@ -1324,7 +1324,7 @@ static bool em4x50_sim_read_word(uint32_t *word) {
}
// check if reader requests receive mode (rm) by sending two zeros
static int check_rm_request(uint32_t *tag) {
static int check_rm_request(uint32_t *tag, bool ledcontrol) {
// look for first zero
int bit = em4x50_sim_read_bit();
@ -1334,7 +1334,7 @@ static int check_rm_request(uint32_t *tag) {
bit = em4x50_sim_read_bit();
if (bit == 0) {
LED_C_ON();
if (ledcontrol) LED_C_ON();
// if command before was EM4X50_COMMAND_WRITE_PASSWORD
// switch to separate process
@ -1353,7 +1353,7 @@ static int check_rm_request(uint32_t *tag) {
}
// send single listen window in simulation mode
static int em4x50_sim_send_listen_window(uint32_t *tag) {
static int em4x50_sim_send_listen_window(uint32_t *tag, bool ledcontrol) {
SHORT_COIL();
wait_cycles(EM4X50_T_TAG_HALF_PERIOD);
@ -1365,7 +1365,7 @@ static int em4x50_sim_send_listen_window(uint32_t *tag) {
wait_cycles(2 * EM4X50_T_TAG_FULL_PERIOD);
OPEN_COIL();
int command = check_rm_request(tag);
int command = check_rm_request(tag, ledcontrol);
if (command != PM3_SUCCESS) {
return command;
}
@ -1426,7 +1426,7 @@ static void em4x50_sim_send_nak(void) {
}
// standard read mode process (simulation mode)
static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
static int em4x50_sim_handle_standard_read_command(uint32_t *tag, bool ledcontrol) {
// extract control data
int fwr = reflect32(tag[EM4X50_CONTROL]) & 0xFF; // first word read
@ -1441,7 +1441,7 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
WDT_HIT();
int res = em4x50_sim_send_listen_window(tag);
int res = em4x50_sim_send_listen_window(tag, ledcontrol);
if (res != PM3_SUCCESS) {
return res;
@ -1449,7 +1449,7 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
for (int i = fwr; i <= lwr; i++) {
res = em4x50_sim_send_listen_window(tag);
res = em4x50_sim_send_listen_window(tag, ledcontrol);
if (res != PM3_SUCCESS) {
return res;
}
@ -1466,7 +1466,7 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
}
// selective read mode process (simulation mode)
static int em4x50_sim_handle_selective_read_command(uint32_t *tag) {
static int em4x50_sim_handle_selective_read_command(uint32_t *tag, bool ledcontrol) {
// read password
uint32_t address = 0;
@ -1496,14 +1496,14 @@ static int em4x50_sim_handle_selective_read_command(uint32_t *tag) {
WDT_HIT();
int command = em4x50_sim_send_listen_window(tag);
int command = em4x50_sim_send_listen_window(tag, ledcontrol);
if (command != PM3_SUCCESS) {
return command;
}
for (int i = fwr; i <= lwr; i++) {
command = em4x50_sim_send_listen_window(tag);
command = em4x50_sim_send_listen_window(tag, ledcontrol);
if (command != PM3_SUCCESS) {
return command;
}
@ -1521,7 +1521,7 @@ static int em4x50_sim_handle_selective_read_command(uint32_t *tag) {
}
// login process (simulation mode)
static int em4x50_sim_handle_login_command(uint32_t *tag) {
static int em4x50_sim_handle_login_command(uint32_t *tag, bool ledcontrol) {
// read password
uint32_t password = 0;
@ -1533,11 +1533,11 @@ static int em4x50_sim_handle_login_command(uint32_t *tag) {
if (pwd && (password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) {
em4x50_sim_send_ack();
g_Login = true;
LED_D_ON();
if (ledcontrol) LED_D_ON();
} else {
em4x50_sim_send_nak();
g_Login = false;
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
// save transmitted password (to be used in standalone mode)
g_Password = password;
@ -1547,7 +1547,7 @@ static int em4x50_sim_handle_login_command(uint32_t *tag) {
}
// reset process (simulation mode)
static int em4x50_sim_handle_reset_command(uint32_t *tag) {
static int em4x50_sim_handle_reset_command(uint32_t *tag, bool ledcontrol) {
// processing pause time (corresponds to a "1" bit)
em4x50_sim_send_bit(1);
@ -1555,7 +1555,7 @@ static int em4x50_sim_handle_reset_command(uint32_t *tag) {
// send ACK
em4x50_sim_send_ack();
g_Login = false;
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
// wait for initialization (tinit)
wait_cycles(EM4X50_T_TAG_TINIT);
@ -1565,7 +1565,7 @@ static int em4x50_sim_handle_reset_command(uint32_t *tag) {
}
// write process (simulation mode)
static int em4x50_sim_handle_write_command(uint32_t *tag) {
static int em4x50_sim_handle_write_command(uint32_t *tag, bool ledcontrol) {
// read address
uint8_t address = 0;
@ -1653,12 +1653,12 @@ static int em4x50_sim_handle_write_command(uint32_t *tag) {
// if "read after write" (raw) bit is set, send written data once
if (raw) {
int command = em4x50_sim_send_listen_window(tag);
int command = em4x50_sim_send_listen_window(tag, ledcontrol);
if (command != PM3_SUCCESS) {
return command;
}
command = em4x50_sim_send_listen_window(tag);
command = em4x50_sim_send_listen_window(tag, ledcontrol);
if (command != PM3_SUCCESS) {
return command;
}
@ -1671,7 +1671,7 @@ static int em4x50_sim_handle_write_command(uint32_t *tag) {
}
// write password process (simulation mode)
static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
static int em4x50_sim_handle_writepwd_command(uint32_t *tag, bool ledcontrol) {
bool pwd = false;
@ -1698,7 +1698,7 @@ static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
return EM4X50_COMMAND_STANDARD_READ;
}
int command = em4x50_sim_send_listen_window(tag);
int command = em4x50_sim_send_listen_window(tag, ledcontrol);
g_WritePasswordProcess = false;
if (command != EM4X50_COMMAND_WRITE_PASSWORD) {
return command;
@ -1732,33 +1732,33 @@ static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
return EM4X50_COMMAND_STANDARD_READ;
}
void em4x50_handle_commands(int *command, uint32_t *tag) {
void em4x50_handle_commands(int *command, uint32_t *tag, bool ledcontrol) {
switch (*command) {
case EM4X50_COMMAND_LOGIN:
*command = em4x50_sim_handle_login_command(tag);
*command = em4x50_sim_handle_login_command(tag, ledcontrol);
break;
case EM4X50_COMMAND_RESET:
*command = em4x50_sim_handle_reset_command(tag);
*command = em4x50_sim_handle_reset_command(tag, ledcontrol);
break;
case EM4X50_COMMAND_WRITE:
*command = em4x50_sim_handle_write_command(tag);
*command = em4x50_sim_handle_write_command(tag, ledcontrol);
break;
case EM4X50_COMMAND_WRITE_PASSWORD:
*command = em4x50_sim_handle_writepwd_command(tag);
*command = em4x50_sim_handle_writepwd_command(tag, ledcontrol);
break;
case EM4X50_COMMAND_SELECTIVE_READ:
*command = em4x50_sim_handle_selective_read_command(tag);
*command = em4x50_sim_handle_selective_read_command(tag, ledcontrol);
break;
case EM4X50_COMMAND_STANDARD_READ:
LED_C_OFF();
*command = em4x50_sim_handle_standard_read_command(tag);
if (ledcontrol) LED_C_OFF();
*command = em4x50_sim_handle_standard_read_command(tag, ledcontrol);
break;
// bit errors during reading may lead to unknown commands
@ -1772,7 +1772,7 @@ void em4x50_handle_commands(int *command, uint32_t *tag) {
// simulate uploaded data in emulator memory
// LED C -> reader command has been detected
// LED D -> operations that require authentication are possible
void em4x50_sim(uint32_t *password) {
void em4x50_sim(uint32_t *password, bool ledcontrol) {
int command = PM3_ENODATA;
@ -1791,7 +1791,7 @@ void em4x50_sim(uint32_t *password) {
if (tag[EM4X50_DEVICE_SERIAL] != tag[EM4X50_DEVICE_ID]) {
// init
LEDsoff();
if (ledcontrol) LEDsoff();
em4x50_setup_sim();
g_Login = false;
g_WritePasswordProcess = false;
@ -1801,7 +1801,7 @@ void em4x50_sim(uint32_t *password) {
for (;;) {
em4x50_handle_commands(&command, tag);
em4x50_handle_commands(&command, tag, ledcontrol);
// stop if key (pm3 button or enter key) has been pressed
if (command == PM3_EOPABORTED) {
@ -1813,12 +1813,12 @@ void em4x50_sim(uint32_t *password) {
if (command == PM3_ETIMEOUT) {
command = EM4X50_COMMAND_STANDARD_READ;
g_Login = false;
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
}
}
}
BigBuf_free();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X50_SIM, command, NULL, 0);
}

20
armsrc/em4x50.h
View file

@ -17,16 +17,16 @@ void em4x50_setup_read(void);
int standard_read(int *now, uint32_t *words);
void em4x50_setup_sim(void);
void em4x50_handle_commands(int *command, uint32_t *tag);
void em4x50_handle_commands(int *command, uint32_t *tag, bool ledcontrol);
void em4x50_info(em4x50_data_t *etd);
void em4x50_write(em4x50_data_t *etd);
void em4x50_writepwd(em4x50_data_t *etd);
void em4x50_read(em4x50_data_t *etd);
void em4x50_brute(em4x50_data_t *etd);
void em4x50_login(uint32_t *password);
void em4x50_sim(uint32_t *password);
void em4x50_reader(void);
void em4x50_chk(uint8_t *filename);
void em4x50_info(em4x50_data_t *etd, bool ledcontrol);
void em4x50_write(em4x50_data_t *etd, bool ledcontrol);
void em4x50_writepwd(em4x50_data_t *etd, bool ledcontrol);
void em4x50_read(em4x50_data_t *etd, bool ledcontrol);
void em4x50_brute(em4x50_data_t *etd, bool ledcontrol);
void em4x50_login(uint32_t *password, bool ledcontrol);
void em4x50_sim(uint32_t *password, bool ledcontrol);
void em4x50_reader(bool ledcontrol);
void em4x50_chk(uint8_t *filename, bool ledcontrol);
#endif /* EM4X50_H */

24
armsrc/em4x70.c
View file

@ -624,7 +624,7 @@ static int em4x70_receive(uint8_t *bits, size_t length) {
return bit_pos;
}
void em4x70_info(em4x70_data_t *etd) {
void em4x70_info(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
@ -641,11 +641,11 @@ void em4x70_info(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_INFO, status, tag.data, sizeof(tag.data));
}
void em4x70_write(em4x70_data_t *etd) {
void em4x70_write(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
@ -671,11 +671,11 @@ void em4x70_write(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_WRITE, status, tag.data, sizeof(tag.data));
}
void em4x70_unlock(em4x70_data_t *etd) {
void em4x70_unlock(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
@ -704,11 +704,11 @@ void em4x70_unlock(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_UNLOCK, status, tag.data, sizeof(tag.data));
}
void em4x70_auth(em4x70_data_t *etd) {
void em4x70_auth(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
uint8_t response[3] = {0};
@ -726,11 +726,11 @@ void em4x70_auth(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_AUTH, status, response, sizeof(response));
}
void em4x70_write_pin(em4x70_data_t *etd) {
void em4x70_write_pin(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
@ -766,11 +766,11 @@ void em4x70_write_pin(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_WRITEPIN, status, tag.data, sizeof(tag.data));
}
void em4x70_write_key(em4x70_data_t *etd) {
void em4x70_write_key(em4x70_data_t *etd, bool ledcontrol) {
uint8_t status = 0;
@ -804,6 +804,6 @@ void em4x70_write_key(em4x70_data_t *etd) {
}
StopTicks();
lf_finalize();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_EM4X70_WRITEKEY, status, tag.data, sizeof(tag.data));
}

12
armsrc/em4x70.h
View file

@ -22,11 +22,11 @@ typedef enum {
FALLING_EDGE
} edge_detection_t;
void em4x70_info(em4x70_data_t *etd);
void em4x70_write(em4x70_data_t *etd);
void em4x70_unlock(em4x70_data_t *etd);
void em4x70_auth(em4x70_data_t *etd);
void em4x70_write_pin(em4x70_data_t *etd);
void em4x70_write_key(em4x70_data_t *etd);
void em4x70_info(em4x70_data_t *etd, bool ledcontrol);
void em4x70_write(em4x70_data_t *etd, bool ledcontrol);
void em4x70_unlock(em4x70_data_t *etd, bool ledcontrol);
void em4x70_auth(em4x70_data_t *etd, bool ledcontrol);
void em4x70_write_pin(em4x70_data_t *etd, bool ledcontrol);
void em4x70_write_key(em4x70_data_t *etd, bool ledcontrol);
#endif /* EM4x70_H */

86
armsrc/hitag2.c
View file

@ -153,8 +153,8 @@ static void hitag2_init(void) {
/*
// sim
static void hitag_send_bit(int bit) {
LED_A_ON();
static void hitag_send_bit(int bit, bool ledcontrol) {
if (ledcontrol) LED_A_ON();
// Reset clock for the next bit
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
@ -174,7 +174,7 @@ static void hitag_send_bit(int bit) {
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < HITAG_T0 * HITAG_T_TAG_FULL_PERIOD);
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
// sim
@ -324,9 +324,9 @@ static void hitag2_handle_reader_command(uint8_t *rx, const size_t rxlen, uint8_
// reader/writer
// returns how long it took
static uint32_t hitag_reader_send_bit(int bit) {
static uint32_t hitag_reader_send_bit(int bit, bool ledcontrol) {
uint32_t wait = 0;
LED_A_ON();
if (ledcontrol) LED_A_ON();
// Binary pulse length modulation (BPLM) is used to encode the data stream
// This means that a transmission of a one takes longer than that of a zero
@ -350,17 +350,17 @@ static uint32_t hitag_reader_send_bit(int bit) {
wait += HITAG_T_1 - HITAG_T_LOW;
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
return wait;
}
// reader / writer commands
static uint32_t hitag_reader_send_frame(const uint8_t *frame, size_t frame_len) {
static uint32_t hitag_reader_send_frame(const uint8_t *frame, size_t frame_len, bool ledcontrol) {
uint32_t wait = 0;
// Send the content of the frame
for (size_t i = 0; i < frame_len; i++) {
wait += hitag_reader_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1);
wait += hitag_reader_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1, ledcontrol);
}
// Enable modulation, which means, drop the field
@ -994,9 +994,9 @@ void EloadHitag(uint8_t *data, uint16_t len) {
// T1 26-32 fc (total time ONE)
// Tstop 36 > fc (high field stop limit)
// Tlow 4-10 fc (reader field low time)
void SniffHitag2(void) {
void SniffHitag2(bool ledcontrol) {
DbpString("Starting Hitag2 sniffing");
LED_D_ON();
if (ledcontrol) LED_D_ON();
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -1006,7 +1006,7 @@ void SniffHitag2(void) {
set_tracing(true);
/*
lf_init(false, false);
lf_init(false, false, ledcontrol);
// no logging of the raw signal
g_logging = lf_get_reader_modulation();
@ -1111,10 +1111,10 @@ void SniffHitag2(void) {
// LogTrace(rx, nbytes(rdr), 0, 0, NULL, true);
// total_count += nbytes(rdr);
}
LED_A_INV();
if (ledcontrol) LED_A_INV();
}
lf_finalize();
lf_finalize(ledcontrol);
Dbprintf("Collected %u bytes", total_count);
@ -1183,7 +1183,7 @@ void SniffHitag2(void) {
// Shorter periods will only happen with reader frames
if (reader_frame == false && rising_edge && ra < HITAG_T_TAG_CAPTURE_ONE_HALF) {
// Switch from tag to reader capture
LED_C_OFF();
if (ledcontrol) LED_C_OFF();
reader_frame = true;
rxlen = 0;
}
@ -1199,7 +1199,7 @@ void SniffHitag2(void) {
overflow = 0;
if (reader_frame) {
LED_B_ON();
if (ledcontrol) LED_B_ON();
// Capture reader frame
if (ra >= HITAG_T_STOP) {
// if (rxlen != 0) {
@ -1218,7 +1218,7 @@ void SniffHitag2(void) {
}
} else {
LED_C_ON();
if (ledcontrol) LED_C_ON();
// Capture tag frame (manchester decoding using only falling edges)
if (ra >= HITAG_T_EOF) {
// if (rxlen != 0) {
@ -1285,8 +1285,10 @@ void SniffHitag2(void) {
tag_sof = 4;
overflow = 0;
LED_B_OFF();
LED_C_OFF();
if (ledcontrol) {
LED_B_OFF();
LED_C_OFF();
}
} else {
// Save the timer overflow, will be 0 when frame was received
overflow += (AT91C_BASE_TC1->TC_CV / HITAG_T0);
@ -1301,7 +1303,7 @@ void SniffHitag2(void) {
AT91C_BASE_TCB->TCB_BCR = 1;
}
LEDsoff();
if (ledcontrol) LEDsoff();
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
@ -1314,7 +1316,7 @@ void SniffHitag2(void) {
}
// Hitag2 simulation
void SimulateHitag2(void) {
void SimulateHitag2(bool ledcontrol) {
BigBuf_free();
BigBuf_Clear_ext(false);
@ -1322,7 +1324,7 @@ void SimulateHitag2(void) {
set_tracing(true);
// empties bigbuff etc
lf_init(false, true);
lf_init(false, true, ledcontrol);
int response = 0;
uint8_t rx[HITAG_FRAME_LEN] = {0};
@ -1367,10 +1369,10 @@ void SimulateHitag2(void) {
// use malloc
initSampleBufferEx(&signal_size, true);
LED_D_ON();
if (ledcontrol) LED_D_ON();
// lf_reset_counter();
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
WDT_HIT();
/*
@ -1409,7 +1411,7 @@ void SimulateHitag2(void) {
break;
}
LED_A_ON();
if (ledcontrol) LED_A_ON();
// Are we dealing with the first incoming edge
if (waiting_for_first_edge) {
@ -1448,12 +1450,12 @@ void SimulateHitag2(void) {
}
}
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
// If there is no response, just repeat the loop
if (!detected_modulation) continue;
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
// Make sure we always have an even number of samples. This fixes the problem
// of ending the manchester decoding with a zero. See the example below where
@ -1466,7 +1468,7 @@ void SimulateHitag2(void) {
nrz_samples[nrzs++] = reader_modulation;
}
LED_B_ON();
if (ledcontrol) LED_B_ON();
// decode bitstream
manrawdecode((uint8_t *)nrz_samples, &nrzs, true, 0);
@ -1509,7 +1511,7 @@ void SimulateHitag2(void) {
if (txlen) {
// Transmit the tag frame
//hitag_send_frame(tx, txlen);
lf_manchester_send_bytes(tx, txlen);
lf_manchester_send_bytes(tx, txlen, ledcontrol);
// Store the frame in the trace
LogTrace(tx, nbytes(txlen), 0, 0, NULL, false);
@ -1519,11 +1521,11 @@ void SimulateHitag2(void) {
memset(rx, 0x00, sizeof(rx));
response = 0;
LED_B_OFF();
if (ledcontrol) LED_B_OFF();
}
}
lf_finalize();
lf_finalize(ledcontrol);
// release allocated memory from BigBuff.
BigBuf_free();
@ -1533,7 +1535,7 @@ void SimulateHitag2(void) {
// reply_ng(CMD_LF_HITAG_SIMULATE, (checked == -1) ? PM3_EOPABORTED : PM3_SUCCESS, (uint8_t *)tag.sectors, tag_size);
}
void ReaderHitag(hitag_function htf, hitag_data *htd) {
void ReaderHitag(hitag_function htf, hitag_data *htd, bool ledcontrol) {
uint32_t command_start = 0, command_duration = 0;
uint32_t response_start = 0, response_duration = 0;
@ -1644,7 +1646,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
}
}
LED_D_ON();
if (ledcontrol) LED_D_ON();
// hitag2 state machine?
hitag2_init();
@ -1677,7 +1679,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
}
// init as reader
lf_init(true, false);
lf_init(true, false, ledcontrol);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
uint8_t tag_modulation;
@ -1762,7 +1764,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
command_start += t_wait_2;
}
// Transmit the reader frame
command_duration = hitag_reader_send_frame(tx, txlen);
command_duration = hitag_reader_send_frame(tx, txlen, ledcontrol);
response_start = command_start + command_duration;
// Let the antenna and ADC values settle
@ -1863,7 +1865,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
nrz_samples[nrzs++] = tag_modulation;
}
LED_B_ON();
if (ledcontrol) LED_B_ON();
// decode bitstream
manrawdecode((uint8_t *)nrz_samples, &nrzs, true, 0);
@ -1913,7 +1915,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
}
out:
lf_finalize();
lf_finalize(ledcontrol);
// release allocated memory from BigBuff.
BigBuf_free();
@ -1924,7 +1926,7 @@ out:
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
}
void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
void WriterHitag(hitag_function htf, hitag_data *htd, int page, bool ledcontrol) {
uint32_t command_start = 0;
uint32_t command_duration = 0;
@ -1986,12 +1988,12 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
break;
}
LED_D_ON();
if (ledcontrol) LED_D_ON();
hitag2_init();
// init as reader
lf_init(true, false);
lf_init(true, false, ledcontrol);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// Tag specific configuration settings (sof, timings, etc.)
@ -2081,7 +2083,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
}
// Transmit the reader frame
command_duration = hitag_reader_send_frame(tx, txlen);
command_duration = hitag_reader_send_frame(tx, txlen, ledcontrol);
response_start = command_start + command_duration;
@ -2186,7 +2188,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
nrz_samples[nrzs++] = tag_modulation;
}
LED_B_ON();
if (ledcontrol) LED_B_ON();
// decode bitstream
manrawdecode((uint8_t *)nrz_samples, &nrzs, true, 0);
@ -2230,7 +2232,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
out:
lf_finalize();
lf_finalize(ledcontrol);
// release allocated memory from BigBuff.
BigBuf_free();

8
armsrc/hitag2.h
View file

@ -15,9 +15,9 @@
#include "common.h"
#include "hitag.h"
void SniffHitag2(void);
void SimulateHitag2(void);
void ReaderHitag(hitag_function htf, hitag_data *htd);
void WriterHitag(hitag_function htf, hitag_data *htd, int page);
void SniffHitag2(bool ledcontrol);
void SimulateHitag2(bool ledcontrol);
void ReaderHitag(hitag_function htf, hitag_data *htd, bool ledcontrol);
void WriterHitag(hitag_function htf, hitag_data *htd, int page, bool ledcontrol);
void EloadHitag(uint8_t *data, uint16_t len);
#endif

74
armsrc/hitagS.c
View file

@ -119,8 +119,8 @@ static void calc_crc(unsigned char *crc, unsigned char data, unsigned char Bitco
} while (--Bitcount);
}
static void hitag_send_bit(int bit) {
LED_A_ON();
static void hitag_send_bit(int bit, bool ledcontrol) {
if (ledcontrol) LED_A_ON();
// Reset clock for the next bit
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
@ -149,7 +149,7 @@ static void hitag_send_bit(int bit) {
while (AT91C_BASE_TC0->TC_CV < T0 * 64) {};
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
break;
case AC4K:
if (bit == 0) {
@ -174,7 +174,7 @@ static void hitag_send_bit(int bit) {
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
break;
case MC4K:
if (bit == 0) {
@ -194,7 +194,7 @@ static void hitag_send_bit(int bit) {
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
break;
case MC8K:
if (bit == 0) {
@ -214,14 +214,14 @@ static void hitag_send_bit(int bit) {
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
break;
default:
break;
}
}
static void hitag_send_frame(const uint8_t *frame, size_t frame_len) {
static void hitag_send_frame(const uint8_t *frame, size_t frame_len, bool ledcontrol) {
if (g_dbglevel >= DBG_EXTENDED)
Dbprintf("hitag_send_frame: (%i) %02X %02X %02X %02X", frame_len, frame[0], frame[1], frame[2], frame[3]);
// The beginning of the frame is hidden in some high level; pause until our bits will have an effect
@ -240,20 +240,20 @@ static void hitag_send_frame(const uint8_t *frame, size_t frame_len) {
// SOF - send start of frame
for (size_t i = 0; i < sof_bits; i++) {
hitag_send_bit(1);
hitag_send_bit(1, ledcontrol);
}
// Send the content of the frame
for (size_t i = 0; i < frame_len; i++) {
hitag_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1);
hitag_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1, ledcontrol);
}
LOW(GPIO_SSC_DOUT);
}
static void hitag_reader_send_bit(int bit) {
static void hitag_reader_send_bit(int bit, bool ledcontrol) {
LED_A_ON();
if (ledcontrol) LED_A_ON();
// Reset clock for the next bit
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
@ -290,16 +290,16 @@ static void hitag_reader_send_bit(int bit) {
}
#endif
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
static void hitag_reader_send_frame(const uint8_t *frame, size_t frame_len) {
static void hitag_reader_send_frame(const uint8_t *frame, size_t frame_len, bool ledcontrol) {
// Send the content of the frame
for (size_t i = 0; i < frame_len; i++) {
// if (frame[0] == 0xf8) {
//Dbprintf("BIT: %d",(frame[i / 8] >> (7 - (i % 8))) & 1);
// }
hitag_reader_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1);
hitag_reader_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1, ledcontrol);
}
// send EOF
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
@ -852,7 +852,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA
/*
* Emulates a Hitag S Tag with the given data from the .hts file
*/
void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data, bool ledcontrol) {
StopTicks();
@ -877,7 +877,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
clear_trace();
DbpString("Starting HitagS simulation");
LED_D_ON();
if (ledcontrol) LED_D_ON();
tag.pstate = HT_READY;
tag.tstate = HT_NO_OP;
@ -1010,7 +1010,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
// Reset timer every frame, we have to capture the last edge for timing
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
LED_B_ON();
if (ledcontrol) LED_B_ON();
// Capture reader frame
if (ra >= HITAG_T_STOP) {
@ -1054,7 +1054,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
// Send and store the tag answer (if there is any)
if (txlen > 0) {
// Transmit the tag frame
hitag_send_frame(tx, txlen);
hitag_send_frame(tx, txlen, ledcontrol);
LogTrace(tx, nbytes(txlen), 0, 0, NULL, false);
}
@ -1065,7 +1065,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
memset(rx, 0x00, sizeof(rx));
response = 0;
LED_B_OFF();
if (ledcontrol) LED_B_OFF();
}
// Reset the frame length
rxlen = 0;
@ -1077,14 +1077,14 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
}
set_tracing(false);
lf_finalize();
lf_finalize(ledcontrol);
// release allocated memory from BigBuff.
BigBuf_free();
DbpString("Sim Stopped");
}
static void hitagS_receive_frame(uint8_t *rx, size_t *rxlen, int *response) {
static void hitagS_receive_frame(uint8_t *rx, size_t *rxlen, int *response, bool ledcontrol) {
// Reset values for receiving frames
memset(rx, 0x00, HITAG_FRAME_LEN * sizeof(uint8_t));
@ -1105,7 +1105,7 @@ static void hitagS_receive_frame(uint8_t *rx, size_t *rxlen, int *response) {
// Reset timer every frame, we have to capture the last edge for timing
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
LED_B_ON();
if (ledcontrol) LED_B_ON();
// Capture tag frame (manchester decoding using only falling edges)
if (ra >= HITAG_T_EOF) {
@ -1164,7 +1164,7 @@ static void hitagS_receive_frame(uint8_t *rx, size_t *rxlen, int *response) {
* If the key was given the password will be decrypted.
* Reads every page of a hitag S transpoder.
*/
void ReadHitagS(hitag_function htf, hitag_data *htd) {
void ReadHitagS(hitag_function htf, hitag_data *htd, bool ledcontrol) {
StopTicks();
@ -1227,7 +1227,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
bQuiet = false;
LED_D_ON();
if (ledcontrol) LED_D_ON();
// Set fpga in edge detect with reader field, we can modulate as reader now
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
@ -1399,7 +1399,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) {};
// Transmit the reader frame
hitag_reader_send_frame(tx, txlen);
hitag_reader_send_frame(tx, txlen, ledcontrol);
// Enable and reset external trigger in timer for capturing future frames
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
@ -1410,12 +1410,12 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, HITAG_T_WAIT_2, NULL, true);
}
hitagS_receive_frame(rx, &rxlen, &response);
hitagS_receive_frame(rx, &rxlen, &response, ledcontrol);
}
end = false;
set_tracing(false);
lf_finalize();
lf_finalize(ledcontrol);
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
}
@ -1423,7 +1423,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
* Authenticates to the Tag with the given Key or Challenge.
* Writes the given 32Bit data into page_
*/
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page, bool ledcontrol) {
StopTicks();
@ -1484,7 +1484,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
tag.pstate = HT_READY;
tag.tstate = HT_NO_OP;
LED_D_ON();
if (ledcontrol) LED_D_ON();
// Configure output and enable pin that is connected to the FPGA (for modulating)
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
@ -1614,7 +1614,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) {};
// Transmit the reader frame
hitag_reader_send_frame(tx, txlen);
hitag_reader_send_frame(tx, txlen, ledcontrol);
// Enable and reset external trigger in timer for capturing future frames
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
@ -1625,13 +1625,13 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, HITAG_T_WAIT_2, NULL, true);
}
hitagS_receive_frame(rx, &rxlen, &response);
hitagS_receive_frame(rx, &rxlen, &response, ledcontrol);
}
end = false;
set_tracing(false);
lf_finalize();
lf_finalize(ledcontrol);
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
}
@ -1643,7 +1643,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
* is not received correctly due to Antenna problems. This function
* detects these challenges.
*/
void check_challenges(bool file_given, uint8_t *data) {
void check_challenges(bool file_given, uint8_t *data, bool ledcontrol) {
int i, j, z, k;
// int frame_count = 0;
int response = 0;
@ -1671,7 +1671,7 @@ void check_challenges(bool file_given, uint8_t *data) {
bQuiet = false;
LED_D_ON();
if (ledcontrol) LED_D_ON();
// Configure output and enable pin that is connected to the FPGA (for modulating)
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
@ -1853,7 +1853,7 @@ void check_challenges(bool file_given, uint8_t *data) {
while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) {};
// Transmit the reader frame
hitag_reader_send_frame(tx, txlen);
hitag_reader_send_frame(tx, txlen, ledcontrol);
// Enable and reset external trigger in timer for capturing future frames
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
@ -1864,10 +1864,10 @@ void check_challenges(bool file_given, uint8_t *data) {
LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, HITAG_T_WAIT_2, NULL, true);
}
hitagS_receive_frame(rx, &rxlen, &response);
hitagS_receive_frame(rx, &rxlen, &response, ledcontrol);
}
set_tracing(false);
lf_finalize();
lf_finalize(ledcontrol);
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
}

8
armsrc/hitagS.h
View file

@ -16,9 +16,9 @@
#include "hitag.h"
void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data);
void ReadHitagS(hitag_function htf, hitag_data *htd);
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page);
void check_challenges(bool file_given, uint8_t *data);
void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data, bool ledcontrol);
void ReadHitagS(hitag_function htf, hitag_data *htd, bool ledcontrol);
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page, bool ledcontrol);
void check_challenges(bool file_given, uint8_t *data, bool ledcontrol);
#endif

14
armsrc/lfadc.c
View file

@ -186,7 +186,7 @@ void lf_wait_periods(size_t periods) {
lf_count_edge_periods_ex(periods, true, false);
}
void lf_init(bool reader, bool simulate) {
void lf_init(bool reader, bool simulate, bool ledcontrol) {
StopTicks();
@ -240,7 +240,7 @@ void lf_init(bool reader, bool simulate) {
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV4_CLOCK;
// Clear all leds
LEDsoff();
if (ledcontrol) LEDsoff();
// Reset and enable timers
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
@ -258,7 +258,7 @@ void lf_init(bool reader, bool simulate) {
lf_sample_mean();
}
void lf_finalize(void) {
void lf_finalize(bool ledcontrol) {
// Disable timers
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
@ -269,7 +269,7 @@ void lf_finalize(void) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
if (ledcontrol) LEDsoff();
StartTicks();
}
@ -329,9 +329,9 @@ static void lf_manchester_send_bit(uint8_t bit) {
}
// simulation
bool lf_manchester_send_bytes(const uint8_t *frame, size_t frame_len) {
bool lf_manchester_send_bytes(const uint8_t *frame, size_t frame_len, bool ledcontrol) {
LED_B_ON();
if (ledcontrol) LED_B_ON();
lf_manchester_send_bit(1);
lf_manchester_send_bit(1);
@ -344,6 +344,6 @@ bool lf_manchester_send_bytes(const uint8_t *frame, size_t frame_len) {
lf_manchester_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1);
}
LED_B_OFF();
if (ledcontrol) LED_B_OFF();
return true;
}

6
armsrc/lfadc.h
View file

@ -29,11 +29,11 @@ bool lf_get_reader_modulation(void);
void lf_wait_periods(size_t periods);
//void lf_init(bool reader);
void lf_init(bool reader, bool simulate);
void lf_finalize(void);
void lf_init(bool reader, bool simulate, bool ledcontrol);
void lf_finalize(bool ledcontrol);
size_t lf_detect_field_drop(size_t max);
bool lf_manchester_send_bytes(const uint8_t *frame, size_t frame_len);
bool lf_manchester_send_bytes(const uint8_t *frame, size_t frame_len, bool ledcontrol);
void lf_modulation(bool modulation);
#endif // __LFADC_H__

180
armsrc/lfops.c
View file

@ -390,7 +390,7 @@ void loadT55xxConfig(void) {
* @param period_1
* @param command (in binary char array)
*/
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, uint32_t samples) {
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, uint32_t samples, bool ledcontrol) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -424,7 +424,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
if (period_0 < hack_cnt || period_1 < hack_cnt) {
DbpString("[!] Warning periods cannot be less than 7us in bit bang mode");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
reply_ng(CMD_LF_MOD_THEN_ACQ_RAW_ADC, PM3_EINVARG, NULL, 0);
return;
}
@ -447,7 +447,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
// if field already off leave alone (affects timing otherwise)
if (off == false) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
off = true;
}
// note we appear to take about 7us to switch over (or run the if statements/loop...)
@ -457,7 +457,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
// if field already on leave alone (affects timing otherwise)
if (off) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_ADC_READER_FIELD);
LED_D_ON();
if (ledcontrol) LED_D_ON();
off = false;
}
// note we appear to take about 7us to switch over (or run the if statements/loop...)
@ -466,7 +466,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
}
} else { // old mode of cmd read using delay as off period
while (*command != '\0' && *command != ' ') {
LED_D_ON();
if (ledcontrol) LED_D_ON();
if (*command == '0') {
TurnReadLFOn(period_0);
} else if (*command == '1') {
@ -480,7 +480,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
}
}
command++;
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(delay_off);
}
@ -491,7 +491,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_ADC_READER_FIELD);
// now do the read
DoAcquisition_config(verbose, samples);
DoAcquisition_config(verbose, samples, ledcontrol);
// Turn off antenna
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -509,7 +509,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
[5555fe852c5555555555555555fe0000]
*/
void ReadTItag(void) {
void ReadTItag(bool ledcontrol) {
StartTicks();
// some hardcoded initial params
// when we read a TI tag we sample the zerocross line at 2MHz
@ -541,7 +541,7 @@ void ReadTItag(void) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
// get TI tag data into the buffer
AcquireTiType();
AcquireTiType(ledcontrol);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -662,7 +662,7 @@ static void WriteTIbyte(uint8_t b) {
}
}
void AcquireTiType(void) {
void AcquireTiType(bool ledcontrol) {
int i, j, n;
// tag transmission is <20ms, sampling at 2M gives us 40K samples max
// each sample is 1 bit stuffed into a uint32_t so we need 1250 uint32_t
@ -696,7 +696,7 @@ void AcquireTiType(void) {
// Transmit Frame Mode Register
AT91C_BASE_SSC->SSC_TFMR = 0;
// iceman, FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER) ?? the code above? can it be replaced?
LED_D_ON();
if (ledcontrol) LED_D_ON();
// modulate antenna
HIGH(GPIO_SSC_DOUT);
@ -707,7 +707,7 @@ void AcquireTiType(void) {
// stop modulating antenna and listen
LOW(GPIO_SSC_DOUT);
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
i = 0;
for (;;) {
@ -744,7 +744,7 @@ void AcquireTiType(void) {
// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc
// if crc provided, it will be written with the data verbatim (even if bogus)
// if not provided a valid crc will be computed from the data and written.
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) {
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc, bool ledcontrol) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
if (crc == 0) {
crc = update_crc16(crc, (idlo) & 0xff);
@ -767,7 +767,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
StartTicks();
LED_A_ON();
if (ledcontrol) LED_A_ON();
// steal this pin from the SSP and use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
@ -804,10 +804,10 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) {
HIGH(GPIO_SSC_DOUT);
WaitMS(50); // programming time
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
// get TI tag data into the buffer
AcquireTiType();
AcquireTiType(ledcontrol);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Now use `lf ti reader` to check");
@ -1241,7 +1241,7 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol) {
size_t size;
uint32_t hi2 = 0, hi = 0, lo = 0;
@ -1267,7 +1267,7 @@ int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
break;
}
DoAcquisition_default(-1, false);
DoAcquisition_default(-1, false, ledcontrol);
// FSK demodulator
// 50 * 128 * 2 - big enough to catch 2 sequences of largest format
@ -1342,12 +1342,12 @@ int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
LEDsoff();
if (ledcontrol) LEDsoff();
return res;
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol) {
size_t size;
int dummyIdx = 0;
@ -1369,7 +1369,7 @@ int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
break;
}
DoAcquisition_default(-1, false);
DoAcquisition_default(-1, false, ledcontrol);
// FSK demodulator
size = MIN(12800, BigBuf_max_traceLen());
@ -1439,11 +1439,11 @@ int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
LEDsoff();
if (ledcontrol) LEDsoff();
return res;
}
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low, bool ledcontrol) {
size_t size, idx = 0;
int clk = 0, invert = 0, maxErr = 20;
@ -1466,7 +1466,7 @@ int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
break;
}
DoAcquisition_default(-1, false);
DoAcquisition_default(-1, false, ledcontrol);
size = MIN(16385, BigBuf_max_traceLen());
@ -1530,11 +1530,11 @@ int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
LEDsoff();
if (ledcontrol) LEDsoff();
return res;
}
int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
int lf_io_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol) {
int dummyIdx = 0;
uint32_t code = 0, code2 = 0;
@ -1559,7 +1559,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
break;
}
DoAcquisition_default(-1, false);
DoAcquisition_default(-1, false, ledcontrol);
size_t size = MIN(12000, BigBuf_max_traceLen());
@ -1614,7 +1614,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
LEDsoff();
if (ledcontrol) LEDsoff();
return res;
}
@ -1820,12 +1820,12 @@ static void T55xx_SendCMD(uint32_t data, uint32_t pwd, uint16_t arg) {
}
// Send T5577 reset command then read stream (see if we can identify the start of the stream)
void T55xxResetRead(uint8_t flags) {
void T55xxResetRead(uint8_t flags, bool ledcontrol) {
uint8_t downlink_mode = ((flags >> 3) & 3);
uint8_t arg = 0x80 | downlink_mode;
LED_A_ON();
if (ledcontrol) LED_A_ON();
//clear buffer now so it does not interfere with timing later
BigBuf_Clear_keep_EM();
@ -1835,15 +1835,15 @@ void T55xxResetRead(uint8_t flags) {
TurnReadLFOn(T55xx_Timing.m[downlink_mode].read_gap);
// Acquisition
DoPartialAcquisition(0, false, BigBuf_max_traceLen(), 0);
DoPartialAcquisition(0, false, BigBuf_max_traceLen(), 0, ledcontrol);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_T55XX_RESET_READ, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
void T55xxDangerousRawTest(uint8_t *data) {
void T55xxDangerousRawTest(uint8_t *data, bool ledcontrol) {
// supports only default downlink mode
t55xx_test_block_t *c = (t55xx_test_block_t *)data;
@ -1864,7 +1864,7 @@ void T55xxDangerousRawTest(uint8_t *data) {
}
}
LED_A_ON();
if (ledcontrol) LED_A_ON();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
// make sure tag is fully powered up...
WaitMS(start_wait);
@ -1878,12 +1878,12 @@ void T55xxDangerousRawTest(uint8_t *data) {
TurnReadLFOn(c->time);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_T55XX_DANGERRAW, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
// Write one card block in page 0, no lock
//void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags) {
void T55xxWriteBlock(uint8_t *data) {
void T55xxWriteBlock(uint8_t *data, bool ledcontrol) {
/*
flag bits
@ -1903,7 +1903,7 @@ void T55xxWriteBlock(uint8_t *data) {
c->flags &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0
LED_A_ON();
if (ledcontrol) LED_A_ON();
T55xx_SendCMD(c->data, c->pwd, c->flags | (c->blockno << 9));
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
@ -1931,13 +1931,13 @@ void T55xxWriteBlock(uint8_t *data) {
// response should be (for t55x7) a 0 bit then (ST if on)
// block data written in on repeat until reset.
//DoPartialAcquisition(20, false, 12000);
//DoPartialAcquisition(20, false, 12000, ledcontrol);
}
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_T55XX_WRITEBL, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
/*
@ -1950,7 +1950,7 @@ void T55xxWriteBlock(uint8_t *data) {
*/
/*
// Read one card block in page [page]
void T55xxReadBlockExt(uint16_t flags, uint8_t block, uint32_t pwd) {
void T55xxReadBlockExt(uint16_t flags, uint8_t block, uint32_t pwd, bool ledcontrol) {
/ *
flag bits
xxxx xxxxxxx1 0x0001 PwdMode
@ -1965,7 +1965,7 @@ void T55xxReadBlockExt(uint16_t flags, uint8_t block, uint32_t pwd) {
size_t samples = 12000;
bool brute_mem = (flags & 0x0100) >> 8;
LED_A_ON();
if (ledcontrol) LED_A_ON();
if (brute_mem) samples = 1024;
@ -1992,18 +1992,18 @@ bool brute_mem = (flags & 0x0100) >> 8;
// Acquisition
// Now do the acquisition
DoPartialAcquisition(0, false, samples, 0);
DoPartialAcquisition(0, false, samples, 0, ledcontrol);
// Turn the field off
if (!brute_mem) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_T55XX_READBL, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
}
*/
// Read one card block in page [page]
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode) {
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode, bool ledcontrol) {
/*
flag bits
xxxx xxxxxxx1 0x0001 PwdMode
@ -2030,7 +2030,7 @@ void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block,
size_t samples = 12000;
LED_A_ON();
if (ledcontrol) LED_A_ON();
if (brute_mem) samples = 2048;
@ -2057,13 +2057,13 @@ void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block,
// Acquisition
// Now do the acquisition
DoPartialAcquisition(0, false, samples, 1000);
DoPartialAcquisition(0, false, samples, 1000, ledcontrol);
// Turn the field off
if (brute_mem == false) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_T55XX_READBL, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
}
// reset back to old / save config
@ -2071,7 +2071,7 @@ void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block,
}
void T55xx_ChkPwds(uint8_t flags) {
void T55xx_ChkPwds(uint8_t flags, bool ledcontrol) {
#define CHK_SAMPLES_SIGNAL 2048
@ -2092,7 +2092,7 @@ void T55xx_ChkPwds(uint8_t flags) {
uint8_t x = 32;
while (x--) {
b1 = 0;
T55xxReadBlock(0, 0, true, 0, 0, downlink_mode);
T55xxReadBlock(0, 0, true, 0, 0, downlink_mode, ledcontrol);
for (uint16_t j = 0; j < CHK_SAMPLES_SIGNAL; ++j) {
b1 += (buf[j] * buf[j]);
}
@ -2152,7 +2152,7 @@ void T55xx_ChkPwds(uint8_t flags) {
uint32_t pwd = bytes_to_num(pwds + (i * 4), 4);
T55xxReadBlock(0, true, true, 0, pwd, downlink_mode);
T55xxReadBlock(0, true, true, 0, pwd, downlink_mode, ledcontrol);
uint64_t sum = 0;
for (uint16_t j = 0; j < CHK_SAMPLES_SIGNAL; ++j) {
@ -2183,15 +2183,15 @@ OUT:
#endif
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
if (ledcontrol) LEDsoff();
reply_ng(CMD_LF_T55XX_CHK_PWDS, PM3_SUCCESS, (uint8_t *)&payload, sizeof(payload));
BigBuf_free();
}
void T55xxWakeUp(uint32_t pwd, uint8_t flags) {
void T55xxWakeUp(uint32_t pwd, uint8_t flags, bool ledcontrol) {
flags |= 0x01 | 0x40 | 0x20; //Password | Read Call (no data) | reg_read no block
LED_B_ON();
if (ledcontrol) LED_B_ON();
T55xx_SendCMD(0, pwd, flags);
@ -2201,7 +2201,7 @@ void T55xxWakeUp(uint32_t pwd, uint8_t flags) {
}
/*-------------- Cloning routines -----------*/
static void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
static void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks, bool ledcontrol) {
t55xx_write_block_t cmd;
cmd.pwd = 0;
cmd.flags = 0;
@ -2209,7 +2209,7 @@ static void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblock
for (uint8_t i = numblocks + startblock; i > startblock; i--) {
cmd.data = blockdata[i - 1];
cmd.blockno = i - 1;
T55xxWriteBlock((uint8_t *)&cmd);
T55xxWriteBlock((uint8_t *)&cmd, ledcontrol);
}
}
/* disabled until verified.
@ -2222,7 +2222,7 @@ static void WriteEM4x05(uint32_t *blockdata, uint8_t startblock, uint8_t numbloc
// Copy HID id to card and setup block 0 config
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em) {
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em, bool ledcontrol) {
uint32_t data[] = {0, 0, 0, 0, 0, 0, 0};
uint8_t last_block = 0;
@ -2266,7 +2266,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo
data[0] = (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_INVERT | EM4x05_SET_NUM_BLOCKS(last_block));
}
LED_D_ON();
if (ledcontrol) LED_D_ON();
if (em) {
Dbprintf("Clone HID Prox to EM4x05 is untested and disabled until verified");
if (g_dbglevel == DBG_DEBUG) {
@ -2280,14 +2280,14 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo
}
//WriteEM4x05(data, 0, last_block + 1);
} else {
WriteT55xx(data, 0, last_block + 1);
WriteT55xx(data, 0, last_block + 1, ledcontrol);
}
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
reply_ng(CMD_LF_HID_CLONE, PM3_SUCCESS, NULL, 0);
}
// clone viking tag to T55xx
void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em) {
void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em, bool ledcontrol) {
uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), 0, 0};
if (q5) {
@ -2304,13 +2304,13 @@ void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em) {
Dbprintf("Clone Viking to EM4x05 is untested and disabled until verified");
//WriteEM4x05(data, 0, 3);
} else {
WriteT55xx(data, 0, 3);
WriteT55xx(data, 0, 3, ledcontrol);
}
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
}
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo) {
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol) {
// Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF
@ -2379,7 +2379,7 @@ int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t i
// Add stop bit
id <<= 1;
LED_D_ON();
if (ledcontrol) LED_D_ON();
// Write EM410x ID
uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)};
@ -2394,9 +2394,9 @@ int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t i
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
}
WriteT55xx(data, 0, 3);
WriteT55xx(data, 0, 3, ledcontrol);
LEDsoff();
if (ledcontrol) LEDsoff();
Dbprintf("Tag %s written with 0x%08x%08x\n",
card ? "T55x7" : "T5555",
(uint32_t)(id >> 32),
@ -2556,13 +2556,13 @@ static void EM4xLoginEx(uint32_t pwd) {
// 0000 0001 fail
}
void EM4xBruteforce(uint32_t start_pwd, uint32_t n) {
void EM4xBruteforce(uint32_t start_pwd, uint32_t n, bool ledcontrol) {
// With current timing, 18.6 ms per test = 53.8 pwds/s
reply_ng(CMD_LF_EM4X_BF, PM3_SUCCESS, NULL, 0);
StartTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitMS(20);
LED_A_ON();
if (ledcontrol) LED_A_ON();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
uint32_t candidates_found = 0;
for (uint32_t pwd = start_pwd; pwd < 0xFFFFFFFF; pwd++) {
@ -2585,7 +2585,7 @@ void EM4xBruteforce(uint32_t start_pwd, uint32_t n) {
SendForward(len, true);
WaitUS(400);
DoPartialAcquisition(0, false, 350, 1000);
DoPartialAcquisition(0, false, 350, 1000, ledcontrol);
uint8_t *mem = BigBuf_get_addr();
if (mem[334] < 128) {
candidates_found++;
@ -2600,16 +2600,16 @@ void EM4xBruteforce(uint32_t start_pwd, uint32_t n) {
}
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
if (ledcontrol) LEDsoff();
}
void EM4xLogin(uint32_t pwd) {
void EM4xLogin(uint32_t pwd, bool ledcontrol) {
StartTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitMS(20);
LED_A_ON();
if (ledcontrol) LED_A_ON();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
@ -2618,21 +2618,21 @@ void EM4xLogin(uint32_t pwd) {
WaitUS(400);
// We need to acquire more than needed, to help demodulators finding the proper modulation
DoPartialAcquisition(0, false, 6000, 1000);
DoPartialAcquisition(0, false, 6000, 1000, ledcontrol);
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_EM4X_LOGIN, PM3_SUCCESS, NULL, 0);
LEDsoff();
if (ledcontrol) LEDsoff();
}
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) {
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd, bool ledcontrol) {
StartTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitMS(20);
LED_A_ON();
if (ledcontrol) LED_A_ON();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
@ -2653,21 +2653,21 @@ void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) {
WaitUS(400);
DoPartialAcquisition(0, false, 6000, 1000);
DoPartialAcquisition(0, false, 6000, 1000, ledcontrol);
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_EM4X_READWORD, PM3_SUCCESS, NULL, 0);
LEDsoff();
if (ledcontrol) LEDsoff();
}
void EM4xWriteWord(uint8_t addr, uint32_t data, uint32_t pwd, uint8_t usepwd) {
void EM4xWriteWord(uint8_t addr, uint32_t data, uint32_t pwd, uint8_t usepwd, bool ledcontrol) {
StartTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitMS(50);
LED_A_ON();
if (ledcontrol) LED_A_ON();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
@ -2695,22 +2695,22 @@ void EM4xWriteWord(uint8_t addr, uint32_t data, uint32_t pwd, uint8_t usepwd) {
// No, when write is denied, err preamble comes much sooner
//WaitUS(10820); // tPC+tWEE
DoPartialAcquisition(0, false, 6000, 1000);
DoPartialAcquisition(0, false, 6000, 1000, ledcontrol);
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_EM4X_WRITEWORD, PM3_SUCCESS, NULL, 0);
}
LEDsoff();
if (ledcontrol) LEDsoff();
}
void EM4xProtectWord(uint32_t data, uint32_t pwd, uint8_t usepwd) {
void EM4xProtectWord(uint32_t data, uint32_t pwd, uint8_t usepwd, bool ledcontrol) {
StartTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitMS(50);
LED_A_ON();
if (ledcontrol) LED_A_ON();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
@ -2737,12 +2737,12 @@ void EM4xProtectWord(uint32_t data, uint32_t pwd, uint8_t usepwd) {
// No, when write is denied, err preamble comes much sooner
//WaitUS(13640); // tPC+tPR
DoPartialAcquisition(0, false, 6000, 1000);
DoPartialAcquisition(0, false, 6000, 1000, ledcontrol);
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_LF_EM4X_PROTECTWORD, PM3_SUCCESS, NULL, 0);
}
LEDsoff();
if (ledcontrol) LEDsoff();
}
/*
@ -2778,7 +2778,7 @@ pulse 3.6 ms
This triggers COTAG tag to response
*/
void Cotag(uint32_t arg0) {
void Cotag(uint32_t arg0, bool ledcontrol) {
#ifndef OFF
# define OFF(x) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); WaitUS((x)); }
#endif
@ -2787,7 +2787,7 @@ void Cotag(uint32_t arg0) {
#endif
uint8_t rawsignal = arg0 & 0xF;
LED_A_ON();
if (ledcontrol) LED_A_ON();
LFSetupFPGAForADC(LF_FREQ2DIV(132), true); //132
@ -2823,7 +2823,7 @@ void Cotag(uint32_t arg0) {
break;
}
case 2: {
DoAcquisition_config(false, 0);
DoAcquisition_config(false, 0, ledcontrol);
reply_ng(CMD_LF_COTAG_READ, PM3_SUCCESS, NULL, 0);
break;
}
@ -2836,7 +2836,7 @@ void Cotag(uint32_t arg0) {
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
if (ledcontrol) LEDsoff();
}
/*

48
armsrc/lfops.h
View file

@ -15,11 +15,11 @@
#include "pm3_cmd.h" // struct
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, uint32_t samples);
void ReadTItag(void);
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc);
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, uint32_t samples, bool ledcontrol);
void ReadTItag(bool ledcontrol);
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc, bool ledcontrol);
void AcquireTiType(void);
void AcquireTiType(bool ledcontrol);
void AcquireRawBitsTI(void);
void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycles);
void SimulateTagLowFrequency(int period, int gap, bool ledcontrol);
@ -34,34 +34,34 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c
void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low);
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low); // Realtime demodulation mode for AWID26
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol);
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol); // Realtime demodulation mode for AWID26
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low, bool ledcontrol);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em, bool ledcontrol); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em, bool ledcontrol);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol);
void T55xxResetRead(uint8_t flags);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxWriteBlock(uint8_t *data);
void T55xxResetRead(uint8_t flags, bool ledcontrol);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags, bool ledcontrol);
void T55xxWriteBlock(uint8_t *data, bool ledcontrol);
// void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode);
void T55xxWakeUp(uint32_t pwd, uint8_t flags);
void T55xx_ChkPwds(uint8_t flags);
void T55xxDangerousRawTest(uint8_t *data);
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode, bool ledcontrol);
void T55xxWakeUp(uint32_t pwd, uint8_t flags, bool ledcontrol);
void T55xx_ChkPwds(uint8_t flags, bool ledcontrol);
void T55xxDangerousRawTest(uint8_t *data, bool ledcontrol);
void TurnReadLFOn(uint32_t delay);
void EM4xLogin(uint32_t pwd);
void EM4xBruteforce(uint32_t start_pwd, uint32_t n);
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd);
void EM4xWriteWord(uint8_t addr, uint32_t data, uint32_t pwd, uint8_t usepwd);
void EM4xProtectWord(uint32_t data, uint32_t pwd, uint8_t usepwd);
void EM4xLogin(uint32_t pwd, bool ledcontrol);
void EM4xBruteforce(uint32_t start_pwd, uint32_t n, bool ledcontrol);
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd, bool ledcontrol);
void EM4xWriteWord(uint8_t addr, uint32_t data, uint32_t pwd, uint8_t usepwd, bool ledcontrol);
void EM4xProtectWord(uint32_t data, uint32_t pwd, uint8_t usepwd, bool ledcontrol);
void Cotag(uint32_t arg0);
void Cotag(uint32_t arg0, bool ledcontrol);
void setT55xxConfig(uint8_t arg0, t55xx_configurations_t *c);
t55xx_configurations_t *getT55xxConfig(void);
void printT55xxConfig(void);

38
armsrc/lfsampling.c
View file

@ -280,7 +280,7 @@ void LFSetupFPGAForADC(int divisor, bool reader_field) {
* @return the number of bits occupied by the samples.
*/
uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, int16_t trigger_threshold,
bool verbose, uint32_t sample_size, uint32_t cancel_after, int32_t samples_to_skip) {
bool verbose, uint32_t sample_size, uint32_t cancel_after, int32_t samples_to_skip, bool ledcontrol) {
initSampleBuffer(&sample_size);
@ -308,7 +308,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
if (ledcontrol && (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY)) {
LED_D_ON();
}
@ -316,7 +316,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
volatile uint8_t sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
// Test point 8 (TP8) can be used to trigger oscilloscope
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
// threshold either high or low values 128 = center 0. if trigger = 178
if (trigger_hit == false) {
@ -366,10 +366,10 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
* @param verbose
* @return number of bits sampled
*/
uint32_t DoAcquisition_default(int trigger_threshold, bool verbose) {
return DoAcquisition(1, 8, 0, trigger_threshold, verbose, 0, 0, 0);
uint32_t DoAcquisition_default(int trigger_threshold, bool verbose, bool ledcontrol) {
return DoAcquisition(1, 8, 0, trigger_threshold, verbose, 0, 0, 0, ledcontrol);
}
uint32_t DoAcquisition_config(bool verbose, uint32_t sample_size) {
uint32_t DoAcquisition_config(bool verbose, uint32_t sample_size, bool ledcontrol) {
return DoAcquisition(config.decimation
, config.bits_per_sample
, config.averaging
@ -377,10 +377,11 @@ uint32_t DoAcquisition_config(bool verbose, uint32_t sample_size) {
, verbose
, sample_size
, 0 // cancel_after
, config.samples_to_skip);
, config.samples_to_skip
, ledcontrol);
}
uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t sample_size, uint32_t cancel_after) {
uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t sample_size, uint32_t cancel_after, bool ledcontrol) {
return DoAcquisition(config.decimation
, config.bits_per_sample
, config.averaging
@ -388,15 +389,16 @@ uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t samp
, verbose
, sample_size
, cancel_after
, 0); // samples to skip
, 0
, ledcontrol); // samples to skip
}
static uint32_t ReadLF(bool reader_field, bool verbose, uint32_t sample_size) {
static uint32_t ReadLF(bool reader_field, bool verbose, uint32_t sample_size, bool ledcontrol) {
if (verbose)
printLFConfig();
LFSetupFPGAForADC(config.divisor, reader_field);
uint32_t ret = DoAcquisition_config(verbose, sample_size);
uint32_t ret = DoAcquisition_config(verbose, sample_size, ledcontrol);
StopTicks();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
return ret;
@ -406,24 +408,24 @@ static uint32_t ReadLF(bool reader_field, bool verbose, uint32_t sample_size) {
* Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled
**/
uint32_t SampleLF(bool verbose, uint32_t sample_size) {
uint32_t SampleLF(bool verbose, uint32_t sample_size, bool ledcontrol) {
BigBuf_Clear_ext(false);
return ReadLF(true, verbose, sample_size);
return ReadLF(true, verbose, sample_size, ledcontrol);
}
/**
* Initializes the FPGA for sniffer-mode (field off), and acquires the samples.
* @return number of bits sampled
**/
uint32_t SniffLF(bool verbose, uint32_t sample_size) {
uint32_t SniffLF(bool verbose, uint32_t sample_size, bool ledcontrol) {
BigBuf_Clear_ext(false);
return ReadLF(false, verbose, sample_size);
return ReadLF(false, verbose, sample_size, ledcontrol);
}
/**
* acquisition of T55x7 LF signal. Similar to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
void doT55x7Acquisition(size_t sample_size) {
void doT55x7Acquisition(size_t sample_size, bool ledcontrol) {
#define T55xx_READ_UPPER_THRESHOLD 128+60 // 60 grph
#define T55xx_READ_LOWER_THRESHOLD 128-60 // -60 grph
@ -464,13 +466,13 @@ void doT55x7Acquisition(size_t sample_size) {
WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
if (ledcontrol && (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY)) {
LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
volatile uint8_t sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
LED_D_OFF();
if (ledcontrol) LED_D_OFF();
// skip until the first high sample above threshold
if (!startFound && sample > T55xx_READ_UPPER_THRESHOLD) {

14
armsrc/lfsampling.h
View file

@ -28,25 +28,25 @@ uint16_t doCotagAcquisitionManchester(uint8_t *dest, uint16_t destlen);
* acquisition of T55x7 LF signal. Similar to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
void doT55x7Acquisition(size_t sample_size);
void doT55x7Acquisition(size_t sample_size, bool ledcontrol);
/**
* Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled
**/
uint32_t SampleLF(bool verbose, uint32_t sample_size);
uint32_t SampleLF(bool verbose, uint32_t sample_size, bool ledcontrol);
/**
* Initializes the FPGA for sniff-mode (field off), and acquires the samples.
* @return number of bits sampled
**/
uint32_t SniffLF(bool verbose, uint32_t sample_size);
uint32_t SniffLF(bool verbose, uint32_t sample_size, bool ledcontrol);
uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, int16_t trigger_threshold,
bool verbose, uint32_t sample_size, uint32_t cancel_after, int32_t samples_to_skip);
bool verbose, uint32_t sample_size, uint32_t cancel_after, int32_t samples_to_skip, bool ledcontrol);
// adds sample size to default options
uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t sample_size, uint32_t cancel_after);
uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t sample_size, uint32_t cancel_after, bool ledcontrol);
/**
* @brief Does sample acquisition, ignoring the config values set in the sample_config.
@ -56,7 +56,7 @@ uint32_t DoPartialAcquisition(int trigger_threshold, bool verbose, uint32_t samp
* @param verbose
* @return number of bits sampled
*/
uint32_t DoAcquisition_default(int trigger_threshold, bool verbose);
uint32_t DoAcquisition_default(int trigger_threshold, bool verbose, bool ledcontrol);
/**
* @brief Does sample acquisition, using the config values set in the sample_config.
* @param trigger_threshold
@ -64,7 +64,7 @@ uint32_t DoAcquisition_default(int trigger_threshold, bool verbose);
* @return number of bits sampled
*/
uint32_t DoAcquisition_config(bool verbose, uint32_t sample_size);
uint32_t DoAcquisition_config(bool verbose, uint32_t sample_size, bool ledcontrol);
/**
* Refactoring of lf sampling buffer

22
armsrc/pcf7931.c
View file

@ -13,7 +13,7 @@
#define T0_PCF 8 //period for the pcf7931 in us
#define ALLOC 16
size_t DemodPCF7931(uint8_t **outBlocks) {
size_t DemodPCF7931(uint8_t **outBlocks, bool ledcontrol) {
// 2021 iceman, memor
uint8_t bits[256] = {0x00};
@ -37,7 +37,7 @@ size_t DemodPCF7931(uint8_t **outBlocks) {
BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
DoAcquisition_default(0, true);
DoAcquisition_default(0, true, ledcontrol);
/* Find first local max/min */
if (dest[1] > dest[0]) {
@ -188,7 +188,7 @@ bool IsBlock1PCF7931(uint8_t *block) {
return false;
}
void ReadPCF7931(void) {
void ReadPCF7931(bool ledcontrol) {
int found_blocks = 0; // successfully read blocks
int max_blocks = 8; // readable blocks
uint8_t memory_blocks[8][17]; // PCF content
@ -211,7 +211,7 @@ void ReadPCF7931(void) {
i = 0;
memset(tmp_blocks, 0, 4 * 16 * sizeof(uint8_t));
n = DemodPCF7931((uint8_t **)tmp_blocks);
n = DemodPCF7931((uint8_t **)tmp_blocks, ledcontrol);
if (!n)
++errors;
@ -353,7 +353,7 @@ end:
reply_mix(CMD_ACK, 0, 0, 0, 0, 0);
}
static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) {
static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data, bool ledcontrol) {
uint32_t tab[1024] = {0}; // data times frame
uint32_t u = 0;
uint8_t parity = 0;
@ -427,7 +427,7 @@ static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int3
}
}
SendCmdPCF7931(tab);
SendCmdPCF7931(tab, ledcontrol);
}
/* Write on a byte of a PCF7931 tag
@ -435,7 +435,7 @@ static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int3
@param byte : address of the byte to write
@param data : data to write
*/
void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) {
void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data, bool ledcontrol) {
if (g_dbglevel >= DBG_INFO) {
Dbprintf("Initialization delay : %d us", init_delay);
@ -449,7 +449,7 @@ void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, ui
uint8_t password[7] = {pass1, pass2, pass3, pass4, pass5, pass6, pass7};
RealWritePCF7931(password, init_delay, l, p, address, byte, data);
RealWritePCF7931(password, init_delay, l, p, address, byte, data, ledcontrol);
}
@ -457,7 +457,7 @@ void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, ui
* @param tab : array of the data frame
*/
void SendCmdPCF7931(uint32_t *tab) {
void SendCmdPCF7931(uint32_t *tab, bool ledcontrol) {
uint16_t u = 0, tempo = 0;
if (g_dbglevel >= DBG_INFO) {
@ -468,7 +468,7 @@ void SendCmdPCF7931(uint32_t *tab) {
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125); //125kHz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
LED_A_ON();
if (ledcontrol) LED_A_ON();
// steal this pin from the SSP and use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
@ -505,7 +505,7 @@ void SendCmdPCF7931(uint32_t *tab) {
}
}
LED_A_OFF();
if (ledcontrol) LED_A_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);

8
armsrc/pcf7931.h
View file

@ -3,14 +3,14 @@
#include "common.h"
size_t DemodPCF7931(uint8_t **outBlocks);
size_t DemodPCF7931(uint8_t **outBlocks, bool ledcontrol);
bool IsBlock0PCF7931(uint8_t *block);
bool IsBlock1PCF7931(uint8_t *block);
void ReadPCF7931(void);
void SendCmdPCF7931(uint32_t *tab);
void ReadPCF7931(bool ledcontrol);
void SendCmdPCF7931(uint32_t *tab, bool ledcontrol);
bool AddBytePCF7931(uint8_t byte, uint32_t *tab, int32_t l, int32_t p);
bool AddBitPCF7931(bool b, uint32_t *tab, int32_t l, int32_t p);
bool AddPatternPCF7931(uint32_t a, uint32_t b, uint32_t c, uint32_t *tab);
void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data);
void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data, bool ledcontrol);
#endif