github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

initial text changes

Browse source
This commit is contained in:
iceman1001 2024-04-06 15:48:41 +02:00
commit 27735355cd
1 changed files with 87 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

135
armsrc/hitag2.c
View file

@ -611,13 +611,14 @@ static bool hitag1_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, si
static bool hitag2_write_page(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) {
switch (writestate) {
case WRITE_STATE_START:
case WRITE_STATE_START: {
*txlen = 10;
tx[0] = 0x82 | (blocknr << 3) | ((blocknr ^ 7) >> 2);
tx[1] = ((blocknr ^ 7) << 6);
writestate = WRITE_STATE_PAGENUM_WRITTEN;
break;
case WRITE_STATE_PAGENUM_WRITTEN:
}
case WRITE_STATE_PAGENUM_WRITTEN: {
// Check if page number was received correctly
if ((rxlen == 10)
&& (rx[0] == (0x82 | (blocknr << 3) | ((blocknr ^ 7) >> 2)))
@ -628,13 +629,16 @@ static bool hitag2_write_page(uint8_t *rx, const size_t rxlen, uint8_t *tx, size
memcpy(tx, writedata, 4);
writestate = WRITE_STATE_PROG;
} else {
Dbprintf("hitag2_write_page: Page number was not received correctly: rxlen %d rx %02x%02x%02x%02x",
rxlen, rx[0], rx[1], rx[2], rx[3]);
Dbprintf("hitag2_write_page: Page number was not received correctly: rxlen %d rx %02x%02x%02x%02x"
, rxlen
, rx[0], rx[1], rx[2], rx[3]
);
bSuccessful = false;
return false;
}
break;
case WRITE_STATE_PROG:
}
case WRITE_STATE_PROG: {
if (rxlen == 0) {
bSuccessful = true;
} else {
@ -642,12 +646,13 @@ static bool hitag2_write_page(uint8_t *rx, const size_t rxlen, uint8_t *tx, size
Dbprintf("hitag2_write_page: unexpected rx data (%d) after page write", rxlen);
}
return false;
default:
Dbprintf("hitag2_write_page: Unknown state %d", writestate);
}
default: {
Dbprintf("hitag2_write_page: Unknown state " _RED_("%d"), writestate);
bSuccessful = false;
return false;
}
}
return true;
}
@ -656,10 +661,12 @@ static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t
*txlen = 0;
if (bPwd && (bAuthenticating == false) && write) {
SpinDelay(2);
if (hitag2_write_page(rx, rxlen, tx, txlen) == false) {
return false;
}
} else {
// Try to find out which command was send by selecting on length (in bits)
switch (rxlen) {
@ -667,7 +674,7 @@ static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t
case 0: {
// Stop if there is no answer (after sending password)
if (bPwd) {
DbpString("Password failed!");
DBG DbpString("Password failed!");
return false;
}
*txlen = 5;
@ -714,7 +721,7 @@ static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t
// Unexpected response
default: {
Dbprintf("Unknown frame length: %d", rxlen);
DBG Dbprintf("Unknown frame length: " _RED_("%d"), rxlen);
return false;
}
break;
@ -832,7 +839,7 @@ static bool hitag2_crypto(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *
// Unexpected response
default: {
DBG Dbprintf("Unknown frame length: %d", rxlen);
DBG Dbprintf("Unknown frame length: " _RED_("%d"), rxlen);
return false;
}
break;
@ -984,7 +991,7 @@ static bool hitag2_read_uid(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t
break;
// Unexpected response
default: {
DBG Dbprintf("Unknown frame length: %d", rxlen);
DBG Dbprintf("Unknown frame length: " _RED_("%d"), rxlen);
return false;
}
break;
@ -1017,10 +1024,12 @@ void SniffHitag2(bool ledcontrol) {
lf_init(false, false, ledcontrol);
// no logging of the raw signal
g_logging = lf_get_reader_modulation();
// g_logging = lf_get_reader_modulation();
g_logging = false;
uint32_t total_count = 0;
uint8_t rx[20 * 8 * 2];
uint8_t rx[HITAG_FRAME_BIT_COUNT * 2];
while (BUTTON_PRESS() == false) {
lf_reset_counter();
@ -1446,7 +1455,9 @@ void SimulateHitag2(bool ledcontrol) {
// Detected two sequential equal bits and a modulation switch
// NRZ modulation: (11 => --|) or (11 __|)
nrz_samples[nrzs++] = reader_modulation;
if (nrzs < max_nrzs) {
nrz_samples[nrzs++] = reader_modulation;
}
// Invert tag modulation state
reader_modulation ^= 1;
} else if (periods > 0 && periods <= 24) {
@ -1639,7 +1650,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
break;
}
case RHT2F_TEST_AUTH_ATTEMPTS: {
DBG Dbprintf("Testing %d authentication attempts", (auth_table_len / 8));
DBG Dbprintf("Testing " _YELLOW_("%d") " authentication attempts", (auth_table_len / 8));
auth_table_pos = 0;
memcpy(NrAr, auth_table, 8);
bCrypto = false;
@ -1673,7 +1684,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
t_wait_2 = 128;
flipped_bit = 0;
tag_size = 8;
DBG DbpString("Configured for hitagS reader");
DBG DbpString("Configured for " _YELLOW_("HitagS") " reader");
} else */
if (htf <= HT1_LAST_CMD) {
// hitag1 settings
@ -1687,7 +1698,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
t_wait_1 = HITAG_T_WAIT_1_MIN;
t_wait_2 = HITAG_T_WAIT_2_MIN;
tag_size = 48;
DBG DbpString("Configured for hitag2 reader");
DBG DbpString("Configured for " _YELLOW_("Hitag 2") " reader");
}
// init as reader
@ -1749,9 +1760,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
}
case RHT2F_UID_ONLY: {
bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen);
if (bSuccessful) {
bStop = true;
}
attempt_count++; //attempt 3 times to get uid then quit
if ((bStop == false) && (attempt_count == 3)) {
bStop = true;
@ -1780,6 +1789,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
lf_wait_periods(t_wait_2);
command_start += t_wait_2;
}
// Transmit the reader frame
command_duration = hitag_reader_send_frame(tx, txlen, ledcontrol);
response_start = command_start + command_duration;
@ -1787,6 +1797,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
// Let the antenna and ADC values settle
// And find the position where edge sampling should start
lf_wait_periods(t_wait_1 - t_wait_1_guard);
response_start += t_wait_1 - t_wait_1_guard;
// Keep administration of the first edge detection
@ -1808,7 +1819,10 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
// Are we dealing with the first incoming edge
if (waiting_for_first_edge) {
// Just break out of loop after an initial time-out (tag is probably not available)
if (periods == 0) break;
if (periods == 0) {
break;
}
if (tag_modulation == 0) {
// hitag replies always start with 11111 == 1010101010, if we see 0
// it means we missed the first period, e.g. if the signal never crossed 0 since reader signal
@ -1832,7 +1846,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
} else {
// The function lf_count_edge_periods() returns 0 when a time-out occurs
if (periods == 0) {
DBG Dbprintf("Detected timeout after [%d] nrz samples", nrzs);
DBG Dbprintf("Detected timeout after [" _YELLOW_("%zu") "] nrz samples", nrzs);
break;
}
}
@ -1853,7 +1867,7 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
tag_modulation ^= 1;
} else {
// The function lf_count_edge_periods() returns > 64 periods, this is not a valid number periods
DBG Dbprintf("Detected unexpected period count: %d", periods);
DBG Dbprintf("Detected unexpected period count: " _RED_("%zu"), periods);
break;
}
}
@ -1861,16 +1875,16 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
// Store the TX frame, we do this now at this point, to avoid delay in processing
// and to be able to overwrite the first samples with the trace (since they currently
// still use the same memory space)
if (txlen > 0) {
LogTraceBits(tx, txlen, command_start, command_start + command_duration, true);
}
// Reset values for receiving frames
memset(rx, 0x00, sizeof(rx));
rxlen = 0;
// If there is no response, just repeat the loop
if (!detected_tag_modulation) continue;
if (detected_tag_modulation == false) {
continue;
}
// Make sure we always have an even number of samples. This fixes the problem
// of ending the manchester decoding with a zero. See the example below where
@ -1892,36 +1906,41 @@ void ReaderHitag(hitag_function htf, const hitag_data *htd, bool ledcontrol) {
// Verify if the header consists of five consecutive ones
if (nrzs < 5) {
DBG Dbprintf("Detected unexpected number of manchester decoded samples [%d]", nrzs);
DBG Dbprintf("Detected unexpected number of manchester decoded samples [%zu]", nrzs);
break;
} else {
size_t i;
for (i = 0; i < 5; i++) {
if (nrz_samples[i] != 1) {
DBG Dbprintf("Detected incorrect header, the bit [%d] is zero instead of one, abort", i);
DBG Dbprintf("Detected incorrect header, the bit [%zu] is zero instead of one, abort", i);
break;
}
}
if (i < 5) break;
if (i < 5) {
break;
}
}
// Pack the response into a byte array
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
DBG Dbprintf("Error in Manchester decoding, abort");
break;
}
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++;
}
if (rxlen % 8 == 1) // skip spurious bit
// skip spurious bit
if (rxlen % 8 == 1) {
rxlen--;
}
// Check if frame was captured and store it
if (rxlen > 0) {
LogTraceBits(rx, rxlen, response_start, response_start + response_duration, false);
// TODO when using cumulative time for command_start, pm3 doesn't reply anymore, e.g. on lf hitag reader --23 -k 4F4E4D494B52
@ -1955,8 +1974,10 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
uint32_t command_duration = 0;
uint32_t response_start = 0;
uint32_t response_duration = 0;
uint8_t rx[HITAG_FRAME_LEN];
size_t rxlen = 0;
uint8_t txbuf[HITAG_FRAME_LEN];
uint8_t *tx = txbuf;
size_t txlen = 0;
@ -1973,7 +1994,9 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
// Reset the return status
bSuccessful = false;
bCrypto = false;
writestate = WRITE_STATE_START;
blocknr = 0;
// Clean up trace and prepare it for storing frames
set_tracing(true);
@ -2090,7 +2113,10 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
}
}
if (bStop) break;
if (bStop) {
break;
}
if (turn_on) {
// Wait 50ms with field off to be sure the transponder gets reset
SpinDelay(50);
@ -2113,6 +2139,7 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
// Let the antenna and ADC values settle
// And find the position where edge sampling should start
lf_wait_periods(t_wait_1 - t_wait_1_guard);
response_start += t_wait_1 - t_wait_1_guard;
// Keep administration of the first edge detection
@ -2133,7 +2160,10 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
// Are we dealing with the first incoming edge
if (waiting_for_first_edge) {
// Just break out of loop after an initial time-out (tag is probably not available)
if (periods == 0) break;
if (periods == 0) {
break;
}
if (tag_modulation == 0) {
// hitag replies always start with 11111 == 1010101010, if we see 0
// it means we missed the first period, e.g. if the signal never crossed 0 since reader signal
@ -2157,7 +2187,7 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
} else {
// The function lf_count_edge_periods() returns 0 when a time-out occurs
if (periods == 0) {
//Dbprintf("Detected timeout after [%d] nrz samples", nrzs);
DBG Dbprintf("Detected timeout after [" _YELLOW_("%zu") "] nrz samples", nrzs);
break;
}
}
@ -2178,27 +2208,26 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
tag_modulation ^= 1;
} else {
// The function lf_count_edge_periods() returns > 64 periods, this is not a valid number periods
//Dbprintf("Detected unexpected period count: %d", periods);
DBG Dbprintf("Detected unexpected period count: " _RED_("%zu"), periods);
break;
}
}
// Wait some extra time for flash to be programmed
//
// Store the TX frame, we do this now at this point, to avoid delay in processing
// and to be able to overwrite the first samples with the trace (since they currently
// still use the same memory space)
if (txlen > 0) {
LogTraceBits(tx, txlen, command_start, command_start + command_duration, true);
}
// Reset values for receiving frames
memset(rx, 0x00, sizeof(rx));
rxlen = 0;
// If there is no response, just repeat the loop
if (!detected_tag_modulation) continue;
if (detected_tag_modulation == false) {
continue;
}
// Make sure we always have an even number of samples. This fixes the problem
// of ending the manchester decoding with a zero. See the example below where
@ -2220,40 +2249,50 @@ void WriterHitag(hitag_function htf, const hitag_data *htd, int page, bool ledco
// Verify if the header consists of five consecutive ones
if (nrzs < 5) {
DBG Dbprintf("Detected unexpected number of manchester decoded samples [%zu]", nrzs);
break;
} else {
size_t i;
for (i = 0; i < 5; i++) {
if (nrz_samples[i] != 1) {
Dbprintf("Detected incorrect header, the bit [%d] is zero instead of one, abort", i);
DBG Dbprintf("Detected incorrect header, the bit " _YELLOW_("%zu") " is zero instead of one, abort", i);
break;
}
}
if (i < 5) break;
if (i < 5) {
break;
}
}
// Pack the response into a byte array
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
// When Manchester detects impossible symbol it writes "7"
if (bit > 1) {
DBG Dbprintf("Error in Manchester decoding, abort");
break;
}
// >> 3 instead of div by 8
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++;
}
if (rxlen % 8 == 1) // skip spurious bit
// skip spurious bit
if (rxlen % 8 == 1) {
rxlen--;
}
// Check if frame was captured and store it
if (rxlen > 0) {
LogTraceBits(rx, rxlen, response_start, response_start + response_duration, false);
command_start = 0;
}
nrzs = 0;
}
out:
lf_finalize(ledcontrol);