diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 049231c21..976e13148 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -752,26 +752,26 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) { // The soft decision on the bit uses an estimate of just the // quadrant of the reference angle, not the exact angle. #define MAKE_SOFT_DECISION() { \ - if(Demod.sumI > 0) { \ - v = ci; \ - } else { \ - v = -ci; \ - } \ - if(Demod.sumQ > 0) { \ - v += cq; \ - } else { \ - v -= cq; \ - } \ - } + if(Demod.sumI > 0) { \ + v = ci; \ + } else { \ + v = -ci; \ + } \ + if(Demod.sumQ > 0) { \ + v += cq; \ + } else { \ + v -= cq; \ + } \ + } -#define SUBCARRIER_DETECT_THRESHOLD 8 +#define SUBCARRIER_DETECT_THRESHOLD 8 // Subcarrier amplitude v = sqrt(ci^2 + cq^2), approximated here by max(abs(ci),abs(cq)) + 1/2*min(abs(ci),abs(cq))) #define AMPLITUDE(ci,cq) (MAX(ABS(ci),ABS(cq)) + (MIN(ABS(ci),ABS(cq))/2)) switch (Demod.state) { case DEMOD_UNSYNCD: { - if (AMPLITUDE(ci, cq) > SUBCARRIER_DETECT_THRESHOLD) { // subcarrier detected + if (AMPLITUDE(ci, cq) > SUBCARRIER_DETECT_THRESHOLD) { // subcarrier detected Demod.state = DEMOD_PHASE_REF_TRAINING; Demod.sumI = ci; Demod.sumQ = cq; @@ -799,7 +799,7 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) { } else { // at this point it can be start of 14b' data or start of 14b SOF MAKE_SOFT_DECISION(); - Demod.posCount = 1; // this was the first half + Demod.posCount = 1; // this was the first half Demod.thisBit = v; Demod.shiftReg = 0; Demod.state = DEMOD_RECEIVING_DATA; @@ -815,7 +815,7 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) { Demod.posCount++; MAKE_SOFT_DECISION(); if (v > 0) { - if (Demod.posCount > 3 * 2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs + if (Demod.posCount > 3 * 2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs LED_C_OFF(); if (Demod.bitCount == 0 && Demod.len == 0) { // received SOF only, this is valid for iClass/Picopass return true; @@ -823,8 +823,8 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) { Demod.state = DEMOD_UNSYNCD; } } - } else { // start bit detected - Demod.posCount = 1; // this was the first half + } else { // start bit detected + Demod.posCount = 1; // this was the first half Demod.thisBit = v; Demod.shiftReg = 0; Demod.state = DEMOD_RECEIVING_DATA; @@ -857,14 +857,14 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) { MAKE_SOFT_DECISION(); - if (Demod.posCount == 0) { // first half of bit + if (Demod.posCount == 0) { // first half of bit Demod.thisBit = v; Demod.posCount = 1; - } else { // second half of bit + } else { // second half of bit Demod.thisBit += v; Demod.shiftReg >>= 1; - if (Demod.thisBit > 0) { // logic '1' + if (Demod.thisBit > 0) { // logic '1' Demod.shiftReg |= 0x200; } diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index f3c3494a9..e84edd8a0 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -1883,112 +1883,112 @@ void LockPassSlixIso15693(uint32_t pass_id, uint32_t password) { LED_A_ON(); - uint8_t cmd_inventory[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1, 0x01, 0x00, 0x00, 0x00 }; - uint8_t cmd_get_rnd[] = {ISO15693_REQ_DATARATE_HIGH, 0xB2, 0x04, 0x00, 0x00 }; - uint8_t cmd_set_pass[] = {ISO15693_REQ_DATARATE_HIGH, 0xB3, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - //uint8_t cmd_write_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB4, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t cmd_lock_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB5, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00 }; - uint16_t crc; - int recvlen = 0; - uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; - uint32_t start_time = 0; - bool done = false; + uint8_t cmd_inventory[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1, 0x01, 0x00, 0x00, 0x00 }; + uint8_t cmd_get_rnd[] = {ISO15693_REQ_DATARATE_HIGH, 0xB2, 0x04, 0x00, 0x00 }; + uint8_t cmd_set_pass[] = {ISO15693_REQ_DATARATE_HIGH, 0xB3, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + //uint8_t cmd_write_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB4, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + uint8_t cmd_lock_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB5, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00 }; + uint16_t crc; + int recvlen = 0; + uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; + uint32_t start_time = 0; + bool done = false; - // setup 'get random number' command - crc = Iso15693Crc(cmd_get_rnd, 3); - cmd_get_rnd[3] = crc & 0xff; - cmd_get_rnd[4] = crc >> 8; + // setup 'get random number' command + crc = Iso15693Crc(cmd_get_rnd, 3); + cmd_get_rnd[3] = crc & 0xff; + cmd_get_rnd[4] = crc >> 8; - Dbprintf("LockPass: Press button lock password, long-press to terminate."); + Dbprintf("LockPass: Press button lock password, long-press to terminate."); - while (!done) { + while (!done) { - LED_D_ON(); - switch(BUTTON_HELD(1000)) { - case BUTTON_SINGLE_CLICK: - Dbprintf("LockPass: Reset 'DONE'-LED (A)"); - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - break; - case BUTTON_HOLD: - Dbprintf("LockPass: Terminating"); - done = true; - break; - default: - SpinDelay(50); - continue; - } + LED_D_ON(); + switch(BUTTON_HELD(1000)) { + case BUTTON_SINGLE_CLICK: + Dbprintf("LockPass: Reset 'DONE'-LED (A)"); + LED_A_OFF(); + LED_B_OFF(); + LED_C_OFF(); + break; + case BUTTON_HOLD: + Dbprintf("LockPass: Terminating"); + done = true; + break; + default: + SpinDelay(50); + continue; + } - if (done) [ - break; - } + if (done) [ + break; + } - recvlen = SendDataTag(cmd_get_rnd, sizeof(cmd_get_rnd), true, true, recvbuf, sizeof(recvbuf), start_time); - if (recvlen != 5) { - LED_C_ON(); - } else { - Dbprintf("LockPass: Received random 0x%02X%02X (%d)", recvbuf[1], recvbuf[2], recvlen); + recvlen = SendDataTag(cmd_get_rnd, sizeof(cmd_get_rnd), true, true, recvbuf, sizeof(recvbuf), start_time); + if (recvlen != 5) { + LED_C_ON(); + } else { + Dbprintf("LockPass: Received random 0x%02X%02X (%d)", recvbuf[1], recvbuf[2], recvlen); - // setup 'set password' command - cmd_set_pass[4] = ((password>>0) &0xFF) ^ recvbuf[1]; - cmd_set_pass[5] = ((password>>8) &0xFF) ^ recvbuf[2]; - cmd_set_pass[6] = ((password>>16) &0xFF) ^ recvbuf[1]; - cmd_set_pass[7] = ((password>>24) &0xFF) ^ recvbuf[2]; + // setup 'set password' command + cmd_set_pass[4] = ((password>>0) &0xFF) ^ recvbuf[1]; + cmd_set_pass[5] = ((password>>8) &0xFF) ^ recvbuf[2]; + cmd_set_pass[6] = ((password>>16) &0xFF) ^ recvbuf[1]; + cmd_set_pass[7] = ((password>>24) &0xFF) ^ recvbuf[2]; - crc = Iso15693Crc(cmd_set_pass, 8); - cmd_set_pass[8] = crc & 0xff; - cmd_set_pass[9] = crc >> 8; + crc = Iso15693Crc(cmd_set_pass, 8); + cmd_set_pass[8] = crc & 0xff; + cmd_set_pass[9] = crc >> 8; - Dbprintf("LockPass: Sending old password to end privacy mode", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7]); - recvlen = SendDataTag(cmd_set_pass, sizeof(cmd_set_pass), false, true, recvbuf, sizeof(recvbuf), start_time); - if (recvlen != 3) { - Dbprintf("LockPass: Failed to set password (%d)", recvlen); - LED_B_ON(); - } else { - crc = Iso15693Crc(cmd_inventory, 3); - cmd_inventory[3] = crc & 0xff; - cmd_inventory[4] = crc >> 8; + Dbprintf("LockPass: Sending old password to end privacy mode", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7]); + recvlen = SendDataTag(cmd_set_pass, sizeof(cmd_set_pass), false, true, recvbuf, sizeof(recvbuf), start_time); + if (recvlen != 3) { + Dbprintf("LockPass: Failed to set password (%d)", recvlen); + LED_B_ON(); + } else { + crc = Iso15693Crc(cmd_inventory, 3); + cmd_inventory[3] = crc & 0xff; + cmd_inventory[4] = crc >> 8; - Dbprintf("LockPass: Searching for tag..."); - recvlen = SendDataTag(cmd_inventory, sizeof(cmd_inventory), false, true, recvbuf, sizeof(recvbuf), start_time); - if (recvlen != 12) { - Dbprintf("LockPass: Failed to read inventory (%d)", recvlen); - LED_B_ON(); - LED_C_ON(); - } else { + Dbprintf("LockPass: Searching for tag..."); + recvlen = SendDataTag(cmd_inventory, sizeof(cmd_inventory), false, true, recvbuf, sizeof(recvbuf), start_time); + if (recvlen != 12) { + Dbprintf("LockPass: Failed to read inventory (%d)", recvlen); + LED_B_ON(); + LED_C_ON(); + } else { - Dbprintf("LockPass: Answer from %02X%02X%02X%02X%02X%02X%02X%02X", recvbuf[9], recvbuf[8], recvbuf[7], recvbuf[6], recvbuf[5], recvbuf[4], recvbuf[3], recvbuf[2]); + Dbprintf("LockPass: Answer from %02X%02X%02X%02X%02X%02X%02X%02X", recvbuf[9], recvbuf[8], recvbuf[7], recvbuf[6], recvbuf[5], recvbuf[4], recvbuf[3], recvbuf[2]); - memcpy(&cmd_lock_pass[3], &recvbuf[2], 8); + memcpy(&cmd_lock_pass[3], &recvbuf[2], 8); - cmd_lock_pass[8+3] = pass_id; + cmd_lock_pass[8+3] = pass_id; - crc = Iso15693Crc(cmd_lock_pass, 8+4); - cmd_lock_pass[8+4] = crc & 0xff; - cmd_lock_pass[8+5] = crc >> 8; + crc = Iso15693Crc(cmd_lock_pass, 8+4); + cmd_lock_pass[8+4] = crc & 0xff; + cmd_lock_pass[8+5] = crc >> 8; - Dbprintf("LockPass: locking to password 0x%02X%02X%02X%02X for ID %02X", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7], pass_id); + Dbprintf("LockPass: locking to password 0x%02X%02X%02X%02X for ID %02X", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7], pass_id); - recvlen = SendDataTag(cmd_lock_pass, sizeof(cmd_lock_pass), false, true, recvbuf, sizeof(recvbuf), start_time); - if (recvlen != 3) { - Dbprintf("LockPass: Failed to lock password (%d)", recvlen); - } else { - Dbprintf("LockPass: Successful (%d)", recvlen); - } - LED_A_ON(); - } - } } - } + recvlen = SendDataTag(cmd_lock_pass, sizeof(cmd_lock_pass), false, true, recvbuf, sizeof(recvbuf), start_time); + if (recvlen != 3) { + Dbprintf("LockPass: Failed to lock password (%d)", recvlen); + } else { + Dbprintf("LockPass: Successful (%d)", recvlen); + } + LED_A_ON(); + } + } } + } - Dbprintf("LockPass: Finishing"); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + Dbprintf("LockPass: Finishing"); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen); - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); + cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen); + LED_A_OFF(); + LED_B_OFF(); + LED_C_OFF(); + LED_D_OFF(); } */ diff --git a/client/luascripts/hf_mf_dump-luxeo.lua b/client/luascripts/hf_mf_dump-luxeo.lua index 3ee86ecbc..70f1b42e0 100644 --- a/client/luascripts/hf_mf_dump-luxeo.lua +++ b/client/luascripts/hf_mf_dump-luxeo.lua @@ -77,65 +77,65 @@ local function setdevicedebug( status ) end local function xteaCrypt(num_rounds, v, key) - local v0 = v[0] - local v1 = v[1] - local delta = 0x9E3779B9 - local sum = 0 + local v0 = v[0] + local v1 = v[1] + local delta = 0x9E3779B9 + local sum = 0 - for i = 0, num_rounds-1 do - -- v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); - v0 = band(bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]) + v0, 0xFFFFFFFF) - sum = band(sum + delta, 0xFFFFFFFF) - -- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); - v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF) - end - v[0] = v0 - v[1] = v1 + for i = 0, num_rounds-1 do + -- v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); + v0 = band(bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]) + v0, 0xFFFFFFFF) + sum = band(sum + delta, 0xFFFFFFFF) + -- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); + v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF) + end + v[0] = v0 + v[1] = v1 end local function xteaDecrypt(num_rounds, v, key) - local v0 = v[0] - local v1 = v[1] - local delta = 0x9E3779B9 - local sum = band(delta * num_rounds, 0xFFFFFFFF) + local v0 = v[0] + local v1 = v[1] + local delta = 0x9E3779B9 + local sum = band(delta * num_rounds, 0xFFFFFFFF) - for i = 0, num_rounds-1 do - -- v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); - v1 = band(v1 - bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]), 0xFFFFFFFF) - sum = band(sum - delta, 0xFFFFFFFF) - -- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); - v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF) - end - v[0] = v0 - v[1] = v1 + for i = 0, num_rounds-1 do + -- v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); + v1 = band(v1 - bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]), 0xFFFFFFFF) + sum = band(sum - delta, 0xFFFFFFFF) + -- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); + v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF) + end + v[0] = v0 + v[1] = v1 end local function createxteakey(mfuid) - local xteakey = {} - local buid = {} - local tmpkey = {} - local uid = {} + local xteakey = {} + local buid = {} + local tmpkey = {} + local uid = {} - -- Warning ! "it is customary in Lua to START ARRAYS WITH ONE" - buid = utils.ConvertHexToBytes(mfuid) - uid[0] = bor(buid[1], lsh(buid[2], 8)) - uid[1] = bor(buid[3], lsh(buid[4], 8)) + -- Warning ! "it is customary in Lua to START ARRAYS WITH ONE" + buid = utils.ConvertHexToBytes(mfuid) + uid[0] = bor(buid[1], lsh(buid[2], 8)) + uid[1] = bor(buid[3], lsh(buid[4], 8)) - tmpkey[0] = 0x198B - tmpkey[1] = uid[0] - tmpkey[2] = 0x46D8 - tmpkey[3] = uid[1] - tmpkey[4] = 0x5310 - tmpkey[5] = bxor(uid[0], 0xA312) - tmpkey[6] = 0xFFCB - tmpkey[7] = bxor(uid[1], 0x55AA) + tmpkey[0] = 0x198B + tmpkey[1] = uid[0] + tmpkey[2] = 0x46D8 + tmpkey[3] = uid[1] + tmpkey[4] = 0x5310 + tmpkey[5] = bxor(uid[0], 0xA312) + tmpkey[6] = 0xFFCB + tmpkey[7] = bxor(uid[1], 0x55AA) - xteakey[0] = bor(lsh(tmpkey[1], 16), tmpkey[0]) - xteakey[1] = bor(lsh(tmpkey[3], 16), tmpkey[2]) - xteakey[2] = bor(lsh(tmpkey[5], 16), tmpkey[4]) - xteakey[3] = bor(lsh(tmpkey[7], 16), tmpkey[6]) + xteakey[0] = bor(lsh(tmpkey[1], 16), tmpkey[0]) + xteakey[1] = bor(lsh(tmpkey[3], 16), tmpkey[2]) + xteakey[2] = bor(lsh(tmpkey[5], 16), tmpkey[4]) + xteakey[3] = bor(lsh(tmpkey[7], 16), tmpkey[6]) - return xteakey + return xteakey end local function getblockdata(response) @@ -160,38 +160,38 @@ local function readblock(blockno, key) end local function readtag(mfkey,xteakey) - local tagdata = {} - local cleardata = {} - local v = {} - local vv = {} + local tagdata = {} + local cleardata = {} + local v = {} + local vv = {} - -- Read 4 sectors and build table - for sect = 8, 11 do - for blockn = sect * 4, (sect * 4) + 2 do - local blockdata = readblock(blockn, mfkey) - if not blockdata then return oops('[!] failed reading block') end - table.insert(tagdata, blockdata) - end - end + -- Read 4 sectors and build table + for sect = 8, 11 do + for blockn = sect * 4, (sect * 4) + 2 do + local blockdata = readblock(blockn, mfkey) + if not blockdata then return oops('[!] failed reading block') end + table.insert(tagdata, blockdata) + end + end - -- Decrypt data and build clear table - for key,value in ipairs(tagdata) do - local clearblockdata - v[0] = utils.SwapEndianness(value:sub(1, 8), 32) - v[1] = utils.SwapEndianness(value:sub(9, 16), 32) - xteaDecrypt(16, v, xteakey) - vv[0] = utils.SwapEndianness(value:sub(17, 24), 32) - vv[1] = utils.SwapEndianness(value:sub(25, 32), 32) - xteaDecrypt(16, vv, xteakey) - clearblockdata=string.format("%08X%08X%08X%08X", - utils.SwapEndianness(string.format("%08X", v[0]), 32), - utils.SwapEndianness(string.format("%08X", v[1]), 32), - utils.SwapEndianness(string.format("%08X", vv[0]), 32), - utils.SwapEndianness(string.format("%08X", vv[1]), 32)) - table.insert(cleardata, clearblockdata) - end + -- Decrypt data and build clear table + for key,value in ipairs(tagdata) do + local clearblockdata + v[0] = utils.SwapEndianness(value:sub(1, 8), 32) + v[1] = utils.SwapEndianness(value:sub(9, 16), 32) + xteaDecrypt(16, v, xteakey) + vv[0] = utils.SwapEndianness(value:sub(17, 24), 32) + vv[1] = utils.SwapEndianness(value:sub(25, 32), 32) + xteaDecrypt(16, vv, xteakey) + clearblockdata=string.format("%08X%08X%08X%08X", + utils.SwapEndianness(string.format("%08X", v[0]), 32), + utils.SwapEndianness(string.format("%08X", v[1]), 32), + utils.SwapEndianness(string.format("%08X", vv[0]), 32), + utils.SwapEndianness(string.format("%08X", vv[1]), 32)) + table.insert(cleardata, clearblockdata) + end - return tagdata,cleardata + return tagdata,cleardata end @@ -203,98 +203,98 @@ local function main(args) if o == 'h' then return help() end end - local xteakey = {} - -- local v = {} - local edata = {} - local cdata = {} + local xteakey = {} + -- local v = {} + local edata = {} + local cdata = {} - -- Turn off Debug - setdevicedebug(false) + -- Turn off Debug + setdevicedebug(false) - -- GET TAG UID - tag, err = lib14a.read(false, true) - if err then - lib14a.disconnect() - return oops(err) - end - core.clearCommandBuffer() + -- GET TAG UID + tag, err = lib14a.read(false, true) + if err then + lib14a.disconnect() + return oops(err) + end + core.clearCommandBuffer() - -- simple tag check - if 0x08 ~= tag.sak then - if 0x0400 ~= tag.atqa then - return oops(('[fail] found tag %s :: looking for Mifare S50 1k'):format(tag.name)) - end - end + -- simple tag check + if 0x08 ~= tag.sak then + if 0x0400 ~= tag.atqa then + return oops(('[fail] found tag %s :: looking for Mifare S50 1k'):format(tag.name)) + end + end - xteakey = createxteakey(tag.uid) - print(acblue.."UID: "..tag.uid..acoff) - print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff) + xteakey = createxteakey(tag.uid) + print(acblue.."UID: "..tag.uid..acoff) + print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff) - edata, cdata = readtag("415A54454B4D", xteakey) + edata, cdata = readtag("415A54454B4D", xteakey) - if edata == nil or cdata == nil then - print("ERROR Reading tag!") - return nil - end + if edata == nil or cdata == nil then + print("ERROR Reading tag!") + return nil + end - print("Ciphered data:") - for key,value in ipairs(edata) do - print(value) - if key % 3 == 0 then print("") end - end + print("Ciphered data:") + for key,value in ipairs(edata) do + print(value) + if key % 3 == 0 then print("") end + end - -- compute CRC for each segment + -- compute CRC for each segment crcH = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[1]..cdata[2]..cdata[3]:sub(1,28), false, '0'),16) crcA = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[4]..cdata[5]..cdata[6]..cdata[7]:sub(1,28), false, '0'),16) crcB = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[8]..cdata[9]..cdata[10]..cdata[11]:sub(1,28), false, '0'),16) - print("\nHeader:") - for key,value in ipairs(cdata) do - if key == 3 then - print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) - if utils.SwapEndianness(value:sub(29,32),16) == crcH then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end - print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcH)..strcrc..acoff) - print("\nDataA:") - elseif key == 4 then - print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) - versionA = utils.SwapEndianness(value:sub(1,4),16) - dateA = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), - tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), - tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) - elseif key == 8 then - print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) - versionB = utils.SwapEndianness(value:sub(1,4),16) - dateB = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), - tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), - tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) - elseif key == 5 then - print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) - creditA = utils.SwapEndianness(value:sub(1,4),16)/100 - elseif key == 9 then - print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) - creditB = utils.SwapEndianness(value:sub(1,4),16)/100 - elseif key == 7 then - print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) - print(acgreen.."Version "..string.format("0x%04X", versionA)..acoff) - print(acyellow.."Credit : "..creditA..acoff) - if utils.SwapEndianness(value:sub(29,32),16) == crcA then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end - print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcA)..strcrc..acoff) - print(accyan.."Date: "..dateA..acoff) - print("\nDataB:") - elseif key == 11 then - print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) - print(acgreen.."Version "..string.format("0x%04X", versionB)..acoff) - print(acyellow.."Credit : "..creditB..acoff) - if utils.SwapEndianness(value:sub(29,32),16) == crcB then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end - print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcB)..strcrc..acoff) - print(accyan.."Date: "..dateB..acoff) - print("\nFooter:") - else - print(value) - end - end + print("\nHeader:") + for key,value in ipairs(cdata) do + if key == 3 then + print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) + if utils.SwapEndianness(value:sub(29,32),16) == crcH then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end + print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcH)..strcrc..acoff) + print("\nDataA:") + elseif key == 4 then + print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) + versionA = utils.SwapEndianness(value:sub(1,4),16) + dateA = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), + tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), + tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) + elseif key == 8 then + print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) + versionB = utils.SwapEndianness(value:sub(1,4),16) + dateB = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), + tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), + tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) + elseif key == 5 then + print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) + creditA = utils.SwapEndianness(value:sub(1,4),16)/100 + elseif key == 9 then + print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) + creditB = utils.SwapEndianness(value:sub(1,4),16)/100 + elseif key == 7 then + print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) + print(acgreen.."Version "..string.format("0x%04X", versionA)..acoff) + print(acyellow.."Credit : "..creditA..acoff) + if utils.SwapEndianness(value:sub(29,32),16) == crcA then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end + print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcA)..strcrc..acoff) + print(accyan.."Date: "..dateA..acoff) + print("\nDataB:") + elseif key == 11 then + print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) + print(acgreen.."Version "..string.format("0x%04X", versionB)..acoff) + print(acyellow.."Credit : "..creditB..acoff) + if utils.SwapEndianness(value:sub(29,32),16) == crcB then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end + print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcB)..strcrc..acoff) + print(accyan.."Date: "..dateB..acoff) + print("\nFooter:") + else + print(value) + end + end - return + return end main(args) diff --git a/client/luascripts/hf_mf_gen3_writer.lua b/client/luascripts/hf_mf_gen3_writer.lua index 7795ac26c..1257f3413 100644 --- a/client/luascripts/hf_mf_gen3_writer.lua +++ b/client/luascripts/hf_mf_gen3_writer.lua @@ -34,7 +34,7 @@ version = 'v1.0.0' desc = [[ This script gives you an easy way to write your *.eml dumps into normal MIFARE Classic and Magic Gen3 cards. - Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards. + Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards. The script also has the possibility to change UID and permanent lock uid on magic Gen3 cards. It supports the following functionality. @@ -47,18 +47,18 @@ desc = [[ Script works in a wizard styled way. - Author Youtube channel: https://yev.ooo/ + Author Youtube channel: https://yev.ooo/ - Many Thanks, - Best Regards + Many Thanks, + Best Regards ]] example = [[ 1. script run mfc_gen3_writer ]] usage = [[ - Give script to know if you uses an Windows OS + Give script to know if you uses an Windows OS Select your *.eml dump from list to write to the card. - Follow the wizard. + Follow the wizard. ]] -- --- @@ -163,9 +163,9 @@ end -- local function KeyAB() if default_key_type == '00' then - return 'KeyA' + return 'KeyA' else - return 'KeyB' + return 'KeyB' end end -- @@ -265,7 +265,7 @@ local function main(args) eml_file_uid_end = 22 eml_file_lengt = 31 else - eml_file_uid_start = 9 + eml_file_uid_start = 9 eml_file_uid_end = 16 eml_file_lengt = 25 end @@ -366,7 +366,7 @@ local function main(args) print(tab) -- if checkkey() == true then - print(tab) + print(tab) if (utils.confirm(' Card is Empty. Write selected dump to card ?') == true) then for i = 1, #eml do core.console(string.format(cmd_wrbl_b, (i-1), default_key, eml[i])) diff --git a/client/luascripts/hf_mf_uidbruteforce.lua b/client/luascripts/hf_mf_uidbruteforce.lua index 461e8aad3..fc85b63bb 100644 --- a/client/luascripts/hf_mf_uidbruteforce.lua +++ b/client/luascripts/hf_mf_uidbruteforce.lua @@ -114,7 +114,7 @@ local function main(args) local c = string.format( command, n ) print('Running: "'..c..'"') core.console(c) - core.console('msleep '..timeout); + core.console('msleep '..timeout); core.console('hw ping') end diff --git a/client/luascripts/hf_mfu_magicwrite.lua b/client/luascripts/hf_mfu_magicwrite.lua index e29296f45..2961bd54c 100644 --- a/client/luascripts/hf_mfu_magicwrite.lua +++ b/client/luascripts/hf_mfu_magicwrite.lua @@ -15,75 +15,75 @@ author = 'Christian Herrmann' version = 'v1.1.3' desc = 'This script enables easy programming of a MAGIC NTAG 21* card' example = [[ - -- wipe tag - script run hf_mfu_magicwrite -w + -- wipe tag + script run hf_mfu_magicwrite -w - -- wipe a locked down tag by giving the password - script run hf_mfu_magicwrite -k ffffffff -w + -- wipe a locked down tag by giving the password + script run hf_mfu_magicwrite -k ffffffff -w - --read magic tag configuration - script run hf_mfu_magicwrite -c + --read magic tag configuration + script run hf_mfu_magicwrite -c - -- set uid - script run hf_mfu_magicwrite -u 04112233445566 + -- set uid + script run hf_mfu_magicwrite -u 04112233445566 - -- set pwd / pack - script run hf_mfu_magicwrite -p 11223344 -a 8080 + -- set pwd / pack + script run hf_mfu_magicwrite -p 11223344 -a 8080 - -- set version to NTAG213 - script run hf_mfu_magicwrite -v 0004040201000f03 + -- set version to NTAG213 + script run hf_mfu_magicwrite -v 0004040201000f03 - -- set signature - script run hf_mfu_magicwrite -s 1122334455667788990011223344556677889900112233445566778899001122 + -- set signature + script run hf_mfu_magicwrite -s 1122334455667788990011223344556677889900112233445566778899001122 ]] usage = [[ script run hf_mfu_easywrite -h -k -c -w -u -t -p -a -s -o -v ]] arguments = [[ - -h this help - -c read magic configuration - -u UID (14 hexsymbols), set UID on tag - -t tag type to impersonate - 1 = UL_EV1 48k - 2 = UL_EV1 128k - 3 = NTAG 210 - 4 = NTAG 212 - 5 = NTAG 213 (true) - 6 = NTAG 215 (true) - 7 = NTAG 216 (true) - 8 = NTAG I2C 1K - 9 = NTAG I2C 2K - 10 = NTAG I2C 1K PLUS - 11 = NTAG I2C 2K PLUS - 12 = NTAG 213F (true) - 13 = NTAG 216F (true) - -p password (8 hexsymbols), set password on tag. - -a pack ( 4 hexsymbols), set pack on tag. - -s signature data (64 hexsymbols), set signature data on tag. - -o OTP data (8 hexsymbols), set one-time-pad data on tag. - -v version data (16 hexsymbols), set version data on tag. - -w wipe tag. You can specify password if the tag has been locked down. Fills tag with zeros and put default values for NTAG213 (like -t 5) - -k pwd to use with the wipe option + -h this help + -c read magic configuration + -u UID (14 hexsymbols), set UID on tag + -t tag type to impersonate + 1 = UL_EV1 48k + 2 = UL_EV1 128k + 3 = NTAG 210 + 4 = NTAG 212 + 5 = NTAG 213 (true) + 6 = NTAG 215 (true) + 7 = NTAG 216 (true) + 8 = NTAG I2C 1K + 9 = NTAG I2C 2K + 10 = NTAG I2C 1K PLUS + 11 = NTAG I2C 2K PLUS + 12 = NTAG 213F (true) + 13 = NTAG 216F (true) + -p password (8 hexsymbols), set password on tag. + -a pack ( 4 hexsymbols), set pack on tag. + -s signature data (64 hexsymbols), set signature data on tag. + -o OTP data (8 hexsymbols), set one-time-pad data on tag. + -v version data (16 hexsymbols), set version data on tag. + -w wipe tag. You can specify password if the tag has been locked down. Fills tag with zeros and put default values for NTAG213 (like -t 5) + -k pwd to use with the wipe option ]] --- -- A debug printout-function local function dbg(args) - if not DEBUG then return end - if type(args) == 'table' then - local i = 1 - while result[i] do - dbg(result[i]) - i = i+1 - end - else - print('###', args) - end + if not DEBUG then return end + if type(args) == 'table' then + local i = 1 + while result[i] do + dbg(result[i]) + i = i+1 + end + else + print('###', args) + end end -- This is only meant to be used when errors occur local function oops(err) - print("ERROR: ",err) + print("ERROR: ",err) core.clearCommandBuffer() - return nil, err + return nil, err end --- -- Usage help @@ -102,11 +102,11 @@ end --- -- set the global password variable local function set_password(pwd) - if pwd == nil then _password = nil; return true, 'Ok' end - if #pwd ~= 8 then return nil, 'password wrong length. Must be 4 hex bytes' end - if #pwd == 0 then _password = nil end - _password = pwd - return true, 'Ok' + if pwd == nil then _password = nil; return true, 'Ok' end + if #pwd ~= 8 then return nil, 'password wrong length. Must be 4 hex bytes' end + if #pwd == 0 then _password = nil end + _password = pwd + return true, 'Ok' end --- Picks out and displays the data read from a tag -- Specifically, takes a usb packet, converts to a Command @@ -114,37 +114,37 @@ end -- reads the number of bytes specified in arg1 (arg0 in c-struct) -- @param usbpacket the data received from the device local function getResponseData(usbpacket) - local resp = Command.parse(usbpacket) - local len = tonumber(resp.arg1) * 2 - return string.sub(tostring(resp.data), 0, len); + local resp = Command.parse(usbpacket) + local len = tonumber(resp.arg1) * 2 + return string.sub(tostring(resp.data), 0, len); end --- -- local function sendRaw(rawdata, options) - local flags = lib14a.ISO14A_COMMAND.ISO14A_NO_DISCONNECT - + lib14a.ISO14A_COMMAND.ISO14A_RAW - + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC + local flags = lib14a.ISO14A_COMMAND.ISO14A_NO_DISCONNECT + + lib14a.ISO14A_COMMAND.ISO14A_RAW + + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC - local c = Command:newMIX{cmd = cmds.CMD_HF_ISO14443A_READER, - arg1 = flags, - -- arg2 contains the length, which is half the length of the ASCII-string rawdata - arg2 = string.len(rawdata)/2, - data = rawdata} + local c = Command:newMIX{cmd = cmds.CMD_HF_ISO14443A_READER, + arg1 = flags, + -- arg2 contains the length, which is half the length of the ASCII-string rawdata + arg2 = string.len(rawdata)/2, + data = rawdata} return c:sendMIX(options.ignore_response) end --- -- local function send(payload) - local usb, err = sendRaw(payload,{ignore_response = false}) - if err then return oops(err) end - return getResponseData(usb) + local usb, err = sendRaw(payload,{ignore_response = false}) + if err then return oops(err) end + return getResponseData(usb) end --- -- select tag and if password is set, authenticate local function connect() - core.clearCommandBuffer() + core.clearCommandBuffer() -- First of all, connect info, err = lib14a.read(true, true) @@ -154,221 +154,221 @@ local function connect() end core.clearCommandBuffer() - --authenticate if needed using global variable - if _password then - send('1B'.._password) - end + --authenticate if needed using global variable + if _password then + send('1B'.._password) + end return true end -- -- Read magic configuration local function read_config() - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - -- read PWD - local pwd = send("30F0"):sub(1,8) + -- read PWD + local pwd = send("30F0"):sub(1,8) - -- 04 response indicates that blocks has been locked down. - if pwd == '04' then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end + -- 04 response indicates that blocks has been locked down. + if pwd == '04' then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end - -- read PACK - local pack = send("30F1"):sub(1,4) + -- read PACK + local pack = send("30F1"):sub(1,4) - -- read SIGNATURE - local signature1 = send('30F2'):sub(1,32) - local signature2 = send('30F6'):sub(1,32) + -- read SIGNATURE + local signature1 = send('30F2'):sub(1,32) + local signature2 = send('30F6'):sub(1,32) - -- read VERSION - local version = send('30FA'):sub(1,16) - -- read config - local cardtype = send('30FC'):sub(1,2) + -- read VERSION + local version = send('30FA'):sub(1,16) + -- read config + local cardtype = send('30FC'):sub(1,2) - local typestr = '' - if cardtype == '00' then typestr = 'NTAG 213' - elseif cardtype == '01' then typestr = 'NTAG 215' - elseif cardtype == '02' then typestr = 'NTAG 216' - end + local typestr = '' + if cardtype == '00' then typestr = 'NTAG 213' + elseif cardtype == '01' then typestr = 'NTAG 215' + elseif cardtype == '02' then typestr = 'NTAG 216' + end - print('Magic NTAG 21* Configuration') - print(' - Type ', typestr, '(genuine cardtype)') - print(' - Password', pwd) - print(' - Pack ', pack) - print(' - Version ', version) - print(' - Signature', signature1..signature2) + print('Magic NTAG 21* Configuration') + print(' - Type ', typestr, '(genuine cardtype)') + print(' - Password', pwd) + print(' - Pack ', pack) + print(' - Version ', version) + print(' - Signature', signature1..signature2) - lib14a.disconnect() - return true, 'Ok' + lib14a.disconnect() + return true, 'Ok' end --- -- Write SIGNATURE data local function write_signature(data) - -- uid string checks - if data == nil then return nil, 'empty data string' end - if #data == 0 then return nil, 'empty data string' end - if #data ~= 64 then return nil, 'data wrong length. Should be 32 hex bytes' end + -- uid string checks + if data == nil then return nil, 'empty data string' end + if #data == 0 then return nil, 'empty data string' end + if #data ~= 64 then return nil, 'data wrong length. Should be 32 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new signature') + print('Writing new signature') - local b,c - local cmd = 'A2F%d%s' - local j = 2 - for i = 1, #data, 8 do - b = data:sub(i,i+7) - c = cmd:format(j,b) - local resp = send(c) - if resp == '04' then lib14a.disconnect(); return nil, 'Failed to write signature' end - j = j + 1 - end - lib14a.disconnect() - return true, 'Ok' + local b,c + local cmd = 'A2F%d%s' + local j = 2 + for i = 1, #data, 8 do + b = data:sub(i,i+7) + c = cmd:format(j,b) + local resp = send(c) + if resp == '04' then lib14a.disconnect(); return nil, 'Failed to write signature' end + j = j + 1 + end + lib14a.disconnect() + return true, 'Ok' end --- -- Write PWD local function write_pwd(pwd) - -- PWD string checks - if pwd == nil then return nil, 'empty PWD string' end - if #pwd == 0 then return nil, 'empty PWD string' end - if #pwd ~= 8 then return nil, 'PWD wrong length. Should be 4 hex bytes' end + -- PWD string checks + if pwd == nil then return nil, 'empty PWD string' end + if #pwd == 0 then return nil, 'empty PWD string' end + if #pwd ~= 8 then return nil, 'PWD wrong length. Should be 4 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new PWD ', pwd) + print('Writing new PWD ', pwd) - local resp = send('A2F0'..pwd) - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write password' - else - return true, 'Ok' - end + local resp = send('A2F0'..pwd) + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to write password' + else + return true, 'Ok' + end end --- -- Write PACK local function write_pack(pack) - -- PACK string checks - if pack == nil then return nil, 'empty PACK string' end - if #pack == 0 then return nil, 'empty PACK string' end - if #pack ~= 4 then return nil, 'PACK wrong length. Should be 4 hex bytes' end + -- PACK string checks + if pack == nil then return nil, 'empty PACK string' end + if #pack == 0 then return nil, 'empty PACK string' end + if #pack ~= 4 then return nil, 'PACK wrong length. Should be 4 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new PACK', pack) + print('Writing new PACK', pack) - local resp = send('A2F1'..pack..'0000') - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write pack' - else - return true, 'Ok' - end + local resp = send('A2F1'..pack..'0000') + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to write pack' + else + return true, 'Ok' + end end -- -- Write OTP block local function write_otp(block3) - -- OTP string checks - if block3 == nil then return nil, 'empty OTP string' end - if #block3 == 0 then return nil, 'empty OTP string' end - if #block3 ~= 8 then return nil, 'OTP wrong length. Should be 4 hex bytes' end + -- OTP string checks + if block3 == nil then return nil, 'empty OTP string' end + if #block3 == 0 then return nil, 'empty OTP string' end + if #block3 ~= 8 then return nil, 'OTP wrong length. Should be 4 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new OTP ', block3) + print('Writing new OTP ', block3) - local resp = send('A203'..block3) - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write OTP' - else - return true, 'Ok' - end + local resp = send('A203'..block3) + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to write OTP' + else + return true, 'Ok' + end end -- -- Writes a UID with bcc1, bcc2. Needs a magic tag. local function write_uid(uid) - -- uid string checks - if uid == nil then return nil, 'empty uid string' end - if #uid == 0 then return nil, 'empty uid string' end - if #uid ~= 14 then return nil, 'uid wrong length. Should be 7 hex bytes' end + -- uid string checks + if uid == nil then return nil, 'empty uid string' end + if #uid == 0 then return nil, 'empty uid string' end + if #uid ~= 14 then return nil, 'uid wrong length. Should be 7 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new UID ', uid) + print('Writing new UID ', uid) - local uidbytes = utils.ConvertHexToBytes(uid) - local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), 0x88) - local bcc2 = bxor(bxor(bxor(uidbytes[4], uidbytes[5]), uidbytes[6]), uidbytes[7]) - local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1) - local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7]) - local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00) - local resp + local uidbytes = utils.ConvertHexToBytes(uid) + local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), 0x88) + local bcc2 = bxor(bxor(bxor(uidbytes[4], uidbytes[5]), uidbytes[6]), uidbytes[7]) + local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1) + local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7]) + local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00) + local resp - resp = send('A200'..block0) - resp = send('A201'..block1) - resp = send('A202'..block2) - lib14a.disconnect() + resp = send('A200'..block0) + resp = send('A201'..block1) + resp = send('A202'..block2) + lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write new uid' - else - return true, 'Ok' - end + if resp == '04' then + return nil, 'Failed to write new uid' + else + return true, 'Ok' + end end --- -- Write VERSION data, -- make sure you have correct version data local function write_version(data) - -- version string checks - if data == nil then return nil, 'empty version string' end - if #data == 0 then return nil, 'empty version string' end - if #data ~= 16 then return nil, 'version wrong length. Should be 8 hex bytes' end + -- version string checks + if data == nil then return nil, 'empty version string' end + if #data == 0 then return nil, 'empty version string' end + if #data ~= 16 then return nil, 'version wrong length. Should be 8 hex bytes' end - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - print('Writing new version', data) + print('Writing new version', data) - local b1 = data:sub(1,8) - local b2 = data:sub(9,16) - local resp - resp = send('A2FA'..b1) - resp = send('A2FB'..b2) - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write version' - else - return true, 'Ok' - end + local b1 = data:sub(1,8) + local b2 = data:sub(9,16) + local resp + resp = send('A2FA'..b1) + resp = send('A2FB'..b2) + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to write version' + else + return true, 'Ok' + end end --- -- writen TYPE which card is based on. -- 00 = 213, 01 = 215, 02 = 216 local function write_type(data) - -- type string checks - if data == nil then return nil, 'empty type string' end - if #data == 0 then return nil, 'empty type string' end - if #data ~= 2 then return nil, 'type wrong length. Should be 1 hex byte' end + -- type string checks + if data == nil then return nil, 'empty type string' end + if #data == 0 then return nil, 'empty type string' end + if #data ~= 2 then return nil, 'type wrong length. Should be 1 hex byte' end local info = connect() if not info then return false, "Can't select card" end - print('Writing new type', data) + print('Writing new type', data) - local resp = send('A2FC'..data..'000000') - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to write type' - else - return true, 'Ok' - end + local resp = send('A2FC'..data..'000000') + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to write type' + else + return true, 'Ok' + end end --- -- Set tag type. Predefinde version data together with magic type set. @@ -376,283 +376,283 @@ end -- we only truely be three types NTAG 213,215 and 216 local function set_type(tagtype) - -- tagtype checks - if type(tagtype) == 'string' then tagtype = tonumber(tagtype, 10) end - if tagtype == nil then return nil, 'empty tagtype' end + -- tagtype checks + if type(tagtype) == 'string' then tagtype = tonumber(tagtype, 10) end + if tagtype == nil then return nil, 'empty tagtype' end - if tagtype == 1 then - print('Setting: UL-EV1 48') - write_otp('00000000') -- Setting OTP to default 00 00 00 00 - write_version('0004030101000b03') -- UL-EV1 (48) 00 04 03 01 01 00 0b 03 - write_type('00') -- based on NTAG213.. + if tagtype == 1 then + print('Setting: UL-EV1 48') + write_otp('00000000') -- Setting OTP to default 00 00 00 00 + write_version('0004030101000b03') -- UL-EV1 (48) 00 04 03 01 01 00 0b 03 + write_type('00') -- based on NTAG213.. - -- Setting UL-Ev1 default config bl 16,17 - connect() - send('a210000000FF') - send('a21100050000') + -- Setting UL-Ev1 default config bl 16,17 + connect() + send('a210000000FF') + send('a21100050000') - elseif tagtype == 2 then - print('Setting: UL-EV1 128') - write_otp('00000000') -- Setting OTP to default 00 00 00 00 - write_version('0004030101000e03') -- UL-EV1 (128) 00 04 03 01 01 00 0e 03 - write_type('01') + elseif tagtype == 2 then + print('Setting: UL-EV1 128') + write_otp('00000000') -- Setting OTP to default 00 00 00 00 + write_version('0004030101000e03') -- UL-EV1 (128) 00 04 03 01 01 00 0e 03 + write_type('01') - -- Setting UL-Ev1 default config bl 37,38 - connect() - send('a225000000FF') - send('a22600050000') - elseif tagtype == 3 then - print('Setting: NTAG 210') - write_version('0004040101000b03') -- NTAG210 00 04 04 01 01 00 0b 03 - write_type('00') + -- Setting UL-Ev1 default config bl 37,38 + connect() + send('a225000000FF') + send('a22600050000') + elseif tagtype == 3 then + print('Setting: NTAG 210') + write_version('0004040101000b03') -- NTAG210 00 04 04 01 01 00 0b 03 + write_type('00') - -- Setting NTAG210 default CC block456 - connect() - send('a203e1100600') - send('a2040300fe00') - send('a20500000000') - -- Setting cfg1/cfg2 - send('a210000000FF') - send('a21100050000') - elseif tagtype == 4 then - print('Setting: NTAG 212') - write_version('0004040101000E03') -- NTAG212 00 04 04 01 01 00 0E 03 - write_type('00') + -- Setting NTAG210 default CC block456 + connect() + send('a203e1100600') + send('a2040300fe00') + send('a20500000000') + -- Setting cfg1/cfg2 + send('a210000000FF') + send('a21100050000') + elseif tagtype == 4 then + print('Setting: NTAG 212') + write_version('0004040101000E03') -- NTAG212 00 04 04 01 01 00 0E 03 + write_type('00') - -- Setting NTAG212 default CC block456 - connect() - send('a203e1101000') - send('a2040103900a') - send('a205340300fe') - -- Setting cfg1/cfg2 - send('a225000000FF') - send('a22600050000') - elseif tagtype == 5 then - print('Setting: NTAG 213') - write_version('0004040201000F03') -- NTAG213 00 04 04 02 01 00 0f 03 - write_type('00') + -- Setting NTAG212 default CC block456 + connect() + send('a203e1101000') + send('a2040103900a') + send('a205340300fe') + -- Setting cfg1/cfg2 + send('a225000000FF') + send('a22600050000') + elseif tagtype == 5 then + print('Setting: NTAG 213') + write_version('0004040201000F03') -- NTAG213 00 04 04 02 01 00 0f 03 + write_type('00') - -- Setting NTAG213 default CC block456 - connect() - send('a203e1101200') - send('a2040103a00c') - send('a205340300fe') - -- setting cfg1/cfg2 - send('a229000000ff') - send('a22a00050000') - elseif tagtype == 6 then - print('Setting: NTAG 215') - write_version('0004040201001103') -- NTAG215 00 04 04 02 01 00 11 03 - write_type('01') + -- Setting NTAG213 default CC block456 + connect() + send('a203e1101200') + send('a2040103a00c') + send('a205340300fe') + -- setting cfg1/cfg2 + send('a229000000ff') + send('a22a00050000') + elseif tagtype == 6 then + print('Setting: NTAG 215') + write_version('0004040201001103') -- NTAG215 00 04 04 02 01 00 11 03 + write_type('01') - -- Setting NTAG215 default CC block456 - connect() - send('a203e1103e00') - send('a2040300fe00') - send('a20500000000') - -- setting cfg1/cfg2 - send('a283000000ff') - send('a28400050000') - elseif tagtype == 7 then - print('Setting: NTAG 216') - write_version('0004040201001303') -- NTAG216 00 04 04 02 01 00 13 03 - write_type('02') + -- Setting NTAG215 default CC block456 + connect() + send('a203e1103e00') + send('a2040300fe00') + send('a20500000000') + -- setting cfg1/cfg2 + send('a283000000ff') + send('a28400050000') + elseif tagtype == 7 then + print('Setting: NTAG 216') + write_version('0004040201001303') -- NTAG216 00 04 04 02 01 00 13 03 + write_type('02') - -- Setting NTAG216 default CC block456 - connect() - send('a203e1106d00') - send('a2040300fe00') - send('a20500000000') - -- setting cfg1/cfg2 - send('a2e3000000ff') - send('a2e400050000') - elseif tagtype == 8 then - print('Setting: NTAG I2C 1K') - write_version('0004040502011303') -- NTAG_I2C_1K 00 04 04 05 02 01 13 03 - write_type('02') + -- Setting NTAG216 default CC block456 + connect() + send('a203e1106d00') + send('a2040300fe00') + send('a20500000000') + -- setting cfg1/cfg2 + send('a2e3000000ff') + send('a2e400050000') + elseif tagtype == 8 then + print('Setting: NTAG I2C 1K') + write_version('0004040502011303') -- NTAG_I2C_1K 00 04 04 05 02 01 13 03 + write_type('02') - -- Setting NTAG I2C 1K default CC block456 - connect() - send('a203e1106D00') - send('a2040300fe00') - send('a20500000000') - elseif tagtype == 9 then - print('Setting: NTAG I2C 2K') - write_version('0004040502011503') -- NTAG_I2C_2K 00 04 04 05 02 01 15 03 - write_type('02') + -- Setting NTAG I2C 1K default CC block456 + connect() + send('a203e1106D00') + send('a2040300fe00') + send('a20500000000') + elseif tagtype == 9 then + print('Setting: NTAG I2C 2K') + write_version('0004040502011503') -- NTAG_I2C_2K 00 04 04 05 02 01 15 03 + write_type('02') - -- Setting NTAG I2C 2K default CC block456 - connect() - send('a203e110EA00') - send('a2040300fe00') - send('a20500000000') - elseif tagtype == 10 then - print('Setting: NTAG I2C plus 1K') - write_version('0004040502021303') -- NTAG_I2C_1K 00 04 04 05 02 02 13 03 - write_type('02') + -- Setting NTAG I2C 2K default CC block456 + connect() + send('a203e110EA00') + send('a2040300fe00') + send('a20500000000') + elseif tagtype == 10 then + print('Setting: NTAG I2C plus 1K') + write_version('0004040502021303') -- NTAG_I2C_1K 00 04 04 05 02 02 13 03 + write_type('02') - -- Setting NTAG I2C 1K default CC block456 - connect() - send('a203e1106D00') - send('a2040300fe00') - send('a20500000000') - elseif tagtype == 11 then - print('Setting: NTAG I2C plus 2K') - write_version('0004040502021503') -- NTAG_I2C_2K 00 04 04 05 02 02 15 03 - write_type('02') + -- Setting NTAG I2C 1K default CC block456 + connect() + send('a203e1106D00') + send('a2040300fe00') + send('a20500000000') + elseif tagtype == 11 then + print('Setting: NTAG I2C plus 2K') + write_version('0004040502021503') -- NTAG_I2C_2K 00 04 04 05 02 02 15 03 + write_type('02') - -- Setting NTAG I2C 2K default CC block456 - connect() - send('a203e1106D00') - send('a2040300fe00') - send('a20500000000') - elseif tagtype == 12 then - print('Setting: NTAG 213F') - write_version('0004040401000F03') -- NTAG213F 00 04 04 04 01 00 0f 03 - write_type('00') + -- Setting NTAG I2C 2K default CC block456 + connect() + send('a203e1106D00') + send('a2040300fe00') + send('a20500000000') + elseif tagtype == 12 then + print('Setting: NTAG 213F') + write_version('0004040401000F03') -- NTAG213F 00 04 04 04 01 00 0f 03 + write_type('00') - -- Setting NTAG213 default CC block456 - connect() - send('a203e1101200') - send('a2040103a00c') - send('a205340300fe') - -- setting cfg1/cfg2 - send('a229000000ff') - send('a22a00050000') - elseif tagtype == 13 then - print('Setting: NTAG 216F') - write_version('0004040401001303') -- NTAG216F 00 04 04 04 01 00 13 03 - write_type('02') + -- Setting NTAG213 default CC block456 + connect() + send('a203e1101200') + send('a2040103a00c') + send('a205340300fe') + -- setting cfg1/cfg2 + send('a229000000ff') + send('a22a00050000') + elseif tagtype == 13 then + print('Setting: NTAG 216F') + write_version('0004040401001303') -- NTAG216F 00 04 04 04 01 00 13 03 + write_type('02') - -- Setting NTAG216 default CC block456 - connect() - send('a203e1106d00') - send('a2040300fe00') - send('a20500000000') - -- setting cfg1/cfg2 - send('a2e3000000ff') - send('a2e400050000') - end + -- Setting NTAG216 default CC block456 + connect() + send('a203e1106d00') + send('a2040300fe00') + send('a20500000000') + -- setting cfg1/cfg2 + send('a2e3000000ff') + send('a2e400050000') + end - lib14a.disconnect() - if resp == '04' then - return nil, 'Failed to set type' - else - return true, 'Ok' - end + lib14a.disconnect() + if resp == '04' then + return nil, 'Failed to set type' + else + return true, 'Ok' + end end --- -- wipe tag local function wipe() - local info = connect() + local info = connect() if not info then return false, "Can't select card" end - local err, msg, resp - local cmd_empty = 'A2%02X00000000' - local cmd_cfg1 = 'A2%02X000000FF' - local cmd_cfg2 = 'A2%02X00050000' + local err, msg, resp + local cmd_empty = 'A2%02X00000000' + local cmd_cfg1 = 'A2%02X000000FF' + local cmd_cfg2 = 'A2%02X00050000' - print('Wiping tag') + print('Wiping tag') - for b = 3, 0xFB do - --configuration block 0 - if b == 0x29 or b == 0x83 or b == 0xe3 then - local cmd = (cmd_cfg1):format(b) - resp = send(cmd) - --configuration block 1 - elseif b == 0x2a or b == 0x84 or b == 0xe4 then - local cmd = (cmd_cfg2):format(b) - resp = send(cmd) - else - resp = send(cmd_empty:format(b)) - end - if resp == '04' or #resp == 0 then - io.write('\nwrote block '..b, ' failed\n') - err = true - else - io.write('.') - end - io.flush() - end - io.write('\r\n') + for b = 3, 0xFB do + --configuration block 0 + if b == 0x29 or b == 0x83 or b == 0xe3 then + local cmd = (cmd_cfg1):format(b) + resp = send(cmd) + --configuration block 1 + elseif b == 0x2a or b == 0x84 or b == 0xe4 then + local cmd = (cmd_cfg2):format(b) + resp = send(cmd) + else + resp = send(cmd_empty:format(b)) + end + if resp == '04' or #resp == 0 then + io.write('\nwrote block '..b, ' failed\n') + err = true + else + io.write('.') + end + io.flush() + end + io.write('\r\n') - lib14a.disconnect() + lib14a.disconnect() - if err then return nil, "Tag locked down, "..err_lock end + if err then return nil, "Tag locked down, "..err_lock end - print('setting default values...') + print('setting default values...') - set_password(nil) + set_password(nil) - -- set NTAG213 default values - err, msg = set_type(5) - if err == nil then return err, msg end + -- set NTAG213 default values + err, msg = set_type(5) + if err == nil then return err, msg end - --set UID - err, msg = write_uid('04112233445566') - if err == nil then return err, msg end + --set UID + err, msg = write_uid('04112233445566') + if err == nil then return err, msg end - --set pwd - err, msg = write_pwd('FFFFFFFF') - if err == nil then return err, msg end + --set pwd + err, msg = write_pwd('FFFFFFFF') + if err == nil then return err, msg end - --set pack - err, msg = write_pack('0000') - if err == nil then return err, msg end + --set pack + err, msg = write_pack('0000') + if err == nil then return err, msg end - return true, 'Ok' + return true, 'Ok' end --- -- The main entry point function main(args) - print( string.rep('--',20) ) - print( string.rep('--',20) ) - print() + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print() - local err, msg + local err, msg - if #args == 0 then return help() end + if #args == 0 then return help() end - -- Read the parameters - for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:w') do + -- Read the parameters + for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:w') do - -- help - if o == "h" then return help() end + -- help + if o == "h" then return help() end - --key - if o == 'k' then err, msg = set_password(a) end + --key + if o == 'k' then err, msg = set_password(a) end - -- configuration - if o == "c" then err, msg = read_config() end + -- configuration + if o == "c" then err, msg = read_config() end - --wipe tag - if o == "w" then err, msg = wipe() end + --wipe tag + if o == "w" then err, msg = wipe() end - -- write uid - if o == "u" then err, msg = write_uid(a) end + -- write uid + if o == "u" then err, msg = write_uid(a) end - -- write type/version - if o == "t" then err, msg = set_type(a) end + -- write type/version + if o == "t" then err, msg = set_type(a) end - -- write pwd - if o == "p" then err, msg = write_pwd(a) end + -- write pwd + if o == "p" then err, msg = write_pwd(a) end - -- write pack - if o == "a" then err, msg = write_pack(a) end + -- write pack + if o == "a" then err, msg = write_pack(a) end - -- write signature - if o == "s" then err, msg = write_signature(a) end + -- write signature + if o == "s" then err, msg = write_signature(a) end - -- write otp - if o == "o" then err, msg = write_otp(a) end + -- write otp + if o == "o" then err, msg = write_otp(a) end - -- write version - if o == "v" then err, msg = write_version(a) end + -- write version + if o == "v" then err, msg = write_version(a) end - if err == nil then return oops(msg) end - end + if err == nil then return oops(msg) end + end end diff --git a/doc/fpga_arm_notes.md b/doc/fpga_arm_notes.md index c066b316b..6aa5b0453 100644 --- a/doc/fpga_arm_notes.md +++ b/doc/fpga_arm_notes.md @@ -65,37 +65,37 @@ ARM, send a 16bit configuration with fits the select major mode. ## ARM GPIO setup ``` - // First configure the GPIOs, and get ourselves a clock. - AT91C_BASE_PIOA->PIO_ASR = - GPIO_SSC_FRAME | - GPIO_SSC_DIN | - GPIO_SSC_DOUT | - GPIO_SSC_CLK; - AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; + // First configure the GPIOs, and get ourselves a clock. + AT91C_BASE_PIOA->PIO_ASR = + GPIO_SSC_FRAME | + GPIO_SSC_DIN | + GPIO_SSC_DOUT | + GPIO_SSC_CLK; + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); - // Now set up the SSC proper, starting from a known state. - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + // Now set up the SSC proper, starting from a known state. + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - // RX clock comes from TX clock, RX starts on Transmit Start, - // data and frame signal is sampled on falling edge of RK - AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); + // RX clock comes from TX clock, RX starts on Transmit Start, + // data and frame signal is sampled on falling edge of RK + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); - // 8, 16 or 32 bits per transfer, no loopback, MSB first, 1 transfer per sync - // pulse, no output sync - if ((FPGA_mode & FPGA_MAJOR_MODE_MASK) == FPGA_MAJOR_MODE_HF_READER && FpgaGetCurrent() == FPGA_BITSTREAM_HF) { - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); - } else { - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); - } + // 8, 16 or 32 bits per transfer, no loopback, MSB first, 1 transfer per sync + // pulse, no output sync + if ((FPGA_mode & FPGA_MAJOR_MODE_MASK) == FPGA_MAJOR_MODE_HF_READER && FpgaGetCurrent() == FPGA_BITSTREAM_HF) { + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); + } else { + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); + } - // TX clock comes from TK pin, no clock output, outputs change on rising edge of TK, - // TF (frame sync) is sampled on falling edge of TK, start TX on rising edge of TF - AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5); + // TX clock comes from TK pin, no clock output, outputs change on rising edge of TK, + // TF (frame sync) is sampled on falling edge of TK, start TX on rising edge of TF + AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5); - // tx framing is the same as the rx framing - AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; + // tx framing is the same as the rx framing + AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; ``` diff --git a/fpga/fpga_felica.v b/fpga/fpga_felica.v index a569e9f5b..2cdc0bdbe 100644 --- a/fpga/fpga_felica.v +++ b/fpga/fpga_felica.v @@ -154,22 +154,22 @@ wire [3:0] minor_mode = conf_word[3:0]; // 000 - HF reader hi_reader hr( - ck_1356megb, - hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, - adc_d, hr_adc_clk, - hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, - hr_dbg, - subcarrier_frequency, minor_mode + ck_1356megb, + hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, + adc_d, hr_adc_clk, + hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, + hr_dbg, + subcarrier_frequency, minor_mode ); // 001 - HF simulated tag hi_simulate hs( - ck_1356meg, + ck_1356meg, hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4, adc_d, hs_adc_clk, hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk, hs_dbg, - minor_mode + minor_mode ); // 011 - HF sniff @@ -192,9 +192,9 @@ hi_flite hfl( // 101 - HF get trace hi_get_trace gt( - ck_1356megb, - adc_d, trace_enable, major_mode, - gt_ssp_frame, gt_ssp_din, gt_ssp_clk + ck_1356megb, + adc_d, trace_enable, major_mode, + gt_ssp_frame, gt_ssp_din, gt_ssp_clk ); // Major modes: diff --git a/fpga/fpga_hf.v b/fpga/fpga_hf.v index 8659fe4e2..684f38f70 100644 --- a/fpga/fpga_hf.v +++ b/fpga/fpga_hf.v @@ -156,32 +156,32 @@ wire [3:0] minor_mode = conf_word[3:0]; // 000 - HF reader hi_reader hr( - ck_1356megb, - hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, - adc_d, hr_adc_clk, - hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, - hr_dbg, - subcarrier_frequency, minor_mode + ck_1356megb, + hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, + adc_d, hr_adc_clk, + hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, + hr_dbg, + subcarrier_frequency, minor_mode ); // 001 - HF simulated tag hi_simulate hs( - ck_1356meg, + ck_1356meg, hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4, adc_d, hs_adc_clk, hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk, hs_dbg, - minor_mode + minor_mode ); // 010 - HF ISO14443-A hi_iso14443a hisn( - ck_1356meg, + ck_1356meg, hisn_pwr_lo, hisn_pwr_hi, hisn_pwr_oe1, hisn_pwr_oe2, hisn_pwr_oe3, hisn_pwr_oe4, adc_d, hisn_adc_clk, hisn_ssp_frame, hisn_ssp_din, ssp_dout, hisn_ssp_clk, hisn_dbg, - minor_mode + minor_mode ); // 011 - HF sniff @@ -206,9 +206,9 @@ hi_flite hfl( // 101 - HF get trace hi_get_trace gt( - ck_1356megb, - adc_d, trace_enable, major_mode, - gt_ssp_frame, gt_ssp_din, gt_ssp_clk + ck_1356megb, + adc_d, trace_enable, major_mode, + gt_ssp_frame, gt_ssp_din, gt_ssp_clk ); // Major modes: diff --git a/fpga/hi_get_trace.v b/fpga/hi_get_trace.v index aae4054cf..03a96af96 100644 --- a/fpga/hi_get_trace.v +++ b/fpga/hi_get_trace.v @@ -10,25 +10,25 @@ module hi_get_trace( ); input ck_1356megb; input [7:0] adc_d; - input trace_enable; - input [2:0] major_mode; + input trace_enable; + input [2:0] major_mode; output ssp_frame, ssp_din, ssp_clk; // clock divider reg [6:0] clock_cnt; always @(negedge ck_1356megb) begin - clock_cnt <= clock_cnt + 1; + clock_cnt <= clock_cnt + 1; end // sample at 13,56MHz / 8. The highest signal frequency (subcarrier) is 848,5kHz, i.e. in this case we oversample by a factor of 2 reg [2:0] sample_clock; always @(negedge ck_1356megb) begin - if (sample_clock == 3'd7) - sample_clock <= 3'd0; - else - sample_clock <= sample_clock + 1; + if (sample_clock == 3'd7) + sample_clock <= 3'd0; + else + sample_clock <= sample_clock + 1; end @@ -39,65 +39,65 @@ reg write_enable1; reg write_enable2; always @(negedge ck_1356megb) begin - previous_major_mode <= major_mode; - if (major_mode == `FPGA_MAJOR_MODE_HF_GET_TRACE) - begin - write_enable1 <= 1'b0; - write_enable2 <= 1'b0; - if (previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched into GET_TRACE mode - addr <= start_addr; - if (clock_cnt == 7'd0) - begin - if (addr == 12'd3071) - addr <= 12'd0; - else - addr <= addr + 1; - end - end - else if (major_mode != `FPGA_MAJOR_MODE_OFF) - begin - if (trace_enable) - begin - if (addr[11] == 1'b0) - begin - write_enable1 <= 1'b1; - write_enable2 <= 1'b0; - end - else - begin - write_enable1 <= 1'b0; - write_enable2 <= 1'b1; - end - if (sample_clock == 3'b000) - begin - if (addr == 12'd3071) - begin - addr <= 12'd0; - write_enable1 <= 1'b1; - write_enable2 <= 1'b0; - end - else - begin - addr <= addr + 1; - end - end - end - else - begin - write_enable1 <= 1'b0; - write_enable2 <= 1'b0; - start_addr <= addr; - end - end - else // major_mode == `FPGA_MAJOR_MODE_OFF - begin - write_enable1 <= 1'b0; - write_enable2 <= 1'b0; - if (previous_major_mode != `FPGA_MAJOR_MODE_OFF && previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched off + previous_major_mode <= major_mode; + if (major_mode == `FPGA_MAJOR_MODE_HF_GET_TRACE) + begin + write_enable1 <= 1'b0; + write_enable2 <= 1'b0; + if (previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched into GET_TRACE mode + addr <= start_addr; + if (clock_cnt == 7'd0) + begin + if (addr == 12'd3071) + addr <= 12'd0; + else + addr <= addr + 1; + end + end + else if (major_mode != `FPGA_MAJOR_MODE_OFF) + begin + if (trace_enable) + begin + if (addr[11] == 1'b0) + begin + write_enable1 <= 1'b1; + write_enable2 <= 1'b0; + end + else + begin + write_enable1 <= 1'b0; + write_enable2 <= 1'b1; + end + if (sample_clock == 3'b000) + begin + if (addr == 12'd3071) begin - start_addr <= addr; + addr <= 12'd0; + write_enable1 <= 1'b1; + write_enable2 <= 1'b0; end - end + else + begin + addr <= addr + 1; + end + end + end + else + begin + write_enable1 <= 1'b0; + write_enable2 <= 1'b0; + start_addr <= addr; + end + end + else // major_mode == `FPGA_MAJOR_MODE_OFF + begin + write_enable1 <= 1'b0; + write_enable2 <= 1'b0; + if (previous_major_mode != `FPGA_MAJOR_MODE_OFF && previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched off + begin + start_addr <= addr; + end + end end @@ -108,20 +108,20 @@ reg [7:0] ram2 [1023:0]; // 1024 u8 always @(negedge ck_1356megb) begin - if (write_enable1) - begin - ram1[addr[10:0]] <= adc_d; - D_out1 <= adc_d; - end - else - D_out1 <= ram1[addr[10:0]]; - if (write_enable2) + if (write_enable1) + begin + ram1[addr[10:0]] <= adc_d; + D_out1 <= adc_d; + end + else + D_out1 <= ram1[addr[10:0]]; + if (write_enable2) begin - ram2[addr[9:0]] <= adc_d; - D_out2 <= adc_d; - end - else - D_out2 <= ram2[addr[9:0]]; + ram2[addr[9:0]] <= adc_d; + D_out2 <= adc_d; + end + else + D_out2 <= ram2[addr[9:0]]; end @@ -133,27 +133,27 @@ reg [7:0] shift_out; always @(negedge ck_1356megb) begin if (clock_cnt[3:0] == 4'd0) // update shift register every 16 clock cycles - begin - if (clock_cnt[6:4] == 3'd0) // either load new value - begin + begin + if (clock_cnt[6:4] == 3'd0) // either load new value + begin if (addr[11] == 1'b0) shift_out <= D_out1; else shift_out <= D_out2; - end - else + end + else begin // or shift left shift_out[7:1] <= shift_out[6:0]; end - end + end - ssp_clk <= ~clock_cnt[3]; // ssp_clk frequency = 13,56MHz / 16 = 847,5 kHz + ssp_clk <= ~clock_cnt[3]; // ssp_clk frequency = 13,56MHz / 16 = 847,5 kHz - if (clock_cnt[6:4] == 3'b000) // set ssp_frame for 0...31 - ssp_frame <= 1'b1; - else - ssp_frame <= 1'b0; + if (clock_cnt[6:4] == 3'b000) // set ssp_frame for 0...31 + ssp_frame <= 1'b1; + else + ssp_frame <= 1'b0; end diff --git a/fpga/hi_iso14443a.v b/fpga/hi_iso14443a.v index 21aa118d2..98a2d3930 100644 --- a/fpga/hi_iso14443a.v +++ b/fpga/hi_iso14443a.v @@ -142,7 +142,7 @@ begin end // adjust internal timer counter if necessary: - if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation) + if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation) begin if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time. begin @@ -176,7 +176,7 @@ reg [3:0] mod_detect_reset_time; always @(negedge adc_clk) begin - if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) + if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks). // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e. @@ -186,7 +186,7 @@ begin mod_detect_reset_time <= 4'd4; end else - if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) + if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) begin // detect a rising edge of reader's signal and sync modulation detector to the tag's answer: if (~pre_after_hysteresis && after_hysteresis && deep_modulation) @@ -354,7 +354,7 @@ reg mod_sig_coil; always @(negedge adc_clk) begin - if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing + if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing begin if(fdt_counter == `FDT_COUNT) begin @@ -429,7 +429,7 @@ always @(negedge adc_clk) begin if (negedge_cnt[5:0] == 6'd63) // fill the buffer begin - if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) + if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) begin if(deep_modulation) // a reader is sending (or there's no field at all) begin @@ -446,7 +446,7 @@ begin end end - if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed + if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed begin // Don't shift if we just loaded new data, obviously. if(negedge_cnt[5:0] != 6'd0) @@ -455,7 +455,7 @@ begin end end - if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER) + if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER) begin // Don't shift if we just loaded new data, obviously. if(negedge_cnt[6:0] != 7'd0) @@ -475,8 +475,8 @@ reg ssp_frame; always @(negedge adc_clk) begin - if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) - // FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)): + if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) + // FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)): begin if(negedge_cnt[2:0] == 3'd0) ssp_clk <= 1'b1; @@ -496,7 +496,7 @@ begin if(negedge_cnt[3:0] == 4'd8) ssp_clk <= 1'b0; - if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk + if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk ssp_frame <= 1'b1; if(negedge_cnt[6:0] == 7'd23) ssp_frame <= 1'b0; @@ -516,23 +516,23 @@ begin if(negedge_cnt[3:0] == 4'd0) begin // What do we communicate to the ARM - if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) + if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) sendbit = after_hysteresis; - else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) + else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) /* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh? else */ sendbit = fdt_indicator; - else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) + else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) sendbit = curbit; else sendbit = 1'b0; end - if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) + if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) // send sampled reader and tag data: bit_to_arm = to_arm[7]; - else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset) + else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset) // send timing information: bit_to_arm = to_arm[7]; else diff --git a/fpga/hi_reader.v b/fpga/hi_reader.v index b90f9a99c..c5ffa7b85 100644 --- a/fpga/hi_reader.v +++ b/fpga/hi_reader.v @@ -19,7 +19,7 @@ module hi_reader( output ssp_frame, ssp_din, ssp_clk; output dbg; input [1:0] subcarrier_frequency; - input [3:0] minor_mode; + input [3:0] minor_mode; assign adc_clk = ck_1356meg; // sample frequency is 13,56 MHz @@ -58,7 +58,7 @@ end reg [5:0] corr_i_cnt; always @(negedge adc_clk) begin - corr_i_cnt <= corr_i_cnt + 1; + corr_i_cnt <= corr_i_cnt + 1; end @@ -83,28 +83,28 @@ reg [12:0] min_ci_cq_2; // min_ci_cq / 2 always @(*) begin - if (corr_i_accum[13] == 1'b0) - abs_ci <= corr_i_accum; - else - abs_ci <= -corr_i_accum; + if (corr_i_accum[13] == 1'b0) + abs_ci <= corr_i_accum; + else + abs_ci <= -corr_i_accum; - if (corr_q_accum[13] == 1'b0) - abs_cq <= corr_q_accum; - else - abs_cq <= -corr_q_accum; + if (corr_q_accum[13] == 1'b0) + abs_cq <= corr_q_accum; + else + abs_cq <= -corr_q_accum; - if (abs_ci > abs_cq) - begin - max_ci_cq <= abs_ci; - min_ci_cq_2 <= abs_cq / 2; - end - else - begin - max_ci_cq <= abs_cq; - min_ci_cq_2 <= abs_ci / 2; - end + if (abs_ci > abs_cq) + begin + max_ci_cq <= abs_ci; + min_ci_cq_2 <= abs_cq / 2; + end + else + begin + max_ci_cq <= abs_cq; + min_ci_cq_2 <= abs_ci / 2; + end - corr_amplitude <= max_ci_cq + min_ci_cq_2; + corr_amplitude <= max_ci_cq + min_ci_cq_2; end @@ -115,21 +115,21 @@ reg subcarrier_Q; always @(*) begin - if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_848_KHZ) - begin - subcarrier_I = ~corr_i_cnt[3]; - subcarrier_Q = ~(corr_i_cnt[3] ^ corr_i_cnt[2]); - end - else if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_212_KHZ) - begin - subcarrier_I = ~corr_i_cnt[5]; - subcarrier_Q = ~(corr_i_cnt[5] ^ corr_i_cnt[4]); - end - else - begin // 424 kHz - subcarrier_I = ~corr_i_cnt[4]; - subcarrier_Q = ~(corr_i_cnt[4] ^ corr_i_cnt[3]); - end + if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_848_KHZ) + begin + subcarrier_I = ~corr_i_cnt[3]; + subcarrier_Q = ~(corr_i_cnt[3] ^ corr_i_cnt[2]); + end + else if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_212_KHZ) + begin + subcarrier_I = ~corr_i_cnt[5]; + subcarrier_Q = ~(corr_i_cnt[5] ^ corr_i_cnt[4]); + end + else + begin // 424 kHz + subcarrier_I = ~corr_i_cnt[4]; + subcarrier_Q = ~(corr_i_cnt[4] ^ corr_i_cnt[3]); + end end @@ -143,64 +143,64 @@ begin begin if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE) begin - // send amplitude plus 2 bits reader signal - corr_i_out <= corr_amplitude[13:6]; - corr_q_out <= {corr_amplitude[5:0], after_hysteresis_prev_prev, after_hysteresis_prev}; - end - else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ) - begin + // send amplitude plus 2 bits reader signal + corr_i_out <= corr_amplitude[13:6]; + corr_q_out <= {corr_amplitude[5:0], after_hysteresis_prev_prev, after_hysteresis_prev}; + end + else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ) + begin - // Send 7 most significant bits of in phase tag signal (signed), plus 1 bit reader signal - if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) - corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev}; - else // truncate to maximum value - if (corr_i_accum[13] == 1'b0) - corr_i_out <= {7'b0111111, after_hysteresis_prev_prev}; - else - corr_i_out <= {7'b1000000, after_hysteresis_prev_prev}; + // Send 7 most significant bits of in phase tag signal (signed), plus 1 bit reader signal + if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) + corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev}; + else // truncate to maximum value + if (corr_i_accum[13] == 1'b0) + corr_i_out <= {7'b0111111, after_hysteresis_prev_prev}; + else + corr_i_out <= {7'b1000000, after_hysteresis_prev_prev}; - // Send 7 most significant bits of quadrature phase tag signal (signed), plus 1 bit reader signal - if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) - corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev}; - else // truncate to maximum value - if (corr_q_accum[13] == 1'b0) - corr_q_out <= {7'b0111111, after_hysteresis_prev}; - else - corr_q_out <= {7'b1000000, after_hysteresis_prev}; - end + // Send 7 most significant bits of quadrature phase tag signal (signed), plus 1 bit reader signal + if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) + corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev}; + else // truncate to maximum value + if (corr_q_accum[13] == 1'b0) + corr_q_out <= {7'b0111111, after_hysteresis_prev}; + else + corr_q_out <= {7'b1000000, after_hysteresis_prev}; + end else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE) begin - // send amplitude - corr_i_out <= {2'b00, corr_amplitude[13:8]}; - corr_q_out <= corr_amplitude[7:0]; - end - else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_IQ) - begin + // send amplitude + corr_i_out <= {2'b00, corr_amplitude[13:8]}; + corr_q_out <= corr_amplitude[7:0]; + end + else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_IQ) + begin - // Send 8 bits of in phase tag signal - if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) - corr_i_out <= corr_i_accum[11:4]; - else // truncate to maximum value - if (corr_i_accum[13] == 1'b0) - corr_i_out <= 8'b01111111; - else - corr_i_out <= 8'b10000000; + // Send 8 bits of in phase tag signal + if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) + corr_i_out <= corr_i_accum[11:4]; + else // truncate to maximum value + if (corr_i_accum[13] == 1'b0) + corr_i_out <= 8'b01111111; + else + corr_i_out <= 8'b10000000; - // Send 8 bits of quadrature phase tag signal - if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) - corr_q_out <= corr_q_accum[11:4]; - else // truncate to maximum value - if (corr_q_accum[13] == 1'b0) - corr_q_out <= 8'b01111111; - else - corr_q_out <= 8'b10000000; - end + // Send 8 bits of quadrature phase tag signal + if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) + corr_q_out <= corr_q_accum[11:4]; + else // truncate to maximum value + if (corr_q_accum[13] == 1'b0) + corr_q_out <= 8'b01111111; + else + corr_q_out <= 8'b10000000; + end - // for each Q/I pair report two reader signal samples when sniffing. Store the 1st. - after_hysteresis_prev_prev <= after_hysteresis; + // for each Q/I pair report two reader signal samples when sniffing. Store the 1st. + after_hysteresis_prev_prev <= after_hysteresis; - // Initialize next correlation. - // Both I and Q reference signals are high when corr_i_nct == 0. Therefore need to accumulate. + // Initialize next correlation. + // Both I and Q reference signals are high when corr_i_nct == 0. Therefore need to accumulate. corr_i_accum <= $signed({1'b0, adc_d}); corr_q_accum <= $signed({1'b0, adc_d}); end @@ -217,14 +217,14 @@ begin corr_q_accum <= corr_q_accum - $signed({1'b0, adc_d}); end - // for each Q/I pair report two reader signal samples when sniffing. Store the 2nd. + // for each Q/I pair report two reader signal samples when sniffing. Store the 2nd. if (corr_i_cnt == 6'd32) after_hysteresis_prev <= after_hysteresis; // Then the result from last time is serialized and send out to the ARM. // We get one report each cycle, and each report is 16 bits, so the // ssp_clk should be the adc_clk divided by 64/16 = 4. - // ssp_clk frequency = 13,56MHz / 4 = 3.39MHz + // ssp_clk frequency = 13,56MHz / 4 = 3.39MHz if (corr_i_cnt[1:0] == 2'b00) begin @@ -261,8 +261,8 @@ begin if (corr_i_cnt[1:0] == 2'b10) ssp_clk <= 1'b0; - // set ssp_frame signal for corr_i_cnt = 1..3 - // (send one frame with 16 Bits) + // set ssp_frame signal for corr_i_cnt = 1..3 + // (send one frame with 16 Bits) if (corr_i_cnt == 6'd1) ssp_frame <= 1'b1; @@ -280,11 +280,11 @@ reg [3:0] jam_counter; always @(negedge adc_clk) begin - if (corr_i_cnt == 6'd0) - begin - jam_counter <= jam_counter + 1; - jam_signal <= jam_counter[1] ^ jam_counter[3]; - end + if (corr_i_cnt == 6'd0) + begin + jam_counter <= jam_counter + 1; + jam_signal <= jam_counter[1] ^ jam_counter[3]; + end end // Antenna drivers @@ -303,22 +303,22 @@ begin pwr_oe4 = 1'b0; end else if (minor_mode == `FPGA_HF_READER_MODE_SEND_JAM) - begin + begin pwr_hi = ck_1356meg & jam_signal; pwr_oe4 = 1'b0; - end - else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ - || minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE - || minor_mode == `FPGA_HF_READER_MODE_SNIFF_PHASE) - begin // all off - pwr_hi = 1'b0; - pwr_oe4 = 1'b0; - end - else // receiving from tag - begin - pwr_hi = ck_1356meg; - pwr_oe4 = 1'b0; - end + end + else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ + || minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE + || minor_mode == `FPGA_HF_READER_MODE_SNIFF_PHASE) + begin // all off + pwr_hi = 1'b0; + pwr_oe4 = 1'b0; + end + else // receiving from tag + begin + pwr_hi = ck_1356meg; + pwr_oe4 = 1'b0; + end end // always on diff --git a/fpga/hi_simulate.v b/fpga/hi_simulate.v index 87a3aa39e..33a6cf26c 100644 --- a/fpga/hi_simulate.v +++ b/fpga/hi_simulate.v @@ -35,8 +35,8 @@ module hi_simulate( // Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can // always be low. -assign pwr_hi = 1'b0; // HF antenna connected to GND -assign pwr_lo = 1'b0; // LF antenna connected to GND +assign pwr_hi = 1'b0; // HF antenna connected to GND +assign pwr_lo = 1'b0; // LF antenna connected to GND // This one is all LF, so doesn't matter assign pwr_oe2 = 1'b0; @@ -53,7 +53,7 @@ begin if (& adc_d[7:5]) after_hysteresis <= 1'b1; // if (adc_d >= 224) else if (~(| adc_d[7:5])) after_hysteresis <= 1'b0; // if (adc_d <= 31) - if (adc_d >= 224) + if (adc_d >= 224) begin has_been_low_for <= 12'd0; end @@ -65,9 +65,9 @@ begin after_hysteresis <= 1'b1; end else - begin + begin has_been_low_for <= has_been_low_for + 1; - end + end end end @@ -100,20 +100,20 @@ end reg ssp_frame; always @(negedge adc_clk) begin - if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K) - begin - if (ssp_clk_divider[8:5] == 4'd1) - ssp_frame <= 1'b1; - if (ssp_clk_divider[8:5] == 4'd5) - ssp_frame <= 1'b0; - end + if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K) + begin + if (ssp_clk_divider[8:5] == 4'd1) + ssp_frame <= 1'b1; + if (ssp_clk_divider[8:5] == 4'd5) + ssp_frame <= 1'b0; + end else - begin - if (ssp_clk_divider[7:4] == 4'd1) - ssp_frame <= 1'b1; - if (ssp_clk_divider[7:4] == 4'd5) - ssp_frame <= 1'b0; - end + begin + if (ssp_clk_divider[7:4] == 4'd1) + ssp_frame <= 1'b1; + if (ssp_clk_divider[7:4] == 4'd5) + ssp_frame <= 1'b0; + end end @@ -143,6 +143,6 @@ always @(*) assign pwr_oe1 = 1'b0; // 33 Ohms Load assign pwr_oe4 = modulating_carrier; // 33 Ohms Load // This one is always on, so that we can watch the carrier. -assign pwr_oe3 = 1'b0; // 10k Load +assign pwr_oe3 = 1'b0; // 10k Load endmodule diff --git a/tools/hitag2crack/common/hitagcrypto.c b/tools/hitag2crack/common/hitagcrypto.c index 03341f216..a4b63c366 100644 --- a/tools/hitag2crack/common/hitagcrypto.c +++ b/tools/hitag2crack/common/hitagcrypto.c @@ -188,7 +188,7 @@ HITAG 2 256 Bit total memory Read/Write 8 pages of 32 bits, inc UID (32), - secret key (64), password (24), config (8) + secret key (64), password (24), config (8) HITAG S 32 32 bits Unique Identifier Read Only HITAG S 256 256 bits total memory Read/Write @@ -227,9 +227,9 @@ static uint32_t hitag2_crypt(uint64_t x); static uint32_t hitag2_crypt(uint64_t x) { - const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 - const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 - const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 + const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 + const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 + const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 uint32_t bitindex; bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1; diff --git a/tools/hitag2crack/common/hitagcrypto.h b/tools/hitag2crack/common/hitagcrypto.h index 274d3d82c..76350eb7c 100644 --- a/tools/hitag2crack/common/hitagcrypto.h +++ b/tools/hitag2crack/common/hitagcrypto.h @@ -132,7 +132,7 @@ #ifndef HITAGCRYPTO_H -#define HITAGCRYPTO_H +#define HITAGCRYPTO_H #include @@ -163,5 +163,5 @@ void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, ui uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps); -#endif /* HITAGCRYPTO_H */ +#endif /* HITAGCRYPTO_H */ diff --git a/tools/mf_nonce_brute/iso14443crc.h b/tools/mf_nonce_brute/iso14443crc.h index e9a82d521..5dbe125f4 100644 --- a/tools/mf_nonce_brute/iso14443crc.h +++ b/tools/mf_nonce_brute/iso14443crc.h @@ -13,9 +13,9 @@ // Routines to compute the CRCs (two different flavours, just for confusion) // required for ISO 14443, swiped directly from the spec. //----------------------------------------------------------------------------- -#define CRC_14443_A 0x6363 /* ITU-V.41 */ -#define CRC_14443_B 0xFFFF /* ISO/IEC 13239 (formerly ISO/IEC 3309) */ -#define CRC_ICLASS 0xE012 /* ICLASS PREFIX */ +#define CRC_14443_A 0x6363 /* ITU-V.41 */ +#define CRC_14443_B 0xFFFF /* ISO/IEC 13239 (formerly ISO/IEC 3309) */ +#define CRC_ICLASS 0xE012 /* ICLASS PREFIX */ void ComputeCrc14443(int CrcType, const unsigned char *Data, int Length, diff --git a/tools/mf_nonce_brute/protocol.h b/tools/mf_nonce_brute/protocol.h index 4f7f8b7e0..50784392f 100644 --- a/tools/mf_nonce_brute/protocol.h +++ b/tools/mf_nonce_brute/protocol.h @@ -4,8 +4,8 @@ #define ISO14443A_CMD_READBLOCK 0x30 #define ISO14443A_CMD_WRITEBLOCK 0xA0 -#define MIFARE_AUTH_KEYA 0x60 -#define MIFARE_AUTH_KEYB 0x61 +#define MIFARE_AUTH_KEYA 0x60 +#define MIFARE_AUTH_KEYB 0x61 #define MIFARE_CMD_INC 0xC0 #define MIFARE_CMD_DEC 0xC1 #define MIFARE_CMD_RESTORE 0xC2 diff --git a/tools/mf_nonce_brute/sleep.c b/tools/mf_nonce_brute/sleep.c index 0dd4c089d..2a98b10b8 100644 --- a/tools/mf_nonce_brute/sleep.c +++ b/tools/mf_nonce_brute/sleep.c @@ -10,7 +10,7 @@ #ifndef _WIN32 -#define _POSIX_C_SOURCE 199309L +#define _POSIX_C_SOURCE 199309L #include "sleep.h" #include #include