github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

get rid of tabs

Browse source
This commit is contained in:
Philippe Teuwen 2020-10-06 20:44:23 +02:00
commit 491adacb94
18 changed files with 998 additions and 998 deletions
Download patch file Download diff file Expand all files Collapse all files

40
armsrc/iso14443b.c
View file

@ -752,26 +752,26 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) {
// The soft decision on the bit uses an estimate of just the // The soft decision on the bit uses an estimate of just the
// quadrant of the reference angle, not the exact angle. // quadrant of the reference angle, not the exact angle.
#define MAKE_SOFT_DECISION() { \ #define MAKE_SOFT_DECISION() { \
if(Demod.sumI > 0) { \ if(Demod.sumI > 0) { \
v = ci; \ v = ci; \
} else { \ } else { \
v = -ci; \ v = -ci; \
} \ } \
if(Demod.sumQ > 0) { \ if(Demod.sumQ > 0) { \
v += cq; \ v += cq; \
} else { \ } else { \
v -= cq; \ v -= cq; \
} \ } \
} }
#define SUBCARRIER_DETECT_THRESHOLD 8 #define SUBCARRIER_DETECT_THRESHOLD 8
// Subcarrier amplitude v = sqrt(ci^2 + cq^2), approximated here by max(abs(ci),abs(cq)) + 1/2*min(abs(ci),abs(cq))) // Subcarrier amplitude v = sqrt(ci^2 + cq^2), approximated here by max(abs(ci),abs(cq)) + 1/2*min(abs(ci),abs(cq)))
#define AMPLITUDE(ci,cq) (MAX(ABS(ci),ABS(cq)) + (MIN(ABS(ci),ABS(cq))/2)) #define AMPLITUDE(ci,cq) (MAX(ABS(ci),ABS(cq)) + (MIN(ABS(ci),ABS(cq))/2))
switch (Demod.state) { switch (Demod.state) {
case DEMOD_UNSYNCD: { case DEMOD_UNSYNCD: {
if (AMPLITUDE(ci, cq) > SUBCARRIER_DETECT_THRESHOLD) { // subcarrier detected if (AMPLITUDE(ci, cq) > SUBCARRIER_DETECT_THRESHOLD) { // subcarrier detected
Demod.state = DEMOD_PHASE_REF_TRAINING; Demod.state = DEMOD_PHASE_REF_TRAINING;
Demod.sumI = ci; Demod.sumI = ci;
Demod.sumQ = cq; Demod.sumQ = cq;
@ -799,7 +799,7 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) {
} else { } else {
// at this point it can be start of 14b' data or start of 14b SOF // at this point it can be start of 14b' data or start of 14b SOF
MAKE_SOFT_DECISION(); MAKE_SOFT_DECISION();
Demod.posCount = 1; // this was the first half Demod.posCount = 1; // this was the first half
Demod.thisBit = v; Demod.thisBit = v;
Demod.shiftReg = 0; Demod.shiftReg = 0;
Demod.state = DEMOD_RECEIVING_DATA; Demod.state = DEMOD_RECEIVING_DATA;
@ -815,7 +815,7 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) {
Demod.posCount++; Demod.posCount++;
MAKE_SOFT_DECISION(); MAKE_SOFT_DECISION();
if (v > 0) { if (v > 0) {
if (Demod.posCount > 3 * 2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs if (Demod.posCount > 3 * 2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs
LED_C_OFF(); LED_C_OFF();
if (Demod.bitCount == 0 && Demod.len == 0) { // received SOF only, this is valid for iClass/Picopass if (Demod.bitCount == 0 && Demod.len == 0) { // received SOF only, this is valid for iClass/Picopass
return true; return true;
@ -823,8 +823,8 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) {
Demod.state = DEMOD_UNSYNCD; Demod.state = DEMOD_UNSYNCD;
} }
} }
} else { // start bit detected } else { // start bit detected
Demod.posCount = 1; // this was the first half Demod.posCount = 1; // this was the first half
Demod.thisBit = v; Demod.thisBit = v;
Demod.shiftReg = 0; Demod.shiftReg = 0;
Demod.state = DEMOD_RECEIVING_DATA; Demod.state = DEMOD_RECEIVING_DATA;
@ -857,14 +857,14 @@ static RAMFUNC int Handle14443bSamplesFromTag(int ci, int cq) {
MAKE_SOFT_DECISION(); MAKE_SOFT_DECISION();
if (Demod.posCount == 0) { // first half of bit if (Demod.posCount == 0) { // first half of bit
Demod.thisBit = v; Demod.thisBit = v;
Demod.posCount = 1; Demod.posCount = 1;
} else { // second half of bit } else { // second half of bit
Demod.thisBit += v; Demod.thisBit += v;
Demod.shiftReg >>= 1; Demod.shiftReg >>= 1;
if (Demod.thisBit > 0) { // logic '1' if (Demod.thisBit > 0) { // logic '1'
Demod.shiftReg |= 0x200; Demod.shiftReg |= 0x200;
} }

176
armsrc/iso15693.c
View file

@ -1883,112 +1883,112 @@ void LockPassSlixIso15693(uint32_t pass_id, uint32_t password) {
LED_A_ON(); LED_A_ON();
uint8_t cmd_inventory[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1, 0x01, 0x00, 0x00, 0x00 }; uint8_t cmd_inventory[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1, 0x01, 0x00, 0x00, 0x00 };
uint8_t cmd_get_rnd[] = {ISO15693_REQ_DATARATE_HIGH, 0xB2, 0x04, 0x00, 0x00 }; uint8_t cmd_get_rnd[] = {ISO15693_REQ_DATARATE_HIGH, 0xB2, 0x04, 0x00, 0x00 };
uint8_t cmd_set_pass[] = {ISO15693_REQ_DATARATE_HIGH, 0xB3, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t cmd_set_pass[] = {ISO15693_REQ_DATARATE_HIGH, 0xB3, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
//uint8_t cmd_write_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB4, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; //uint8_t cmd_write_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB4, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t cmd_lock_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB5, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00 }; uint8_t cmd_lock_pass[] = {ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS, 0xB5, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00 };
uint16_t crc; uint16_t crc;
int recvlen = 0; int recvlen = 0;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint32_t start_time = 0; uint32_t start_time = 0;
bool done = false; bool done = false;
// setup 'get random number' command // setup 'get random number' command
crc = Iso15693Crc(cmd_get_rnd, 3); crc = Iso15693Crc(cmd_get_rnd, 3);
cmd_get_rnd[3] = crc & 0xff; cmd_get_rnd[3] = crc & 0xff;
cmd_get_rnd[4] = crc >> 8; cmd_get_rnd[4] = crc >> 8;
Dbprintf("LockPass: Press button lock password, long-press to terminate."); Dbprintf("LockPass: Press button lock password, long-press to terminate.");
while (!done) { while (!done) {
LED_D_ON(); LED_D_ON();
switch(BUTTON_HELD(1000)) { switch(BUTTON_HELD(1000)) {
case BUTTON_SINGLE_CLICK: case BUTTON_SINGLE_CLICK:
Dbprintf("LockPass: Reset 'DONE'-LED (A)"); Dbprintf("LockPass: Reset 'DONE'-LED (A)");
LED_A_OFF(); LED_A_OFF();
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
break; break;
case BUTTON_HOLD: case BUTTON_HOLD:
Dbprintf("LockPass: Terminating"); Dbprintf("LockPass: Terminating");
done = true; done = true;
break; break;
default: default:
SpinDelay(50); SpinDelay(50);
continue; continue;
} }
if (done) [ if (done) [
break; break;
} }
recvlen = SendDataTag(cmd_get_rnd, sizeof(cmd_get_rnd), true, true, recvbuf, sizeof(recvbuf), start_time); recvlen = SendDataTag(cmd_get_rnd, sizeof(cmd_get_rnd), true, true, recvbuf, sizeof(recvbuf), start_time);
if (recvlen != 5) { if (recvlen != 5) {
LED_C_ON(); LED_C_ON();
} else { } else {
Dbprintf("LockPass: Received random 0x%02X%02X (%d)", recvbuf[1], recvbuf[2], recvlen); Dbprintf("LockPass: Received random 0x%02X%02X (%d)", recvbuf[1], recvbuf[2], recvlen);
// setup 'set password' command // setup 'set password' command
cmd_set_pass[4] = ((password>>0) &0xFF) ^ recvbuf[1]; cmd_set_pass[4] = ((password>>0) &0xFF) ^ recvbuf[1];
cmd_set_pass[5] = ((password>>8) &0xFF) ^ recvbuf[2]; cmd_set_pass[5] = ((password>>8) &0xFF) ^ recvbuf[2];
cmd_set_pass[6] = ((password>>16) &0xFF) ^ recvbuf[1]; cmd_set_pass[6] = ((password>>16) &0xFF) ^ recvbuf[1];
cmd_set_pass[7] = ((password>>24) &0xFF) ^ recvbuf[2]; cmd_set_pass[7] = ((password>>24) &0xFF) ^ recvbuf[2];
crc = Iso15693Crc(cmd_set_pass, 8); crc = Iso15693Crc(cmd_set_pass, 8);
cmd_set_pass[8] = crc & 0xff; cmd_set_pass[8] = crc & 0xff;
cmd_set_pass[9] = crc >> 8; cmd_set_pass[9] = crc >> 8;
Dbprintf("LockPass: Sending old password to end privacy mode", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7]); Dbprintf("LockPass: Sending old password to end privacy mode", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7]);
recvlen = SendDataTag(cmd_set_pass, sizeof(cmd_set_pass), false, true, recvbuf, sizeof(recvbuf), start_time); recvlen = SendDataTag(cmd_set_pass, sizeof(cmd_set_pass), false, true, recvbuf, sizeof(recvbuf), start_time);
if (recvlen != 3) { if (recvlen != 3) {
Dbprintf("LockPass: Failed to set password (%d)", recvlen); Dbprintf("LockPass: Failed to set password (%d)", recvlen);
LED_B_ON(); LED_B_ON();
} else { } else {
crc = Iso15693Crc(cmd_inventory, 3); crc = Iso15693Crc(cmd_inventory, 3);
cmd_inventory[3] = crc & 0xff; cmd_inventory[3] = crc & 0xff;
cmd_inventory[4] = crc >> 8; cmd_inventory[4] = crc >> 8;
Dbprintf("LockPass: Searching for tag..."); Dbprintf("LockPass: Searching for tag...");
recvlen = SendDataTag(cmd_inventory, sizeof(cmd_inventory), false, true, recvbuf, sizeof(recvbuf), start_time); recvlen = SendDataTag(cmd_inventory, sizeof(cmd_inventory), false, true, recvbuf, sizeof(recvbuf), start_time);
if (recvlen != 12) { if (recvlen != 12) {
Dbprintf("LockPass: Failed to read inventory (%d)", recvlen); Dbprintf("LockPass: Failed to read inventory (%d)", recvlen);
LED_B_ON(); LED_B_ON();
LED_C_ON(); LED_C_ON();
} else { } else {
Dbprintf("LockPass: Answer from %02X%02X%02X%02X%02X%02X%02X%02X", recvbuf[9], recvbuf[8], recvbuf[7], recvbuf[6], recvbuf[5], recvbuf[4], recvbuf[3], recvbuf[2]); Dbprintf("LockPass: Answer from %02X%02X%02X%02X%02X%02X%02X%02X", recvbuf[9], recvbuf[8], recvbuf[7], recvbuf[6], recvbuf[5], recvbuf[4], recvbuf[3], recvbuf[2]);
memcpy(&cmd_lock_pass[3], &recvbuf[2], 8); memcpy(&cmd_lock_pass[3], &recvbuf[2], 8);
cmd_lock_pass[8+3] = pass_id; cmd_lock_pass[8+3] = pass_id;
crc = Iso15693Crc(cmd_lock_pass, 8+4); crc = Iso15693Crc(cmd_lock_pass, 8+4);
cmd_lock_pass[8+4] = crc & 0xff; cmd_lock_pass[8+4] = crc & 0xff;
cmd_lock_pass[8+5] = crc >> 8; cmd_lock_pass[8+5] = crc >> 8;
Dbprintf("LockPass: locking to password 0x%02X%02X%02X%02X for ID %02X", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7], pass_id); Dbprintf("LockPass: locking to password 0x%02X%02X%02X%02X for ID %02X", cmd_set_pass[4], cmd_set_pass[5], cmd_set_pass[6], cmd_set_pass[7], pass_id);
recvlen = SendDataTag(cmd_lock_pass, sizeof(cmd_lock_pass), false, true, recvbuf, sizeof(recvbuf), start_time); recvlen = SendDataTag(cmd_lock_pass, sizeof(cmd_lock_pass), false, true, recvbuf, sizeof(recvbuf), start_time);
if (recvlen != 3) { if (recvlen != 3) {
Dbprintf("LockPass: Failed to lock password (%d)", recvlen); Dbprintf("LockPass: Failed to lock password (%d)", recvlen);
} else { } else {
Dbprintf("LockPass: Successful (%d)", recvlen); Dbprintf("LockPass: Successful (%d)", recvlen);
} }
LED_A_ON(); LED_A_ON();
} }
} } } }
} }
Dbprintf("LockPass: Finishing"); Dbprintf("LockPass: Finishing");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen); cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen);
LED_A_OFF(); LED_A_OFF();
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
LED_D_OFF(); LED_D_OFF();
} }
*/ */

310
client/luascripts/hf_mf_dump-luxeo.lua
View file

@ -77,65 +77,65 @@ local function setdevicedebug( status )
end end
local function xteaCrypt(num_rounds, v, key) local function xteaCrypt(num_rounds, v, key)
local v0 = v[0] local v0 = v[0]
local v1 = v[1] local v1 = v[1]
local delta = 0x9E3779B9 local delta = 0x9E3779B9
local sum = 0 local sum = 0
for i = 0, num_rounds-1 do for i = 0, num_rounds-1 do
-- v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); -- v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
v0 = band(bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]) + v0, 0xFFFFFFFF) v0 = band(bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]) + v0, 0xFFFFFFFF)
sum = band(sum + delta, 0xFFFFFFFF) sum = band(sum + delta, 0xFFFFFFFF)
-- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); -- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF) v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF)
end end
v[0] = v0 v[0] = v0
v[1] = v1 v[1] = v1
end end
local function xteaDecrypt(num_rounds, v, key) local function xteaDecrypt(num_rounds, v, key)
local v0 = v[0] local v0 = v[0]
local v1 = v[1] local v1 = v[1]
local delta = 0x9E3779B9 local delta = 0x9E3779B9
local sum = band(delta * num_rounds, 0xFFFFFFFF) local sum = band(delta * num_rounds, 0xFFFFFFFF)
for i = 0, num_rounds-1 do for i = 0, num_rounds-1 do
-- v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); -- v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
v1 = band(v1 - bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]), 0xFFFFFFFF) v1 = band(v1 - bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]), 0xFFFFFFFF)
sum = band(sum - delta, 0xFFFFFFFF) sum = band(sum - delta, 0xFFFFFFFF)
-- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); -- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF) v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF)
end end
v[0] = v0 v[0] = v0
v[1] = v1 v[1] = v1
end end
local function createxteakey(mfuid) local function createxteakey(mfuid)
local xteakey = {} local xteakey = {}
local buid = {} local buid = {}
local tmpkey = {} local tmpkey = {}
local uid = {} local uid = {}
-- Warning ! "it is customary in Lua to START ARRAYS WITH ONE" -- Warning ! "it is customary in Lua to START ARRAYS WITH ONE"
buid = utils.ConvertHexToBytes(mfuid) buid = utils.ConvertHexToBytes(mfuid)
uid[0] = bor(buid[1], lsh(buid[2], 8)) uid[0] = bor(buid[1], lsh(buid[2], 8))
uid[1] = bor(buid[3], lsh(buid[4], 8)) uid[1] = bor(buid[3], lsh(buid[4], 8))
tmpkey[0] = 0x198B tmpkey[0] = 0x198B
tmpkey[1] = uid[0] tmpkey[1] = uid[0]
tmpkey[2] = 0x46D8 tmpkey[2] = 0x46D8
tmpkey[3] = uid[1] tmpkey[3] = uid[1]
tmpkey[4] = 0x5310 tmpkey[4] = 0x5310
tmpkey[5] = bxor(uid[0], 0xA312) tmpkey[5] = bxor(uid[0], 0xA312)
tmpkey[6] = 0xFFCB tmpkey[6] = 0xFFCB
tmpkey[7] = bxor(uid[1], 0x55AA) tmpkey[7] = bxor(uid[1], 0x55AA)
xteakey[0] = bor(lsh(tmpkey[1], 16), tmpkey[0]) xteakey[0] = bor(lsh(tmpkey[1], 16), tmpkey[0])
xteakey[1] = bor(lsh(tmpkey[3], 16), tmpkey[2]) xteakey[1] = bor(lsh(tmpkey[3], 16), tmpkey[2])
xteakey[2] = bor(lsh(tmpkey[5], 16), tmpkey[4]) xteakey[2] = bor(lsh(tmpkey[5], 16), tmpkey[4])
xteakey[3] = bor(lsh(tmpkey[7], 16), tmpkey[6]) xteakey[3] = bor(lsh(tmpkey[7], 16), tmpkey[6])
return xteakey return xteakey
end end
local function getblockdata(response) local function getblockdata(response)
@ -160,38 +160,38 @@ local function readblock(blockno, key)
end end
local function readtag(mfkey,xteakey) local function readtag(mfkey,xteakey)
local tagdata = {} local tagdata = {}
local cleardata = {} local cleardata = {}
local v = {} local v = {}
local vv = {} local vv = {}
-- Read 4 sectors and build table -- Read 4 sectors and build table
for sect = 8, 11 do for sect = 8, 11 do
for blockn = sect * 4, (sect * 4) + 2 do for blockn = sect * 4, (sect * 4) + 2 do
local blockdata = readblock(blockn, mfkey) local blockdata = readblock(blockn, mfkey)
if not blockdata then return oops('[!] failed reading block') end if not blockdata then return oops('[!] failed reading block') end
table.insert(tagdata, blockdata) table.insert(tagdata, blockdata)
end end
end end
-- Decrypt data and build clear table -- Decrypt data and build clear table
for key,value in ipairs(tagdata) do for key,value in ipairs(tagdata) do
local clearblockdata local clearblockdata
v[0] = utils.SwapEndianness(value:sub(1, 8), 32) v[0] = utils.SwapEndianness(value:sub(1, 8), 32)
v[1] = utils.SwapEndianness(value:sub(9, 16), 32) v[1] = utils.SwapEndianness(value:sub(9, 16), 32)
xteaDecrypt(16, v, xteakey) xteaDecrypt(16, v, xteakey)
vv[0] = utils.SwapEndianness(value:sub(17, 24), 32) vv[0] = utils.SwapEndianness(value:sub(17, 24), 32)
vv[1] = utils.SwapEndianness(value:sub(25, 32), 32) vv[1] = utils.SwapEndianness(value:sub(25, 32), 32)
xteaDecrypt(16, vv, xteakey) xteaDecrypt(16, vv, xteakey)
clearblockdata=string.format("%08X%08X%08X%08X", clearblockdata=string.format("%08X%08X%08X%08X",
utils.SwapEndianness(string.format("%08X", v[0]), 32), utils.SwapEndianness(string.format("%08X", v[0]), 32),
utils.SwapEndianness(string.format("%08X", v[1]), 32), utils.SwapEndianness(string.format("%08X", v[1]), 32),
utils.SwapEndianness(string.format("%08X", vv[0]), 32), utils.SwapEndianness(string.format("%08X", vv[0]), 32),
utils.SwapEndianness(string.format("%08X", vv[1]), 32)) utils.SwapEndianness(string.format("%08X", vv[1]), 32))
table.insert(cleardata, clearblockdata) table.insert(cleardata, clearblockdata)
end end
return tagdata,cleardata return tagdata,cleardata
end end
@ -203,98 +203,98 @@ local function main(args)
if o == 'h' then return help() end if o == 'h' then return help() end
end end
local xteakey = {} local xteakey = {}
-- local v = {} -- local v = {}
local edata = {} local edata = {}
local cdata = {} local cdata = {}
-- Turn off Debug -- Turn off Debug
setdevicedebug(false) setdevicedebug(false)
-- GET TAG UID -- GET TAG UID
tag, err = lib14a.read(false, true) tag, err = lib14a.read(false, true)
if err then if err then
lib14a.disconnect() lib14a.disconnect()
return oops(err) return oops(err)
end end
core.clearCommandBuffer() core.clearCommandBuffer()
-- simple tag check -- simple tag check
if 0x08 ~= tag.sak then if 0x08 ~= tag.sak then
if 0x0400 ~= tag.atqa then if 0x0400 ~= tag.atqa then
return oops(('[fail] found tag %s :: looking for Mifare S50 1k'):format(tag.name)) return oops(('[fail] found tag %s :: looking for Mifare S50 1k'):format(tag.name))
end end
end end
xteakey = createxteakey(tag.uid) xteakey = createxteakey(tag.uid)
print(acblue.."UID: "..tag.uid..acoff) print(acblue.."UID: "..tag.uid..acoff)
print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff) print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff)
edata, cdata = readtag("415A54454B4D", xteakey) edata, cdata = readtag("415A54454B4D", xteakey)
if edata == nil or cdata == nil then if edata == nil or cdata == nil then
print("ERROR Reading tag!") print("ERROR Reading tag!")
return nil return nil
end end
print("Ciphered data:") print("Ciphered data:")
for key,value in ipairs(edata) do for key,value in ipairs(edata) do
print(value) print(value)
if key % 3 == 0 then print("") end if key % 3 == 0 then print("") end
end end
-- compute CRC for each segment -- compute CRC for each segment
crcH = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[1]..cdata[2]..cdata[3]:sub(1,28), false, '0'),16) crcH = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[1]..cdata[2]..cdata[3]:sub(1,28), false, '0'),16)
crcA = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[4]..cdata[5]..cdata[6]..cdata[7]:sub(1,28), false, '0'),16) crcA = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[4]..cdata[5]..cdata[6]..cdata[7]:sub(1,28), false, '0'),16)
crcB = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[8]..cdata[9]..cdata[10]..cdata[11]:sub(1,28), false, '0'),16) crcB = utils.SwapEndianness(core.reveng_runmodel("CRC-16/ARC", cdata[8]..cdata[9]..cdata[10]..cdata[11]:sub(1,28), false, '0'),16)
print("\nHeader:") print("\nHeader:")
for key,value in ipairs(cdata) do for key,value in ipairs(cdata) do
if key == 3 then if key == 3 then
print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff)
if utils.SwapEndianness(value:sub(29,32),16) == crcH then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end if utils.SwapEndianness(value:sub(29,32),16) == crcH then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end
print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcH)..strcrc..acoff) print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcH)..strcrc..acoff)
print("\nDataA:") print("\nDataA:")
elseif key == 4 then elseif key == 4 then
print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32))
versionA = utils.SwapEndianness(value:sub(1,4),16) versionA = utils.SwapEndianness(value:sub(1,4),16)
dateA = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), dateA = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10),
tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10),
tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10))
elseif key == 8 then elseif key == 8 then
print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32)) print(acgreen..value:sub(1,4)..acoff..value:sub(5,16)..accyan..value:sub(17,24)..acoff..value:sub(25,26)..accyan..value:sub(27,28)..acoff..value:sub(29,32))
versionB = utils.SwapEndianness(value:sub(1,4),16) versionB = utils.SwapEndianness(value:sub(1,4),16)
dateB = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10), dateB = string.format("%d/%02d/%02d %02d:%02d", tonumber(value:sub(17,18),10)+2000, tonumber(value:sub(19,20),10),
tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10), tonumber(string.format("%02X", band(tonumber(value:sub(21,22),16),0x3f)),10),
tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10)) tonumber(value:sub(23,24),10), tonumber(value:sub(27,28),10))
elseif key == 5 then elseif key == 5 then
print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) print(acyellow..value:sub(1,4)..acoff..value:sub(5,32))
creditA = utils.SwapEndianness(value:sub(1,4),16)/100 creditA = utils.SwapEndianness(value:sub(1,4),16)/100
elseif key == 9 then elseif key == 9 then
print(acyellow..value:sub(1,4)..acoff..value:sub(5,32)) print(acyellow..value:sub(1,4)..acoff..value:sub(5,32))
creditB = utils.SwapEndianness(value:sub(1,4),16)/100 creditB = utils.SwapEndianness(value:sub(1,4),16)/100
elseif key == 7 then elseif key == 7 then
print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff)
print(acgreen.."Version "..string.format("0x%04X", versionA)..acoff) print(acgreen.."Version "..string.format("0x%04X", versionA)..acoff)
print(acyellow.."Credit : "..creditA..acoff) print(acyellow.."Credit : "..creditA..acoff)
if utils.SwapEndianness(value:sub(29,32),16) == crcA then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end if utils.SwapEndianness(value:sub(29,32),16) == crcA then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end
print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcA)..strcrc..acoff) print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcA)..strcrc..acoff)
print(accyan.."Date: "..dateA..acoff) print(accyan.."Date: "..dateA..acoff)
print("\nDataB:") print("\nDataB:")
elseif key == 11 then elseif key == 11 then
print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff) print(value:sub(1,28)..acmagenta..value:sub(29,32)..acoff)
print(acgreen.."Version "..string.format("0x%04X", versionB)..acoff) print(acgreen.."Version "..string.format("0x%04X", versionB)..acoff)
print(acyellow.."Credit : "..creditB..acoff) print(acyellow.."Credit : "..creditB..acoff)
if utils.SwapEndianness(value:sub(29,32),16) == crcB then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end if utils.SwapEndianness(value:sub(29,32),16) == crcB then strcrc = " OK" else strcrc = acred.." CRCERROR !!" end
print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcB)..strcrc..acoff) print(acmagenta.."CRC16/ARC = "..string.format("0x%04X", crcB)..strcrc..acoff)
print(accyan.."Date: "..dateB..acoff) print(accyan.."Date: "..dateB..acoff)
print("\nFooter:") print("\nFooter:")
else else
print(value) print(value)
end end
end end
return return
end end
main(args) main(args)

20
client/luascripts/hf_mf_gen3_writer.lua
View file

@ -34,7 +34,7 @@ version = 'v1.0.0'
desc = [[ desc = [[
This script gives you an easy way to write your *.eml dumps into normal MIFARE Classic and Magic Gen3 cards. This script gives you an easy way to write your *.eml dumps into normal MIFARE Classic and Magic Gen3 cards.
Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards. Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards.
The script also has the possibility to change UID and permanent lock uid on magic Gen3 cards. The script also has the possibility to change UID and permanent lock uid on magic Gen3 cards.
It supports the following functionality. It supports the following functionality.
@ -47,18 +47,18 @@ desc = [[
Script works in a wizard styled way. Script works in a wizard styled way.
Author Youtube channel: https://yev.ooo/ Author Youtube channel: https://yev.ooo/
Many Thanks, Many Thanks,
Best Regards Best Regards
]] ]]
example = [[ example = [[
1. script run mfc_gen3_writer 1. script run mfc_gen3_writer
]] ]]
usage = [[ usage = [[
Give script to know if you uses an Windows OS Give script to know if you uses an Windows OS
Select your *.eml dump from list to write to the card. Select your *.eml dump from list to write to the card.
Follow the wizard. Follow the wizard.
]] ]]
-- --
--- ---
@ -163,9 +163,9 @@ end
-- --
local function KeyAB() local function KeyAB()
if default_key_type == '00' then if default_key_type == '00' then
return 'KeyA' return 'KeyA'
else else
return 'KeyB' return 'KeyB'
end end
end end
-- --
@ -265,7 +265,7 @@ local function main(args)
eml_file_uid_end = 22 eml_file_uid_end = 22
eml_file_lengt = 31 eml_file_lengt = 31
else else
eml_file_uid_start = 9 eml_file_uid_start = 9
eml_file_uid_end = 16 eml_file_uid_end = 16
eml_file_lengt = 25 eml_file_lengt = 25
end end
@ -366,7 +366,7 @@ local function main(args)
print(tab) print(tab)
-- --
if checkkey() == true then if checkkey() == true then
print(tab) print(tab)
if (utils.confirm(' Card is Empty. Write selected dump to card ?') == true) then if (utils.confirm(' Card is Empty. Write selected dump to card ?') == true) then
for i = 1, #eml do for i = 1, #eml do
core.console(string.format(cmd_wrbl_b, (i-1), default_key, eml[i])) core.console(string.format(cmd_wrbl_b, (i-1), default_key, eml[i]))

2
client/luascripts/hf_mf_uidbruteforce.lua
View file

@ -114,7 +114,7 @@ local function main(args)
local c = string.format( command, n ) local c = string.format( command, n )
print('Running: "'..c..'"') print('Running: "'..c..'"')
core.console(c) core.console(c)
core.console('msleep '..timeout); core.console('msleep '..timeout);
core.console('hw ping') core.console('hw ping')
end end

864
client/luascripts/hf_mfu_magicwrite.lua
View file

File diff suppressed because it is too large Load diff

50
doc/fpga_arm_notes.md
View file

@ -65,37 +65,37 @@ ARM, send a 16bit configuration with fits the select major mode.
## ARM GPIO setup ## ARM GPIO setup
``` ```
// First configure the GPIOs, and get ourselves a clock. // First configure the GPIOs, and get ourselves a clock.
AT91C_BASE_PIOA->PIO_ASR = AT91C_BASE_PIOA->PIO_ASR =
GPIO_SSC_FRAME | GPIO_SSC_FRAME |
GPIO_SSC_DIN | GPIO_SSC_DIN |
GPIO_SSC_DOUT | GPIO_SSC_DOUT |
GPIO_SSC_CLK; GPIO_SSC_CLK;
AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
// Now set up the SSC proper, starting from a known state. // Now set up the SSC proper, starting from a known state.
AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
// RX clock comes from TX clock, RX starts on Transmit Start, // RX clock comes from TX clock, RX starts on Transmit Start,
// data and frame signal is sampled on falling edge of RK // data and frame signal is sampled on falling edge of RK
AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
// 8, 16 or 32 bits per transfer, no loopback, MSB first, 1 transfer per sync // 8, 16 or 32 bits per transfer, no loopback, MSB first, 1 transfer per sync
// pulse, no output sync // pulse, no output sync
if ((FPGA_mode & FPGA_MAJOR_MODE_MASK) == FPGA_MAJOR_MODE_HF_READER && FpgaGetCurrent() == FPGA_BITSTREAM_HF) { if ((FPGA_mode & FPGA_MAJOR_MODE_MASK) == FPGA_MAJOR_MODE_HF_READER && FpgaGetCurrent() == FPGA_BITSTREAM_HF) {
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
} else { } else {
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
} }
// TX clock comes from TK pin, no clock output, outputs change on rising edge of TK, // TX clock comes from TK pin, no clock output, outputs change on rising edge of TK,
// TF (frame sync) is sampled on falling edge of TK, start TX on rising edge of TF // TF (frame sync) is sampled on falling edge of TK, start TX on rising edge of TF
AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5); AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
// tx framing is the same as the rx framing // tx framing is the same as the rx framing
AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
``` ```

22
fpga/fpga_felica.v
View file

@ -154,22 +154,22 @@ wire [3:0] minor_mode = conf_word[3:0];
// 000 - HF reader // 000 - HF reader
hi_reader hr( hi_reader hr(
ck_1356megb, ck_1356megb,
hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4,
adc_d, hr_adc_clk, adc_d, hr_adc_clk,
hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk,
hr_dbg, hr_dbg,
subcarrier_frequency, minor_mode subcarrier_frequency, minor_mode
); );
// 001 - HF simulated tag // 001 - HF simulated tag
hi_simulate hs( hi_simulate hs(
ck_1356meg, ck_1356meg,
hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4, hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4,
adc_d, hs_adc_clk, adc_d, hs_adc_clk,
hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk, hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk,
hs_dbg, hs_dbg,
minor_mode minor_mode
); );
// 011 - HF sniff // 011 - HF sniff
@ -192,9 +192,9 @@ hi_flite hfl(
// 101 - HF get trace // 101 - HF get trace
hi_get_trace gt( hi_get_trace gt(
ck_1356megb, ck_1356megb,
adc_d, trace_enable, major_mode, adc_d, trace_enable, major_mode,
gt_ssp_frame, gt_ssp_din, gt_ssp_clk gt_ssp_frame, gt_ssp_din, gt_ssp_clk
); );
// Major modes: // Major modes:

26
fpga/fpga_hf.v
View file

@ -156,32 +156,32 @@ wire [3:0] minor_mode = conf_word[3:0];
// 000 - HF reader // 000 - HF reader
hi_reader hr( hi_reader hr(
ck_1356megb, ck_1356megb,
hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4, hr_pwr_lo, hr_pwr_hi, hr_pwr_oe1, hr_pwr_oe2, hr_pwr_oe3, hr_pwr_oe4,
adc_d, hr_adc_clk, adc_d, hr_adc_clk,
hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk, hr_ssp_frame, hr_ssp_din, ssp_dout, hr_ssp_clk,
hr_dbg, hr_dbg,
subcarrier_frequency, minor_mode subcarrier_frequency, minor_mode
); );
// 001 - HF simulated tag // 001 - HF simulated tag
hi_simulate hs( hi_simulate hs(
ck_1356meg, ck_1356meg,
hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4, hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4,
adc_d, hs_adc_clk, adc_d, hs_adc_clk,
hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk, hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk,
hs_dbg, hs_dbg,
minor_mode minor_mode
); );
// 010 - HF ISO14443-A // 010 - HF ISO14443-A
hi_iso14443a hisn( hi_iso14443a hisn(
ck_1356meg, ck_1356meg,
hisn_pwr_lo, hisn_pwr_hi, hisn_pwr_oe1, hisn_pwr_oe2, hisn_pwr_oe3, hisn_pwr_oe4, hisn_pwr_lo, hisn_pwr_hi, hisn_pwr_oe1, hisn_pwr_oe2, hisn_pwr_oe3, hisn_pwr_oe4,
adc_d, hisn_adc_clk, adc_d, hisn_adc_clk,
hisn_ssp_frame, hisn_ssp_din, ssp_dout, hisn_ssp_clk, hisn_ssp_frame, hisn_ssp_din, ssp_dout, hisn_ssp_clk,
hisn_dbg, hisn_dbg,
minor_mode minor_mode
); );
// 011 - HF sniff // 011 - HF sniff
@ -206,9 +206,9 @@ hi_flite hfl(
// 101 - HF get trace // 101 - HF get trace
hi_get_trace gt( hi_get_trace gt(
ck_1356megb, ck_1356megb,
adc_d, trace_enable, major_mode, adc_d, trace_enable, major_mode,
gt_ssp_frame, gt_ssp_din, gt_ssp_clk gt_ssp_frame, gt_ssp_din, gt_ssp_clk
); );
// Major modes: // Major modes:

176
fpga/hi_get_trace.v
View file

@ -10,25 +10,25 @@ module hi_get_trace(
); );
input ck_1356megb; input ck_1356megb;
input [7:0] adc_d; input [7:0] adc_d;
input trace_enable; input trace_enable;
input [2:0] major_mode; input [2:0] major_mode;
output ssp_frame, ssp_din, ssp_clk; output ssp_frame, ssp_din, ssp_clk;
// clock divider // clock divider
reg [6:0] clock_cnt; reg [6:0] clock_cnt;
always @(negedge ck_1356megb) always @(negedge ck_1356megb)
begin begin
clock_cnt <= clock_cnt + 1; clock_cnt <= clock_cnt + 1;
end end
// sample at 13,56MHz / 8. The highest signal frequency (subcarrier) is 848,5kHz, i.e. in this case we oversample by a factor of 2 // sample at 13,56MHz / 8. The highest signal frequency (subcarrier) is 848,5kHz, i.e. in this case we oversample by a factor of 2
reg [2:0] sample_clock; reg [2:0] sample_clock;
always @(negedge ck_1356megb) always @(negedge ck_1356megb)
begin begin
if (sample_clock == 3'd7) if (sample_clock == 3'd7)
sample_clock <= 3'd0; sample_clock <= 3'd0;
else else
sample_clock <= sample_clock + 1; sample_clock <= sample_clock + 1;
end end
@ -39,65 +39,65 @@ reg write_enable1;
reg write_enable2; reg write_enable2;
always @(negedge ck_1356megb) always @(negedge ck_1356megb)
begin begin
previous_major_mode <= major_mode; previous_major_mode <= major_mode;
if (major_mode == `FPGA_MAJOR_MODE_HF_GET_TRACE) if (major_mode == `FPGA_MAJOR_MODE_HF_GET_TRACE)
begin begin
write_enable1 <= 1'b0; write_enable1 <= 1'b0;
write_enable2 <= 1'b0; write_enable2 <= 1'b0;
if (previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched into GET_TRACE mode if (previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched into GET_TRACE mode
addr <= start_addr; addr <= start_addr;
if (clock_cnt == 7'd0) if (clock_cnt == 7'd0)
begin begin
if (addr == 12'd3071) if (addr == 12'd3071)
addr <= 12'd0; addr <= 12'd0;
else else
addr <= addr + 1; addr <= addr + 1;
end end
end end
else if (major_mode != `FPGA_MAJOR_MODE_OFF) else if (major_mode != `FPGA_MAJOR_MODE_OFF)
begin begin
if (trace_enable) if (trace_enable)
begin begin
if (addr[11] == 1'b0) if (addr[11] == 1'b0)
begin begin
write_enable1 <= 1'b1; write_enable1 <= 1'b1;
write_enable2 <= 1'b0; write_enable2 <= 1'b0;
end end
else else
begin begin
write_enable1 <= 1'b0; write_enable1 <= 1'b0;
write_enable2 <= 1'b1; write_enable2 <= 1'b1;
end end
if (sample_clock == 3'b000) if (sample_clock == 3'b000)
begin begin
if (addr == 12'd3071) if (addr == 12'd3071)
begin
addr <= 12'd0;
write_enable1 <= 1'b1;
write_enable2 <= 1'b0;
end
else
begin
addr <= addr + 1;
end
end
end
else
begin
write_enable1 <= 1'b0;
write_enable2 <= 1'b0;
start_addr <= addr;
end
end
else // major_mode == `FPGA_MAJOR_MODE_OFF
begin
write_enable1 <= 1'b0;
write_enable2 <= 1'b0;
if (previous_major_mode != `FPGA_MAJOR_MODE_OFF && previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched off
begin begin
start_addr <= addr; addr <= 12'd0;
write_enable1 <= 1'b1;
write_enable2 <= 1'b0;
end end
end else
begin
addr <= addr + 1;
end
end
end
else
begin
write_enable1 <= 1'b0;
write_enable2 <= 1'b0;
start_addr <= addr;
end
end
else // major_mode == `FPGA_MAJOR_MODE_OFF
begin
write_enable1 <= 1'b0;
write_enable2 <= 1'b0;
if (previous_major_mode != `FPGA_MAJOR_MODE_OFF && previous_major_mode != `FPGA_MAJOR_MODE_HF_GET_TRACE) // just switched off
begin
start_addr <= addr;
end
end
end end
@ -108,20 +108,20 @@ reg [7:0] ram2 [1023:0]; // 1024 u8
always @(negedge ck_1356megb) always @(negedge ck_1356megb)
begin begin
if (write_enable1) if (write_enable1)
begin begin
ram1[addr[10:0]] <= adc_d; ram1[addr[10:0]] <= adc_d;
D_out1 <= adc_d; D_out1 <= adc_d;
end end
else else
D_out1 <= ram1[addr[10:0]]; D_out1 <= ram1[addr[10:0]];
if (write_enable2) if (write_enable2)
begin begin
ram2[addr[9:0]] <= adc_d; ram2[addr[9:0]] <= adc_d;
D_out2 <= adc_d; D_out2 <= adc_d;
end end
else else
D_out2 <= ram2[addr[9:0]]; D_out2 <= ram2[addr[9:0]];
end end
@ -133,27 +133,27 @@ reg [7:0] shift_out;
always @(negedge ck_1356megb) always @(negedge ck_1356megb)
begin begin
if (clock_cnt[3:0] == 4'd0) // update shift register every 16 clock cycles if (clock_cnt[3:0] == 4'd0) // update shift register every 16 clock cycles
begin begin
if (clock_cnt[6:4] == 3'd0) // either load new value if (clock_cnt[6:4] == 3'd0) // either load new value
begin begin
if (addr[11] == 1'b0) if (addr[11] == 1'b0)
shift_out <= D_out1; shift_out <= D_out1;
else else
shift_out <= D_out2; shift_out <= D_out2;
end end
else else
begin begin
// or shift left // or shift left
shift_out[7:1] <= shift_out[6:0]; shift_out[7:1] <= shift_out[6:0];
end end
end end
ssp_clk <= ~clock_cnt[3]; // ssp_clk frequency = 13,56MHz / 16 = 847,5 kHz ssp_clk <= ~clock_cnt[3]; // ssp_clk frequency = 13,56MHz / 16 = 847,5 kHz
if (clock_cnt[6:4] == 3'b000) // set ssp_frame for 0...31 if (clock_cnt[6:4] == 3'b000) // set ssp_frame for 0...31
ssp_frame <= 1'b1; ssp_frame <= 1'b1;
else else
ssp_frame <= 1'b0; ssp_frame <= 1'b0;
end end

30
fpga/hi_iso14443a.v
View file

@ -142,7 +142,7 @@ begin
end end
// adjust internal timer counter if necessary: // adjust internal timer counter if necessary:
if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation) if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation)
begin begin
if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time. if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time.
begin begin
@ -176,7 +176,7 @@ reg [3:0] mod_detect_reset_time;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN)
// (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by
// 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks). // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks).
// To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e. // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e.
@ -186,7 +186,7 @@ begin
mod_detect_reset_time <= 4'd4; mod_detect_reset_time <= 4'd4;
end end
else else
if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) if (mod_type == `FPGA_HF_ISO14443A_SNIFFER)
begin begin
// detect a rising edge of reader's signal and sync modulation detector to the tag's answer: // detect a rising edge of reader's signal and sync modulation detector to the tag's answer:
if (~pre_after_hysteresis && after_hysteresis && deep_modulation) if (~pre_after_hysteresis && after_hysteresis && deep_modulation)
@ -354,7 +354,7 @@ reg mod_sig_coil;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing
begin begin
if(fdt_counter == `FDT_COUNT) if(fdt_counter == `FDT_COUNT)
begin begin
@ -429,7 +429,7 @@ always @(negedge adc_clk)
begin begin
if (negedge_cnt[5:0] == 6'd63) // fill the buffer if (negedge_cnt[5:0] == 6'd63) // fill the buffer
begin begin
if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) if (mod_type == `FPGA_HF_ISO14443A_SNIFFER)
begin begin
if(deep_modulation) // a reader is sending (or there's no field at all) if(deep_modulation) // a reader is sending (or there's no field at all)
begin begin
@ -446,7 +446,7 @@ begin
end end
end end
if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed
begin begin
// Don't shift if we just loaded new data, obviously. // Don't shift if we just loaded new data, obviously.
if(negedge_cnt[5:0] != 6'd0) if(negedge_cnt[5:0] != 6'd0)
@ -455,7 +455,7 @@ begin
end end
end end
if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER) if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER)
begin begin
// Don't shift if we just loaded new data, obviously. // Don't shift if we just loaded new data, obviously.
if(negedge_cnt[6:0] != 7'd0) if(negedge_cnt[6:0] != 7'd0)
@ -475,8 +475,8 @@ reg ssp_frame;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) if(mod_type == `FPGA_HF_ISO14443A_SNIFFER)
// FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)): // FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)):
begin begin
if(negedge_cnt[2:0] == 3'd0) if(negedge_cnt[2:0] == 3'd0)
ssp_clk <= 1'b1; ssp_clk <= 1'b1;
@ -496,7 +496,7 @@ begin
if(negedge_cnt[3:0] == 4'd8) if(negedge_cnt[3:0] == 4'd8)
ssp_clk <= 1'b0; ssp_clk <= 1'b0;
if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk
ssp_frame <= 1'b1; ssp_frame <= 1'b1;
if(negedge_cnt[6:0] == 7'd23) if(negedge_cnt[6:0] == 7'd23)
ssp_frame <= 1'b0; ssp_frame <= 1'b0;
@ -516,23 +516,23 @@ begin
if(negedge_cnt[3:0] == 4'd0) if(negedge_cnt[3:0] == 4'd0)
begin begin
// What do we communicate to the ARM // What do we communicate to the ARM
if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN)
sendbit = after_hysteresis; sendbit = after_hysteresis;
else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD)
/* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh? /* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh?
else */ else */
sendbit = fdt_indicator; sendbit = fdt_indicator;
else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN)
sendbit = curbit; sendbit = curbit;
else else
sendbit = 1'b0; sendbit = 1'b0;
end end
if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) if(mod_type == `FPGA_HF_ISO14443A_SNIFFER)
// send sampled reader and tag data: // send sampled reader and tag data:
bit_to_arm = to_arm[7]; bit_to_arm = to_arm[7];
else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset) else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset)
// send timing information: // send timing information:
bit_to_arm = to_arm[7]; bit_to_arm = to_arm[7];
else else

218
fpga/hi_reader.v
View file

@ -19,7 +19,7 @@ module hi_reader(
output ssp_frame, ssp_din, ssp_clk; output ssp_frame, ssp_din, ssp_clk;
output dbg; output dbg;
input [1:0] subcarrier_frequency; input [1:0] subcarrier_frequency;
input [3:0] minor_mode; input [3:0] minor_mode;
assign adc_clk = ck_1356meg; // sample frequency is 13,56 MHz assign adc_clk = ck_1356meg; // sample frequency is 13,56 MHz
@ -58,7 +58,7 @@ end
reg [5:0] corr_i_cnt; reg [5:0] corr_i_cnt;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
corr_i_cnt <= corr_i_cnt + 1; corr_i_cnt <= corr_i_cnt + 1;
end end
@ -83,28 +83,28 @@ reg [12:0] min_ci_cq_2; // min_ci_cq / 2
always @(*) always @(*)
begin begin
if (corr_i_accum[13] == 1'b0) if (corr_i_accum[13] == 1'b0)
abs_ci <= corr_i_accum; abs_ci <= corr_i_accum;
else else
abs_ci <= -corr_i_accum; abs_ci <= -corr_i_accum;
if (corr_q_accum[13] == 1'b0) if (corr_q_accum[13] == 1'b0)
abs_cq <= corr_q_accum; abs_cq <= corr_q_accum;
else else
abs_cq <= -corr_q_accum; abs_cq <= -corr_q_accum;
if (abs_ci > abs_cq) if (abs_ci > abs_cq)
begin begin
max_ci_cq <= abs_ci; max_ci_cq <= abs_ci;
min_ci_cq_2 <= abs_cq / 2; min_ci_cq_2 <= abs_cq / 2;
end end
else else
begin begin
max_ci_cq <= abs_cq; max_ci_cq <= abs_cq;
min_ci_cq_2 <= abs_ci / 2; min_ci_cq_2 <= abs_ci / 2;
end end
corr_amplitude <= max_ci_cq + min_ci_cq_2; corr_amplitude <= max_ci_cq + min_ci_cq_2;
end end
@ -115,21 +115,21 @@ reg subcarrier_Q;
always @(*) always @(*)
begin begin
if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_848_KHZ) if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_848_KHZ)
begin begin
subcarrier_I = ~corr_i_cnt[3]; subcarrier_I = ~corr_i_cnt[3];
subcarrier_Q = ~(corr_i_cnt[3] ^ corr_i_cnt[2]); subcarrier_Q = ~(corr_i_cnt[3] ^ corr_i_cnt[2]);
end end
else if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_212_KHZ) else if (subcarrier_frequency == `FPGA_HF_READER_SUBCARRIER_212_KHZ)
begin begin
subcarrier_I = ~corr_i_cnt[5]; subcarrier_I = ~corr_i_cnt[5];
subcarrier_Q = ~(corr_i_cnt[5] ^ corr_i_cnt[4]); subcarrier_Q = ~(corr_i_cnt[5] ^ corr_i_cnt[4]);
end end
else else
begin // 424 kHz begin // 424 kHz
subcarrier_I = ~corr_i_cnt[4]; subcarrier_I = ~corr_i_cnt[4];
subcarrier_Q = ~(corr_i_cnt[4] ^ corr_i_cnt[3]); subcarrier_Q = ~(corr_i_cnt[4] ^ corr_i_cnt[3]);
end end
end end
@ -143,64 +143,64 @@ begin
begin begin
if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE) if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE)
begin begin
// send amplitude plus 2 bits reader signal // send amplitude plus 2 bits reader signal
corr_i_out <= corr_amplitude[13:6]; corr_i_out <= corr_amplitude[13:6];
corr_q_out <= {corr_amplitude[5:0], after_hysteresis_prev_prev, after_hysteresis_prev}; corr_q_out <= {corr_amplitude[5:0], after_hysteresis_prev_prev, after_hysteresis_prev};
end end
else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ) else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ)
begin begin
// Send 7 most significant bits of in phase tag signal (signed), plus 1 bit reader signal // Send 7 most significant bits of in phase tag signal (signed), plus 1 bit reader signal
if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111)
corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev}; corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev};
else // truncate to maximum value else // truncate to maximum value
if (corr_i_accum[13] == 1'b0) if (corr_i_accum[13] == 1'b0)
corr_i_out <= {7'b0111111, after_hysteresis_prev_prev}; corr_i_out <= {7'b0111111, after_hysteresis_prev_prev};
else else
corr_i_out <= {7'b1000000, after_hysteresis_prev_prev}; corr_i_out <= {7'b1000000, after_hysteresis_prev_prev};
// Send 7 most significant bits of quadrature phase tag signal (signed), plus 1 bit reader signal // Send 7 most significant bits of quadrature phase tag signal (signed), plus 1 bit reader signal
if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111)
corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev}; corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev};
else // truncate to maximum value else // truncate to maximum value
if (corr_q_accum[13] == 1'b0) if (corr_q_accum[13] == 1'b0)
corr_q_out <= {7'b0111111, after_hysteresis_prev}; corr_q_out <= {7'b0111111, after_hysteresis_prev};
else else
corr_q_out <= {7'b1000000, after_hysteresis_prev}; corr_q_out <= {7'b1000000, after_hysteresis_prev};
end end
else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE) else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE)
begin begin
// send amplitude // send amplitude
corr_i_out <= {2'b00, corr_amplitude[13:8]}; corr_i_out <= {2'b00, corr_amplitude[13:8]};
corr_q_out <= corr_amplitude[7:0]; corr_q_out <= corr_amplitude[7:0];
end end
else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_IQ) else if (minor_mode == `FPGA_HF_READER_MODE_RECEIVE_IQ)
begin begin
// Send 8 bits of in phase tag signal // Send 8 bits of in phase tag signal
if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111) if (corr_i_accum[13:11] == 3'b000 || corr_i_accum[13:11] == 3'b111)
corr_i_out <= corr_i_accum[11:4]; corr_i_out <= corr_i_accum[11:4];
else // truncate to maximum value else // truncate to maximum value
if (corr_i_accum[13] == 1'b0) if (corr_i_accum[13] == 1'b0)
corr_i_out <= 8'b01111111; corr_i_out <= 8'b01111111;
else else
corr_i_out <= 8'b10000000; corr_i_out <= 8'b10000000;
// Send 8 bits of quadrature phase tag signal // Send 8 bits of quadrature phase tag signal
if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111) if (corr_q_accum[13:11] == 3'b000 || corr_q_accum[13:11] == 3'b111)
corr_q_out <= corr_q_accum[11:4]; corr_q_out <= corr_q_accum[11:4];
else // truncate to maximum value else // truncate to maximum value
if (corr_q_accum[13] == 1'b0) if (corr_q_accum[13] == 1'b0)
corr_q_out <= 8'b01111111; corr_q_out <= 8'b01111111;
else else
corr_q_out <= 8'b10000000; corr_q_out <= 8'b10000000;
end end
// for each Q/I pair report two reader signal samples when sniffing. Store the 1st. // for each Q/I pair report two reader signal samples when sniffing. Store the 1st.
after_hysteresis_prev_prev <= after_hysteresis; after_hysteresis_prev_prev <= after_hysteresis;
// Initialize next correlation. // Initialize next correlation.
// Both I and Q reference signals are high when corr_i_nct == 0. Therefore need to accumulate. // Both I and Q reference signals are high when corr_i_nct == 0. Therefore need to accumulate.
corr_i_accum <= $signed({1'b0, adc_d}); corr_i_accum <= $signed({1'b0, adc_d});
corr_q_accum <= $signed({1'b0, adc_d}); corr_q_accum <= $signed({1'b0, adc_d});
end end
@ -217,14 +217,14 @@ begin
corr_q_accum <= corr_q_accum - $signed({1'b0, adc_d}); corr_q_accum <= corr_q_accum - $signed({1'b0, adc_d});
end end
// for each Q/I pair report two reader signal samples when sniffing. Store the 2nd. // for each Q/I pair report two reader signal samples when sniffing. Store the 2nd.
if (corr_i_cnt == 6'd32) if (corr_i_cnt == 6'd32)
after_hysteresis_prev <= after_hysteresis; after_hysteresis_prev <= after_hysteresis;
// Then the result from last time is serialized and send out to the ARM. // Then the result from last time is serialized and send out to the ARM.
// We get one report each cycle, and each report is 16 bits, so the // We get one report each cycle, and each report is 16 bits, so the
// ssp_clk should be the adc_clk divided by 64/16 = 4. // ssp_clk should be the adc_clk divided by 64/16 = 4.
// ssp_clk frequency = 13,56MHz / 4 = 3.39MHz // ssp_clk frequency = 13,56MHz / 4 = 3.39MHz
if (corr_i_cnt[1:0] == 2'b00) if (corr_i_cnt[1:0] == 2'b00)
begin begin
@ -261,8 +261,8 @@ begin
if (corr_i_cnt[1:0] == 2'b10) if (corr_i_cnt[1:0] == 2'b10)
ssp_clk <= 1'b0; ssp_clk <= 1'b0;
// set ssp_frame signal for corr_i_cnt = 1..3 // set ssp_frame signal for corr_i_cnt = 1..3
// (send one frame with 16 Bits) // (send one frame with 16 Bits)
if (corr_i_cnt == 6'd1) if (corr_i_cnt == 6'd1)
ssp_frame <= 1'b1; ssp_frame <= 1'b1;
@ -280,11 +280,11 @@ reg [3:0] jam_counter;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
if (corr_i_cnt == 6'd0) if (corr_i_cnt == 6'd0)
begin begin
jam_counter <= jam_counter + 1; jam_counter <= jam_counter + 1;
jam_signal <= jam_counter[1] ^ jam_counter[3]; jam_signal <= jam_counter[1] ^ jam_counter[3];
end end
end end
// Antenna drivers // Antenna drivers
@ -303,22 +303,22 @@ begin
pwr_oe4 = 1'b0; pwr_oe4 = 1'b0;
end end
else if (minor_mode == `FPGA_HF_READER_MODE_SEND_JAM) else if (minor_mode == `FPGA_HF_READER_MODE_SEND_JAM)
begin begin
pwr_hi = ck_1356meg & jam_signal; pwr_hi = ck_1356meg & jam_signal;
pwr_oe4 = 1'b0; pwr_oe4 = 1'b0;
end end
else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ else if (minor_mode == `FPGA_HF_READER_MODE_SNIFF_IQ
|| minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE || minor_mode == `FPGA_HF_READER_MODE_SNIFF_AMPLITUDE
|| minor_mode == `FPGA_HF_READER_MODE_SNIFF_PHASE) || minor_mode == `FPGA_HF_READER_MODE_SNIFF_PHASE)
begin // all off begin // all off
pwr_hi = 1'b0; pwr_hi = 1'b0;
pwr_oe4 = 1'b0; pwr_oe4 = 1'b0;
end end
else // receiving from tag else // receiving from tag
begin begin
pwr_hi = ck_1356meg; pwr_hi = ck_1356meg;
pwr_oe4 = 1'b0; pwr_oe4 = 1'b0;
end end
end end
// always on // always on

38
fpga/hi_simulate.v
View file

@ -35,8 +35,8 @@ module hi_simulate(
// Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can // Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can
// always be low. // always be low.
assign pwr_hi = 1'b0; // HF antenna connected to GND assign pwr_hi = 1'b0; // HF antenna connected to GND
assign pwr_lo = 1'b0; // LF antenna connected to GND assign pwr_lo = 1'b0; // LF antenna connected to GND
// This one is all LF, so doesn't matter // This one is all LF, so doesn't matter
assign pwr_oe2 = 1'b0; assign pwr_oe2 = 1'b0;
@ -53,7 +53,7 @@ begin
if (& adc_d[7:5]) after_hysteresis <= 1'b1; // if (adc_d >= 224) if (& adc_d[7:5]) after_hysteresis <= 1'b1; // if (adc_d >= 224)
else if (~(| adc_d[7:5])) after_hysteresis <= 1'b0; // if (adc_d <= 31) else if (~(| adc_d[7:5])) after_hysteresis <= 1'b0; // if (adc_d <= 31)
if (adc_d >= 224) if (adc_d >= 224)
begin begin
has_been_low_for <= 12'd0; has_been_low_for <= 12'd0;
end end
@ -65,9 +65,9 @@ begin
after_hysteresis <= 1'b1; after_hysteresis <= 1'b1;
end end
else else
begin begin
has_been_low_for <= has_been_low_for + 1; has_been_low_for <= has_been_low_for + 1;
end end
end end
end end
@ -100,20 +100,20 @@ end
reg ssp_frame; reg ssp_frame;
always @(negedge adc_clk) always @(negedge adc_clk)
begin begin
if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K) if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K)
begin begin
if (ssp_clk_divider[8:5] == 4'd1) if (ssp_clk_divider[8:5] == 4'd1)
ssp_frame <= 1'b1; ssp_frame <= 1'b1;
if (ssp_clk_divider[8:5] == 4'd5) if (ssp_clk_divider[8:5] == 4'd5)
ssp_frame <= 1'b0; ssp_frame <= 1'b0;
end end
else else
begin begin
if (ssp_clk_divider[7:4] == 4'd1) if (ssp_clk_divider[7:4] == 4'd1)
ssp_frame <= 1'b1; ssp_frame <= 1'b1;
if (ssp_clk_divider[7:4] == 4'd5) if (ssp_clk_divider[7:4] == 4'd5)
ssp_frame <= 1'b0; ssp_frame <= 1'b0;
end end
end end
@ -143,6 +143,6 @@ always @(*)
assign pwr_oe1 = 1'b0; // 33 Ohms Load assign pwr_oe1 = 1'b0; // 33 Ohms Load
assign pwr_oe4 = modulating_carrier; // 33 Ohms Load assign pwr_oe4 = modulating_carrier; // 33 Ohms Load
// This one is always on, so that we can watch the carrier. // This one is always on, so that we can watch the carrier.
assign pwr_oe3 = 1'b0; // 10k Load assign pwr_oe3 = 1'b0; // 10k Load
endmodule endmodule

8
tools/hitag2crack/common/hitagcrypto.c
View file

@ -188,7 +188,7 @@
HITAG 2 256 Bit total memory Read/Write HITAG 2 256 Bit total memory Read/Write
8 pages of 32 bits, inc UID (32), 8 pages of 32 bits, inc UID (32),
secret key (64), password (24), config (8) secret key (64), password (24), config (8)
HITAG S 32 32 bits Unique Identifier Read Only HITAG S 32 32 bits Unique Identifier Read Only
HITAG S 256 256 bits total memory Read/Write HITAG S 256 256 bits total memory Read/Write
@ -227,9 +227,9 @@ static uint32_t hitag2_crypt(uint64_t x);
static uint32_t hitag2_crypt(uint64_t x) { static uint32_t hitag2_crypt(uint64_t x) {
const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001
const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001
const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011
uint32_t bitindex; uint32_t bitindex;
bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1; bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1;

4
tools/hitag2crack/common/hitagcrypto.h
View file

@ -132,7 +132,7 @@
#ifndef HITAGCRYPTO_H #ifndef HITAGCRYPTO_H
#define HITAGCRYPTO_H #define HITAGCRYPTO_H
#include <stdint.h> #include <stdint.h>
@ -163,5 +163,5 @@ void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, ui
uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps); uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps);
#endif /* HITAGCRYPTO_H */ #endif /* HITAGCRYPTO_H */

6
tools/mf_nonce_brute/iso14443crc.h
View file

@ -13,9 +13,9 @@
// Routines to compute the CRCs (two different flavours, just for confusion) // Routines to compute the CRCs (two different flavours, just for confusion)
// required for ISO 14443, swiped directly from the spec. // required for ISO 14443, swiped directly from the spec.
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
#define CRC_14443_A 0x6363 /* ITU-V.41 */ #define CRC_14443_A 0x6363 /* ITU-V.41 */
#define CRC_14443_B 0xFFFF /* ISO/IEC 13239 (formerly ISO/IEC 3309) */ #define CRC_14443_B 0xFFFF /* ISO/IEC 13239 (formerly ISO/IEC 3309) */
#define CRC_ICLASS 0xE012 /* ICLASS PREFIX */ #define CRC_ICLASS 0xE012 /* ICLASS PREFIX */
void ComputeCrc14443(int CrcType, void ComputeCrc14443(int CrcType,
const unsigned char *Data, int Length, const unsigned char *Data, int Length,

4
tools/mf_nonce_brute/protocol.h
View file

@ -4,8 +4,8 @@
#define ISO14443A_CMD_READBLOCK 0x30 #define ISO14443A_CMD_READBLOCK 0x30
#define ISO14443A_CMD_WRITEBLOCK 0xA0 #define ISO14443A_CMD_WRITEBLOCK 0xA0
#define MIFARE_AUTH_KEYA 0x60 #define MIFARE_AUTH_KEYA 0x60
#define MIFARE_AUTH_KEYB 0x61 #define MIFARE_AUTH_KEYB 0x61
#define MIFARE_CMD_INC 0xC0 #define MIFARE_CMD_INC 0xC0
#define MIFARE_CMD_DEC 0xC1 #define MIFARE_CMD_DEC 0xC1
#define MIFARE_CMD_RESTORE 0xC2 #define MIFARE_CMD_RESTORE 0xC2

2
tools/mf_nonce_brute/sleep.c
View file

@ -10,7 +10,7 @@
#ifndef _WIN32 #ifndef _WIN32
#define _POSIX_C_SOURCE 199309L #define _POSIX_C_SOURCE 199309L
#include "sleep.h" #include "sleep.h"
#include <time.h> #include <time.h>
#include <stdio.h> #include <stdio.h>