From b2c6371761a1e575da4451776fefc2b36101f793 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 18 Oct 2016 16:50:32 +0200 Subject: [PATCH 01/22] CHG: updated the compilation for windows, to include instruction on installing perl. --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e50d3c50c..1d2e5df64 100644 --- a/README.md +++ b/README.md @@ -222,7 +222,10 @@ You only need devkitARM, nothing more (no extra lib or anything else) to compile `export DEVKITARM=/c/devkitPro/devkitARM` `export PATH=$PATH:$DEVKITARM/bin` -### 6. Build and run +### 6 - Install Strawberry Perl +Download and install: http://strawberry-perl.googlecode.com/files/strawberry-perl-5.10.1.1.msi + +### 7. Build and run Download and install Git for Windows: https://git-scm.com/download/win - Run minimal system: `C:\Qt\msys\msys.bat` From 88f503735c85c716cc14af088707f1cdf76155de Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 18 Oct 2016 18:45:29 +0200 Subject: [PATCH 02/22] FIX: @aczid's fix https://github.com/aczid/crypto1_bs/commit/957702be9c89f31a184971c5b5ada70fe05042c3 from original @matrix https://github.com/matrix/proxmark3/commit/057d2e9147bc7d8fb3f7c4d7928e66e23fd58e50 --- client/cmdhfmfhard.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index acdea7158..a55a9e9f4 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -1474,7 +1474,7 @@ static const uint64_t crack_states_bitsliced(statelist_t *p){ const bitslice_value_t odd_feedback = odd_feedback_bit ? bs_ones.value : bs_zeroes.value; for(size_t block_idx = 0; block_idx < bitsliced_blocks; ++block_idx){ - const bitslice_t const * restrict bitsliced_even_state = bitsliced_even_states[block_idx]; + const bitslice_t * const restrict bitsliced_even_state = bitsliced_even_states[block_idx]; size_t state_idx; // set even bits for(state_idx = 0; state_idx < STATE_SIZE-ROLLBACK_SIZE; state_idx+=2){ From 4460be68c36b9545a493d4e4479cd0bb14a576cd Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 19:59:58 +0200 Subject: [PATCH 03/22] FIX: "lf sim" after changes to ticks timers on device side, there was a "starticks" call missing, which lead to not having any timers which is a problem for the WaitUS call. --- armsrc/lfops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c80700aea..642b19377 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -393,6 +393,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) int i = 0; uint8_t *tab = BigBuf_get_addr(); + StartTicks(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; From c3fc86d9af62ccf5a416ef6d732f350c028c5200 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:23:03 +0200 Subject: [PATCH 04/22] CHG: Xoring in the value allows for the ticks timers to co-exist. Or that is the idea. --- armsrc/fpgaloader.c | 2 +- armsrc/fpgaloader.h | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c index 86f144cfe..08a386634 100644 --- a/armsrc/fpgaloader.c +++ b/armsrc/fpgaloader.c @@ -126,7 +126,7 @@ void FpgaSetupSsc(void) { GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_SSC); // Now set up the SSC proper, starting from a known state. AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h index 5c0f802e4..5e5e6af65 100644 --- a/armsrc/fpgaloader.h +++ b/armsrc/fpgaloader.h @@ -59,11 +59,11 @@ void SetAdcMuxFor(uint32_t whichGpio); #define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) #define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2) // Options for the HF simulated tag, how to modulate -#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) -#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) -#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) -#define FPGA_HF_SIMULATOR_MODULATE_424K (4<<0) -#define FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5//101 +#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) // 0000 +#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) // 0001 +#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) // 0010 +#define FPGA_HF_SIMULATOR_MODULATE_424K (4<<0) // 0100 +#define FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5 // 0101 // no 848K // Options for ISO14443A From 29ff374e5d219f2bc219309fd613372a8dfb5c4f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:24:20 +0200 Subject: [PATCH 05/22] CHG: TI code did have the tickstimer started. --- armsrc/lfops.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 642b19377..5931c76af 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -91,6 +91,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t periods, uint3 */ void ReadTItag(void) { + StartTicks(); // some hardcoded initial params // when we read a TI tag we sample the zerocross line at 2Mhz // TI tags modulate a 1 as 16 cycles of 123.2Khz @@ -216,6 +217,7 @@ void ReadTItag(void) DbpString("Info: CRC is good"); } } + StopTicks(); } void WriteTIbyte(uint8_t b) @@ -282,7 +284,7 @@ void AcquireTiType(void) HIGH(GPIO_SSC_DOUT); // Charge TI tag for 50ms. - SpinDelay(50); + WaitMS(50); // stop modulating antenna and listen LOW(GPIO_SSC_DOUT); @@ -322,6 +324,7 @@ void AcquireTiType(void) // if not provided a valid crc will be computed from the data and written. void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) { + StartTicks(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); if(crc == 0) { crc = update_crc16(crc, (idlo)&0xff); @@ -360,7 +363,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) // modulate antenna HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // charge time + WaitMS(50); // charge time WriteTIbyte(0xbb); // keyword WriteTIbyte(0xeb); // password @@ -377,7 +380,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) WriteTIbyte(0x00); // write frame lo WriteTIbyte(0x03); // write frame hi HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // programming time + WaitMS(50); // programming time LED_A_OFF(); @@ -386,6 +389,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); DbpString("Now use `lf ti read` to check"); + StopTicks(); } void SimulateTagLowFrequency(int period, int gap, int ledcontrol) @@ -443,6 +447,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } } + StopTicks(); } #define DEBUG_FRAME_CONTENTS 1 From 8255e1a68529de7e040bc8609a0efb92098c76ae Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:25:04 +0200 Subject: [PATCH 06/22] CHG: just changed the comment. --- armsrc/lfsampling.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index a272e1538..94ddc7274 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -87,11 +87,10 @@ void LFSetupFPGAForADC(int divisor, bool lf_field) { // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Give it a bit of time for the resonant antenna to settle. + // 50ms for the resonant antenna to settle. SpinDelay(50); // Now set up the SSC to get the ADC samples that are now streaming at us. FpgaSetupSsc(); - // start a 1.5ticks is 1us StartTicks(); } @@ -286,7 +285,6 @@ void doT55x7Acquisition(size_t sample_size) { continue; } - // skip until first high samples begin to change if (startFound || curSample > T55xx_READ_LOWER_THRESHOLD + T55xx_READ_TOL){ // if just found start - recover last sample From 8fd0a564e571f0cefdb77b1da6774e6ad981dcef Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:26:29 +0200 Subject: [PATCH 07/22] CHG: removed unused clocks, CHG: now uses the DEFINEs instead. a bit clear CHG: xor in the clocks, should allow for co-exist with SSP clock. --- armsrc/ticks.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/armsrc/ticks.c b/armsrc/ticks.c index 44249879e..dcff99f45 100644 --- a/armsrc/ticks.c +++ b/armsrc/ticks.c @@ -9,7 +9,6 @@ // Timers, Clocks functions used in LF or Legic where you would need detailed time. //----------------------------------------------------------------------------- #include "ticks.h" - // attempt at high resolution microsecond timer // beware: timer counts in 21.3uS increments (1024/48Mhz) void SpinDelayUs(int us) { @@ -67,7 +66,7 @@ uint32_t RAMFUNC GetTickCount(void){ // microseconds timer // ------------------------------------------------------------------------- void StartCountUS(void) { - AT91C_BASE_PMC->PMC_PCER |= (1 << 12) | (1 << 13) | (1 << 14); + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1); AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; // fast clock @@ -95,12 +94,11 @@ uint32_t RAMFUNC GetCountUS(void){ return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV * 2) / 3); } - // ------------------------------------------------------------------------- // Timer for iso14443 commands. Uses ssp_clk from FPGA // ------------------------------------------------------------------------- void StartCountSspClk(void) { - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none | AT91C_TCB_TC2XC2S_TIOA0; // XC2 Clock = TIOA0 @@ -163,7 +161,6 @@ void ResetSspClk(void) { AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; while (AT91C_BASE_TC2->TC_CV >= 1); } - uint32_t RAMFUNC GetCountSspClk(void) { uint32_t tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV; if ((tmp_count & 0x0000ffff) == 0) //small chance that we may have missed an increment in TC2 @@ -171,7 +168,6 @@ uint32_t RAMFUNC GetCountSspClk(void) { return tmp_count; } - // ------------------------------------------------------------------------- // Timer for bitbanging, or LF stuff when you need a very precis timer // 1us = 1.5ticks @@ -180,7 +176,7 @@ void StartTicks(void){ //initialization of the timer // tc1 is higher 0xFFFF0000 // tc0 is lower 0x0000FFFF - AT91C_BASE_PMC->PMC_PCER |= (1 << 12) | (1 << 13) | (1 << 14); + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1); AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK(48MHz) / 32 From 100fe0a5ee2ca8ce0ef38f1dd4438c06aa1f659e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:26:56 +0200 Subject: [PATCH 08/22] textual suger --- client/scripts/mifare_autopwn.lua | 2 -- 1 file changed, 2 deletions(-) diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index b1f3d3578..eb93669c7 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -4,8 +4,6 @@ local cmds = require('commands') example = "script run mifare_autopwn" author = "Martin Holst Swende" - - desc = [[ This is a which automates cracking and dumping mifare classic cards. It sets itself into From bd46dec63beb7414ce26ec0517c06bf79f676b6d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Oct 2016 21:27:34 +0200 Subject: [PATCH 09/22] CHG: found even more keys --- client/default_keys.dic | 40 +++++++++++++++++++++++++++++- client/lualibs/mf_default_keys.lua | 39 +++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) diff --git a/client/default_keys.dic b/client/default_keys.dic index bb1dbfad3..44b60291b 100644 --- a/client/default_keys.dic +++ b/client/default_keys.dic @@ -246,4 +246,42 @@ c2b7ec7d4eb1, 71f3a315ad26, 51044efb5aab, ac70ca327a04, -eb0a8ff88ade \ No newline at end of file +eb0a8ff88ade, +# +# Data from: https://github.com/RadioWar/NFCGUI +44dd5a385aaf, +21a600056cb0, +b1aca33180a5, +dd61eb6bce22, +1565a172770f, +3e84d2612e2a, +f23442436765, +79674f96c771, +87df99d496cb, +c5132c8980bc, +a21680c27773, +f26e21edcee2, +675557ecc92e, +f4396e468114, +6db17c16b35b, +4186562a5bb2, +2feae851c199, +db1a3338b2eb, +157b10d84c6b, +a643f952ea57, +df37dcb6afb3, +4c32baf326e0, +91ce16c07ac5, +3c5d1c2bcd18, +c3f19ec592a2, +f72a29005459, +185fa3438949, +321a695bd266, +d327083a60a7, +45635ef66ef3, +5481986d2d62, +cba6ae869ad5, +645a166b1eeb, +a7abbc77cc9e, +f792c4c76a5c, +bfb6796a11db \ No newline at end of file diff --git a/client/lualibs/mf_default_keys.lua b/client/lualibs/mf_default_keys.lua index 3384fa38e..d48151531 100644 --- a/client/lualibs/mf_default_keys.lua +++ b/client/lualibs/mf_default_keys.lua @@ -370,6 +370,45 @@ local _keys = { --]] '668770666644', '003003003003', + --[[ + Data from: https://github.com/RadioWar/NFCGUI + --]] + '44dd5a385aaf', + '21a600056cb0', + 'b1aca33180a5', + 'dd61eb6bce22', + '1565a172770f', + '3e84d2612e2a', + 'f23442436765', + '79674f96c771', + '87df99d496cb', + 'c5132c8980bc', + 'a21680c27773', + 'f26e21edcee2', + '675557ecc92e', + 'f4396e468114', + '6db17c16b35b', + '4186562a5bb2', + '2feae851c199', + 'db1a3338b2eb', + '157b10d84c6b', + 'a643f952ea57', + 'df37dcb6afb3', + '4c32baf326e0', + '91ce16c07ac5', + '3c5d1c2bcd18', + 'c3f19ec592a2', + 'f72a29005459', + '185fa3438949', + '321a695bd266', + 'd327083a60a7', + '45635ef66ef3', + '5481986d2d62', + 'cba6ae869ad5', + '645a166b1eeb', + 'a7abbc77cc9e', + 'f792c4c76a5c', + 'bfb6796a11db', } --- From 49065576ad662e62bce39172ead3f8e392c87fef Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 00:39:15 +0200 Subject: [PATCH 10/22] FIX: lf sim, seems like "lf sim" call SimulateTagLowFrequency direct from appmain.c and I removed the LF bitstream call thinking SimulateTagLowFrequency was only called from the sub FSK;ASK;PSK commands. --- armsrc/lfops.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 5931c76af..f6cbbfba3 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -395,32 +395,31 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) void SimulateTagLowFrequency(int period, int gap, int ledcontrol) { int i = 0; - uint8_t *tab = BigBuf_get_addr(); - - StartTicks(); + uint8_t *buf = BigBuf_get_addr(); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + StartTicks(); + for(;;) { WDT_HIT(); if (ledcontrol) LED_D_ON(); - //wait until SSC_CLK goes HIGH + // wait until SSC_CLK goes HIGH + // used as a simple detection of a reader field? while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { WDT_HIT(); - if ( usb_poll_validate_length() || BUTTON_PRESS() ) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - return; - } + if ( usb_poll_validate_length() || BUTTON_PRESS() ) + goto OUT; } - if(tab[i]) + if(buf[i]) OPEN_COIL(); else SHORT_COIL(); @@ -430,11 +429,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) //wait until SSC_CLK goes LOW while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { WDT_HIT(); - if ( usb_poll_validate_length() || BUTTON_PRESS() ) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - return; - } + if ( usb_poll_validate_length() || BUTTON_PRESS() ) + goto OUT; } i++; @@ -447,7 +443,11 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } } +OUT: + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); StopTicks(); + LED_D_OFF(); + return; } #define DEBUG_FRAME_CONTENTS 1 From f0a96745d0b97f74c0260cf362e226d0a62192b0 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 00:40:24 +0200 Subject: [PATCH 11/22] CHG: the AT91C_BASE_PMC->PMC_PCER has a tendecy to be clear when set with "=", but my tickstimer also needs it, so I made it optional now. --- armsrc/fpgaloader.c | 11 ++++++++--- armsrc/fpgaloader.h | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c index 08a386634..a1011ab7c 100644 --- a/armsrc/fpgaloader.c +++ b/armsrc/fpgaloader.c @@ -117,7 +117,7 @@ void SetupSpi(int mode) // Set up the synchronous serial port, with the one set of options that we // always use when we are talking to the FPGA. Both RX and TX are enabled. //----------------------------------------------------------------------------- -void FpgaSetupSsc(void) { +void FpgaSetupSscExt(uint8_t clearPCER) { // First configure the GPIOs, and get ourselves a clock. AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_FRAME | @@ -126,7 +126,10 @@ void FpgaSetupSsc(void) { GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_SSC); + if ( clearPCER ) + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); + else + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_SSC); // Now set up the SSC proper, starting from a known state. AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; @@ -148,7 +151,9 @@ void FpgaSetupSsc(void) { AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; } - +void FpgaSetupSsc(void) { + FpgaSetupSscExt(TRUE); +} //----------------------------------------------------------------------------- // Set up DMA to receive samples from the FPGA. We will use the PDC, with // a single buffer as a circular buffer (so that we just chain back to diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h index 5e5e6af65..49290dc07 100644 --- a/armsrc/fpgaloader.h +++ b/armsrc/fpgaloader.h @@ -14,6 +14,7 @@ void FpgaSendCommand(uint16_t cmd, uint16_t v); void FpgaWriteConfWord(uint8_t v); void FpgaDownloadAndGo(int bitstream_version); void FpgaGatherVersion(int bitstream_version, char *dst, int len); +void FpgaSetupSscExt(uint8_t clearPCER); void FpgaSetupSsc(void); void SetupSpi(int mode); bool FpgaSetupSscDma(uint8_t *buf, int len); @@ -28,7 +29,6 @@ void SetAdcMuxFor(uint32_t whichGpio); #define FPGA_BITSTREAM_LF 1 #define FPGA_BITSTREAM_HF 2 - // Definitions for the FPGA commands. #define FPGA_CMD_SET_CONFREG (1<<12) #define FPGA_CMD_SET_DIVISOR (2<<12) From f4d7d1fed17809ea9d7b919bd32265d2b6cc895f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 00:40:56 +0200 Subject: [PATCH 12/22] CHG: removed CLOCK2, since its not used in the code. --- armsrc/pcf7931.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/armsrc/pcf7931.c b/armsrc/pcf7931.c index 1348907ba..58fd50998 100644 --- a/armsrc/pcf7931.c +++ b/armsrc/pcf7931.c @@ -402,7 +402,7 @@ void SendCmdPCF7931(uint32_t * tab){ AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; //initialization of the timer - AT91C_BASE_PMC->PMC_PCER |= (0x1 << 12) | (0x1 << 13) | (0x1 << 14); + AT91C_BASE_PMC->PMC_PCER |= (0x1 << AT91C_ID_TC0); AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // timer disable AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK; //clock at 48/32 MHz From 015e3b8170cecf0da45c62e830d2671ef74ebcdc Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 00:41:34 +0200 Subject: [PATCH 13/22] syntax suger. never mind this --- client/cmdlf.c | 2 +- client/cmdlfem4x.c | 64 ++++++++++++++++++++++------------------------ 2 files changed, 32 insertions(+), 34 deletions(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index eb9aec68e..c5ad653a7 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -606,7 +606,7 @@ int CmdLFSim(const char *Cmd) { } clearCommandBuffer(); SendCommand(&c); - WaitForResponse(CMD_ACK,NULL); + WaitForResponse(CMD_ACK, NULL); printf("."); } diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 1bcc384a5..6cb76fee2 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -59,10 +59,9 @@ int CmdEM410xRead(const char *Cmd) int CmdEM410xSim(const char *Cmd) { int i, n, j, binary[4], parity[4]; - - char cmdp = param_getchar(Cmd, 0); uint8_t uid[5] = {0x00}; + char cmdp = param_getchar(Cmd, 0); if (cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: lf em4x em410xsim "); PrintAndLog(""); @@ -81,46 +80,45 @@ int CmdEM410xSim(const char *Cmd) PrintAndLog("Starting simulating UID %02X%02X%02X%02X%02X clock: %d", uid[0],uid[1],uid[2],uid[3],uid[4],clock); PrintAndLog("Press pm3-button to about simulation"); - /* clear our graph */ ClearGraph(0); - /* write 9 start bits */ - for (i = 0; i < 9; i++) - AppendGraph(0, clock, 1); + /* write 9 start bits */ + for (i = 0; i < 9; i++) + AppendGraph(0, clock, 1); - /* for each hex char */ - parity[0] = parity[1] = parity[2] = parity[3] = 0; - for (i = 0; i < 10; i++) - { - /* read each hex char */ - sscanf(&Cmd[i], "%1x", &n); - for (j = 3; j >= 0; j--, n/= 2) - binary[j] = n % 2; + /* for each hex char */ + parity[0] = parity[1] = parity[2] = parity[3] = 0; + for (i = 0; i < 10; i++) + { + /* read each hex char */ + sscanf(&Cmd[i], "%1x", &n); + for (j = 3; j >= 0; j--, n/= 2) + binary[j] = n % 2; - /* append each bit */ - AppendGraph(0, clock, binary[0]); - AppendGraph(0, clock, binary[1]); - AppendGraph(0, clock, binary[2]); - AppendGraph(0, clock, binary[3]); + /* append each bit */ + AppendGraph(0, clock, binary[0]); + AppendGraph(0, clock, binary[1]); + AppendGraph(0, clock, binary[2]); + AppendGraph(0, clock, binary[3]); - /* append parity bit */ - AppendGraph(0, clock, binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); + /* append parity bit */ + AppendGraph(0, clock, binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); - /* keep track of column parity */ - parity[0] ^= binary[0]; - parity[1] ^= binary[1]; - parity[2] ^= binary[2]; - parity[3] ^= binary[3]; - } + /* keep track of column parity */ + parity[0] ^= binary[0]; + parity[1] ^= binary[1]; + parity[2] ^= binary[2]; + parity[3] ^= binary[3]; + } - /* parity columns */ - AppendGraph(0, clock, parity[0]); - AppendGraph(0, clock, parity[1]); - AppendGraph(0, clock, parity[2]); - AppendGraph(0, clock, parity[3]); + /* parity columns */ + AppendGraph(0, clock, parity[0]); + AppendGraph(0, clock, parity[1]); + AppendGraph(0, clock, parity[2]); + AppendGraph(0, clock, parity[3]); - /* stop bit */ + /* stop bit */ AppendGraph(1, clock, 0); CmdLFSim("0"); //240 start_gap. From 3b5aab18755f719ad87a5aa849f265ebd445b2a9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 00:42:17 +0200 Subject: [PATCH 14/22] CHG: updated some comments. I still think I don't understand this code --- armsrc/iso14443b.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 68f0c3668..ed035d3a5 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -216,16 +216,19 @@ static void CodeIso14443bAsTag(const uint8_t *cmd, int len) { * -TO VERIFY THIS BELOW- * The mode FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK which we use to simulate tag * works like this: - * - A 1-bit input to the FPGA becomes 8 pulses at 847.5kHz (9.44µS) - * - A 0-bit input to the FPGA becomes an unmodulated time of 9.44µS - * + * - A 1-bit input to the FPGA becomes 8 pulses at 847.5kHz (1.18µS / pulse) == 9.44us + * - A 0-bit input to the FPGA becomes an unmodulated time of 1.18µS or does it become 8 nonpulses for 9.44us * + * FPGA doesn't seem to work with ETU. It seems to work with pulse / duration instead. * * Card sends data ub 847.e kHz subcarrier - * 848k = 9.44µS = 128 fc - * 424k = 18.88µS = 256 fc - * 212k = 37.76µS = 512 fc - * 106k = 75.52µS = 1024 fc + * subcar |duration| FC division + * -------+--------+------------ + * 106kHz | 9.44µS | FC/128 + * 212kHz | 4.72µS | FC/64 + * 424kHz | 2.36µS | FC/32 + * 848kHz | 1.18µS | FC/16 + * -------+--------+------------ * * Reader data transmission: * - no modulation ONES @@ -496,8 +499,7 @@ void ClearFpgaShiftingRegisters(void){ while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)) {}; b = AT91C_BASE_SSC->SSC_RHR; (void) b; - - + // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line) for (uint8_t j = 0; j < 5; j++) { // allow timeout - better late than never while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); From 8fd25db30c2684725ed3a75036a01a2af3da206b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:06:17 +0200 Subject: [PATCH 15/22] CHG: move the call to fpga_bitstream_lf, in order to save the uploaded data from the client. Changing bitstream wipes bigbuffer. --- armsrc/appmain.c | 6 ++++++ armsrc/lfops.c | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index f8d12da15..a2c12803a 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1284,6 +1284,12 @@ void UsbPacketReceived(uint8_t *packet, int len) break; } case CMD_DOWNLOADED_SIM_SAMPLES_125K: { + // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before. + // to be able to use this one for uploading data to device not only for LF, I use c->arg[1] + if ( c->arg[1] == 0 ) + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + else + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); uint8_t *b = BigBuf_get_addr(); memcpy( b + c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE); cmd_send(CMD_ACK,0,0,0,0,0); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index f6cbbfba3..5f980cd5d 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -397,7 +397,6 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) int i = 0; uint8_t *buf = BigBuf_get_addr(); - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; From c50259b36a5a4b0178793064036ee39bce082920 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:13:18 +0200 Subject: [PATCH 16/22] CHG: added a quitting message --- armsrc/lfops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 5f980cd5d..ed5247d07 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -397,7 +397,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) int i = 0; uint8_t *buf = BigBuf_get_addr(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); + //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; @@ -446,6 +447,7 @@ OUT: FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); StopTicks(); LED_D_OFF(); + DbpString("Simulation stopped"); return; } From d115f9a4542b2d24a7e8c7741dafaced0a64c9da Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:16:32 +0200 Subject: [PATCH 17/22] CHG: making printed statement a debug statement. --- client/cmdlf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index c5ad653a7..6cd9b7f06 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -596,8 +596,10 @@ int CmdLFSim(const char *Cmd) { // convert to bitstream if necessary ChkBitstream(Cmd); + if (g_debugMode) + printf("Sending [%d bytes]", GraphTraceLen); + //can send only 512 bits at a time (1 byte sent per bit...) - printf("Sending [%d bytes]", GraphTraceLen); for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; @@ -611,6 +613,7 @@ int CmdLFSim(const char *Cmd) { } PrintAndLog("\nStarting to simulate"); + UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}}; clearCommandBuffer(); SendCommand(&c); From 3c6354e99a34b09e6cdcba1961033aca4b98710c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:50:30 +0200 Subject: [PATCH 18/22] FIX: strange bug in "lf em em410xwatch" , which the client crasches when it reads a valid em tag. --- client/cmdlfem4x.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 6cb76fee2..d139724c1 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -13,7 +13,7 @@ #include #include "cmdlfem4x.h" -char *global_em410xId; +uint64_t g_em410xid = 0; static int CmdHelp(const char *Cmd); @@ -47,11 +47,7 @@ int CmdEM410xRead(const char *Cmd) PrintAndLog ("EM410x XL pattern found"); return 0; } - char id[12] = {0x00}; - //sprintf(id, "%010llx",lo); - sprintf(id, "%010"PRIu64, lo); - - global_em410xId = id; + g_em410xid = lo; return 1; } @@ -150,11 +146,18 @@ int CmdEM410xWatch(const char *Cmd) } //currently only supports manchester modulations +// todo: helptext int CmdEM410xWatchnSpoof(const char *Cmd) { - CmdEM410xWatch(Cmd); - PrintAndLog("# Replaying captured ID: %s",global_em410xId); - CmdLFaskSim(""); + // loops if the captured ID was in XL-format. + uint8_t ans = 0; + do { + ans = CmdEM410xWatch(Cmd); + if ( ans ) { + PrintAndLog("# Replaying captured ID: %llu", g_em410xid); + CmdLFaskSim(""); + } + } while ( !ans ); return 0; } From ed28bbe5ae5ef5ac83c838fcc7354b349644f9fe Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:51:27 +0200 Subject: [PATCH 19/22] CHG: some debug statements instead, 'H' for helptext. --- client/cmdlf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index 6cd9b7f06..dde05cb3d 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -597,7 +597,7 @@ int CmdLFSim(const char *Cmd) { ChkBitstream(Cmd); if (g_debugMode) - printf("Sending [%d bytes]", GraphTraceLen); + printf("DEBUG: Sending [%d bytes]\n", GraphTraceLen); //can send only 512 bits at a time (1 byte sent per bit...) for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { @@ -612,7 +612,7 @@ int CmdLFSim(const char *Cmd) { printf("."); } - PrintAndLog("\nStarting to simulate"); + PrintAndLog("Starting to simulate"); UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}}; clearCommandBuffer(); @@ -733,6 +733,7 @@ int CmdLFaskSim(const char *Cmd) while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { + case 'H': case 'h': return usage_lf_simask(); case 'i': invert = 1; @@ -791,7 +792,7 @@ int CmdLFaskSim(const char *Cmd) setDemodBuf(data, dataLen, 0); } if (clk == 0) clk = 64; - if (encoding == 0) clk = clk/2; //askraw needs to double the clock speed + if (encoding == 0) clk >>= 2; //askraw needs to double the clock speed size_t size = DemodBufferLen; From c528cf39896943c2c3738c7b8a54e9be153eb2ca Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 01:52:26 +0200 Subject: [PATCH 20/22] TEST: see if the readerfield is needed. --- armsrc/lfops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index ed5247d07..ae1a48889 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -397,8 +397,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) int i = 0; uint8_t *buf = BigBuf_get_addr(); - //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); + //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; From 36d87eeff0af91784e78dbb36e2d0e95b7dfaf79 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 17:31:23 +0200 Subject: [PATCH 21/22] FIX: client crash for global id, and removing my previous fix. --- client/cmdlfem4x.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index d139724c1..02af547a7 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -150,14 +150,9 @@ int CmdEM410xWatch(const char *Cmd) int CmdEM410xWatchnSpoof(const char *Cmd) { // loops if the captured ID was in XL-format. - uint8_t ans = 0; - do { - ans = CmdEM410xWatch(Cmd); - if ( ans ) { - PrintAndLog("# Replaying captured ID: %llu", g_em410xid); - CmdLFaskSim(""); - } - } while ( !ans ); + CmdEM410xWatch(Cmd); + PrintAndLog("# Replaying captured ID: %llu", g_em410xid); + CmdLFaskSim(""); return 0; } From 67cd89033c36aade765946cd9f607e787fec7074 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 20 Oct 2016 17:31:58 +0200 Subject: [PATCH 22/22] CHG: experimenting with 'lf sim' It does send a signal now but... --- armsrc/lfops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index ae1a48889..bbd848ce0 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -401,6 +401,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + //AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;