github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

zx adaptations

Browse source
This commit is contained in:
iceman1001 2021-12-27 17:42:33 +01:00
commit 6653bdc2be
4 changed files with 123 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/appmain.c
View file

@ -39,6 +39,7 @@
#include "hfsnoop.h" #include "hfsnoop.h"
#include "lfops.h" #include "lfops.h"
#include "lfsampling.h" #include "lfsampling.h"
#include "lfzx.h"
#include "mifarecmd.h" #include "mifarecmd.h"
#include "mifaredesfire.h" #include "mifaredesfire.h"
#include "mifaresim.h" #include "mifaresim.h"
@ -48,7 +49,6 @@
#include "ticks.h" #include "ticks.h"
#include "commonutil.h" #include "commonutil.h"
#include "crc16.h" #include "crc16.h"
#include "lfzx.h"
#ifdef WITH_LCD #ifdef WITH_LCD

132
armsrc/lfzx.c
View file

@ -7,25 +7,91 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Low frequency ZX8211 funtions // Low frequency ZX8211 funtions
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
#ifndef __LFOPS_H
#define __LFOPS_H
#include "lfzx.h" #include "lfzx.h"
#include "fpgaloader.h"
#include "ticks.h"
#include "dbprint.h"
#include "lfadc.h"
#include "pm3_cmd.h" // struct
#include "zx8211.h" #include "zx8211.h"
#include "BigBuf.h"
#include "crc.h" // CRC-8 / Hitag1 / ZX8211
#include "fpgaloader.h"
#include "dbprint.h"
#include "lfops.h" // turn_read_lf_on / off
#include "lfadc.h"
#include "lfsampling.h" // getSamplingConfig
#include "pm3_cmd.h" // struct
#include "ticks.h"
/*
ZX8211
RWE to tag
----------
ASK w 100% modulation index
When power field is:
off, its considered LOW field
on, its considered HIGH field
Binary Pulse Length Coding (BPLC)
ZERO = 8 off, 8 on (14-22)
ONE = 8 off, 28 on (26-32)
EOF = 8 off, 30 on (38 or more)
Protection
----------
32bit read password
32bit write password
Config bits
-------------
Timings
-------
Tx = 8us = 1fc
*/
#define ZX_START_GAP 170
#define ZX_WAIT_GAP 90
#define ZX_GAP 8 // 4 - 10
#define ZX_T0 18
#define ZX_T0_MIN 14
#define ZX_T0_MAX 22
#define ZX_T1 28
#define ZX_T1_MIN 26
#define ZX_T1_MAX 32
#define ZX_TEOF 38
#define ZX_RESET_GAP 35000 // 35ms
#define ZX_RESPONSE_GAP 208
#define ZX_PROG 716
#define ZX_PROG_CT 4470
// TTF switch to RTF
#define ZX_SWITCH_RTF 350
// ZX commands
#define LF_ZX_GET_UID 0b00110
#define LF_ZX_READ
#define LF_ZX_WRITE
static void zx8211_setup_read(void) { static void zx8211_setup_read(void) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Make sure the tag is reset
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// use lf config settings
sample_config *sc = getSamplingConfig();
LFSetupFPGAForADC(sc->divisor, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_ADC_READER_FIELD);
// 50ms for the resonant antenna to settle. // 50ms for the resonant antenna to settle.
SpinDelay(50); WaitMS(50);
// Now set up the SSC to get the ADC samples that are now streaming at us. // Now set up the SSC to get the ADC samples that are now streaming at us.
FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER); FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER);
@ -35,14 +101,6 @@ static void zx8211_setup_read(void) {
// Connect the A/D to the peak-detected low-frequency path. // Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD); SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Steal this pin from the SSP (SPI communication channel with fpga) and
// use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
// Disable modulation at default, which means enable the field
LOW(GPIO_SSC_DOUT);
// Start the timer // Start the timer
StartTicks(); StartTicks();
@ -50,10 +108,46 @@ static void zx8211_setup_read(void) {
WDT_HIT(); WDT_HIT();
} }
static void zx_send(uint8_t *cmd, uint8_t clen) {
if (clen == 0)
return;
turn_read_lf_on(ZX_START_GAP);
// now start writing with bitbanging the antenna.
while (clen-- > 0) {
turn_read_lf_off(ZX_GAP * 8);
if (((*cmd++) & 1) == 1) {
turn_read_lf_on(ZX_T1 * 8);
} else {
turn_read_lf_on(ZX_T0 * 8);
}
}
// send eof
turn_read_lf_off(ZX_GAP * 8);
turn_read_lf_on(ZX_TEOF * 8);
}
int zx8211_read(zx8211_data_t *zxd, bool ledcontrol) { int zx8211_read(zx8211_data_t *zxd, bool ledcontrol) {
zx8211_setup_read(); zx8211_setup_read();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
if (ledcontrol) LED_A_ON();
// send GET_UID
zx_send(NULL, 0);
//uint32_t cs = CRC8Hitag1(uint8_t *buff, size_t size);
if (ledcontrol) LEDsoff();
StopTicks(); StopTicks();
lf_finalize(ledcontrol); lf_finalize(ledcontrol);
//reply_ng(CMD_LF_ZX_READ, status, tag.data, sizeof(tag.data)); //reply_ng(CMD_LF_ZX_READ, status, tag.data, sizeof(tag.data));
@ -68,5 +162,3 @@ int zx8211_write(zx8211_data_t *zxd, bool ledcontrol) {
//reply_ng(CMD_LF_ZX_WRITE, status, tag.data, sizeof(tag.data)); //reply_ng(CMD_LF_ZX_WRITE, status, tag.data, sizeof(tag.data));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
#endif

17
client/src/cmdlfzx8211.c
View file

@ -30,14 +30,14 @@
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
//see ASKDemod for what args are accepted // see ASKDemod for what args are accepted
int demodzx(bool verbose) { int demodzx(bool verbose) {
(void) verbose; // unused so far (void) verbose; // unused so far
save_restoreGB(GRAPH_SAVE); save_restoreGB(GRAPH_SAVE);
//CmdAskEdgeDetect(""); // CmdAskEdgeDetect("");
//ASK / Manchester // ASK / Manchester
bool st = true; bool st = true;
if (ASKDemod_ext(64, 0, 0, 0, false, false, false, 1, &st) != PM3_SUCCESS) { if (ASKDemod_ext(64, 0, 0, 0, false, false, false, 1, &st) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - ZX: ASK/Manchester Demod failed"); PrintAndLogEx(DEBUG, "DEBUG: Error - ZX: ASK/Manchester Demod failed");
@ -62,7 +62,7 @@ int demodzx(bool verbose) {
setDemodBuff(g_DemodBuffer, 96, ans); setDemodBuff(g_DemodBuffer, 96, ans);
setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock));
//got a good demod // got a good demod
uint32_t raw1 = bytebits_to_byte(g_DemodBuffer, 32); uint32_t raw1 = bytebits_to_byte(g_DemodBuffer, 32);
// chksum // chksum
@ -139,15 +139,14 @@ int CmdLFZx8211(const char *Cmd) {
return CmdsParse(CommandTable, Cmd); return CmdsParse(CommandTable, Cmd);
} }
// find Visa2000 preamble in already demoded data
int detectzx(uint8_t *dest, size_t *size) { int detectzx(uint8_t *dest, size_t *size) {
if (*size < 96) return -1; //make sure buffer has data if (*size < 96) return -1; // make sure buffer has data
size_t startIdx = 0; size_t startIdx = 0;
uint8_t preamble[] = {0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0}; uint8_t preamble[] = {0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0};
if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx))
return -2; //preamble not found return -2; // preamble not found
if (*size != 96) return -3; //wrong demoded size if (*size != 96) return -3; // wrong demoded size
//return start position // return start position
return (int)startIdx; return (int)startIdx;
} }

3
include/zx8211.h
View file

@ -11,11 +11,12 @@
#ifndef ZX8211_H__ #ifndef ZX8211_H__
#define ZX8211_H__ #define ZX8211_H__
#include <stdbool.h>
#define ZX8211_NUM_BLOCKS 32 #define ZX8211_NUM_BLOCKS 32
// Common word/block addresses // Common word/block addresses
typedef struct { typedef struct {
bool parity; bool parity;
} zx8211_data_t; } zx8211_data_t;