github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit for the firmware. Used the 20090306_ela version as baseline.

Browse source 
It is identical to the popular 20081211, with the doob addition (20090301), a
linux client, and two additional commands for LF analysis. Let me know if
you find issues here!
This commit is contained in:
edouard@lafargue.name 2009-04-09 06:43:20 +00:00
commit 6658905f18
91 changed files with 16661 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

58
bootrom/Makefile Normal file
View file

@ -0,0 +1,58 @@
CC = arm-elf-gcc
AS = arm-elf-as
LD = arm-elf-ld
OBJCOPY = arm-elf-objcopy
OBJDIR = obj
INCLUDE = -I../include
INCLUDES = ../include/proxmark3.h ../include/at91sam7s128.h ../include/config_gpio.h ../include/usb_cmd.h
CFLAGS = -g -c $(INCLUDE) -Wall
OBJJTAG = $(OBJDIR)/bootrom.o $(OBJDIR)/ram-reset.o $(OBJDIR)/usb.o
OBJFLASH = $(OBJDIR)/flash-reset.o $(OBJDIR)/fromflash.o
all: bootrom.s19
bootrom.s19: $(OBJDIR)/bootrom.s19 $(OBJDIR)/bootrom-forjtag.s19
@echo bootrom.s19
@perl ..\tools\merge-srec.pl $(OBJDIR)\bootrom.s19 $(OBJDIR)\bootrom-forjtag.s19 > $(OBJDIR)\bootrom-merged.s19
@perl ..\tools\srecswap.pl $(OBJDIR)\bootrom-forjtag.s19 > $(OBJDIR)\bootrom-forjtag-swapped.s19
$(OBJDIR)/bootrom.s19: $(OBJFLASH)
@echo obj/bootrom.s19
@$(LD) -g -Tldscript-flash --oformat elf32-littlearm -o $(OBJDIR)/bootrom.elf $(OBJFLASH)
@$(OBJCOPY) -Osrec --srec-forceS3 $(OBJDIR)/bootrom.elf $(OBJDIR)/bootrom.s19
$(OBJDIR)/bootrom-forjtag.s19: $(OBJJTAG)
@echo obj/bootrom-forjtag.s19
@$(LD) -g -Tldscript-ram-jtag --oformat elf32-littlearm -o $(OBJDIR)/bootrom-forjtag.elf $(OBJJTAG)
@$(OBJCOPY) -Osrec --srec-forceS3 $(OBJDIR)/bootrom-forjtag.elf $(OBJDIR)/bootrom-forjtag.s19
$(OBJDIR)/bootrom.o: bootrom.c $(INCLUDES)
@echo $(@B).c
@$(CC) $(CFLAGS) -mthumb -mthumb-interwork bootrom.c -o $(OBJDIR)/bootrom.o
$(OBJDIR)/fromflash.o: fromflash.c $(INCLUDES)
@echo $(@B).c
@$(CC) $(CFLAGS) -mthumb -mthumb-interwork fromflash.c -o $(OBJDIR)/fromflash.o
$(OBJDIR)/usb.o: ../common/usb.c $(INCLUDES)
@echo $(@B).c
@$(CC) $(CFLAGS) -mthumb -mthumb-interwork ../common/usb.c -o $(OBJDIR)/usb.o
$(OBJDIR)/ram-reset.o: ram-reset.s
@echo $(@B).s
@$(CC) $(CFLAGS) -mthumb-interwork -o $(OBJDIR)/ram-reset.o ram-reset.s
$(OBJDIR)/flash-reset.o: flash-reset.s
@echo $(@B).s
@$(CC) $(CFLAGS) -mthumb-interwork -o $(OBJDIR)/flash-reset.o flash-reset.s
clean:
del /q obj\*.o
del /q obj\*.elf
del /q obj\*.s19

190
bootrom/bootrom.c Normal file
View file

@ -0,0 +1,190 @@
#include <proxmark3.h>
static void ConfigClocks(void)
{
// we are using a 16 MHz crystal as the basis for everything
// slow clock runs at 32Khz typical regardless of crystal
// enable system clock and USB clock
PMC_SYS_CLK_ENABLE = PMC_SYS_CLK_PROCESSOR_CLK | PMC_SYS_CLK_UDP_CLK;
// enable the clock to the following peripherals
PMC_PERIPHERAL_CLK_ENABLE =
(1<<PERIPH_PIOA) |
(1<<PERIPH_ADC) |
(1<<PERIPH_SPI) |
(1<<PERIPH_SSC) |
(1<<PERIPH_PWMC) |
(1<<PERIPH_UDP);
// worst case scenario, with 16Mhz xtal startup delay is 14.5ms
// with a slow clock running at it worst case (max) frequency of 42khz
// max startup delay = (14.5ms*42k)/8 = 76 = 0x4C round up to 0x50
// enable main oscillator and set startup delay
PMC_MAIN_OSCILLATOR = PMC_MAIN_OSCILLATOR_ENABLE |
PMC_MAIN_OSCILLATOR_STARTUP_DELAY(0x50);
// wait for main oscillator to stabilize
while ( !(PMC_INTERRUPT_STATUS & PMC_MAIN_OSCILLATOR_STABILIZED) )
;
// minimum PLL clock frequency is 80 MHz in range 00 (96 here so okay)
// frequency is crystal * multiplier / divisor = 16Mhz * 12 / 2 = 96Mhz
PMC_PLL = PMC_PLL_DIVISOR(2) | PMC_PLL_COUNT_BEFORE_LOCK(0x50) |
PMC_PLL_FREQUENCY_RANGE(0) | PMC_PLL_MULTIPLIER(12) |
PMC_PLL_USB_DIVISOR(1);
// wait for PLL to lock
while ( !(PMC_INTERRUPT_STATUS & PMC_MAIN_OSCILLATOR_PLL_LOCK) )
;
// we want a master clock (MCK) to be PLL clock / 2 = 96Mhz / 2 = 48Mhz
// as per datasheet, this register must be programmed in two operations
// when changing to PLL, program the prescaler first then the source
PMC_MASTER_CLK = PMC_CLK_PRESCALE_DIV_2;
// wait for main clock ready signal
while ( !(PMC_INTERRUPT_STATUS & PMC_MAIN_OSCILLATOR_MCK_READY) )
;
// set the source to PLL
PMC_MASTER_CLK = PMC_CLK_SELECTION_PLL_CLOCK | PMC_CLK_PRESCALE_DIV_2;
// wait for main clock ready signal
while ( !(PMC_INTERRUPT_STATUS & PMC_MAIN_OSCILLATOR_MCK_READY) )
;
}
static void Fatal(void)
{
for(;;);
}
void UsbPacketReceived(BYTE *packet, int len)
{
int i;
UsbCommand *c = (UsbCommand *)packet;
volatile DWORD *p;
if(len != sizeof(*c)) {
Fatal();
}
switch(c->cmd) {
case CMD_DEVICE_INFO:
break;
case CMD_SETUP_WRITE:
p = (volatile DWORD *)0;
for(i = 0; i < 12; i++) {
p[i+c->ext1] = c->d.asDwords[i];
}
break;
case CMD_FINISH_WRITE:
p = (volatile DWORD *)0;
for(i = 0; i < 4; i++) {
p[i+60] = c->d.asDwords[i];
}
MC_FLASH_COMMAND = MC_FLASH_COMMAND_KEY |
MC_FLASH_COMMAND_PAGEN(c->ext1/FLASH_PAGE_SIZE_BYTES) |
FCMD_WRITE_PAGE;
while(!(MC_FLASH_STATUS & MC_FLASH_STATUS_READY))
;
break;
case CMD_HARDWARE_RESET:
break;
default:
Fatal();
break;
}
c->cmd = CMD_ACK;
UsbSendPacket(packet, len);
}
void BootROM(void)
{
//------------
// First set up all the I/O pins; GPIOs configured directly, other ones
// just need to be assigned to the appropriate peripheral.
// Kill all the pullups, especially the one on USB D+; leave them for
// the unused pins, though.
PIO_NO_PULL_UP_ENABLE = (1 << GPIO_USB_PU) |
(1 << GPIO_LED_A) |
(1 << GPIO_LED_B) |
(1 << GPIO_LED_C) |
(1 << GPIO_LED_D) |
(1 << GPIO_FPGA_DIN) |
(1 << GPIO_FPGA_DOUT) |
(1 << GPIO_FPGA_CCLK) |
(1 << GPIO_FPGA_NINIT) |
(1 << GPIO_FPGA_NPROGRAM) |
(1 << GPIO_FPGA_DONE) |
(1 << GPIO_MUXSEL_HIPKD) |
(1 << GPIO_MUXSEL_HIRAW) |
(1 << GPIO_MUXSEL_LOPKD) |
(1 << GPIO_MUXSEL_LORAW) |
(1 << GPIO_RELAY) |
(1 << GPIO_NVDD_ON);
// (and add GPIO_FPGA_ON)
// These pins are outputs
PIO_OUTPUT_ENABLE = (1 << GPIO_LED_A) |
(1 << GPIO_LED_B) |
(1 << GPIO_LED_C) |
(1 << GPIO_LED_D) |
(1 << GPIO_RELAY) |
(1 << GPIO_NVDD_ON);
// PIO controls the following pins
PIO_ENABLE = (1 << GPIO_USB_PU) |
(1 << GPIO_LED_A) |
(1 << GPIO_LED_B) |
(1 << GPIO_LED_C) |
(1 << GPIO_LED_D);
USB_D_PLUS_PULLUP_OFF();
LED_D_OFF();
LED_C_ON();
LED_B_OFF();
LED_A_OFF();
// if 512K FLASH part - TODO make some defines :)
if ((DBGU_CIDR | 0xf00) == 0xa00) {
MC_FLASH_MODE0 = MC_FLASH_MODE_FLASH_WAIT_STATES(1) |
MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48);
MC_FLASH_MODE1 = MC_FLASH_MODE_FLASH_WAIT_STATES(1) |
MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48);
} else {
MC_FLASH_MODE0 = MC_FLASH_MODE_FLASH_WAIT_STATES(0) |
MC_FLASH_MODE_MASTER_CLK_IN_MHZ(48);
}
// Initialize all system clocks
ConfigClocks();
LED_A_ON();
if(BUTTON_PRESS()) {
UsbStart();
}
for(;;) {
WDT_HIT();
UsbPoll(TRUE);
if(!BUTTON_PRESS()) {
USB_D_PLUS_PULLUP_OFF();
LED_B_ON();
// jump to RAM address 0x10000 (LSBit set for thumb mode)
asm("ldr r3, = 0x10001\n");
asm("bx r3\n");
}
}
}

38
bootrom/flash-reset.s Normal file
View file

@ -0,0 +1,38 @@
.extern CopyBootToRAM
.text
.code 32
.align 0
.global start
start:
b Reset
b UndefinedInstruction
b SoftwareInterrupt
b PrefetchAbort
b DataAbort
b Reserved
b Irq
b Fiq
Reset:
ldr sp, = 0x0020FFF8 @ initialize stack pointer to top of RAM
bl CopyBootToRAM @ copy bootloader to RAM (in case the
@ user re-flashes the bootloader)
ldr r3, = 0x00200000 @ start address of RAM bootloader
bx r3 @ jump to it
Fiq:
b Fiq
UndefinedInstruction:
b UndefinedInstruction
SoftwareInterrupt:
b SoftwareInterrupt
PrefetchAbort:
b PrefetchAbort
DataAbort:
b DataAbort
Reserved:
b Reserved
Irq:
b Irq

11
bootrom/fromflash.c Normal file
View file

@ -0,0 +1,11 @@
#include <proxmark3.h>
void CopyBootToRAM(void)
{
int i;
volatile DWORD *s = (volatile DWORD *)0x200;
volatile DWORD *d = (volatile DWORD *)0x200000;
for(i = 0; i < 1024; i++) *d++ = *s++;
}

11
bootrom/ldscript-flash Normal file
View file

@ -0,0 +1,11 @@
SECTIONS
{
. = 0x00000000;
.text : { obj/flash-reset.o(.text) *(.text) }
.rodata : { *(.rodata) }
. = 0x00200000;
.data : { *(.data) }
__bss_start__ = .;
.bss : { *(.bss) }
__bss_end__ = .;
}

10
bootrom/ldscript-ram-jtag Normal file
View file

@ -0,0 +1,10 @@
SECTIONS
{
. = 0x00200000;
.text : { obj/ram-reset.o(.text) *(.text) }
.rodata : { *(.rodata) }
.data : { *(.data) }
__bss_start__ = .;
.bss : { *(.bss) }
__bss_end__ = .;
}

10
bootrom/ram-reset.s Normal file
View file

@ -0,0 +1,10 @@
.extern BootROM
.text
.code 32
.align 0
.global start
start:
ldr sp, = 0x0020FFF8
bl BootROM