new coverity scan complains..

fix 'lf hitag'  bit comparisions wrong
fix 'standalone mode'  logically dead code

armsrc/appmain.c

@@ -574,8 +574,6 @@ void StandAloneMode14a()
 			LED(selected + 1, 0);
 
 			// Begin transmitting
-			if (playing)
-			{
 			LED(LED_GREEN, 0);
 			DbpString("Playing");
 			for ( ; ; ) {
@@ -636,10 +634,7 @@ void StandAloneMode14a()
 			SpinDelay(300);
 			LEDsoff();
 			LED(selected + 1, 0);
-			}
+
-			else
-				while(BUTTON_PRESS())
-					WDT_HIT();
 		}
 	}
 }

armsrc/hitagS.c

@@ -167,25 +167,25 @@ static void hitag_send_bit(int bit) {
 		if (bit == 0) {
 			// AC Coding --__
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 32)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 64)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 64)	{};
-				;
+				
 		} else {
 			// AC coding -_-_
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 32)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
-				;
+				
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 48)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 48) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 64)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 64) {};
-				;;
+				
 		}
 		LED_A_OFF();
 		break;
@@ -193,25 +193,24 @@ static void hitag_send_bit(int bit) {
 		if (bit == 0) {
 			// AC Coding --__
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD)
+			while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD)
+			while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD) {};
-				;
+				
 		} else {
 			// AC coding -_-_
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 8)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 24)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 24) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 32)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
-				;;
 		}
 		LED_A_OFF();
 		break;
@@ -219,19 +218,19 @@ static void hitag_send_bit(int bit) {
 		if (bit == 0) {
 			// Manchester: Unloaded, then loaded |__--|
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 32)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
-				;
+				
 		} else {
 			// Manchester: Loaded, then unloaded |--__|
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 32)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
-				;
+				
 		}
 		LED_A_OFF();
 		break;
@@ -239,19 +238,19 @@ static void hitag_send_bit(int bit) {
 		if (bit == 0) {
 			// Manchester: Unloaded, then loaded |__--|
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 8)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
-				;
+				
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 		} else {
 			// Manchester: Loaded, then unloaded |--__|
 			HIGH(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 8)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
-				;
+				
 			LOW(GPIO_SSC_DOUT);
-			while (AT91C_BASE_TC0->TC_CV < T0 * 16)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
-				;
+				
 		}
 		LED_A_OFF();
 		break;
@@ -288,8 +287,8 @@ static void hitag_reader_send_bit(int bit) {
 	HIGH(GPIO_SSC_DOUT);
 	if (test == 1) {
 		// Wait for 4-10 times the carrier period
-		while (AT91C_BASE_TC0->TC_CV < T0 * 6)
+		while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
-			;
+			
 		//	SpinDelayUs(8*8);
 
 		// Disable modulation, just activates the field again
@@ -297,19 +296,19 @@ static void hitag_reader_send_bit(int bit) {
 
 		if (bit == 0) {
 			// Zero bit: |_-|
-			while (AT91C_BASE_TC0->TC_CV < T0 * 11)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 11) {};
-				;
+				
 			//		SpinDelayUs(16*8);
 		} else {
 			// One bit: |_--|
-			while (AT91C_BASE_TC0->TC_CV < T0 * 14)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 14) {};
-				;
+				
 			//		SpinDelayUs(22*8);
 		}
 	} else {
 		// Wait for 4-10 times the carrier period
-		while (AT91C_BASE_TC0->TC_CV < T0 * 6)
+		while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
-			;
+			
 		//	SpinDelayUs(8*8);
 
 		// Disable modulation, just activates the field again
@@ -317,13 +316,13 @@ static void hitag_reader_send_bit(int bit) {
 
 		if (bit == 0) {
 			// Zero bit: |_-|
-			while (AT91C_BASE_TC0->TC_CV < T0 * 22)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 22) {};
-				;
+				
 			//		SpinDelayUs(16*8);
 		} else {
 			// One bit: |_--|
-			while (AT91C_BASE_TC0->TC_CV < T0 * 28)
+			while (AT91C_BASE_TC0->TC_CV < T0 * 28) {};
-				;
+				
 			//		SpinDelayUs(22*8);
 		}
 	}
@@ -344,8 +343,8 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) {
 // Enable modulation, which means, drop the the field
 	HIGH(GPIO_SSC_DOUT);
 // Wait for 4-10 times the carrier period
-	while (AT91C_BASE_TC0->TC_CV < T0 * 6)
+	while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
-		;
+		
 // Disable modulation, just activates the field again
 	LOW(GPIO_SSC_DOUT);
 }
@@ -988,39 +987,39 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) {
 		tag.max_page=0;
 	//con1
 	tag.auth=0;
-	if((tag.pages[1][2]&0x80)==1)
+	if((tag.pages[1][2]&0x80) == 0x80)
 		tag.auth=1;
 	tag.LCON=0;
-	if((tag.pages[1][2]&0x2)==1)
+	if((tag.pages[1][2]&0x2) == 0x02)
 		tag.LCON=1;
 	tag.LKP=0;
-	if((tag.pages[1][2]&0x1)==1)
+	if((tag.pages[1][2]&0x1) == 0x01)
 		tag.LKP=1;
 	//con2
 	//0=read write 1=read only
 	tag.LCK7=0;
-	if((tag.pages[1][1]&0x80)==1)
+	if((tag.pages[1][1]&0x80) == 0x80)
 		tag.LCK7=1;
 	tag.LCK6=0;
-	if((tag.pages[1][1]&0x40)==1)
+	if((tag.pages[1][1]&0x40) == 0x040)
 		tag.LCK6=1;
 	tag.LCK5=0;
-	if((tag.pages[1][1]&0x20)==1)
+	if((tag.pages[1][1]&0x20) == 0x20)
 		tag.LCK5=1;
 	tag.LCK4=0;
-	if((tag.pages[1][1]&0x10)==1)
+	if((tag.pages[1][1]&0x10) == 0x10)
 		tag.LCK4=1;
 	tag.LCK3=0;
-	if((tag.pages[1][1]&0x8)==1)
+	if((tag.pages[1][1]&0x8) == 0x08)
 		tag.LCK3=1;
 	tag.LCK2=0;
-	if((tag.pages[1][1]&0x4)==1)
+	if((tag.pages[1][1]&0x4) == 0x04)
 		tag.LCK2=1;
 	tag.LCK1=0;
-	if((tag.pages[1][1]&0x2)==1)
+	if((tag.pages[1][1]&0x2) == 0x02)
 		tag.LCK1=1;
 	tag.LCK0=0;
-	if((tag.pages[1][1]&0x1)==1)
+	if((tag.pages[1][1]&0x1) == 0x01)
 		tag.LCK0=1;
 
 // Set up simulator mode, frequency divisor which will drive the FPGA

client/cmdhf.c

@@ -879,11 +879,6 @@ int CmdHFSearch(const char *Cmd){
 		PrintAndLog("\nValid ISO14443-A Tag Found - Quiting Search\n");
 		return ans;
 	} 
-	ans = HF14BReader(false); //CmdHF14BReader("s");
-	if (ans) {
-		PrintAndLog("\nValid ISO14443-B Tag Found - Quiting Search\n");
-		return ans;
-	}
 	ans = HF15Reader("", false);
 	if (ans) {
 		PrintAndLog("\nValid ISO15693 Tag Found - Quiting Search\n");
@@ -899,6 +894,12 @@ int CmdHFSearch(const char *Cmd){
 		PrintAndLog("\nValid Topaz Tag Found - Quiting Search\n");
 		return 1;
 	}
+	// 14b and iclass is the longest test (put last)
+	ans = HF14BReader(false); //CmdHF14BReader("s");
+	if (ans) {
+		PrintAndLog("\nValid ISO14443-B Tag Found - Quiting Search\n");
+		return ans;
+	}
 	ans = HFiClassReader("", false, false);
 	if (ans) {
 		PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n");

client/cmdhf14a.c

@@ -719,7 +719,7 @@ static void waitCmd(uint8_t iSelect) {
     UsbCommand resp;
     uint16_t len = 0;
 
-    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {        
+    if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {        
         len = iSelect ? (resp.arg[1] & 0xffff) : (resp.arg[0]  & 0xffff);
         PrintAndLog("received %i octets", len);
         if(!len)

client/default_keys.dic

@@ -452,3 +452,6 @@ E241E8AFCBAF,
 # Data from forum post
 123F8888F322,
 050908080008,
+# 
+# Data from hoist	
+4f9f59c9c875,

fpga/hi_read_rx_xcorr.v

@@ -15,9 +15,9 @@ module hi_read_rx_xcorr(
     input pck0, ck_1356meg, ck_1356megb;
     output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
     input [7:0] adc_d;
-    output adc_clk, ssp_frame, ssp_din;
+    output adc_clk;
     input ssp_dout;
-    output ssp_clk;
+    output ssp_frame, ssp_din, ssp_clk;
     input cross_hi, cross_lo;
     output dbg;
     input xcorr_is_848, snoop;
@@ -28,11 +28,18 @@ assign pwr_oe1 = 1'b0;
 assign pwr_oe3 = 1'b0;
 assign pwr_oe4 = 1'b0;
 
-wire adc_clk = ck_1356megb;
+// Clock divider
-
+reg [0:0] fc_divider;
-reg fc_div_2;
 always @(negedge ck_1356megb)
-    fc_div_2 <= fc_div_2 + 1;
+    fc_divider <= fc_divider + 1;
+wire fc_div2 = fc_divider[0];
+
+reg adc_clk;
+always @(ck_1356megb)
+	if (xcorr_is_848)
+		adc_clk <= ck_1356megb;
+	else
+		adc_clk <= fc_div2;
 
 // When we're a reader, we just need to do the BPSK demod; but when we're an
 // eavesdropper, we also need to pick out the commands sent by the reader,
@@ -77,7 +84,6 @@ reg ssp_frame;
 
 always @(negedge adc_clk)
 begin
-	if (xcorr_is_848 | fc_div_2)
 		corr_i_cnt <= corr_i_cnt + 1;
 end		
 		
@@ -137,7 +143,7 @@ begin
     begin
         ssp_clk <= 1'b1;
         // Don't shift if we just loaded new data, obviously.
-        if(corr_i_cnt != 7'd0)
+        if(corr_i_cnt != 6'd0)
         begin
             corr_i_out[7:0] <= {corr_i_out[6:0], corr_q_out[7]};
             corr_q_out[7:1] <= corr_q_out[6:0];