github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

using emulator memory for sim and restore

Browse source
This commit is contained in:
tharexde 2020-10-31 01:49:46 +01:00
commit 902b52ab02
1 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

43
armsrc/em4x50.c
View file

@ -122,6 +122,22 @@ static void em4x50_setup_sim(void) {
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
} }
static void emlGetMem(uint32_t *words, size_t nowords) {
// read <nowords> words from emulator memory
uint8_t *em4x50_mem = BigBuf_get_EM_addr();
for (int i = 0; i < EM4X50_NO_WORDS; i++) {
for (int j = 0; j < 4; j++)
words[i] |= (em4x50_mem[4 * i + j]) << ((3 - j) * 8);
// lsb is needed (given format is msb)
words[i] = reflect32(words[i]);
}
}
// functions for "reader" use case // functions for "reader" use case
static bool get_signalproperties(void) { static bool get_signalproperties(void) {
@ -1336,15 +1352,8 @@ void em4x50_restore(em4x50_data_t *etd) {
em4x50_setup_read(); em4x50_setup_read();
// read data // read data from emulator memory
for (int i = 0; i < EM4X50_NO_WORDS; i++) { emlGetMem(words_client, EM4X50_NO_WORDS);
for (int j = 0; j < 4; j++)
words_client[i] |= (etd->data[4 * i + j]) << ((3 - j) * 8);
// lsb is needed (dump is msb)
words_client[i] = reflect32(words_client[i]);
}
// set gHigh and gLow // set gHigh and gLow
if (get_signalproperties() && find_em4x50_tag()) { if (get_signalproperties() && find_em4x50_tag()) {
@ -1389,23 +1398,17 @@ void em4x50_restore(em4x50_data_t *etd) {
reply_ng(CMD_LF_EM4X50_RESTORE, status, 0, 0); reply_ng(CMD_LF_EM4X50_RESTORE, status, 0, 0);
} }
void em4x50_sim(em4x50_data_t *etd) { void em4x50_sim(void) {
// simulate either word (e.g. UID) or complete tag via dump file upload // simulate uploaded data in emulator memory
// (currently only a one-way communication is possible)
uint32_t words[EM4X50_NO_WORDS] = {0x0}; uint32_t words[EM4X50_NO_WORDS] = {0x0};
em4x50_setup_sim(); em4x50_setup_sim();
// read data // read data from emulator memory
for (int i = 0; i < EM4X50_NO_WORDS; i++) { emlGetMem(words, EM4X50_NO_WORDS);
for (int j = 0; j < 4; j++)
words[i] |= (etd->data[4 * i + j]) << ((3 - j) * 8);
// lsb is needed (dump is msb)
words[i] = reflect32(words[i]);
}
// extract control data // extract control data
int fwr = words[CONFIG_BLOCK] & 0xFF; // first word read int fwr = words[CONFIG_BLOCK] & 0xFF; // first word read