From c2aed7900c1a799dfe00ee8387940f0c26d9000d Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Sun, 4 Dec 2022 21:31:06 +0100 Subject: [PATCH 1/5] Temporary fix buffer overflow until new SIM firmware is released --- armsrc/i2c.c | 25 ++++++++++++++----------- armsrc/i2c.h | 6 +++--- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 12d7c9cd2..b79f8bb0e 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -53,7 +53,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) { #define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) -#define ISO7618_MAX_FRAME 255 +#define ISO7618_MAX_FRAME 260 // try i2c bus recovery at 100kHz = 5us high, 5us low void I2C_recovery(void) { @@ -395,8 +395,8 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) { } //Sends array of data (Array, length, command to be written , SlaveDevice address ). -// len = uint8 (max buffer to write 256bytes) -bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { +// len = uint16 because we need to write up to 256 bytes +bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) { bool bBreak = true; do { if (!I2C_Start()) @@ -433,8 +433,8 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev } // read one array of data (Data array, Readout length, command to be written , SlaveDevice address ). -// len = uint8 (max buffer to read 256bytes) -int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { +// len = uint16 because we need to read up to 256bytes +int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) { if (!data || len == 0) return 0; @@ -631,7 +631,7 @@ int I2C_get_version(uint8_t *maj, uint8_t *min) { } // Will read response from smart card module, retries 3 times to get the data. -bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) { +bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen) { uint8_t i = 5; int16_t len = 0; @@ -656,7 +656,7 @@ bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) { if (len <= 1) return false; - *destlen = (uint8_t)len & 0xFF; + *destlen = len; return true; } @@ -678,7 +678,10 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { return false; // read bytes from module - uint8_t len = sizeof(card_ptr->atr); + uint16_t len = sizeof(card_ptr->atr); + if (len > sizeof(card_ptr->atr)) { + len = sizeof(card_ptr->atr); + } if (sc_rx_bytes(card_ptr->atr, &len) == false) return false; @@ -697,7 +700,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { uint8_t chksum = 0; // xor property. will be zero when xored with chksum. - for (uint8_t i = 1; i < len; ++i) + for (uint16_t i = 1; i < len; ++i) chksum ^= card_ptr->atr[i]; if (chksum) { @@ -706,7 +709,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { } } - card_ptr->atr_len = len; + card_ptr->atr_len = (uint8_t) (len & 0xff); if (verbose) { LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false); } @@ -732,7 +735,7 @@ void SmartCardAtr(void) { void SmartCardRaw(smart_card_raw_t *p) { LED_D_ON(); - uint8_t len = 0; + uint16_t len = 0; uint8_t *resp = BigBuf_malloc(ISO7618_MAX_FRAME); // check if alloacted... smartcard_command_t flags = p->flags; diff --git a/armsrc/i2c.h b/armsrc/i2c.h index c1b6ada03..2ce051bd7 100644 --- a/armsrc/i2c.h +++ b/armsrc/i2c.h @@ -41,14 +41,14 @@ void I2C_Reset_EnterBootloader(void); bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address); bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address); -bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); -int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); +bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address); +int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address); // for firmware int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); -bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen); +bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen); // bool GetATR(smart_card_atr_t *card_ptr, bool verbose); From 89702a4e6e26ed30e2f211ce14add29c2c6adda9 Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Mon, 5 Dec 2022 19:33:41 +0100 Subject: [PATCH 2/5] Add SIM module firmware 4.12 from Sentinel --- client/resources/sim012.sha512.txt | 1 + tools/simmodule/sim012.asm | 817 +++++++++++++++++++++++++++++ 2 files changed, 818 insertions(+) create mode 100644 client/resources/sim012.sha512.txt create mode 100644 tools/simmodule/sim012.asm diff --git a/client/resources/sim012.sha512.txt b/client/resources/sim012.sha512.txt new file mode 100644 index 000000000..fdd509b54 --- /dev/null +++ b/client/resources/sim012.sha512.txt @@ -0,0 +1 @@ +ac65f93b15dea4e6a27a644056c18266113af57f4d29de9eead4871007816efa7d1ec9f73308377e5fe388fc81b3d408221bd4eff7e1d129e0a349bd2c0f3f2b sim012.bin diff --git a/tools/simmodule/sim012.asm b/tools/simmodule/sim012.asm new file mode 100644 index 000000000..5cec3b2f2 --- /dev/null +++ b/tools/simmodule/sim012.asm @@ -0,0 +1,817 @@ +; --------------------------------------------------------------------------- +; Proxmark3 RDV4 SIM module firmware +; +; Copyright (C) 2022 Sentinel +; +; This program is free software: you can redistribute it and/or modify it +; under the terms of the GNU Lesser General Public License as published by the +; Free Software Foundation, either version 3 of the License, or (at your +; option) any later version. +; +; This program is distributed in the hope that it will be useful, but WITHOUT +; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +; FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +; more details. +; +; You should have received a copy of the GNU Lesser General Public License +; along with this program. If not, see +; --------------------------------------------------------------------------- +; + VERS_HI equ 4 + VERS_LO equ 12 +; +; +; + SCON_0 equ 098h + FE_0 equ 098h.7 + + SCON_1 equ 0F8h + RI_1 equ 0F8h.0 + TI_1 equ 0F8h.1 + FE_1 equ 0F8h.7 + SBUF_1 equ 09Ah + T3CON equ 0C4h + RL3 equ 0C5h + RH3 equ 0C6h + + P0M1 equ 0B1h + P0M2 equ 0B2h + P1M1 equ 0B3h + P1M2 equ 0B4h + P3M1 equ 0ACh; + P3M2 equ 0ADh; + + EIE equ 09Bh + EIE1 equ 09Ch + + TA equ 0C7h + + RCTRIM0 equ 084h +; + CKCON equ 08Eh + CKDIV equ 095h +; + P1S equ 0B3h ;Page1 + SFRS equ 091h ;TA Protection +; + ;AUXR1 equ 0A2h +; + I2DAT equ 0BCh; + I2STAT equ 0BDh; + I2CLK equ 0BEh; + I2TOC equ 0BFh; + I2CON equ 0C0h; + ; equ I2CON.7;8 + I2CEN equ I2CON.6;4 + STA equ I2CON.5;2 + STO equ I2CON.4;1 + SI equ I2CON.3;8 + AA equ I2CON.2;4 + ; equ I2CON.1;2 + I2CPX equ I2CON.0;1 + + + I2ADDR equ 0C1h; + +; +; +; + pin_TX1 equ P1.6 + + pin_TX0 equ P0.6 + pin_RX0 equ P0.7 + + pin_SCL equ P1.3 + pin_SDA equ P1.4 + + pin_RST equ P1.0 + pin_CLC equ P1.1 + pin_led equ P1.2 + +; +; + + + CMD_GENERATE_ATR equ 01h + CMD_WRITE_DATA_SIM equ 02h + CMD_READ_DATA_SIM equ 03h + + CMD_SET_BAUD_RATE equ 04h + CMD_SET_SIM_CLC equ 05h + CMD_GET_VERS equ 06h + CMD_WRITE_CONFIRM equ 07h + + + +; +; + + bit_RX0 equ 32.0 + bit_command_receive equ 32.1 + bit_generate_ATR equ 32.2 + i2c_write_mode equ 32.3 + i2c_write_done equ 32.4 + bit_data_sim_wr equ 32.5 + ; equ 32.6 + bit_TX0 equ 32.7 + + bit_command_buff equ 33.0 + i2c_write_command equ 33.1 + i2c_command_done equ 33.2 + bit_wait_confirm equ 33.3 + bit_first_ATR equ 33.4 ;11/03/2019 + bit_length_answerH equ 33.5 + bit_length_answerL equ 33.6 +; +; +; + bit_32 equ 32 + bit_33 equ 33 + + time_data_read equ 34 + time_confirm equ 35 + + pointer_RX1H equ 36 ;save SBUF(SIM) to XRAM + pointer_RX1L equ 37 ;save SBUF(SIM) to XRAM + + pointer_RX2H equ 38 ;read XRAM to I2C + pointer_RX2L equ 39 ;read XRAM to I2C + + pointer_TXH equ 40 + pointer_TXL equ 41 + + length_send_to_simH equ 42 + length_send_to_simL equ 43 + + length_answer_simH equ 44 + length_answer_simL equ 45 + + length_command equ 46 + + buff_command equ 47 + cmd_command equ 48 + data_command equ 49 + + STACKKKKK equ 200 +; +; + XRAM_TX_BUFF equ 0 + XRAM_RX_BUFF equ 384 +; +; +; + +; +; +; +; 砫 ᭮ ணࠬ + cseg at 00 + Ljmp main_start + +; +; +; + cseg at 11 ;1302Hz = 4MHZ(Fsys)/12/256 +; + jb time_confirm.7, $+3+2 ;3 + dec time_confirm ;2 +; + jb time_data_read.7,reti_timer0 + djnz time_data_read, reti_timer0 + setb pin_scl +reti_timer0: + reti + + +; +; +; + cseg at 35 ;UART0 + ajmp jmp_UART0_interrupt + +; +; +; + cseg at 51 ;I2C + ajmp jmp_i2c_interrupt + +; +; +; + cseg at 123 ;UART1 + clr RI_1 + clr TI_1 + reti + +; +; +; +jmp_UART0_interrupt: + jbc RI,jmp_byte_RI + jbc TI,jmp_byte_TI + reti +; +jmp_byte_RI: + jnb bit_first_ATR, jmp_not_collect ;11/03/2019 + + setb bit_RX0 + jb i2c_write_done,jmp_not_collect + PUSH ACC + PUSH DPH + PUSH DPL + mov DPL,pointer_RX1L + mov DPH,pointer_RX1H + mov a,SBUF + movx @DPTR,a + inc DPTR + mov pointer_RX1L,DPL + mov pointer_RX1H,DPH + POP DPL + POP DPH + POP ACC + ;09/08/2018 + clr pin_scl + mov time_data_read,#52 ;52/1302Hz = 40mS + + inc length_answer_simL + mov a,length_answer_simL + jnz $+2+2 ;2 + inc length_answer_simH ;2 + +jmp_not_collect: + reti +; +jmp_byte_TI: + setb bit_TX0 + reti + + +; +; +jmp_i2c_interrupt: + PUSH ACC + PUSH PSW + mov PSW,#24 + mov R7,I2STAT +; +; +; + cjne R7,#000h,nextttt00000 + setb STO + clr SI + jb STO,$ + ajmp pop_i2c_psw +nextttt00000: +; +; +; + cjne R7,#060h,nextttt00001 ;START+MY ADRESS + clr pin_led ;LED ON + + clr bit_command_receive + clr i2c_write_mode + clr bit_data_sim_wr + clr bit_length_answerH + clr bit_length_answerL + clr bit_command_buff + clr i2c_write_command + + ajmp end_i2c_interrupt +nextttt00001: +; +; +; +; +; + cjne R7,#080h,nextttt00002 ;RAM ADRESS + + jb bit_command_receive,jmp_data_receive + setb bit_command_receive + + mov a,I2DAT +; +; +; + cjne a,#CMD_WRITE_CONFIRM,next_comm001a + setb bit_wait_confirm + ajmp WRITEDATASIM +next_comm001a: +; + cjne a,#CMD_WRITE_DATA_SIM,next_comm001b + clr bit_wait_confirm + ajmp WRITEDATASIM +next_comm001b: +; + cjne a,#CMD_GENERATE_ATR,next_comm002 + ajmp ATR_GENERATE +next_comm002: +; + cjne a,#CMD_GET_VERS,next_comm003 + ajmp ANSWER_VERS +next_comm003: +; + cjne a,#CMD_SET_BAUD_RATE,next_comm004 + ajmp BAUD_RATE_SET +next_comm004: +; + cjne a,#CMD_SET_SIM_CLC,next_comm005 + ajmp SIM_CLC_SET +next_comm005: +; + ajmp end_i2c_interrupt +; +; +; +; +jmp_data_receive: + ;What receive ? Data to SIM/Command to bridge + jb bit_data_sim_wr, jmp_data_sim_receive + jb i2c_write_command,jmp_comm_bridge_receive + ajmp end_i2c_interrupt +; +jmp_comm_bridge_receive: + mov @R0,I2DAT + inc R0 + inc length_command + ajmp end_i2c_interrupt +; +jmp_data_sim_receive: + + setb i2c_write_mode + + PUSH DPH + PUSH DPL + mov DPL,pointer_TXL + mov DPH,pointer_TXH + mov a,I2DAT + movx @DPTR,a + inc DPTR + mov pointer_TXL,DPL + mov pointer_TXH,DPH + POP DPL + POP DPH + + inc length_send_to_simL + mov a,length_send_to_simL + jnz $+2+2 ;2 + inc length_send_to_simH ;2 + + ajmp end_i2c_interrupt +nextttt00002: +; +; +; + cjne R7,#0A0h,nextttt00003 ;STOP + setb pin_led ;LED OFF + + ;Command finish ? + jnb i2c_write_command,jmp_not_command + clr i2c_write_command + setb i2c_command_done +jmp_not_command: + + ;data to SIM finish ? + jnb i2c_write_mode,end_i2c_interrupt + clr i2c_write_mode + + setb i2c_write_done + ;Prepare to answer + mov length_answer_simH,#0 + mov length_answer_simL,#0 + mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX1L,#LOW (XRAM_RX_BUFF) + mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX2L,#LOW (XRAM_RX_BUFF) + + ajmp end_i2c_interrupt +nextttt00003: +; +; +; + cjne R7,#0A8h,nextttt00004 + sjmp read_byte_I2C +nextttt00004: +; +; +; + cjne R7,#0B8h,nextttt00005 +read_byte_I2C: + jnb bit_command_buff,jmp_not_comm_buff2 + mov I2DAT,@R0 + inc R0 + ajmp end_i2c_interrupt + +jmp_not_comm_buff2: + jb bit_length_answerH,jmp_not_comm_buff3 + setb bit_length_answerH + mov I2DAT,length_answer_simH + ajmp end_i2c_interrupt + +jmp_not_comm_buff3: + jb bit_length_answerL,read_byte_APROM + setb bit_length_answerL + mov I2DAT,length_answer_simL + ajmp end_i2c_interrupt + +read_byte_APROM: + PUSH DPH + PUSH DPL + mov DPL,pointer_RX2L + mov DPH,pointer_RX2H + movx a,@DPTR + mov I2DAT,a + inc DPTR + mov pointer_RX2L,DPL + mov pointer_RX2H,DPH + POP DPL + POP DPH + +nextttt00005: +; +; +; +end_i2c_interrupt: + clr STA + clr STO + setb AA +; +; +; +pop_i2c_psw: + POP PSW + POP ACC + clr SI + reti + + +; +; +; +ANSWER_VERS: + mov R0,#data_command + mov cmd_command,#CMD_GET_VERS + mov (data_command+0),#2 + mov (data_command+1),#VERS_HI + mov (data_command+2),#VERS_LO + setb bit_command_buff + ajmp end_i2c_interrupt + +; +; +; +ATR_GENERATE: + setb bit_generate_ATR + ;Prepare to answer + mov length_answer_simH,#0 + mov length_answer_simL,#0 + mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX1L,#LOW (XRAM_RX_BUFF) + mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX2L,#LOW (XRAM_RX_BUFF) + ajmp end_i2c_interrupt + + +; +; +; +BAUD_RATE_SET: + mov R0,#data_command + mov length_command,#0 + mov cmd_command,#CMD_SET_BAUD_RATE + setb i2c_write_command + ajmp end_i2c_interrupt + + +; +; +; +SIM_CLC_SET: + mov R0,#data_command + mov length_command,#0 + mov cmd_command,#CMD_SET_SIM_CLC + setb i2c_write_command + ajmp end_i2c_interrupt + +; +; +; +WRITEDATASIM: + mov length_send_to_simH,#0 + mov length_send_to_simL,#0 + setb bit_data_sim_wr + mov pointer_TXH,#HIGH(XRAM_TX_BUFF) + mov pointer_TXL,#LOW (XRAM_TX_BUFF) + ajmp end_i2c_interrupt + +; +; +; +; %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +main_start: + mov SP,#STACKKKKK +; + ;0-bidirect 1-push pull 0-input only 1-open drain + ;0 0 1 1 +; + mov P0M2,#01000000b ;0 + mov P0M1,#11111111b ;P1.6-Tx0 SIM; + ; + mov P1M2,#01011111b ;1 + mov P1M1,#10111000b ;P1.6-Tx1 DEBUG; P1.4,P1.3 - I2C; + + mov P3M2,#00000000b ;P3 + mov P3M1,#11111111b ; +; + mov TMOD, #22h + mov TH0, #0 ;14400hz + mov TH1, #0E9h ;UART0 10800 Bit/sec + mov TCON, #55h +; +; + mov TA,#0AAh + mov TA,#055h + orl SFRS,#00000001b + + mov P1S, #00010000b ;P1.4 trigger schmiddt + + mov TA,#0AAh + mov TA,#055h + anl SFRS,#11111110b +; +; +; + ;------- CONFIG I2C --------- + mov I2CON, #44h ;set AA, set I2C enable + setb pin_sda + setb pin_scl + mov I2ADDR,#0C0h +; +; +; +; +; + ;mov SCON, #050h ;UART0 8bit + mov SCON, #0D0h ;UART0 9bit + ;mov PCON, #11000000b;FE_0 enable + mov PCON, #10000000b;FE_0 disable +; + mov SCON_1,#050h ;UART1 + ;mov T3CON, #01101000b;FE_1 enable TIMER3 UART0 BAUD + ;mov T3CON, #00101000b;FE_1 disable TIMER3 UART0 BAUD + mov T3CON, #00001000b;FE_1 disable TIMER1 UART0 BAUD + ;mov RL3,#0E9h ;10800/21600 + ;mov RH3,#0FFh +; + ;UART1 + mov RL3,#0F7h ;27777/55556 + mov RH3,#0FFh +; +; +; + mov CKDIV,#2 ;Fsys=4.00MHZ + ;mov CKDIV,#1 ;Fsys=8.00MHZ +; + mov bit_32,#0 + mov bit_33,#0 + setb time_data_read.7 +; + ;orl CKCON,#00000010b ;ENABLE CLC TIMER1 Fsys/12 + orl CKCON,#00010010b ;ENABLE CLC TIMER1 Fsys +; + ;mov a,RCTRIM0 + ;add a,#31 + ;mov TA,#0AAh + ;mov TA,#055h + ;mov RCTRIM0,a +; +; + acall clr_buffer +; + mov EIE, #00000001b ;I2C Interrupt + ;mov IE, #10010000b ;EA, SERIAL0 + mov IE, #10010010b ;EA, SERIAL0, TIMER0 +; +; +; +; +; +main_loop: + acall control_ATR + acall control_send_to_sim + acall control_command + sjmp main_loop + +; +; +; +control_command: + jbc i2c_command_done,$+3+1 ;3 + ret ;1 +; +; + ;Control Length command=1 + mov a,length_command + cjne a,#1,next_commandEND ;error length_command != 1 +; +; + mov a,cmd_command + cjne a,#CMD_SET_BAUD_RATE,next_command001 + mov TH1,data_command ;Timer1 HIGH byte + ret +next_command001: +; + cjne a,#CMD_SET_SIM_CLC, next_command002 + mov CKDIV,data_command ;Fsys DIV + ret +next_command002: +; +next_commandEND: + ret + +; +; +; +control_send_to_sim: + jb i2c_write_done,$+3+1 ;3 + ret ;1 +; +; + jbc bit_wait_confirm,jmp_wait_confirm +; +; + mov DPTR,#XRAM_TX_BUFF +looop_send: + movx a,@DPTR + inc DPTR + acall for_coooooom0 + + clr c + mov a,length_send_to_simL + subb a,#1 + mov length_send_to_simL,a + mov a,length_send_to_simH + subb a,#0 + mov length_send_to_simH,a + orl a,length_send_to_simL + jnz looop_send +; +; + jnb bit_RX0,$ + clr i2c_write_done + ret + + +; +; +; +jmp_wait_confirm: + mov DPTR,#(XRAM_TX_BUFF+1) + movx a,@DPTR + mov R3,a + mov R4,#5 +; + mov DPTR,#XRAM_TX_BUFF +looop_seend: + movx a,@DPTR + inc DPTR + acall for_coooooom0 + djnz R4,jmp_not_5byte + + jnb bit_RX0,$ + clr bit_RX0 + ;18/12/2018 + mov time_confirm,#65 ;New timeout 50mS +looop_waitconf: + jb time_confirm.7,jmp_no_answer + jnb bit_RX0,looop_waitconf + + ;clr pin_scl ;TEST PULSE! + mov a,SBUF + xrl a,R3 + ;setb pin_scl ;TEST PULSE! + + jnz jmp_no_correct_answer ;18/12/2018 + + ;pause for next byte 17/12/2018 + mov R7,#0 + djnz R7,$ ;~260mkSec + djnz R7,$ ;~260mkSec + djnz R7,$ ;~260mkSec + +jmp_not_5byte: + + clr c + mov a,length_send_to_simL + subb a,#1 + mov length_send_to_simL,a + mov a,length_send_to_simH + subb a,#0 + mov length_send_to_simH,a + orl a,length_send_to_simL + jnz looop_seend +; +; + jnb bit_RX0,$ + clr bit_RX0 +jmp_no_answer: + clr i2c_write_done + ret + +; +; +;18/12/2018 +jmp_no_correct_answer: + clr EA + clr i2c_write_done + + mov DPL,pointer_RX1L + mov DPH,pointer_RX1H + mov a,SBUF + movx @DPTR,a + inc DPTR + mov pointer_RX1L,DPL + mov pointer_RX1H,DPH + + clr pin_scl + mov time_data_read,#52 ;52/1302Hz = 40mS + + inc length_answer_simL + mov a,length_answer_simL + jnz $+2+2 ;2 + inc length_answer_simH ;2 + + setb EA + ret + + + +; +; +; +control_ATR: + jbc bit_generate_ATR,$+3+1 ;3 + ret ;1 +; + clr pin_RST + ;acall clr_buffer + ; Add rezet pause 17/12/2018 + + mov R6,#200 +looop_pause50mS: + djnz R7,$ ;~260mkSec + djnz R6,looop_pause50mS + + ;Prepare to answer 11/03/2019 + acall clr_buffer + + mov length_answer_simH,#0 + mov length_answer_simL,#0 + mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX1L,#LOW (XRAM_RX_BUFF) + mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) + mov pointer_RX2L,#LOW (XRAM_RX_BUFF) + setb bit_first_ATR + setb pin_RST + ret + +; +; +; +for_coooooom0: + clr bit_RX0 + mov c,P + mov TB8,c ;9bit parity + mov SBUF,a + jnb bit_TX0,$ + clr bit_TX0 + mov R7,#100 + djnz R7,$ + ret + +; +; +; +clr_buffer: + mov DPTR,#0256 ;Receive SIM buffer + mov R7,#255 + clr a +looop_clr_bufff: + movx @DPTR,a + inc DPTR + djnz R7,looop_clr_bufff + ret + +; +; +; +;for_coooooom1: +; mov SBUF_1,a +; jnb TI_1,$ +; clr TI_1 +; ret +; +; +; +; + +end. From 83e6b223c4dc1974149ece3eac743356b6d7a566 Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Mon, 5 Dec 2022 19:35:11 +0100 Subject: [PATCH 3/5] Adapt ARM code to comply with SIM module firmware 4.12 --- armsrc/i2c.c | 51 ++++++++++++++++++++++++++++++--------- client/src/cmdsmartcard.c | 7 +++++- client/src/cmdsmartcard.h | 6 ++--- 3 files changed, 49 insertions(+), 15 deletions(-) diff --git a/armsrc/i2c.c b/armsrc/i2c.c index b79f8bb0e..eba6fe200 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -53,7 +53,8 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) { #define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) -#define ISO7618_MAX_FRAME 260 +// The SIM module v4 supports up to 384 bytes for the length. +#define ISO7816_MAX_FRAME 260 // try i2c bus recovery at 100kHz = 5us high, 5us low void I2C_recovery(void) { @@ -445,6 +446,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t bool bBreak = true; uint16_t readcount = 0; + uint16_t recv_len = 0; do { if (!I2C_Start()) @@ -484,11 +486,34 @@ int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t len--; - // The first byte in response is the message length - if (!readcount && (len > *data)) { - len = *data; + // Starting firmware v4 the length is encoded on the first two bytes. + // This only applies if command is I2C_DEVICE_CMD_READ. + if (device_cmd == I2C_DEVICE_CMD_READ) { + switch (readcount) { + case 0: + // Length (MSB) + recv_len = (*data) << 8; + break; + case 1: + // Length (LSB) + recv_len += *data; + // Adjust len if needed + if (len > recv_len) { + len = recv_len; + } + break; + default: + // Data byte received + data++; + break; + } } else { - data++; + // Length is encoded on 1 byte + if ((readcount == 0) && (len > *data)) { + len = *data; + } else { + data++; + } } readcount++; @@ -501,8 +526,8 @@ int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t I2C_Stop(); - // return bytecount - first byte (which is length byte) - return --readcount; + // return bytecount - bytes encoding length + return readcount - (device_cmd == I2C_DEVICE_CMD_READ ? 2 : 1); } int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address) { @@ -612,10 +637,14 @@ bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t d void I2C_print_status(void) { DbpString(_CYAN_("Smart card module (ISO 7816)")); uint8_t maj, min; - if (I2C_get_version(&maj, &min) == PM3_SUCCESS) + if (I2C_get_version(&maj, &min) == PM3_SUCCESS) { Dbprintf(" version................. " _YELLOW_("v%x.%02d"), maj, min); - else + if (maj < 4) { + DbpString(" " _RED_("Outdated firmware.") " Please upgrade to v4.x or above."); + } + } else { DbpString(" version................. " _RED_("FAILED")); + } } int I2C_get_version(uint8_t *maj, uint8_t *min) { @@ -736,7 +765,7 @@ void SmartCardRaw(smart_card_raw_t *p) { LED_D_ON(); uint16_t len = 0; - uint8_t *resp = BigBuf_malloc(ISO7618_MAX_FRAME); + uint8_t *resp = BigBuf_malloc(ISO7816_MAX_FRAME); // check if alloacted... smartcard_command_t flags = p->flags; @@ -780,7 +809,7 @@ void SmartCardRaw(smart_card_raw_t *p) { } // read bytes from module - len = ISO7618_MAX_FRAME; + len = ISO7816_MAX_FRAME; res = sc_rx_bytes(resp, &len); if (res) { LogTrace(resp, len, 0, 0, NULL, false); diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 92495f9cf..80cf0f4c4 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -329,10 +329,15 @@ static int smart_responseEx(uint8_t *out, int maxoutlen, bool verbose) { } if (needGetData == true) { - // Don't discard data we already received except the SW code + // Don't discard data we already received except the SW code. + // If we only received 1 byte, this is the echo of INS, we discard it. totallen -= 2; + if (totallen == 1) { + totallen = 0; + } int ofs = totallen; maxoutlen -= totallen; + PrintAndLogEx(INFO, "Keeping data (%d bytes): %s", ofs, sprint_hex(out, ofs)); int len = out[datalen - 1]; if (len == 0 || len > MAX_APDU_SIZE) { diff --git a/client/src/cmdsmartcard.h b/client/src/cmdsmartcard.h index 72c40fa3b..6ed0a2842 100644 --- a/client/src/cmdsmartcard.h +++ b/client/src/cmdsmartcard.h @@ -22,10 +22,10 @@ #include "common.h" #include "pm3_cmd.h" // structs -// On ARM side, ISO7816_MAX_FRAME is set to 255 -// This means we can't receive more than 250 bytes of data to leave enough room for +// On ARM side, ISO7816_MAX_FRAME is set to 260 +// This means we can receive a full short APDU (256 bytes) of data and have enough room for // SW status code and surrounding metadata without creating a buffer overflow. -#define MAX_APDU_SIZE 250 +#define MAX_APDU_SIZE 256 int CmdSmartcard(const char *Cmd); From ba27eb03e0b265d668cdcf6068f0470814be16f9 Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Mon, 5 Dec 2022 19:42:23 +0100 Subject: [PATCH 4/5] Update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47d9f5ad3..ceafdc02e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `hf mf gload, gsave, ggetblk, gsetblk` for Gen4 GTU in mifare classic mode (@DidierA) - Fixed SPI flash overflow when loading dictionnaries into flash. Breaking change: added 1 more sector for Mifare - dictionnaries should be loaded again (@jmichelp) - Fixed `lf hitag dump` - Should now work as described in the command help (@natmchugh) + - Fixed wired smartcard APDU chaining logic and allow 256 bytes ADPU payload. Need SIM firmware 4.12 to work (jmichel@) + - SIM module firmware 4.12 to accomodate with the new APDU payload size (sentinel@) ## [Radium.4.15864][2022-10-29] - Changed `lf indala sim` - now accepts fc / cn (@iceman1001) From c23c2b2aef3d56a4d87a4a6cdf9664525c5a713c Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Mon, 5 Dec 2022 20:05:28 +0100 Subject: [PATCH 5/5] Rollback the firmware part --- CHANGELOG.md | 1 - client/resources/sim012.sha512.txt | 1 - tools/simmodule/sim012.asm | 817 ----------------------------- 3 files changed, 819 deletions(-) delete mode 100644 client/resources/sim012.sha512.txt delete mode 100644 tools/simmodule/sim012.asm diff --git a/CHANGELOG.md b/CHANGELOG.md index ceafdc02e..5dacd8ea2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,6 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Fixed SPI flash overflow when loading dictionnaries into flash. Breaking change: added 1 more sector for Mifare - dictionnaries should be loaded again (@jmichelp) - Fixed `lf hitag dump` - Should now work as described in the command help (@natmchugh) - Fixed wired smartcard APDU chaining logic and allow 256 bytes ADPU payload. Need SIM firmware 4.12 to work (jmichel@) - - SIM module firmware 4.12 to accomodate with the new APDU payload size (sentinel@) ## [Radium.4.15864][2022-10-29] - Changed `lf indala sim` - now accepts fc / cn (@iceman1001) diff --git a/client/resources/sim012.sha512.txt b/client/resources/sim012.sha512.txt deleted file mode 100644 index fdd509b54..000000000 --- a/client/resources/sim012.sha512.txt +++ /dev/null @@ -1 +0,0 @@ -ac65f93b15dea4e6a27a644056c18266113af57f4d29de9eead4871007816efa7d1ec9f73308377e5fe388fc81b3d408221bd4eff7e1d129e0a349bd2c0f3f2b sim012.bin diff --git a/tools/simmodule/sim012.asm b/tools/simmodule/sim012.asm deleted file mode 100644 index 5cec3b2f2..000000000 --- a/tools/simmodule/sim012.asm +++ /dev/null @@ -1,817 +0,0 @@ -; --------------------------------------------------------------------------- -; Proxmark3 RDV4 SIM module firmware -; -; Copyright (C) 2022 Sentinel -; -; This program is free software: you can redistribute it and/or modify it -; under the terms of the GNU Lesser General Public License as published by the -; Free Software Foundation, either version 3 of the License, or (at your -; option) any later version. -; -; This program is distributed in the hope that it will be useful, but WITHOUT -; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -; FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -; more details. -; -; You should have received a copy of the GNU Lesser General Public License -; along with this program. If not, see -; --------------------------------------------------------------------------- -; - VERS_HI equ 4 - VERS_LO equ 12 -; -; -; - SCON_0 equ 098h - FE_0 equ 098h.7 - - SCON_1 equ 0F8h - RI_1 equ 0F8h.0 - TI_1 equ 0F8h.1 - FE_1 equ 0F8h.7 - SBUF_1 equ 09Ah - T3CON equ 0C4h - RL3 equ 0C5h - RH3 equ 0C6h - - P0M1 equ 0B1h - P0M2 equ 0B2h - P1M1 equ 0B3h - P1M2 equ 0B4h - P3M1 equ 0ACh; - P3M2 equ 0ADh; - - EIE equ 09Bh - EIE1 equ 09Ch - - TA equ 0C7h - - RCTRIM0 equ 084h -; - CKCON equ 08Eh - CKDIV equ 095h -; - P1S equ 0B3h ;Page1 - SFRS equ 091h ;TA Protection -; - ;AUXR1 equ 0A2h -; - I2DAT equ 0BCh; - I2STAT equ 0BDh; - I2CLK equ 0BEh; - I2TOC equ 0BFh; - I2CON equ 0C0h; - ; equ I2CON.7;8 - I2CEN equ I2CON.6;4 - STA equ I2CON.5;2 - STO equ I2CON.4;1 - SI equ I2CON.3;8 - AA equ I2CON.2;4 - ; equ I2CON.1;2 - I2CPX equ I2CON.0;1 - - - I2ADDR equ 0C1h; - -; -; -; - pin_TX1 equ P1.6 - - pin_TX0 equ P0.6 - pin_RX0 equ P0.7 - - pin_SCL equ P1.3 - pin_SDA equ P1.4 - - pin_RST equ P1.0 - pin_CLC equ P1.1 - pin_led equ P1.2 - -; -; - - - CMD_GENERATE_ATR equ 01h - CMD_WRITE_DATA_SIM equ 02h - CMD_READ_DATA_SIM equ 03h - - CMD_SET_BAUD_RATE equ 04h - CMD_SET_SIM_CLC equ 05h - CMD_GET_VERS equ 06h - CMD_WRITE_CONFIRM equ 07h - - - -; -; - - bit_RX0 equ 32.0 - bit_command_receive equ 32.1 - bit_generate_ATR equ 32.2 - i2c_write_mode equ 32.3 - i2c_write_done equ 32.4 - bit_data_sim_wr equ 32.5 - ; equ 32.6 - bit_TX0 equ 32.7 - - bit_command_buff equ 33.0 - i2c_write_command equ 33.1 - i2c_command_done equ 33.2 - bit_wait_confirm equ 33.3 - bit_first_ATR equ 33.4 ;11/03/2019 - bit_length_answerH equ 33.5 - bit_length_answerL equ 33.6 -; -; -; - bit_32 equ 32 - bit_33 equ 33 - - time_data_read equ 34 - time_confirm equ 35 - - pointer_RX1H equ 36 ;save SBUF(SIM) to XRAM - pointer_RX1L equ 37 ;save SBUF(SIM) to XRAM - - pointer_RX2H equ 38 ;read XRAM to I2C - pointer_RX2L equ 39 ;read XRAM to I2C - - pointer_TXH equ 40 - pointer_TXL equ 41 - - length_send_to_simH equ 42 - length_send_to_simL equ 43 - - length_answer_simH equ 44 - length_answer_simL equ 45 - - length_command equ 46 - - buff_command equ 47 - cmd_command equ 48 - data_command equ 49 - - STACKKKKK equ 200 -; -; - XRAM_TX_BUFF equ 0 - XRAM_RX_BUFF equ 384 -; -; -; - -; -; -; -; 砫 ᭮ ணࠬ - cseg at 00 - Ljmp main_start - -; -; -; - cseg at 11 ;1302Hz = 4MHZ(Fsys)/12/256 -; - jb time_confirm.7, $+3+2 ;3 - dec time_confirm ;2 -; - jb time_data_read.7,reti_timer0 - djnz time_data_read, reti_timer0 - setb pin_scl -reti_timer0: - reti - - -; -; -; - cseg at 35 ;UART0 - ajmp jmp_UART0_interrupt - -; -; -; - cseg at 51 ;I2C - ajmp jmp_i2c_interrupt - -; -; -; - cseg at 123 ;UART1 - clr RI_1 - clr TI_1 - reti - -; -; -; -jmp_UART0_interrupt: - jbc RI,jmp_byte_RI - jbc TI,jmp_byte_TI - reti -; -jmp_byte_RI: - jnb bit_first_ATR, jmp_not_collect ;11/03/2019 - - setb bit_RX0 - jb i2c_write_done,jmp_not_collect - PUSH ACC - PUSH DPH - PUSH DPL - mov DPL,pointer_RX1L - mov DPH,pointer_RX1H - mov a,SBUF - movx @DPTR,a - inc DPTR - mov pointer_RX1L,DPL - mov pointer_RX1H,DPH - POP DPL - POP DPH - POP ACC - ;09/08/2018 - clr pin_scl - mov time_data_read,#52 ;52/1302Hz = 40mS - - inc length_answer_simL - mov a,length_answer_simL - jnz $+2+2 ;2 - inc length_answer_simH ;2 - -jmp_not_collect: - reti -; -jmp_byte_TI: - setb bit_TX0 - reti - - -; -; -jmp_i2c_interrupt: - PUSH ACC - PUSH PSW - mov PSW,#24 - mov R7,I2STAT -; -; -; - cjne R7,#000h,nextttt00000 - setb STO - clr SI - jb STO,$ - ajmp pop_i2c_psw -nextttt00000: -; -; -; - cjne R7,#060h,nextttt00001 ;START+MY ADRESS - clr pin_led ;LED ON - - clr bit_command_receive - clr i2c_write_mode - clr bit_data_sim_wr - clr bit_length_answerH - clr bit_length_answerL - clr bit_command_buff - clr i2c_write_command - - ajmp end_i2c_interrupt -nextttt00001: -; -; -; -; -; - cjne R7,#080h,nextttt00002 ;RAM ADRESS - - jb bit_command_receive,jmp_data_receive - setb bit_command_receive - - mov a,I2DAT -; -; -; - cjne a,#CMD_WRITE_CONFIRM,next_comm001a - setb bit_wait_confirm - ajmp WRITEDATASIM -next_comm001a: -; - cjne a,#CMD_WRITE_DATA_SIM,next_comm001b - clr bit_wait_confirm - ajmp WRITEDATASIM -next_comm001b: -; - cjne a,#CMD_GENERATE_ATR,next_comm002 - ajmp ATR_GENERATE -next_comm002: -; - cjne a,#CMD_GET_VERS,next_comm003 - ajmp ANSWER_VERS -next_comm003: -; - cjne a,#CMD_SET_BAUD_RATE,next_comm004 - ajmp BAUD_RATE_SET -next_comm004: -; - cjne a,#CMD_SET_SIM_CLC,next_comm005 - ajmp SIM_CLC_SET -next_comm005: -; - ajmp end_i2c_interrupt -; -; -; -; -jmp_data_receive: - ;What receive ? Data to SIM/Command to bridge - jb bit_data_sim_wr, jmp_data_sim_receive - jb i2c_write_command,jmp_comm_bridge_receive - ajmp end_i2c_interrupt -; -jmp_comm_bridge_receive: - mov @R0,I2DAT - inc R0 - inc length_command - ajmp end_i2c_interrupt -; -jmp_data_sim_receive: - - setb i2c_write_mode - - PUSH DPH - PUSH DPL - mov DPL,pointer_TXL - mov DPH,pointer_TXH - mov a,I2DAT - movx @DPTR,a - inc DPTR - mov pointer_TXL,DPL - mov pointer_TXH,DPH - POP DPL - POP DPH - - inc length_send_to_simL - mov a,length_send_to_simL - jnz $+2+2 ;2 - inc length_send_to_simH ;2 - - ajmp end_i2c_interrupt -nextttt00002: -; -; -; - cjne R7,#0A0h,nextttt00003 ;STOP - setb pin_led ;LED OFF - - ;Command finish ? - jnb i2c_write_command,jmp_not_command - clr i2c_write_command - setb i2c_command_done -jmp_not_command: - - ;data to SIM finish ? - jnb i2c_write_mode,end_i2c_interrupt - clr i2c_write_mode - - setb i2c_write_done - ;Prepare to answer - mov length_answer_simH,#0 - mov length_answer_simL,#0 - mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX1L,#LOW (XRAM_RX_BUFF) - mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX2L,#LOW (XRAM_RX_BUFF) - - ajmp end_i2c_interrupt -nextttt00003: -; -; -; - cjne R7,#0A8h,nextttt00004 - sjmp read_byte_I2C -nextttt00004: -; -; -; - cjne R7,#0B8h,nextttt00005 -read_byte_I2C: - jnb bit_command_buff,jmp_not_comm_buff2 - mov I2DAT,@R0 - inc R0 - ajmp end_i2c_interrupt - -jmp_not_comm_buff2: - jb bit_length_answerH,jmp_not_comm_buff3 - setb bit_length_answerH - mov I2DAT,length_answer_simH - ajmp end_i2c_interrupt - -jmp_not_comm_buff3: - jb bit_length_answerL,read_byte_APROM - setb bit_length_answerL - mov I2DAT,length_answer_simL - ajmp end_i2c_interrupt - -read_byte_APROM: - PUSH DPH - PUSH DPL - mov DPL,pointer_RX2L - mov DPH,pointer_RX2H - movx a,@DPTR - mov I2DAT,a - inc DPTR - mov pointer_RX2L,DPL - mov pointer_RX2H,DPH - POP DPL - POP DPH - -nextttt00005: -; -; -; -end_i2c_interrupt: - clr STA - clr STO - setb AA -; -; -; -pop_i2c_psw: - POP PSW - POP ACC - clr SI - reti - - -; -; -; -ANSWER_VERS: - mov R0,#data_command - mov cmd_command,#CMD_GET_VERS - mov (data_command+0),#2 - mov (data_command+1),#VERS_HI - mov (data_command+2),#VERS_LO - setb bit_command_buff - ajmp end_i2c_interrupt - -; -; -; -ATR_GENERATE: - setb bit_generate_ATR - ;Prepare to answer - mov length_answer_simH,#0 - mov length_answer_simL,#0 - mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX1L,#LOW (XRAM_RX_BUFF) - mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX2L,#LOW (XRAM_RX_BUFF) - ajmp end_i2c_interrupt - - -; -; -; -BAUD_RATE_SET: - mov R0,#data_command - mov length_command,#0 - mov cmd_command,#CMD_SET_BAUD_RATE - setb i2c_write_command - ajmp end_i2c_interrupt - - -; -; -; -SIM_CLC_SET: - mov R0,#data_command - mov length_command,#0 - mov cmd_command,#CMD_SET_SIM_CLC - setb i2c_write_command - ajmp end_i2c_interrupt - -; -; -; -WRITEDATASIM: - mov length_send_to_simH,#0 - mov length_send_to_simL,#0 - setb bit_data_sim_wr - mov pointer_TXH,#HIGH(XRAM_TX_BUFF) - mov pointer_TXL,#LOW (XRAM_TX_BUFF) - ajmp end_i2c_interrupt - -; -; -; -; %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -main_start: - mov SP,#STACKKKKK -; - ;0-bidirect 1-push pull 0-input only 1-open drain - ;0 0 1 1 -; - mov P0M2,#01000000b ;0 - mov P0M1,#11111111b ;P1.6-Tx0 SIM; - ; - mov P1M2,#01011111b ;1 - mov P1M1,#10111000b ;P1.6-Tx1 DEBUG; P1.4,P1.3 - I2C; - - mov P3M2,#00000000b ;P3 - mov P3M1,#11111111b ; -; - mov TMOD, #22h - mov TH0, #0 ;14400hz - mov TH1, #0E9h ;UART0 10800 Bit/sec - mov TCON, #55h -; -; - mov TA,#0AAh - mov TA,#055h - orl SFRS,#00000001b - - mov P1S, #00010000b ;P1.4 trigger schmiddt - - mov TA,#0AAh - mov TA,#055h - anl SFRS,#11111110b -; -; -; - ;------- CONFIG I2C --------- - mov I2CON, #44h ;set AA, set I2C enable - setb pin_sda - setb pin_scl - mov I2ADDR,#0C0h -; -; -; -; -; - ;mov SCON, #050h ;UART0 8bit - mov SCON, #0D0h ;UART0 9bit - ;mov PCON, #11000000b;FE_0 enable - mov PCON, #10000000b;FE_0 disable -; - mov SCON_1,#050h ;UART1 - ;mov T3CON, #01101000b;FE_1 enable TIMER3 UART0 BAUD - ;mov T3CON, #00101000b;FE_1 disable TIMER3 UART0 BAUD - mov T3CON, #00001000b;FE_1 disable TIMER1 UART0 BAUD - ;mov RL3,#0E9h ;10800/21600 - ;mov RH3,#0FFh -; - ;UART1 - mov RL3,#0F7h ;27777/55556 - mov RH3,#0FFh -; -; -; - mov CKDIV,#2 ;Fsys=4.00MHZ - ;mov CKDIV,#1 ;Fsys=8.00MHZ -; - mov bit_32,#0 - mov bit_33,#0 - setb time_data_read.7 -; - ;orl CKCON,#00000010b ;ENABLE CLC TIMER1 Fsys/12 - orl CKCON,#00010010b ;ENABLE CLC TIMER1 Fsys -; - ;mov a,RCTRIM0 - ;add a,#31 - ;mov TA,#0AAh - ;mov TA,#055h - ;mov RCTRIM0,a -; -; - acall clr_buffer -; - mov EIE, #00000001b ;I2C Interrupt - ;mov IE, #10010000b ;EA, SERIAL0 - mov IE, #10010010b ;EA, SERIAL0, TIMER0 -; -; -; -; -; -main_loop: - acall control_ATR - acall control_send_to_sim - acall control_command - sjmp main_loop - -; -; -; -control_command: - jbc i2c_command_done,$+3+1 ;3 - ret ;1 -; -; - ;Control Length command=1 - mov a,length_command - cjne a,#1,next_commandEND ;error length_command != 1 -; -; - mov a,cmd_command - cjne a,#CMD_SET_BAUD_RATE,next_command001 - mov TH1,data_command ;Timer1 HIGH byte - ret -next_command001: -; - cjne a,#CMD_SET_SIM_CLC, next_command002 - mov CKDIV,data_command ;Fsys DIV - ret -next_command002: -; -next_commandEND: - ret - -; -; -; -control_send_to_sim: - jb i2c_write_done,$+3+1 ;3 - ret ;1 -; -; - jbc bit_wait_confirm,jmp_wait_confirm -; -; - mov DPTR,#XRAM_TX_BUFF -looop_send: - movx a,@DPTR - inc DPTR - acall for_coooooom0 - - clr c - mov a,length_send_to_simL - subb a,#1 - mov length_send_to_simL,a - mov a,length_send_to_simH - subb a,#0 - mov length_send_to_simH,a - orl a,length_send_to_simL - jnz looop_send -; -; - jnb bit_RX0,$ - clr i2c_write_done - ret - - -; -; -; -jmp_wait_confirm: - mov DPTR,#(XRAM_TX_BUFF+1) - movx a,@DPTR - mov R3,a - mov R4,#5 -; - mov DPTR,#XRAM_TX_BUFF -looop_seend: - movx a,@DPTR - inc DPTR - acall for_coooooom0 - djnz R4,jmp_not_5byte - - jnb bit_RX0,$ - clr bit_RX0 - ;18/12/2018 - mov time_confirm,#65 ;New timeout 50mS -looop_waitconf: - jb time_confirm.7,jmp_no_answer - jnb bit_RX0,looop_waitconf - - ;clr pin_scl ;TEST PULSE! - mov a,SBUF - xrl a,R3 - ;setb pin_scl ;TEST PULSE! - - jnz jmp_no_correct_answer ;18/12/2018 - - ;pause for next byte 17/12/2018 - mov R7,#0 - djnz R7,$ ;~260mkSec - djnz R7,$ ;~260mkSec - djnz R7,$ ;~260mkSec - -jmp_not_5byte: - - clr c - mov a,length_send_to_simL - subb a,#1 - mov length_send_to_simL,a - mov a,length_send_to_simH - subb a,#0 - mov length_send_to_simH,a - orl a,length_send_to_simL - jnz looop_seend -; -; - jnb bit_RX0,$ - clr bit_RX0 -jmp_no_answer: - clr i2c_write_done - ret - -; -; -;18/12/2018 -jmp_no_correct_answer: - clr EA - clr i2c_write_done - - mov DPL,pointer_RX1L - mov DPH,pointer_RX1H - mov a,SBUF - movx @DPTR,a - inc DPTR - mov pointer_RX1L,DPL - mov pointer_RX1H,DPH - - clr pin_scl - mov time_data_read,#52 ;52/1302Hz = 40mS - - inc length_answer_simL - mov a,length_answer_simL - jnz $+2+2 ;2 - inc length_answer_simH ;2 - - setb EA - ret - - - -; -; -; -control_ATR: - jbc bit_generate_ATR,$+3+1 ;3 - ret ;1 -; - clr pin_RST - ;acall clr_buffer - ; Add rezet pause 17/12/2018 - - mov R6,#200 -looop_pause50mS: - djnz R7,$ ;~260mkSec - djnz R6,looop_pause50mS - - ;Prepare to answer 11/03/2019 - acall clr_buffer - - mov length_answer_simH,#0 - mov length_answer_simL,#0 - mov pointer_RX1H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX1L,#LOW (XRAM_RX_BUFF) - mov pointer_RX2H,#HIGH(XRAM_RX_BUFF) - mov pointer_RX2L,#LOW (XRAM_RX_BUFF) - setb bit_first_ATR - setb pin_RST - ret - -; -; -; -for_coooooom0: - clr bit_RX0 - mov c,P - mov TB8,c ;9bit parity - mov SBUF,a - jnb bit_TX0,$ - clr bit_TX0 - mov R7,#100 - djnz R7,$ - ret - -; -; -; -clr_buffer: - mov DPTR,#0256 ;Receive SIM buffer - mov R7,#255 - clr a -looop_clr_bufff: - movx @DPTR,a - inc DPTR - djnz R7,looop_clr_bufff - ret - -; -; -; -;for_coooooom1: -; mov SBUF_1,a -; jnb TI_1,$ -; clr TI_1 -; ret -; -; -; -; - -end.