github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

First fully functional version of 4x50 sim

Browse source
This commit is contained in:
tharexde 2021-01-19 00:20:03 +01:00
commit a931cea2f6
1 changed files with 24 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

39
armsrc/em4x50.c
View file

@ -40,8 +40,10 @@
#define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75 #define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75
#define EM4X50_T_WAITING_FOR_DBLLIW 1550 #define EM4X50_T_WAITING_FOR_DBLLIW 1550
#define EM4X50_T_WAITING_FOR_ACK 4 #define EM4X50_T_WAITING_FOR_ACK 4
#define EM4X50_T_SIMULATION_TIMEOUT_READ 5000 // 400
#define EM4X50_T_SIMULATION_TIMEOUT_WAIT 5000 // 50 // timeout values for simulation mode (may vary with regard to reader)
#define EM4X50_T_SIMULATION_TIMEOUT_READ 600
#define EM4X50_T_SIMULATION_TIMEOUT_WAIT 50
// the following value seems to be critical; if it's too low (e.g. < 120) // the following value seems to be critical; if it's too low (e.g. < 120)
// some cards are no longer readable although they're ok // some cards are no longer readable although they're ok
@ -1118,18 +1120,19 @@ void em4x50_writepwd(em4x50_data_t *etd) {
// send bit in receive mode by counting carrier cycles // send bit in receive mode by counting carrier cycles
static void em4x50_sim_send_bit(uint8_t bit) { static void em4x50_sim_send_bit(uint8_t bit) {
uint16_t timeout = EM4X50_T_TAG_FULL_PERIOD; //uint16_t timeout = EM4X50_T_TAG_FULL_PERIOD;
uint16_t timeout = 500;
for (int t = 0; t < EM4X50_T_TAG_FULL_PERIOD; t++) { for (int t = 0; t < EM4X50_T_TAG_FULL_PERIOD; t++) {
// wait until SSC_CLK goes HIGH // wait until SSC_CLK goes HIGH
// used as a simple detection of a reader field? // used as a simple detection of a reader field?
while (!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) && (timeout--)); while ((timeout--) && !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
if (timeout == 0) { if (timeout <= 0) {
return; return;
} }
timeout = EM4X50_T_TAG_FULL_PERIOD; timeout = 500;
if (bit) if (bit)
OPEN_COIL(); OPEN_COIL();
@ -1137,11 +1140,11 @@ static void em4x50_sim_send_bit(uint8_t bit) {
SHORT_COIL(); SHORT_COIL();
//wait until SSC_CLK goes LOW //wait until SSC_CLK goes LOW
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--)); while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
if (timeout == 0) { if (timeout <= 0) {
return; return;
} }
timeout = EM4X50_T_TAG_FULL_PERIOD; timeout = 500;
if (t == EM4X50_T_TAG_HALF_PERIOD) if (t == EM4X50_T_TAG_HALF_PERIOD)
bit ^= 1; bit ^= 1;
@ -1202,13 +1205,13 @@ static void wait_cycles(int maxperiods) {
while (period < maxperiods) { while (period < maxperiods) {
while (!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) && (timeout--)); while ((timeout--) && !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
if (timeout <= 0) { if (timeout <= 0) {
return; return;
} }
timeout = EM4X50_T_SIMULATION_TIMEOUT_WAIT; timeout = EM4X50_T_SIMULATION_TIMEOUT_WAIT;
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--)); while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
if (timeout <= 0) { if (timeout <= 0) {
return; return;
} }
@ -1238,7 +1241,7 @@ static int em4x50_sim_read_bit(void) {
if (AT91C_BASE_TC0->TC_CV > T0 * EM4X50_ZERO_DETECTION) { if (AT91C_BASE_TC0->TC_CV > T0 * EM4X50_ZERO_DETECTION) {
// gap detected; wait until reader field is switched on again // gap detected; wait until reader field is switched on again
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--)); while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
if (timeout <= 0) { if (timeout <= 0) {
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
@ -1253,7 +1256,6 @@ static int em4x50_sim_read_bit(void) {
// (cf. datasheet) // (cf. datasheet)
return 0; return 0;
} }
} }
// no gap detected, i.e. reader field is still up; // no gap detected, i.e. reader field is still up;
@ -1441,7 +1443,6 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
// last word read protected // last word read protected
int lwrp = (reflect32(tag[EM4X50_PROTECTION]) >> 8) & 0xFF; int lwrp = (reflect32(tag[EM4X50_PROTECTION]) >> 8) & 0xFF;
// iceman, will need a usb cmd check to break as well
while ((BUTTON_PRESS() == false) && (data_available() == false)) { while ((BUTTON_PRESS() == false) && (data_available() == false)) {
WDT_HIT(); WDT_HIT();
@ -1536,9 +1537,6 @@ static int em4x50_sim_handle_login_command(uint32_t *tag) {
// processing pause time (corresponds to a "1" bit) // processing pause time (corresponds to a "1" bit)
em4x50_sim_send_bit(1); em4x50_sim_send_bit(1);
// empirically determined delay (to be checked in detail)
wait_cycles(1);
if (pwd && (password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) { if (pwd && (password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) {
em4x50_sim_send_ack(); em4x50_sim_send_ack();
gLogin = true; gLogin = true;
@ -1766,6 +1764,7 @@ void em4x50_sim(uint32_t *password) {
// init // init
em4x50_setup_sim(); em4x50_setup_sim();
gLogin = false; gLogin = false;
gWritePasswordProcess = false;
// start with inital command = standard read mode // start with inital command = standard read mode
command = EM4X50_COMMAND_STANDARD_READ; command = EM4X50_COMMAND_STANDARD_READ;
@ -1809,6 +1808,12 @@ void em4x50_sim(uint32_t *password) {
LED_C_OFF(); LED_C_OFF();
command = em4x50_sim_handle_standard_read_command(tag); command = em4x50_sim_handle_standard_read_command(tag);
break; break;
// bit errors during reading may lead to unknown commands
// -> continue with standard read mode
default:
command = EM4X50_COMMAND_STANDARD_READ;
break;
} }
// stop if key (pm3 button or enter key) has been pressed // stop if key (pm3 button or enter key) has been pressed