mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 13:53:55 -07:00
First fully functional version of 4x50 sim
This commit is contained in:
tharexde
parent
78d1e09595
commit
a931cea2f6
1 changed files with 24 additions and 19 deletions
|
|
@ -40,8 +40,10 @@
|
||||||
#define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75
|
#define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75
|
||||||
#define EM4X50_T_WAITING_FOR_DBLLIW 1550
|
#define EM4X50_T_WAITING_FOR_DBLLIW 1550
|
||||||
#define EM4X50_T_WAITING_FOR_ACK 4
|
#define EM4X50_T_WAITING_FOR_ACK 4
|
||||||
#define EM4X50_T_SIMULATION_TIMEOUT_READ 5000 // 400
|
|
||||||
#define EM4X50_T_SIMULATION_TIMEOUT_WAIT 5000 // 50
|
// timeout values for simulation mode (may vary with regard to reader)
|
||||||
|
#define EM4X50_T_SIMULATION_TIMEOUT_READ 600
|
||||||
|
#define EM4X50_T_SIMULATION_TIMEOUT_WAIT 50
|
||||||
|
|
||||||
// the following value seems to be critical; if it's too low (e.g. < 120)
|
// the following value seems to be critical; if it's too low (e.g. < 120)
|
||||||
// some cards are no longer readable although they're ok
|
// some cards are no longer readable although they're ok
|
||||||
|
|
@ -1118,18 +1120,19 @@ void em4x50_writepwd(em4x50_data_t *etd) {
|
||||||
// send bit in receive mode by counting carrier cycles
|
// send bit in receive mode by counting carrier cycles
|
||||||
static void em4x50_sim_send_bit(uint8_t bit) {
|
static void em4x50_sim_send_bit(uint8_t bit) {
|
||||||
|
|
||||||
uint16_t timeout = EM4X50_T_TAG_FULL_PERIOD;
|
//uint16_t timeout = EM4X50_T_TAG_FULL_PERIOD;
|
||||||
|
uint16_t timeout = 500;
|
||||||
|
|
||||||
for (int t = 0; t < EM4X50_T_TAG_FULL_PERIOD; t++) {
|
for (int t = 0; t < EM4X50_T_TAG_FULL_PERIOD; t++) {
|
||||||
|
|
||||||
// wait until SSC_CLK goes HIGH
|
// wait until SSC_CLK goes HIGH
|
||||||
// used as a simple detection of a reader field?
|
// used as a simple detection of a reader field?
|
||||||
while (!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) && (timeout--));
|
while ((timeout--) && !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
|
||||||
|
|
||||||
if (timeout == 0) {
|
if (timeout <= 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
timeout = EM4X50_T_TAG_FULL_PERIOD;
|
timeout = 500;
|
||||||
|
|
||||||
if (bit)
|
if (bit)
|
||||||
OPEN_COIL();
|
OPEN_COIL();
|
||||||
|
|
@ -1137,11 +1140,11 @@ static void em4x50_sim_send_bit(uint8_t bit) {
|
||||||
SHORT_COIL();
|
SHORT_COIL();
|
||||||
|
|
||||||
//wait until SSC_CLK goes LOW
|
//wait until SSC_CLK goes LOW
|
||||||
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--));
|
while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
|
||||||
if (timeout == 0) {
|
if (timeout <= 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
timeout = EM4X50_T_TAG_FULL_PERIOD;
|
timeout = 500;
|
||||||
|
|
||||||
if (t == EM4X50_T_TAG_HALF_PERIOD)
|
if (t == EM4X50_T_TAG_HALF_PERIOD)
|
||||||
bit ^= 1;
|
bit ^= 1;
|
||||||
|
|
@ -1202,13 +1205,13 @@ static void wait_cycles(int maxperiods) {
|
||||||
|
|
||||||
while (period < maxperiods) {
|
while (period < maxperiods) {
|
||||||
|
|
||||||
while (!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) && (timeout--));
|
while ((timeout--) && !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
|
||||||
if (timeout <= 0) {
|
if (timeout <= 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
timeout = EM4X50_T_SIMULATION_TIMEOUT_WAIT;
|
timeout = EM4X50_T_SIMULATION_TIMEOUT_WAIT;
|
||||||
|
|
||||||
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--));
|
while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
|
||||||
if (timeout <= 0) {
|
if (timeout <= 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -1238,7 +1241,7 @@ static int em4x50_sim_read_bit(void) {
|
||||||
if (AT91C_BASE_TC0->TC_CV > T0 * EM4X50_ZERO_DETECTION) {
|
if (AT91C_BASE_TC0->TC_CV > T0 * EM4X50_ZERO_DETECTION) {
|
||||||
|
|
||||||
// gap detected; wait until reader field is switched on again
|
// gap detected; wait until reader field is switched on again
|
||||||
while (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK && (timeout--));
|
while ((timeout--) && (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK));
|
||||||
|
|
||||||
if (timeout <= 0) {
|
if (timeout <= 0) {
|
||||||
return PM3_ETIMEOUT;
|
return PM3_ETIMEOUT;
|
||||||
|
|
@ -1253,7 +1256,6 @@ static int em4x50_sim_read_bit(void) {
|
||||||
// (cf. datasheet)
|
// (cf. datasheet)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// no gap detected, i.e. reader field is still up;
|
// no gap detected, i.e. reader field is still up;
|
||||||
|
|
@ -1433,7 +1435,7 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
|
||||||
int command = 0;
|
int command = 0;
|
||||||
|
|
||||||
// extract control data
|
// extract control data
|
||||||
int fwr = reflect32(tag[EM4X50_CONTROL]) & 0xFF; // first word read
|
int fwr = reflect32(tag[EM4X50_CONTROL]) & 0xFF; // first word read
|
||||||
int lwr = (reflect32(tag[EM4X50_CONTROL]) >> 8) & 0xFF; // last word read
|
int lwr = (reflect32(tag[EM4X50_CONTROL]) >> 8) & 0xFF; // last word read
|
||||||
// extract protection data:
|
// extract protection data:
|
||||||
// first word read protected
|
// first word read protected
|
||||||
|
|
@ -1441,7 +1443,6 @@ static int em4x50_sim_handle_standard_read_command(uint32_t *tag) {
|
||||||
// last word read protected
|
// last word read protected
|
||||||
int lwrp = (reflect32(tag[EM4X50_PROTECTION]) >> 8) & 0xFF;
|
int lwrp = (reflect32(tag[EM4X50_PROTECTION]) >> 8) & 0xFF;
|
||||||
|
|
||||||
// iceman, will need a usb cmd check to break as well
|
|
||||||
while ((BUTTON_PRESS() == false) && (data_available() == false)) {
|
while ((BUTTON_PRESS() == false) && (data_available() == false)) {
|
||||||
|
|
||||||
WDT_HIT();
|
WDT_HIT();
|
||||||
|
|
@ -1536,9 +1537,6 @@ static int em4x50_sim_handle_login_command(uint32_t *tag) {
|
||||||
// processing pause time (corresponds to a "1" bit)
|
// processing pause time (corresponds to a "1" bit)
|
||||||
em4x50_sim_send_bit(1);
|
em4x50_sim_send_bit(1);
|
||||||
|
|
||||||
// empirically determined delay (to be checked in detail)
|
|
||||||
wait_cycles(1);
|
|
||||||
|
|
||||||
if (pwd && (password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) {
|
if (pwd && (password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) {
|
||||||
em4x50_sim_send_ack();
|
em4x50_sim_send_ack();
|
||||||
gLogin = true;
|
gLogin = true;
|
||||||
|
|
@ -1766,6 +1764,7 @@ void em4x50_sim(uint32_t *password) {
|
||||||
// init
|
// init
|
||||||
em4x50_setup_sim();
|
em4x50_setup_sim();
|
||||||
gLogin = false;
|
gLogin = false;
|
||||||
|
gWritePasswordProcess = false;
|
||||||
|
|
||||||
// start with inital command = standard read mode
|
// start with inital command = standard read mode
|
||||||
command = EM4X50_COMMAND_STANDARD_READ;
|
command = EM4X50_COMMAND_STANDARD_READ;
|
||||||
|
|
@ -1809,6 +1808,12 @@ void em4x50_sim(uint32_t *password) {
|
||||||
LED_C_OFF();
|
LED_C_OFF();
|
||||||
command = em4x50_sim_handle_standard_read_command(tag);
|
command = em4x50_sim_handle_standard_read_command(tag);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
// bit errors during reading may lead to unknown commands
|
||||||
|
// -> continue with standard read mode
|
||||||
|
default:
|
||||||
|
command = EM4X50_COMMAND_STANDARD_READ;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// stop if key (pm3 button or enter key) has been pressed
|
// stop if key (pm3 button or enter key) has been pressed
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue