From 76215fffc6028a762624619f7726a795498e01a8 Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Tue, 29 Oct 2019 15:39:54 +0100 Subject: [PATCH 1/7] Refactor sniffing command. --- client/cmdhffelica.c | 100 ++++++++++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 34 deletions(-) diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index 2afb5f3aa..bcbda18e4 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -47,15 +47,18 @@ static int usage_hf_felica_sim(void) { */ static int usage_hf_felica_sniff(void) { - PrintAndLogEx(NORMAL, "It get data from the field and saves it into command buffer."); - PrintAndLogEx(NORMAL, "Buffer accessible from command 'hf list felica'"); - PrintAndLogEx(NORMAL, "Usage: hf felica sniff "); - PrintAndLogEx(NORMAL, " s samples to skip (decimal)"); - PrintAndLogEx(NORMAL, " t triggers to skip (decimal)"); + PrintAndLogEx(NORMAL, "\nInfo: It get data from the field and saves it into command buffer. "); + PrintAndLogEx(NORMAL, " Buffer accessible from command 'hf list felica'"); + PrintAndLogEx(NORMAL, "\nUsage: hf felica sniff [-h] [-s] [-t]"); + PrintAndLogEx(NORMAL, " -h this help"); + PrintAndLogEx(NORMAL, " -s samples to skip (decimal) max 9999"); + PrintAndLogEx(NORMAL, " -t triggers to skip (decimal) max 9999"); + PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf felica sniff s 1000"); + PrintAndLogEx(NORMAL, " hf felica sniff 10 10"); return PM3_SUCCESS; } + static int usage_hf_felica_simlite(void) { PrintAndLogEx(NORMAL, "\n Emulating ISO/18092 FeliCa Lite tag \n"); PrintAndLogEx(NORMAL, "Usage: hf felica litesim [h] u "); @@ -66,6 +69,7 @@ static int usage_hf_felica_simlite(void) { PrintAndLogEx(NORMAL, " hf felica litesim 11223344556677"); return PM3_SUCCESS; } + static int usage_hf_felica_dumplite(void) { PrintAndLogEx(NORMAL, "\n Dump ISO/18092 FeliCa Lite tag \n"); PrintAndLogEx(NORMAL, "press button to abort run, otherwise it will loop for 200sec."); @@ -76,6 +80,7 @@ static int usage_hf_felica_dumplite(void) { PrintAndLogEx(NORMAL, " hf felica litedump"); return PM3_SUCCESS; } + static int usage_hf_felica_raw(void) { PrintAndLogEx(NORMAL, "Usage: hf felica raw [-h] [-r] [-c] [-p] [-a] <0A 0B 0C ... hex>"); PrintAndLogEx(NORMAL, " -h this help"); @@ -221,8 +226,8 @@ static int usage_hf_felica_write_without_encryption() { PrintAndLogEx(NORMAL, "\nUsage: hf felica wrunencrypted [-h] <01 Number of Service hex> <0A0B Service Code List (Little Endian) hex> <01 Number of Block hex> <0A0B Block List Element hex> <0A0B0C0D0E0F... Data hex (16-Byte)>"); PrintAndLogEx(NORMAL, " -h this help"); PrintAndLogEx(NORMAL, " -i <0A0B0C ... hex> set custom IDm to use\n"); - PrintAndLogEx(NORMAL, " hf felica wrunencrypted 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10\n\n"); - + PrintAndLogEx(NORMAL, " hf felica wrunencrypted 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10"); + PrintAndLogEx(NORMAL, " hf felica wrunencrypted -i 11100910C11BC407 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10\n\n"); PrintAndLogEx(NORMAL, "\nExamples: "); PrintAndLogEx(NORMAL, " hf felica wrunencrypted "); return PM3_SUCCESS; @@ -466,7 +471,7 @@ static int CmdHFFelicaWriteWithoutEncryption(const char *Cmd) { switch (Cmd[i + 1]) { case 'H': case 'h': - return usage_hf_felica_request_response(); + return usage_hf_felica_write_without_encryption(); case 'i': paramCount++; custom_IDm = true; @@ -476,6 +481,8 @@ static int CmdHFFelicaWriteWithoutEncryption(const char *Cmd) { paramCount++; i += 16; break; + default: + return usage_hf_felica_write_without_encryption(); } } i++; @@ -535,7 +542,7 @@ static int CmdHFFelicaReadWithoutEncryption(const char *Cmd) { switch (Cmd[i + 1]) { case 'H': case 'h': - return usage_hf_felica_request_response(); + return usage_hf_felica_read_without_encryption(); case 'i': paramCount++; custom_IDm = true; @@ -553,6 +560,8 @@ static int CmdHFFelicaReadWithoutEncryption(const char *Cmd) { paramCount++; long_block_numbers = true; break; + default: + return usage_hf_felica_read_without_encryption(); } } i++; @@ -641,6 +650,8 @@ static int CmdHFFelicaRequestResponse(const char *Cmd) { paramCount++; i += 16; break; + default: + return usage_hf_felica_request_response(); } } i++; @@ -834,35 +845,56 @@ static int CmdHFFelicaSim(const char *Cmd) { */ static int CmdHFFelicaSniff(const char *Cmd) { - uint8_t cmdp = 0; + if (strlen(Cmd) < 2) return usage_hf_felica_sniff(); + uint8_t paramCount = 0; uint64_t samples2skip = 0; uint64_t triggers2skip = 0; - bool errors = false; - - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (param_getchar(Cmd, cmdp)) { - case 'h': - case 'H': - return usage_hf_felica_sniff(); - case 's': - case 'S': - samples2skip = param_get32ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - case 't': - case 'T': - triggers2skip = param_get32ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; + strip_cmds(Cmd); + int i = 0; + while (Cmd[i] != '\0') { + if (Cmd[i] == '-') { + switch (Cmd[i + 1]) { + case 'h': + case 'H': + return usage_hf_felica_sniff(); + case 's': + case 'S': + paramCount++; + if (param_getlength(Cmd, paramCount) < 5) { + samples2skip = param_get32ex(Cmd, paramCount++, 0, 10); + }else{ + PrintAndLogEx(ERR, "Invalid samples number!"); + return PM3_EINVARG; + } + break; + case 't': + case 'T': + paramCount++; + if (param_getlength(Cmd, paramCount) < 5) { + triggers2skip = param_get32ex(Cmd, paramCount++, 0, 10); + }else{ + PrintAndLogEx(ERR, "Invalid triggers number!"); + return PM3_EINVARG; + } + break; + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, paramCount)); + return usage_hf_felica_sniff(); + } + i += 2; } + i++; + } + if(samples2skip == 0){ + samples2skip = 10; + PrintAndLogEx(INFO, "Set default samples2skip: %i", samples2skip); + } + if(triggers2skip == 0){ + triggers2skip = 10; + PrintAndLogEx(INFO, "Set default triggers2skip: %i", triggers2skip); } - //Validations - if (errors || cmdp == 0) return usage_hf_felica_sniff(); + PrintAndLogEx(INFO, "Start Sniffing now. You can stop sniffing with clicking the PM3 Button"); clearCommandBuffer(); SendCommandMIX(CMD_HF_FELICA_SNIFF, samples2skip, triggers2skip, 0, NULL, 0); return PM3_SUCCESS; From 1a852e02c7b183ab53189ca4f4e957debf5f7a2b Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Wed, 30 Oct 2019 13:35:03 +0100 Subject: [PATCH 2/7] Fix sniffing command. Refactor hf list felica. --- armsrc/felica.c | 18 ++++++++++-------- client/cmdhflist.c | 7 +++++-- client/cmdhflist.h | 1 + client/cmdtrace.c | 28 ++++++++++++++++++++-------- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/armsrc/felica.c b/armsrc/felica.c index 7ec40efcf..2ad9b06ce 100644 --- a/armsrc/felica.c +++ b/armsrc/felica.c @@ -573,25 +573,26 @@ void felica_sendraw(PacketCommandNG *c) { } void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { - int remFrames = (samplesToSkip) ? samplesToSkip : 0; - Dbprintf("Sniff FelicaLiteS: Getting first %d frames, Skipping %d triggers.\n", samplesToSkip, triggersToSkip); - iso18092_setup(FPGA_HF_ISO18092_FLAG_NOMOD); - + LED_D_ON(); + BigBuf_free(); + BigBuf_Clear(); //the frame bits are slow enough. int n = BigBuf_max_traceLen() / sizeof(uint8_t); // take all memory int numbts = 0; uint8_t *dest = (uint8_t *)BigBuf_get_addr(); uint8_t *destend = dest + n - 2; - uint32_t endframe = GetCountSspClk(); - while (dest <= destend) { - WDT_HIT(); - if (BUTTON_PRESS()) break; + // Set up the synchronous serial port + FpgaSetupSsc(); + //FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP); + SpinDelay(100); + while (dest <= destend && !BUTTON_PRESS()) { + WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { uint8_t dist = (uint8_t)(AT91C_BASE_SSC->SSC_RHR); Process18092Byte(dist); @@ -636,6 +637,7 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen()); reply_old(CMD_ACK, 1, numbts, 0, 0, 0); + LED_D_OFF(); } #define R_POLL0_LEN 0x16 diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 737405787..71ae81926 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -97,6 +97,10 @@ uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n) { return check_crc(CRC_15693, d, n); } +uint8_t felica_CRC_check(uint8_t *d, uint8_t n) { + return check_crc(CRC_FELICA, d, n); +} + /** * @brief iclass_CRC_Ok Checks CRC in command or response * @param isResponse @@ -889,8 +893,7 @@ void annotateLegic(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { } void annotateFelica(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { - - switch (cmd[0]) { + switch (cmd[3]) { case FELICA_POLL_REQ: snprintf(exp, size, "POLLING"); break; diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 0dda4ea17..42ae6e83b 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -31,6 +31,7 @@ void ClearAuthData(void); uint8_t iso14443A_CRC_check(bool isResponse, uint8_t *d, uint8_t n); uint8_t iso14443B_CRC_check(uint8_t *d, uint8_t n); +uint8_t felica_CRC_check(uint8_t *d, uint8_t n); uint8_t mifare_CRC_check(bool isResponse, uint8_t *data, uint8_t len); uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n); uint8_t iclass_CRC_check(bool isResponse, uint8_t *d, uint8_t n); diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 63cfa388c..6958297b2 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -257,7 +257,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case ISO_14443B: case TOPAZ: case FELICA: - crcStatus = iso14443B_CRC_check(frame, data_len); + crcStatus = !felica_CRC_check(frame+2, data_len-4); break; case PROTO_MIFARE: crcStatus = mifare_CRC_check(isResponse, frame, data_len); @@ -349,6 +349,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr if (protocol == PROTO_MIFARE) annotateMifare(explanation, sizeof(explanation), frame, data_len, parityBytes, parity_len, isResponse); + if(protocol == FELICA) + annotateFelica(explanation, sizeof(explanation), frame, data_len); + if (!isResponse) { switch (protocol) { case ICLASS: @@ -408,7 +411,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr sprint_hex_inrow_spaces(mfData, mfDataLen, 2), (crcc == 0 ? "!crc" : (crcc == 1 ? " ok " : " ")), explanation); - }; + } if (is_last_record(tracepos, trace, traceLen)) return traceLen; @@ -423,19 +426,22 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr return tracepos; } - +/* static void printFelica(uint16_t traceLen, uint8_t *trace) { PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); - PrintAndLogEx(NORMAL, " Gap | Src | Data | CRC | Annotation |"); - PrintAndLogEx(NORMAL, "--------|-----|---------------------------------|----------|-------------------|"); + PrintAndLogEx(NORMAL, " Gap | Src | Data | CRC | Annotation |"); + PrintAndLogEx(NORMAL, "--------|-----|-------------------------------------------------------------------------|----------|-------------------|"); uint16_t tracepos = 0; + PrintAndLogEx(NORMAL, "traceLen: %i", traceLen); + PrintAndLogEx(NORMAL, "Raw trace: %s", sprint_hex(trace, traceLen)); while (tracepos < traceLen) { + PrintAndLogEx(NORMAL, "tracepos: %i", tracepos); + PrintAndLogEx(NORMAL, "traceLen: %i", traceLen); if (tracepos + 3 >= traceLen) break; - uint16_t gap = *((uint16_t *)(trace + tracepos)); uint8_t crc_ok = trace[tracepos + 2]; tracepos += 3; @@ -443,6 +449,7 @@ static void printFelica(uint16_t traceLen, uint8_t *trace) { if (tracepos + 3 >= traceLen) break; uint16_t len = trace[tracepos + 2]; + PrintAndLogEx(NORMAL, "LEN: %i", len); //I am stripping SYNC tracepos += 3; //skip SYNC @@ -611,7 +618,7 @@ static void printFelica(uint16_t traceLen, uint8_t *trace) { tracepos += len + 1; } PrintAndLogEx(NORMAL, ""); -} +}*/ // sanity check. Don't use proxmark if it is offline and you didn't specify useTraceBuffer /* @@ -819,9 +826,13 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = %lu bytes)", traceLen); PrintAndLogEx(INFO, ""); + + /* if (protocol == FELICA) { printFelica(traceLen, trace); - } else if (showHex) { + } */ + + if (showHex) { while (tracepos < traceLen) { tracepos = printHexLine(tracepos, traceLen, trace, protocol); } @@ -844,6 +855,7 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(NORMAL, "ISO7816-4 / Smartcard - Timings N/A yet"); if (protocol == PROTO_HITAG) PrintAndLogEx(NORMAL, "Hitag2 / HitagS - Timings in ETU (8us)"); + if (protocol == FELICA) PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, " Start | End | Src | Data (! denotes parity error) | CRC | Annotation"); From f3d79c22f2ac666a7bf2e2dc3a10f0dd23ba02bc Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Wed, 30 Oct 2019 13:42:52 +0100 Subject: [PATCH 3/7] Remove parity bit check for felica. --- client/cmdhffelica.c | 1 - client/cmdtrace.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index bcbda18e4..f667a9f8c 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -845,7 +845,6 @@ static int CmdHFFelicaSim(const char *Cmd) { */ static int CmdHFFelicaSniff(const char *Cmd) { - if (strlen(Cmd) < 2) return usage_hf_felica_sniff(); uint8_t paramCount = 0; uint64_t samples2skip = 0; uint64_t triggers2skip = 0; diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 6958297b2..941a8bc86 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -301,6 +301,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr && protocol != ISO_7816_4 && protocol != PROTO_HITAG && protocol != THINFILM + && protocol != FELICA && (isResponse || protocol == ISO_14443A) && (oddparity8(frame[j]) != ((parityBits >> (7 - (j & 0x0007))) & 0x01))) { From 9738834fafbd58814f2ad80e6b9134685457e0f8 Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Wed, 30 Oct 2019 13:43:23 +0100 Subject: [PATCH 4/7] Remove unused function. --- client/cmdhffelica.c | 67 -------------------------------------------- 1 file changed, 67 deletions(-) diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index f667a9f8c..4c492176e 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -777,73 +777,6 @@ static int CmdHFFelicaNotImplementedYet(const char *Cmd) { return PM3_SUCCESS; } -// simulate iso18092 / FeliCa tag -// Commented, there is no counterpart in ARM at the moment -/* -static int CmdHFFelicaSim(const char *Cmd) { - bool errors = false; - uint8_t flags = 0; - uint8_t tagtype = 1; - uint8_t cmdp = 0; - uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - int uidlen = 0; - bool verbose = false; - - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (param_getchar(Cmd, cmdp)) { - case 'h': - case 'H': - return usage_hf_felica_sim(); - case 't': - case 'T': - // Retrieve the tag type - tagtype = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (tagtype == 0) - errors = true; - cmdp += 2; - break; - case 'u': - case 'U': - // Retrieve the full 4,7,10 byte long uid - param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen); - if (!errors) { - PrintAndLogEx(NORMAL, "Emulating ISO18092/FeliCa tag with %d byte UID (%s)", uidlen >> 1, sprint_hex(uid, uidlen >> 1)); - } - cmdp += 2; - break; - case 'v': - case 'V': - verbose = true; - cmdp++; - break; - case 'e': - case 'E': - cmdp++; - break; - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; - } - } - - //Validations - if (errors || cmdp == 0) return usage_hf_felica_sim(); - - clearCommandBuffer(); - SendCommandOLD(CMD_HF_FELICA_SIMULATE, tagtype, flags, 0, uid, uidlen >> 1); - PacketResponseNG resp; - - if (verbose) - PrintAndLogEx(NORMAL, "Press pm3-button to abort simulation"); - - while (!kbd_enter_pressed()) { - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) continue; - } - return PM3_SUCCESS; -} -*/ - static int CmdHFFelicaSniff(const char *Cmd) { uint8_t paramCount = 0; uint64_t samples2skip = 0; From dadad1dacf5365f2942f8bb52afab715e607e701 Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Fri, 1 Nov 2019 15:06:48 +0100 Subject: [PATCH 5/7] Fix felica sniffing. --- CHANGELOG.md | 2 + armsrc/felica.c | 79 +++++++----------- client/cmdhffelica.c | 10 ++- client/cmdtrace.c | 194 +------------------------------------------ 4 files changed, 41 insertions(+), 244 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0ef300cb..89a04d651 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix hf list felica and hf felica sniff (@7homasSutter) + - Added hf felica wrunencrypted (@7homasSutter) - Added hf felica rdunencrypted (@7homasSutter) - Added hf felica rqresponse (@7homasSutter) - Added hf felica rqservice (@7homasSutter) diff --git a/armsrc/felica.c b/armsrc/felica.c index 2ad9b06ce..c9ebf9969 100644 --- a/armsrc/felica.c +++ b/armsrc/felica.c @@ -410,8 +410,6 @@ bool WaitForFelicaReply(uint16_t maxbytes) { // clear RXRDY: uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; uint32_t timeout = iso18092_get_timeout(); - if (DBGLEVEL >= DBG_DEBUG) - Dbprintf("timeout set: %i", timeout); for (;;) { WDT_HIT(); @@ -420,8 +418,8 @@ bool WaitForFelicaReply(uint16_t maxbytes) { Process18092Byte(b); if (FelicaFrame.state == STATE_FULL) { felica_nexttransfertime = MAX(felica_nexttransfertime, - (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME - ); + (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME); + LogTrace( FelicaFrame.framebytes, FelicaFrame.len, @@ -453,7 +451,7 @@ static void iso18092_setup(uint8_t fpga_minor_mode) { BigBuf_Clear_ext(false); // Initialize Demod and Uart structs - //DemodInit(BigBuf_malloc(MAX_FRAME_SIZE)); + // DemodInit(BigBuf_malloc(MAX_FRAME_SIZE)); FelicaFrameinit(BigBuf_malloc(FELICA_MAX_FRAME_SIZE)); felica_nexttransfertime = 2 * DELAY_ARM2AIR_AS_READER; @@ -574,66 +572,53 @@ void felica_sendraw(PacketCommandNG *c) { void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { int remFrames = (samplesToSkip) ? samplesToSkip : 0; - Dbprintf("Sniff FelicaLiteS: Getting first %d frames, Skipping %d triggers.\n", samplesToSkip, triggersToSkip); + Dbprintf("Sniff Felica: Getting first %d frames, Skipping after %d triggers.\n", samplesToSkip, triggersToSkip); + clear_trace(); + set_tracing(true); iso18092_setup(FPGA_HF_ISO18092_FLAG_NOMOD); LED_D_ON(); - BigBuf_free(); - BigBuf_Clear(); - //the frame bits are slow enough. - int n = BigBuf_max_traceLen() / sizeof(uint8_t); // take all memory - int numbts = 0; - uint8_t *dest = (uint8_t *)BigBuf_get_addr(); - uint8_t *destend = dest + n - 2; - uint32_t endframe = GetCountSspClk(); - - // Set up the synchronous serial port - FpgaSetupSsc(); - //FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP); - SpinDelay(100); - - while (dest <= destend && !BUTTON_PRESS()) { + uint16_t numbts = 0; + int trigger_cnt = 0; + uint32_t timeout = iso18092_get_timeout(); + bool isTagFrame = true; + while (!BUTTON_PRESS()) { WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { uint8_t dist = (uint8_t)(AT91C_BASE_SSC->SSC_RHR); Process18092Byte(dist); - - //to be sure we are in frame - if (FelicaFrame.state == STATE_GET_LENGTH) { - //length is after 48 (PRE)+16 (SYNC) - 64 ticks +maybe offset? not 100% - uint16_t distance = GetCountSspClk() - endframe - 64 + (FelicaFrame.byte_offset > 0 ? (8 - FelicaFrame.byte_offset) : 0); - *dest = distance >> 8; - dest++; - *dest = (distance & 0xff); - dest++; + if ((MAX(dist & 0xff, dist >> 8) >= 178) && (++trigger_cnt > triggersToSkip)) { + Dbprintf("triggersToSkip kicked %d", dist); + break; } - //crc NOT checked if (FelicaFrame.state == STATE_FULL) { - endframe = GetCountSspClk(); - // *dest = FelicaFrame.crc_ok; //kind of wasteful - dest++; - for (int i = 0; i < FelicaFrame.len; i++) { - *dest = FelicaFrame.framebytes[i]; - dest++; - if (dest >= destend) break; - - } - + //Dbprintf("Sniffing - Got Felica Frame! Sample remaining %i", remFrames); remFrames--; - if (remFrames <= 0) break; - if (dest >= destend) break; - + if (remFrames <= 0){ + Dbprintf("Stop Sniffing - samplesToSkip reached!"); + break; + } + if((FelicaFrame.framebytes[3] % 2) == 0){ + isTagFrame = false; // All Reader Frames are even and all Tag frames are odd + } else{ + isTagFrame = true; + } + LogTrace(FelicaFrame.framebytes, + FelicaFrame.len, + ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER - timeout, + ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER, + NULL, + isTagFrame + ); numbts += FelicaFrame.len; - FelicaFrameReset(); } } } - switch_off(); - //reset framing AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); set_tracelen(numbts); + set_tracelen(BigBuf_max_traceLen()); Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen()); reply_old(CMD_ACK, 1, numbts, 0, 0, 0); diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index 4c492176e..427ca07c1 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -55,7 +55,8 @@ static int usage_hf_felica_sniff(void) { PrintAndLogEx(NORMAL, " -t triggers to skip (decimal) max 9999"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf felica sniff 10 10"); + PrintAndLogEx(NORMAL, " hf felica sniff"); + PrintAndLogEx(NORMAL, " hf felica sniff -s 10 -t 10"); return PM3_SUCCESS; } @@ -817,16 +818,17 @@ static int CmdHFFelicaSniff(const char *Cmd) { } i++; } - if(samples2skip == 0){ + if(samples2skip <= 0){ samples2skip = 10; PrintAndLogEx(INFO, "Set default samples2skip: %i", samples2skip); } - if(triggers2skip == 0){ - triggers2skip = 10; + if(triggers2skip <= 0){ + triggers2skip = 5000; PrintAndLogEx(INFO, "Set default triggers2skip: %i", triggers2skip); } PrintAndLogEx(INFO, "Start Sniffing now. You can stop sniffing with clicking the PM3 Button"); + PrintAndLogEx(INFO, "During sniffing, other pm3 commands may not response."); clearCommandBuffer(); SendCommandMIX(CMD_HF_FELICA_SNIFF, samples2skip, triggers2skip, 0, NULL, 0); return PM3_SUCCESS; diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 941a8bc86..77aab71e5 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -427,199 +427,6 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr return tracepos; } -/* -static void printFelica(uint16_t traceLen, uint8_t *trace) { - - PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); - PrintAndLogEx(NORMAL, " Gap | Src | Data | CRC | Annotation |"); - PrintAndLogEx(NORMAL, "--------|-----|-------------------------------------------------------------------------|----------|-------------------|"); - uint16_t tracepos = 0; - - PrintAndLogEx(NORMAL, "traceLen: %i", traceLen); - PrintAndLogEx(NORMAL, "Raw trace: %s", sprint_hex(trace, traceLen)); - while (tracepos < traceLen) { - PrintAndLogEx(NORMAL, "tracepos: %i", tracepos); - PrintAndLogEx(NORMAL, "traceLen: %i", traceLen); - - if (tracepos + 3 >= traceLen) break; - - uint16_t gap = *((uint16_t *)(trace + tracepos)); - uint8_t crc_ok = trace[tracepos + 2]; - tracepos += 3; - - if (tracepos + 3 >= traceLen) break; - - uint16_t len = trace[tracepos + 2]; - PrintAndLogEx(NORMAL, "LEN: %i", len); - - //I am stripping SYNC - tracepos += 3; //skip SYNC - - if (tracepos + len + 1 >= traceLen) break; - - uint8_t cmd = trace[tracepos]; - uint8_t isResponse = cmd & 1; - - char line[32][110] = {{0}}; - for (int j = 0; j < len + 1 && j / 8 < 32; j++) { - snprintf(line[j / 8] + ((j % 8) * 4), 110, " %02x ", trace[tracepos + j]); - } - char expbuf[50]; - switch (cmd) { - case FELICA_POLL_REQ: - snprintf(expbuf, 49, "Poll Req"); - break; - case FELICA_POLL_ACK: - snprintf(expbuf, 49, "Poll Resp"); - break; - - case FELICA_REQSRV_REQ: - snprintf(expbuf, 49, "Request Srvc Req"); - break; - case FELICA_REQSRV_ACK: - snprintf(expbuf, 49, "Request Srv Resp"); - break; - - case FELICA_RDBLK_REQ: - snprintf(expbuf, 49, "Read block(s) Req"); - break; - case FELICA_RDBLK_ACK: - snprintf(expbuf, 49, "Read block(s) Resp"); - break; - - case FELICA_WRTBLK_REQ: - snprintf(expbuf, 49, "Write block(s) Req"); - break; - case FELICA_WRTBLK_ACK: - snprintf(expbuf, 49, "Write block(s) Resp"); - break; - case FELICA_SRCHSYSCODE_REQ: - snprintf(expbuf, 49, "Search syscode Req"); - break; - case FELICA_SRCHSYSCODE_ACK: - snprintf(expbuf, 49, "Search syscode Resp"); - break; - - case FELICA_REQSYSCODE_REQ: - snprintf(expbuf, 49, "Request syscode Req"); - break; - case FELICA_REQSYSCODE_ACK: - snprintf(expbuf, 49, "Request syscode Resp"); - break; - - case FELICA_AUTH1_REQ: - snprintf(expbuf, 49, "Auth1 Req"); - break; - case FELICA_AUTH1_ACK: - snprintf(expbuf, 49, "Auth1 Resp"); - break; - - case FELICA_AUTH2_REQ: - snprintf(expbuf, 49, "Auth2 Req"); - break; - case FELICA_AUTH2_ACK: - snprintf(expbuf, 49, "Auth2 Resp"); - break; - - case FELICA_RDSEC_REQ: - snprintf(expbuf, 49, "Secure read Req"); - break; - case FELICA_RDSEC_ACK: - snprintf(expbuf, 49, "Secure read Resp"); - break; - - case FELICA_WRTSEC_REQ: - snprintf(expbuf, 49, "Secure write Req"); - break; - case FELICA_WRTSEC_ACK: - snprintf(expbuf, 49, "Secure write Resp"); - break; - - case FELICA_REQSRV2_REQ: - snprintf(expbuf, 49, "Request Srvc v2 Req"); - break; - case FELICA_REQSRV2_ACK: - snprintf(expbuf, 49, "Request Srvc v2 Resp"); - break; - - case FELICA_GETSTATUS_REQ: - snprintf(expbuf, 49, "Get status Req"); - break; - case FELICA_GETSTATUS_ACK: - snprintf(expbuf, 49, "Get status Resp"); - break; - - case FELICA_OSVER_REQ: - snprintf(expbuf, 49, "Get OS Version Req"); - break; - case FELICA_OSVER_ACK: - snprintf(expbuf, 49, "Get OS Version Resp"); - break; - - case FELICA_RESET_MODE_REQ: - snprintf(expbuf, 49, "Reset mode Req"); - break; - case FELICA_RESET_MODE_ACK: - snprintf(expbuf, 49, "Reset mode Resp"); - break; - - case FELICA_AUTH1V2_REQ: - snprintf(expbuf, 49, "Auth1 v2 Req"); - break; - case FELICA_AUTH1V2_ACK: - snprintf(expbuf, 49, "Auth1 v2 Resp"); - break; - - case FELICA_AUTH2V2_REQ: - snprintf(expbuf, 49, "Auth2 v2 Req"); - break; - case FELICA_AUTH2V2_ACK: - snprintf(expbuf, 49, "Auth2 v2 Resp"); - break; - - case FELICA_RDSECV2_REQ: - snprintf(expbuf, 49, "Secure read v2 Req"); - break; - case FELICA_RDSECV2_ACK: - snprintf(expbuf, 49, "Secure read v2 Resp"); - break; - case FELICA_WRTSECV2_REQ: - snprintf(expbuf, 49, "Secure write v2 Req"); - break; - case FELICA_WRTSECV2_ACK: - snprintf(expbuf, 49, "Secure write v2 Resp"); - break; - - case FELICA_UPDATE_RNDID_REQ: - snprintf(expbuf, 49, "Update IDr Req"); - break; - case FELICA_UPDATE_RNDID_ACK: - snprintf(expbuf, 49, "Update IDr Resp"); - break; - default: - snprintf(expbuf, 49, "Unknown"); - break; - } - - int num_lines = MIN((len) / 16 + 1, 16); - for (int j = 0; j < num_lines ; j++) { - if (j == 0) { - PrintAndLogEx(NORMAL, "%7d | %s |%-32s |%02x %02x %s| %s", - gap, - (isResponse ? "Tag" : "Rdr"), - line[j], - trace[tracepos + len], - trace[tracepos + len + 1], - (crc_ok) ? "OK" : "NG", - expbuf); - } else { - PrintAndLogEx(NORMAL, " | |%-32s | | ", line[j]); - } - } - tracepos += len + 1; - } - PrintAndLogEx(NORMAL, ""); -}*/ // sanity check. Don't use proxmark if it is offline and you didn't specify useTraceBuffer /* @@ -857,6 +664,7 @@ int CmdTraceList(const char *Cmd) { if (protocol == PROTO_HITAG) PrintAndLogEx(NORMAL, "Hitag2 / HitagS - Timings in ETU (8us)"); if (protocol == FELICA) + PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, " Start | End | Src | Data (! denotes parity error) | CRC | Annotation"); From 42fd13985f6f862fca2f452f49055eaf3c06070f Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Fri, 1 Nov 2019 15:19:09 +0100 Subject: [PATCH 6/7] Make style. --- armsrc/felica.c | 10 +++++----- client/cmdhffelica.c | 8 ++++---- client/cmdlffdx.c | 4 ++-- client/cmdtrace.c | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/armsrc/felica.c b/armsrc/felica.c index c9ebf9969..06bc53e99 100644 --- a/armsrc/felica.c +++ b/armsrc/felica.c @@ -418,7 +418,7 @@ bool WaitForFelicaReply(uint16_t maxbytes) { Process18092Byte(b); if (FelicaFrame.state == STATE_FULL) { felica_nexttransfertime = MAX(felica_nexttransfertime, - (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME); + (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME); LogTrace( FelicaFrame.framebytes, @@ -593,13 +593,13 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { if (FelicaFrame.state == STATE_FULL) { //Dbprintf("Sniffing - Got Felica Frame! Sample remaining %i", remFrames); remFrames--; - if (remFrames <= 0){ + if (remFrames <= 0) { Dbprintf("Stop Sniffing - samplesToSkip reached!"); break; } - if((FelicaFrame.framebytes[3] % 2) == 0){ + if ((FelicaFrame.framebytes[3] % 2) == 0) { isTagFrame = false; // All Reader Frames are even and all Tag frames are odd - } else{ + } else { isTagFrame = true; } LogTrace(FelicaFrame.framebytes, @@ -608,7 +608,7 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER, NULL, isTagFrame - ); + ); numbts += FelicaFrame.len; FelicaFrameReset(); } diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index 427ca07c1..03bd390c2 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -795,7 +795,7 @@ static int CmdHFFelicaSniff(const char *Cmd) { paramCount++; if (param_getlength(Cmd, paramCount) < 5) { samples2skip = param_get32ex(Cmd, paramCount++, 0, 10); - }else{ + } else { PrintAndLogEx(ERR, "Invalid samples number!"); return PM3_EINVARG; } @@ -805,7 +805,7 @@ static int CmdHFFelicaSniff(const char *Cmd) { paramCount++; if (param_getlength(Cmd, paramCount) < 5) { triggers2skip = param_get32ex(Cmd, paramCount++, 0, 10); - }else{ + } else { PrintAndLogEx(ERR, "Invalid triggers number!"); return PM3_EINVARG; } @@ -818,11 +818,11 @@ static int CmdHFFelicaSniff(const char *Cmd) { } i++; } - if(samples2skip <= 0){ + if (samples2skip <= 0) { samples2skip = 10; PrintAndLogEx(INFO, "Set default samples2skip: %i", samples2skip); } - if(triggers2skip <= 0){ + if (triggers2skip <= 0) { triggers2skip = 5000; PrintAndLogEx(INFO, "Set default triggers2skip: %i", triggers2skip); } diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index 17dbd2fd0..06e45f515 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -243,7 +243,7 @@ static int CmdFdxDemod(const char *Cmd) { uint8_t c[] = {0, 0}; compute_crc(CRC_11784, raw, sizeof(raw), &c[0], &c[1]); - PrintAndLogEx(SUCCESS, "CRC-16 0x%04X [ %s] ", crc, (crc == (c[1] << 8 | c[0]) ) ? _GREEN_("OK") : _RED_("Fail")); + PrintAndLogEx(SUCCESS, "CRC-16 0x%04X [ %s] ", crc, (crc == (c[1] << 8 | c[0])) ? _GREEN_("OK") : _RED_("Fail")); if (g_debugMode) { PrintAndLogEx(DEBUG, "Start marker %d; Size %zu", preambleIndex, size); @@ -313,7 +313,7 @@ static int CmdFdxSim(const char *Cmd) { countryid = param_get32ex(Cmd, 0, 0, 10); animalid = param_get64ex(Cmd, 1, 0, 10); - extended = param_get32ex(Cmd, 2, 0 , 10); + extended = param_get32ex(Cmd, 2, 0, 10); verify_values(&animalid, &countryid); diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 77aab71e5..67f15be59 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -257,7 +257,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case ISO_14443B: case TOPAZ: case FELICA: - crcStatus = !felica_CRC_check(frame+2, data_len-4); + crcStatus = !felica_CRC_check(frame + 2, data_len - 4); break; case PROTO_MIFARE: crcStatus = mifare_CRC_check(isResponse, frame, data_len); @@ -350,7 +350,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr if (protocol == PROTO_MIFARE) annotateMifare(explanation, sizeof(explanation), frame, data_len, parityBytes, parity_len, isResponse); - if(protocol == FELICA) + if (protocol == FELICA) annotateFelica(explanation, sizeof(explanation), frame, data_len); if (!isResponse) { From b4c1333ac34924dd41bfcbf38041a03d81cc2f25 Mon Sep 17 00:00:00 2001 From: Thomas Sutter Date: Fri, 1 Nov 2019 15:37:53 +0100 Subject: [PATCH 7/7] Remove unused comments. Change boolean for src. --- armsrc/felica.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/armsrc/felica.c b/armsrc/felica.c index 06bc53e99..1a3b6f6ac 100644 --- a/armsrc/felica.c +++ b/armsrc/felica.c @@ -580,7 +580,7 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { uint16_t numbts = 0; int trigger_cnt = 0; uint32_t timeout = iso18092_get_timeout(); - bool isTagFrame = true; + bool isReaderFrame = true; while (!BUTTON_PRESS()) { WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { @@ -591,23 +591,22 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { break; } if (FelicaFrame.state == STATE_FULL) { - //Dbprintf("Sniffing - Got Felica Frame! Sample remaining %i", remFrames); + if ((FelicaFrame.framebytes[3] % 2) == 0) { + isReaderFrame = true; // All Reader Frames are even and all Tag frames are odd + } else { + isReaderFrame = false; + } remFrames--; if (remFrames <= 0) { Dbprintf("Stop Sniffing - samplesToSkip reached!"); break; } - if ((FelicaFrame.framebytes[3] % 2) == 0) { - isTagFrame = false; // All Reader Frames are even and all Tag frames are odd - } else { - isTagFrame = true; - } LogTrace(FelicaFrame.framebytes, FelicaFrame.len, ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER - timeout, ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER, NULL, - isTagFrame + isReaderFrame ); numbts += FelicaFrame.len; FelicaFrameReset();