chg: 'hf sniff' - remake to mallc and report back size, also use NG

armsrc/hfsnoop.c

@@ -18,29 +18,21 @@
 #include "appmain.h"
 #include "cmd.h"
 
-static void RAMFUNC optimizedSniff(void) {
-    int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
-
-    uint16_t *dest = (uint16_t *)BigBuf_get_addr();
-    uint16_t *destend = dest + n - 1;
-
-    // Reading data loop
-    while (dest <= destend) {
+static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {
+    for (;dsize > 0; dsize -= sizeof(dsize)) {
         if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
             *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
             dest++;
         }
     }
-    //setting tracelen - important!  it was set by buffer overflow before
-    set_tracelen(BigBuf_max_traceLen());
+    Dbprintf("collected %u samples",  dsize);
 }
 
-void HfSniff(int samplesToSkip, int triggersToSkip) {
+int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) {
     BigBuf_free();
-    BigBuf_Clear();
+    BigBuf_Clear_ext(false); 
 
-    Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
-    int trigger_cnt = 0;
+    Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);
 
     LED_D_ON();
 
@@ -57,37 +49,63 @@ void HfSniff(int samplesToSkip, int triggersToSkip) {
     FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
     SpinDelay(100);
 
-    uint16_t r = 0;
-    while (!BUTTON_PRESS() && !data_available()) {
+    *len = (BigBuf_max_traceLen() & 0xFFFE);
+    uint8_t *mem = BigBuf_malloc(*len);
+
+    int trigger_cnt = 0;    
+    uint16_t r = 0, interval = 0;
+    
+    
+    bool pressed = false;
+    while (pressed == false) {
         WDT_HIT();
 
+        // cancel w usb command.
+        if (interval == 1000) {
+            if (data_available())
+                break;
+            interval = 0;
+        } else {
+            interval++;
+        }
+
+        // check if trigger is reached
         if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
             r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
-            r = MAX(r & 0xff, r >> 8);
-            if (r >= 180) {  // 0xB4 ??
+
+            r = MAX(r & 0xFF, r >> 8);
+
+            // 180 (0xB4) arbitary value to see if a strong RF field is near.
+            if (r > 180) {
                 if (++trigger_cnt > triggersToSkip)
                     break;
             }
         }
+
+        pressed = BUTTON_PRESS();
     }
 
-    if (!BUTTON_PRESS()) {
-        int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
+    if (pressed == false) {
+
+        // skip samples loop
+        int waitcount = samplesToSkip;
         while (waitcount != 0) {
 
             if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY))
                 waitcount--;
         }
-        optimizedSniff();
-        Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r);
+
+        optimizedSniff((uint16_t*)mem, (*len) >> 2);
+
+        Dbprintf("Trigger kicked in (%d >= 180)", r);
     }
 
     //Resetting Frame mode (First set in fpgaloader.c)
     AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
-
-    DbpString("HF Sniffing end");
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
     LED_D_OFF();
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+    BigBuf_free();
+    return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;
 }
 
 void HfPlotDownload(void) {

armsrc/hfsnoop.h

@@ -12,6 +12,8 @@
 #ifndef __HFSNOOP_H
 #define __HFSNOOP_H
 
-void HfSniff(int, int);
+#include "proxmark3_arm.h"
+
+int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len);
 void HfPlotDownload(void);
 #endif

client/src/cmdhf.c

@@ -241,15 +241,59 @@ int CmdHFTune(const char *Cmd) {
     return PM3_SUCCESS;
 }
 
+// Collects pars of u8,  
+// uses 16bit transfers from FPGA for speed
+// Takes all available bigbuff memory
+// data sample to download?   Not sure what we can do with the data.
 int CmdHFSniff(const char *Cmd) {
     char cmdp = tolower(param_getchar(Cmd, 0));
     if (cmdp == 'h') return usage_hf_sniff();
 
-    int skippairs =  param_get32ex(Cmd, 0, 0, 10);
-    int skiptriggers =  param_get32ex(Cmd, 1, 0, 10);
+    struct {
+        uint32_t samplesToSkip;
+        uint32_t triggersToSkip;
+    } PACKED params;
+
+    params.samplesToSkip = param_get32ex(Cmd, 0, 0, 10);
+    params.triggersToSkip = param_get32ex(Cmd, 1, 0, 10);
 
     clearCommandBuffer();
-    SendCommandMIX(CMD_HF_SNIFF, skippairs, skiptriggers, 0, NULL, 0);
+    SendCommandNG(CMD_HF_SNIFF, (uint8_t*)&params, sizeof(params));
+
+    for (;;) {
+
+        if (kbd_enter_pressed()) {
+            PrintAndLogEx(INFO, "User aborted");
+            break;
+        }
+
+        PacketResponseNG resp;
+        if (WaitForResponseTimeout(CMD_HF_SNIFF, &resp, 4000)) {
+
+            if (resp.status == PM3_EOPABORTED) {
+                break;
+            }
+            if (resp.status == PM3_SUCCESS) {
+
+                uint16_t len = resp.data.asDwords[0] & 0xFFFF;
+                PrintAndLogEx(INFO, "HF sniff len %u bytes", len);
+                PrintAndLogEx(HINT, "Use `" _YELLOW_("data plot") "` to view");
+                PrintAndLogEx(HINT, "Use `" _YELLOW_("data save") "` to save");
+                
+                // download bigbuf_malloced.. 
+                // it reservs mem from the higher range.  ie we can't start from beginning idx 0.                
+                // but from 
+                uint32_t start = pm3_capabilities.bigbuf_size - len;
+                int res = getSamplesEx(start, start + len, false);
+                if (res != PM3_SUCCESS) {
+                    PrintAndLogEx(WARNING, "failed to download samples to client");
+                    return res;
+                }
+                break;
+            }
+        }
+    }
+    PrintAndLogEx(INFO, "Done.");
     return PM3_SUCCESS;
 }