github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

add: sc upgrade - beta test

Browse source
This commit is contained in:
Chris 2018-07-05 14:38:31 +02:00
commit ee006c6a7b
5 changed files with 141 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

66
armsrc/appmain.c
View file

@ -1029,7 +1029,7 @@ void UsbPacketReceived(uint8_t *packet, int len) {
I2C_Reset_EnterMainProgram(); I2C_Reset_EnterMainProgram();
// sample: // sample:
// [C0 02] A0 A4 00 00 02 // [C0 02 C1] A0 A4 00 00 02
// asBytes = A0 A4 00 00 02 // asBytes = A0 A4 00 00 02
// arg0 = len 5 // arg0 = len 5
I2C_BufferWrite(c->d.asBytes, c->arg[0], I2C_DEVICE_CMD_SEND, I2C_DEVICE_ADDRESS_MAIN); I2C_BufferWrite(c->d.asBytes, c->arg[0], I2C_DEVICE_CMD_SEND, I2C_DEVICE_ADDRESS_MAIN);
@ -1041,28 +1041,72 @@ void UsbPacketReceived(uint8_t *packet, int len) {
cmd_send(CMD_ACK, len, 0, 0, resp, len); cmd_send(CMD_ACK, len, 0, 0, resp, len);
break; break;
} }
case CMD_SMART_UPLOAD: {
// upload file from client
uint8_t *mem = BigBuf_get_addr();
memcpy( mem + c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,1,0,0,0,0);
break;
}
case CMD_SMART_UPGRADE: { case CMD_SMART_UPGRADE: {
#define I2C_BLOCK_SIZE 128
// write. Sector0, with 11,22,33,44
// erase is 128bytes.
StartTicks();
I2C_init(); I2C_init();
I2C_Reset_EnterBootloader(); I2C_Reset_EnterBootloader();
uint16_t length = 640; bool isOK = true;
uint8_t res = 0;
uint16_t length = c->arg[0];
uint16_t pos = 0; uint16_t pos = 0;
uint8_t resp[64] = {0}; uint8_t *fwdata = BigBuf_get_addr();
uint8_t *verfiydata = BigBuf_malloc(I2C_BLOCK_SIZE);
while (length) { while (length) {
uint8_t msb = (pos >> 8) & 0xFF; uint8_t msb = (pos >> 8) & 0xFF;
uint8_t lsb = pos & 0xFF; uint8_t lsb = pos & 0xFF;
Dbprintf("FW %02X %02X", msb, lsb);
bool isok = I2C_ReadFW(resp, msb, lsb, I2C_DEVICE_ADDRESS_BOOT);
if (isok)
Dbhexdump(sizeof(resp), resp, false);
length -= 64; Dbprintf("FW %02X %02X", msb, lsb);
pos += 64;
size_t size = MIN(I2C_BLOCK_SIZE, length);
// write
res = I2C_WriteFW(fwdata+pos, size, msb, lsb, I2C_DEVICE_ADDRESS_BOOT);
if ( !res ) {
Dbprintf("Writing failed");
isOK = false;
break;
}
// writing takes time.
WaitMS(50);
// read
res = I2C_ReadFW(verfiydata, size, msb, lsb, I2C_DEVICE_ADDRESS_BOOT);
if ( res == 0) {
Dbprintf("Reading back failed");
isOK = false;
break;
}
// cmp
if ( 0 != memcmp(fwdata+pos, verfiydata, size)) {
Dbprintf("not equal data");
isOK = false;
break;
}
length -= size;
pos += size;
} }
cmd_send(CMD_ACK, len, 0, 0, resp, sizeof(resp));
break; cmd_send(CMD_ACK, isOK, pos, 0, 0, 0);
StopTicks();
break;
} }
#endif #endif

82
client/cmdsmartcard.c
View file

@ -81,43 +81,10 @@ int CmdSmartRaw(const char *Cmd) {
} }
int CmdSmartUpgrade(const char *Cmd) { int CmdSmartUpgrade(const char *Cmd) {
uint8_t cmdp = 0;
bool errors = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_sm_upgrade();
default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
//Validations
if (errors) return usage_sm_upgrade();
UsbCommand c = {CMD_SMART_UPGRADE, {0, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
// reading response from smart card
UsbCommand resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
PrintAndLogEx(WARNING, "smart card response failed");
return 1;
}
//PrintAndLogEx(SUCCESS,"resp: %s", sprint_hex(resp.d.asBytes, resp.arg[0]));
return 0;;
}
/*
int CmdSmartUpgrade(const char *Cmd){
FILE *f; FILE *f;
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
uint8_t cmdp = 0; uint8_t cmdp = 0;
bool errors = false; bool errors = false;
uint32_t start_index = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -159,13 +126,7 @@ int CmdSmartUpgrade(const char *Cmd){
fclose(f); fclose(f);
return 1; return 1;
} }
if (fsize > FLASH_MEM_MAX_SIZE) {
PrintAndLogDevice(WARNING, "error, filesize is larger than available memory");
fclose(f);
return 1;
}
uint8_t *dump = calloc(fsize, sizeof(uint8_t)); uint8_t *dump = calloc(fsize, sizeof(uint8_t));
if (!dump) { if (!dump) {
PrintAndLogDevice(WARNING, "error, cannot allocate memory "); PrintAndLogDevice(WARNING, "error, cannot allocate memory ");
@ -177,40 +138,47 @@ int CmdSmartUpgrade(const char *Cmd){
if (f) if (f)
fclose(f); fclose(f);
PrintAndLogEx(SUCCESS, "Smartcard socket firmware uploading to PM3");
//Send to device //Send to device
uint32_t index = 0;
uint32_t bytes_sent = 0; uint32_t bytes_sent = 0;
uint32_t bytes_remaining = bytes_read; uint32_t bytes_remaining = bytes_read;
while (bytes_remaining > 0){ while (bytes_remaining > 0){
uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); uint32_t bytes_in_packet = MIN(USB_CMD_DATA_SIZE, bytes_remaining);
UsbCommand c = {CMD_SMART_UPLOAD, {index + bytes_sent, bytes_in_packet, 0}};
UsbCommand c = {CMD_SMART_UPGRADE, {start_index + bytes_sent, bytes_in_packet, 0}};
// Fill usb bytes with 0xFF
memset(c.d.asBytes, 0xFF, USB_CMD_DATA_SIZE);
memcpy(c.d.asBytes, dump + bytes_sent, bytes_in_packet); memcpy(c.d.asBytes, dump + bytes_sent, bytes_in_packet);
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000) ) {
bytes_remaining -= bytes_in_packet;
bytes_sent += bytes_in_packet;
UsbCommand resp;
if ( !WaitForResponseTimeout(CMD_ACK, &resp, 2000) ) {
PrintAndLogEx(WARNING, "timeout while waiting for reply."); PrintAndLogEx(WARNING, "timeout while waiting for reply.");
free(dump); free(dump);
return 1; return 1;
} }
uint8_t isok = resp.arg[0] & 0xFF; bytes_remaining -= bytes_in_packet;
if (!isok) bytes_sent += bytes_in_packet;
PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent); printf("."); fflush(stdout);
} }
free(dump); free(dump);
printf("\n");
PrintAndLogEx(SUCCESS, "Smartcard socket firmware updating, don\'t turn off your PM3!");
PrintAndLogEx(SUCCESS, "Wrote %u bytes to offset %u", bytes_read, start_index); // trigger the firmware upgrade
UsbCommand c = {CMD_SMART_UPGRADE, {bytes_read, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return 1;
}
PrintAndLogEx(SUCCESS, "Smartcard socket firmware updated successful");
return 0; return 0;
} }
*/
int CmdSmartInfo(const char *Cmd){ int CmdSmartInfo(const char *Cmd){
// char filename[FILE_PATH_SIZE] = {0}; // char filename[FILE_PATH_SIZE] = {0};

71
common/i2c.c
View file

@ -22,7 +22,9 @@
#define SCL_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SCL) #define SCL_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SCL)
#define SDA_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SDA) #define SDA_read (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SDA)
#define I2C_ERROR "I2C_WaitAck Error"
volatile unsigned long c; volatile unsigned long c;
// 直接使用循环来延时,一个循环 6 条指令48M Delay=1 大概为 200kbps // 直接使用循环来延时,一个循环 6 条指令48M Delay=1 大概为 200kbps
@ -251,7 +253,7 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) {
if (bBreak) { if (bBreak) {
I2C_Stop(); I2C_Stop();
DbpString("I2C_WaitAck Error"); if ( MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR);
return false; return false;
} }
@ -276,13 +278,12 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
break; break;
I2C_SendByte(device_cmd); I2C_SendByte(device_cmd);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
while (len) { while (len) {
I2C_SendByte(*data); I2C_SendByte(*data);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
@ -294,13 +295,11 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
bBreak = false; bBreak = false;
} while (false); } while (false);
I2C_Stop();
if (bBreak) { if (bBreak) {
I2C_Stop(); if ( MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR);
DbpString("I2C_WaitAck Error");
return false; return false;
} }
I2C_Stop();
return true; return true;
} }
@ -337,7 +336,7 @@ uint8_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
if (bBreak) { if (bBreak) {
I2C_Stop(); I2C_Stop();
DbpString("I2C_WaitAck Error"); if ( MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR);
return 0; return 0;
} }
@ -363,7 +362,7 @@ uint8_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
return readcount; return readcount;
} }
uint8_t I2C_ReadFW(uint8_t *data, uint8_t msb, uint8_t lsb, uint8_t device_address) { uint8_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address) {
//START, 0xB0, 0x00, 0x00, START, 0xB1, xx, yy, zz, ......, STOP //START, 0xB0, 0x00, 0x00, START, 0xB1, xx, yy, zz, ......, STOP
bool bBreak = true; bool bBreak = true;
@ -400,12 +399,11 @@ uint8_t I2C_ReadFW(uint8_t *data, uint8_t msb, uint8_t lsb, uint8_t device_addre
if (bBreak) { if (bBreak) {
I2C_Stop(); I2C_Stop();
DbpString("I2C_WaitAck Error"); if ( MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR);
return 0; return 0;
} }
// reading // reading
uint8_t len = 64;
while (len) { while (len) {
len--; len--;
*data = I2C_ReadByte(); *data = I2C_ReadByte();
@ -423,11 +421,58 @@ uint8_t I2C_ReadFW(uint8_t *data, uint8_t msb, uint8_t lsb, uint8_t device_addre
return readcount; return readcount;
} }
bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address) {
//START, 0xB0, 0x00, 0x00, xx, yy, zz, ......, STOP
bool bBreak = true;
do {
if (!I2C_Start())
return false;
// 0xB0
I2C_SendByte(device_address & 0xFE);
if (!I2C_WaitAck())
break;
// msb
I2C_SendByte(msb);
if (!I2C_WaitAck())
break;
// lsb
I2C_SendByte(lsb);
if (!I2C_WaitAck())
break;
while (len) {
I2C_SendByte(*data);
if (!I2C_WaitAck())
break;
len--;
data++;
}
if (len == 0)
bBreak = false;
} while (false);
I2C_Stop();
if (bBreak) {
if ( MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR);
return false;
}
return true;
}
void I2C_print_status(void) { void I2C_print_status(void) {
I2C_init(); I2C_init();
I2C_Reset_EnterMainProgram(); I2C_Reset_EnterMainProgram();
uint8_t resp[4] = {0}; uint8_t resp[4] = {0};
uint8_t len = I2C_BufferRead(resp, 4, I2C_DEVICE_CMD_GETVERSION, I2C_DEVICE_ADDRESS_MAIN); uint8_t len = I2C_BufferRead(resp, 4, I2C_DEVICE_CMD_GETVERSION, I2C_DEVICE_ADDRESS_MAIN);
DbpString("Smart card module (ISO 7816)"); DbpString("Smart card module (ISO 7816)");
Dbprintf(" FW version................v%x.%02x (len %d", resp[1], resp[2], len); if ( len )
Dbprintf(" FW version................v%x.%02x", resp[1], resp[2]);
else
DbpString(" FW version................FAILED");
} }

3
common/i2c.h
View file

@ -30,7 +30,8 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
uint8_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); uint8_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address);
// for firmware // for firmware
uint8_t I2C_ReadFW(uint8_t *data, uint8_t msb, uint8_t lsb, uint8_t device_address); uint8_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address);
bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address);
void I2C_print_status(void); void I2C_print_status(void);
#endif #endif

1
include/usb_cmd.h
View file

@ -78,6 +78,7 @@ typedef struct{
// RDV40, Smart card operations // RDV40, Smart card operations
#define CMD_SMART_SEND 0x0140 #define CMD_SMART_SEND 0x0140
#define CMD_SMART_UPGRADE 0x0141 #define CMD_SMART_UPGRADE 0x0141
#define CMD_SMART_UPLOAD 0x0142
// For low-frequency tags // For low-frequency tags
#define CMD_READ_TI_TYPE 0x0202 #define CMD_READ_TI_TYPE 0x0202