mirror of
https://github.com/Proxmark/proxmark3.git
synced 2025-07-11 15:56:09 -07:00
The great work of Enio hf snoop is now ported into latest version in git
you can find original work here https://github.com/EnioArda/proxmark3
This commit is contained in:
parent
be6250d31b
commit
0472d76de4
12 changed files with 198 additions and 16 deletions
|
@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
|
|||
|
||||
#remove one of the following defines and comment out the relevant line
|
||||
#in the next section to remove that particular feature from compilation
|
||||
APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE \
|
||||
APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE -DWITH_HFSNOOP \
|
||||
-fno-strict-aliasing -ffunction-sections -fdata-sections
|
||||
#-DWITH_LCD
|
||||
|
||||
|
@ -60,7 +60,8 @@ ARMSRC = fpgaloader.c \
|
|||
legic_prng.c \
|
||||
iclass.c \
|
||||
BigBuf.c \
|
||||
optimized_cipher.c
|
||||
optimized_cipher.c \
|
||||
hfsnoop.c
|
||||
|
||||
# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
|
||||
include ../common/Makefile.common
|
||||
|
|
|
@ -1202,6 +1202,11 @@ void UsbPacketReceived(uint8_t *packet, int len)
|
|||
iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
|
||||
break;
|
||||
#endif
|
||||
#ifdef WITH_HFSNOOP
|
||||
case CMD_HF_SNIFFER:
|
||||
HfSnoop(c->arg[0], c->arg[1]);
|
||||
break;
|
||||
#endif
|
||||
|
||||
case CMD_BUFF_CLEAR:
|
||||
BigBuf_Clear();
|
||||
|
@ -1338,7 +1343,7 @@ void __attribute__((noreturn)) AppMain(void)
|
|||
AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
|
||||
// PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
|
||||
AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
|
||||
AT91C_PMC_PRES_CLK_4;
|
||||
AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
|
||||
AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
|
||||
|
||||
// Reset SPI
|
||||
|
|
|
@ -189,5 +189,6 @@ bool cmd_receive(UsbCommand* cmd);
|
|||
bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);
|
||||
|
||||
/// util.h
|
||||
void HfSnoop(int , int);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -43,6 +43,7 @@ void SetAdcMuxFor(uint32_t whichGpio);
|
|||
#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (1<<5)
|
||||
#define FPGA_MAJOR_MODE_HF_SIMULATOR (2<<5)
|
||||
#define FPGA_MAJOR_MODE_HF_ISO14443A (3<<5)
|
||||
#define FPGA_MAJOR_MODE_HF_SNOOP (4<<5)
|
||||
// BOTH
|
||||
#define FPGA_MAJOR_MODE_OFF (7<<5)
|
||||
// Options for LF_ADC
|
||||
|
|
74
armsrc/hfsnoop.c
Normal file
74
armsrc/hfsnoop.c
Normal file
|
@ -0,0 +1,74 @@
|
|||
#include "proxmark3.h"
|
||||
#include "apps.h"
|
||||
#include "BigBuf.h"
|
||||
#include "util.h"
|
||||
|
||||
static void RAMFUNC optimizedSnoop(void);
|
||||
|
||||
static void RAMFUNC optimizedSnoop(void)
|
||||
{
|
||||
BigBuf_free();
|
||||
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
|
||||
|
||||
uint16_t *dest = (uint16_t *)BigBuf_get_addr();
|
||||
uint16_t *destend = dest + n;
|
||||
|
||||
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
|
||||
// Reading data loop
|
||||
while(dest <= destend)
|
||||
{
|
||||
if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)
|
||||
{
|
||||
*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
|
||||
dest = dest + 1;
|
||||
}
|
||||
}
|
||||
//Resetting Frame mode (First set in fpgaloader.c)
|
||||
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
|
||||
}
|
||||
|
||||
void HfSnoop(int samplesToSkip, int triggersToSkip)
|
||||
{
|
||||
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
|
||||
bool trigger_cnt;
|
||||
LED_D_OFF();
|
||||
// Select correct configs
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
||||
// Set up the synchronous serial port
|
||||
FpgaSetupSsc();
|
||||
// connect Demodulated Signal to ADC:
|
||||
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
|
||||
SpinDelay(100);
|
||||
|
||||
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
|
||||
|
||||
trigger_cnt = 0;
|
||||
uint16_t r;
|
||||
for(;;) {
|
||||
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
||||
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
if (!(trigger_cnt == triggersToSkip) && ( (r >> 8) >= 240))
|
||||
{
|
||||
Dbprintf("Trigger kicked! Value: %d.", r >> 8);
|
||||
trigger_cnt++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r >> 8);
|
||||
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
|
||||
while(waitcount != 0) {
|
||||
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
||||
waitcount--;
|
||||
}
|
||||
}
|
||||
|
||||
// Snooooop!!!
|
||||
optimizedSnoop();
|
||||
|
||||
DbpString("Done.");
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
LED_D_OFF();
|
||||
}
|
||||
|
|
@ -576,6 +576,14 @@ int CmdHFSearch(const char *Cmd){
|
|||
return 0;
|
||||
}
|
||||
|
||||
int CmdHFSnoop(const char *Cmd)
|
||||
{
|
||||
char * pEnd;
|
||||
UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}};
|
||||
SendCommand(&c);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static command_t CommandTable[] =
|
||||
{
|
||||
{"help", CmdHelp, 1, "This help"},
|
||||
|
@ -590,7 +598,8 @@ static command_t CommandTable[] =
|
|||
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
|
||||
{"list", CmdHFList, 1, "List protocol data in trace buffer"},
|
||||
{"search", CmdHFSearch, 1, "Search for known HF tags [preliminary]"},
|
||||
{NULL, NULL, 0, NULL}
|
||||
{"snoop", CmdHFSnoop, 0, "<samples to skip (10000)> <triggers to skip (1)> Generic LF/HF Snoop in Testing stage"},
|
||||
{NULL, NULL, 0, NULL}
|
||||
};
|
||||
|
||||
int CmdHF(const char *Cmd)
|
||||
|
|
|
@ -9,7 +9,7 @@ fpga_hf.ngc: fpga_hf.v fpga.ucf xst_hf.scr util.v hi_simulate.v hi_read_tx.v hi_
|
|||
$(DELETE) $@
|
||||
$(XILINX_TOOLS_PREFIX)xst -ifn xst_hf.scr
|
||||
|
||||
fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v
|
||||
fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v hi_sniffer.v
|
||||
$(DELETE) $@
|
||||
$(XILINX_TOOLS_PREFIX)xst -ifn xst_lf.scr
|
||||
|
||||
|
|
BIN
fpga/fpga_hf.bit
BIN
fpga/fpga_hf.bit
Binary file not shown.
|
@ -17,6 +17,7 @@
|
|||
`include "hi_read_rx_xcorr.v"
|
||||
`include "hi_simulate.v"
|
||||
`include "hi_iso14443a.v"
|
||||
`include "hi_sniffer.v"
|
||||
`include "util.v"
|
||||
|
||||
module fpga_hf(
|
||||
|
@ -122,25 +123,36 @@ hi_iso14443a hisn(
|
|||
hi_simulate_mod_type
|
||||
);
|
||||
|
||||
hi_sniffer he(
|
||||
pck0, ck_1356meg, ck_1356megb,
|
||||
he_pwr_lo, he_pwr_hi, he_pwr_oe1, he_pwr_oe2, he_pwr_oe3, he_pwr_oe4,
|
||||
adc_d, he_adc_clk,
|
||||
he_ssp_frame, he_ssp_din, ssp_dout, he_ssp_clk,
|
||||
cross_hi, cross_lo,
|
||||
he_dbg,
|
||||
hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
|
||||
);
|
||||
|
||||
// Major modes:
|
||||
|
||||
// 000 -- HF reader, transmitting to tag; modulation depth selectable
|
||||
// 001 -- HF reader, receiving from tag, correlating as it goes; frequency selectable
|
||||
// 010 -- HF simulated tag
|
||||
// 011 -- HF ISO14443-A
|
||||
// 100 -- HF Snoop
|
||||
// 111 -- everything off
|
||||
|
||||
mux8 mux_ssp_clk (major_mode, ssp_clk, ht_ssp_clk, hrxc_ssp_clk, hs_ssp_clk, hisn_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_ssp_din (major_mode, ssp_din, ht_ssp_din, hrxc_ssp_din, hs_ssp_din, hisn_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_ssp_frame (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe1 (major_mode, pwr_oe1, ht_pwr_oe1, hrxc_pwr_oe1, hs_pwr_oe1, hisn_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe2 (major_mode, pwr_oe2, ht_pwr_oe2, hrxc_pwr_oe2, hs_pwr_oe2, hisn_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe3 (major_mode, pwr_oe3, ht_pwr_oe3, hrxc_pwr_oe3, hs_pwr_oe3, hisn_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe4 (major_mode, pwr_oe4, ht_pwr_oe4, hrxc_pwr_oe4, hs_pwr_oe4, hisn_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_lo (major_mode, pwr_lo, ht_pwr_lo, hrxc_pwr_lo, hs_pwr_lo, hisn_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_hi (major_mode, pwr_hi, ht_pwr_hi, hrxc_pwr_hi, hs_pwr_hi, hisn_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_adc_clk (major_mode, adc_clk, ht_adc_clk, hrxc_adc_clk, hs_adc_clk, hisn_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_dbg (major_mode, dbg, ht_dbg, hrxc_dbg, hs_dbg, hisn_dbg, 1'b0, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_ssp_clk (major_mode, ssp_clk, ht_ssp_clk, hrxc_ssp_clk, hs_ssp_clk, hisn_ssp_clk, he_ssp_clk, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_ssp_din (major_mode, ssp_din, ht_ssp_din, hrxc_ssp_din, hs_ssp_din, hisn_ssp_din, he_ssp_din, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_ssp_frame (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, he_ssp_frame, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe1 (major_mode, pwr_oe1, ht_pwr_oe1, hrxc_pwr_oe1, hs_pwr_oe1, hisn_pwr_oe1, he_pwr_oe1, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe2 (major_mode, pwr_oe2, ht_pwr_oe2, hrxc_pwr_oe2, hs_pwr_oe2, hisn_pwr_oe2, he_pwr_oe2, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe3 (major_mode, pwr_oe3, ht_pwr_oe3, hrxc_pwr_oe3, hs_pwr_oe3, hisn_pwr_oe3, he_pwr_oe3, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_oe4 (major_mode, pwr_oe4, ht_pwr_oe4, hrxc_pwr_oe4, hs_pwr_oe4, hisn_pwr_oe4, he_pwr_oe4, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_lo (major_mode, pwr_lo, ht_pwr_lo, hrxc_pwr_lo, hs_pwr_lo, hisn_pwr_lo, he_pwr_lo, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_pwr_hi (major_mode, pwr_hi, ht_pwr_hi, hrxc_pwr_hi, hs_pwr_hi, hisn_pwr_hi, he_pwr_hi, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_adc_clk (major_mode, adc_clk, ht_adc_clk, hrxc_adc_clk, hs_adc_clk, hisn_adc_clk, he_adc_clk, 1'b0, 1'b0, 1'b0);
|
||||
mux8 mux_dbg (major_mode, dbg, ht_dbg, hrxc_dbg, hs_dbg, hisn_dbg, he_dbg, 1'b0, 1'b0, 1'b0);
|
||||
|
||||
// In all modes, let the ADC's outputs be enabled.
|
||||
assign adc_noe = 1'b0;
|
||||
|
|
BIN
fpga/fpga_lf.bit
BIN
fpga/fpga_lf.bit
Binary file not shown.
77
fpga/hi_sniffer.v
Normal file
77
fpga/hi_sniffer.v
Normal file
|
@ -0,0 +1,77 @@
|
|||
|
||||
module hi_sniffer(
|
||||
pck0, ck_1356meg, ck_1356megb,
|
||||
pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
|
||||
adc_d, adc_clk,
|
||||
ssp_frame, ssp_din, ssp_dout, ssp_clk,
|
||||
cross_hi, cross_lo,
|
||||
dbg,
|
||||
xcorr_is_848, snoop, xcorr_quarter_freq // not used.
|
||||
);
|
||||
input pck0, ck_1356meg, ck_1356megb;
|
||||
output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
|
||||
input [7:0] adc_d;
|
||||
output adc_clk;
|
||||
input ssp_dout;
|
||||
output ssp_frame, ssp_din, ssp_clk;
|
||||
input cross_hi, cross_lo;
|
||||
output dbg;
|
||||
input xcorr_is_848, snoop, xcorr_quarter_freq; // not used.
|
||||
|
||||
// We are only snooping, all off.
|
||||
assign pwr_hi = 1'b0;// ck_1356megb & (~snoop);
|
||||
assign pwr_oe1 = 1'b0;
|
||||
assign pwr_oe2 = 1'b0;
|
||||
assign pwr_oe3 = 1'b0;
|
||||
assign pwr_oe4 = 1'b0;
|
||||
|
||||
reg ssp_clk = 1'b0;
|
||||
reg ssp_frame;
|
||||
reg adc_clk;
|
||||
reg [7:0] adc_d_out = 8'd0;
|
||||
reg [7:0] ssp_cnt = 8'd0;
|
||||
reg [7:0] pck_divider = 8'd0;
|
||||
reg ant_lo = 1'b0;
|
||||
reg bit_to_send = 1'b0;
|
||||
|
||||
always @(ck_1356meg, pck0) // should synthetisize to a mux..
|
||||
begin
|
||||
adc_clk = ck_1356meg;
|
||||
ssp_clk = ~ck_1356meg;
|
||||
end
|
||||
|
||||
reg [7:0] cnt_test = 8'd0; // test
|
||||
|
||||
always @(posedge pck0)
|
||||
begin
|
||||
ant_lo <= 1'b0;
|
||||
end
|
||||
|
||||
always @(posedge ssp_clk) // ~1356 (hf)
|
||||
begin
|
||||
if(ssp_cnt[7:0] == 8'd255) // SSP counter for divides.
|
||||
ssp_cnt[7:0] <= 8'd0;
|
||||
else
|
||||
ssp_cnt <= ssp_cnt + 1;
|
||||
|
||||
if((ssp_cnt[2:0] == 3'b000) && !ant_lo) // To set frame length
|
||||
begin
|
||||
adc_d_out[7:0] = adc_d; // disable for test
|
||||
bit_to_send = adc_d_out[0];
|
||||
ssp_frame <= 1'b1;
|
||||
end
|
||||
else
|
||||
begin
|
||||
adc_d_out[6:0] = adc_d_out[7:1];
|
||||
adc_d_out[7] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
|
||||
bit_to_send = adc_d_out[0];
|
||||
ssp_frame <= 1'b0;
|
||||
end
|
||||
end
|
||||
|
||||
assign ssp_din = bit_to_send && !ant_lo;//bit_to_send && !ant_lo; // && .. not needed i guess?
|
||||
|
||||
assign pwr_lo = ant_lo;
|
||||
|
||||
|
||||
endmodule
|
|
@ -197,6 +197,8 @@ typedef struct{
|
|||
#define CMD_MIFARE_DESFIRE_INFO 0x072d
|
||||
#define CMD_MIFARE_DESFIRE 0x072e
|
||||
|
||||
#define CMD_HF_SNIFFER 0x0800
|
||||
|
||||
#define CMD_UNKNOWN 0xFFFF
|
||||
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue