From 6ca4c6463e401a9c7bb080010a526b9270dbfda7 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jan 2015 14:16:05 +0100 Subject: [PATCH 01/11] Removed wrong size-count, sizeof(bigbuf) would always return 40000 in lfops --- armsrc/lfops.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 894adef7..d5b64593 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -793,12 +793,9 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) WDT_HIT(); if (ledcontrol) LED_A_ON(); DoAcquisition125k_internal(-1,true); - size = sizeof(BigBuf); - //make sure buffer has data - if (size < 2000) continue; //fskdemod and get start index WDT_HIT(); - idx = IOdemodFSK(dest,size); + idx = IOdemodFSK(dest,sizeof(BigBuf)); if (idx>0){ //valid tag found @@ -821,7 +818,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]); } code = bytebits_to_byte(dest+idx,32); - code2 = bytebits_to_byte(dest+idx+32,32); + code2 = bytebits_to_byte(dest+idx+32,32); version = bytebits_to_byte(dest+idx+27,8); //14,4 facilitycode = bytebits_to_byte(dest+idx+18,8) ; number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 From ae8e8a437237a059e798f443eb6a8f695754051e Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jan 2015 14:21:07 +0100 Subject: [PATCH 02/11] Corrected indentation to tabs only --- armsrc/lfops.c | 2832 ++++++++++++++++++++++++------------------------ 1 file changed, 1416 insertions(+), 1416 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index d5b64593..847e4525 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -25,40 +25,40 @@ */ void DoAcquisition125k_internal(int trigger_threshold,bool silent) { - uint8_t *dest = (uint8_t *)BigBuf; - int n = sizeof(BigBuf); - int i; + uint8_t *dest = (uint8_t *)BigBuf; + int n = sizeof(BigBuf); + int i; - memset(dest, 0, n); - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - LED_D_ON(); - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - LED_D_OFF(); - if (trigger_threshold != -1 && dest[i] < trigger_threshold) - continue; - else - trigger_threshold = -1; - if (++i >= n) break; - } - } - if(!silent) - { - Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", - dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); - - } + memset(dest, 0, n); + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + LED_D_OFF(); + if (trigger_threshold != -1 && dest[i] < trigger_threshold) + continue; + else + trigger_threshold = -1; + if (++i >= n) break; + } + } + if(!silent) + { + Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", + dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); + + } } /** * Perform sample aquisition. */ void DoAcquisition125k(int trigger_threshold) { - DoAcquisition125k_internal(trigger_threshold, false); + DoAcquisition125k_internal(trigger_threshold, false); } /** @@ -70,31 +70,31 @@ void DoAcquisition125k(int trigger_threshold) **/ void LFSetupFPGAForADC(int divisor, bool lf_field) { - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - if ( (divisor == 1) || (divisor < 0) || (divisor > 255) ) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else if (divisor == 0) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + if ( (divisor == 1) || (divisor < 0) || (divisor > 255) ) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + else if (divisor == 0) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + else + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0)); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0)); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Give it a bit of time for the resonant antenna to settle. + SpinDelay(50); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); } /** * Initializes the FPGA, and acquires the samples. **/ void AcquireRawAdcSamples125k(int divisor) { - LFSetupFPGAForADC(divisor, true); - // Now call the acquisition routine - DoAcquisition125k_internal(-1,false); + LFSetupFPGAForADC(divisor, true); + // Now call the acquisition routine + DoAcquisition125k_internal(-1,false); } /** * Initializes the FPGA for snoop-mode, and acquires the samples. @@ -102,60 +102,60 @@ void AcquireRawAdcSamples125k(int divisor) void SnoopLFRawAdcSamples(int divisor, int trigger_threshold) { - LFSetupFPGAForADC(divisor, false); - DoAcquisition125k(trigger_threshold); + LFSetupFPGAForADC(divisor, false); + DoAcquisition125k(trigger_threshold); } void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) { - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); + /* Make sure the tag is reset */ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(2500); - int divisor_used = 95; // 125 KHz - // see if 'h' was specified + int divisor_used = 95; // 125 KHz + // see if 'h' was specified - if (command[strlen((char *) command) - 1] == 'h') - divisor_used = 88; // 134.8 KHz + if (command[strlen((char *) command) - 1] == 'h') + divisor_used = 88; // 134.8 KHz - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + // Give it a bit of time for the resonant antenna to settle. + SpinDelay(50); - // And a little more time for the tag to fully power up - SpinDelay(2000); + // And a little more time for the tag to fully power up + SpinDelay(2000); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); - // now modulate the reader field - while(*command != '\0' && *command != ' ') { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + // now modulate the reader field + while(*command != '\0' && *command != ' ') { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - LED_D_ON(); - if(*(command++) == '0') - SpinDelayUs(period_0); - else - SpinDelayUs(period_1); - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + LED_D_ON(); + if(*(command++) == '0') + SpinDelayUs(period_0); + else + SpinDelayUs(period_1); + } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // now do the read - DoAcquisition125k(-1); + // now do the read + DoAcquisition125k(-1); } /* blank r/w tag data stream @@ -169,230 +169,230 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, */ void ReadTItag(void) { - // some hardcoded initial params - // when we read a TI tag we sample the zerocross line at 2Mhz - // TI tags modulate a 1 as 16 cycles of 123.2Khz - // TI tags modulate a 0 as 16 cycles of 134.2Khz - #define FSAMPLE 2000000 - #define FREQLO 123200 - #define FREQHI 134200 + // some hardcoded initial params + // when we read a TI tag we sample the zerocross line at 2Mhz + // TI tags modulate a 1 as 16 cycles of 123.2Khz + // TI tags modulate a 0 as 16 cycles of 134.2Khz +#define FSAMPLE 2000000 +#define FREQLO 123200 +#define FREQHI 134200 - signed char *dest = (signed char *)BigBuf; - int n = sizeof(BigBuf); -// int *dest = GraphBuffer; -// int n = GraphTraceLen; + signed char *dest = (signed char *)BigBuf; + int n = sizeof(BigBuf); + // int *dest = GraphBuffer; + // int n = GraphTraceLen; - // 128 bit shift register [shift3:shift2:shift1:shift0] - uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; + // 128 bit shift register [shift3:shift2:shift1:shift0] + uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; - int i, cycles=0, samples=0; - // how many sample points fit in 16 cycles of each frequency - uint32_t sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; - // when to tell if we're close enough to one freq or another - uint32_t threshold = (sampleslo - sampleshi + 1)>>1; + int i, cycles=0, samples=0; + // how many sample points fit in 16 cycles of each frequency + uint32_t sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; + // when to tell if we're close enough to one freq or another + uint32_t threshold = (sampleslo - sampleshi + 1)>>1; - // TI tags charge at 134.2Khz - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + // TI tags charge at 134.2Khz + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - // get TI tag data into the buffer - AcquireTiType(); + // get TI tag data into the buffer + AcquireTiType(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - for (i=0; i0) ) { - cycles++; - // after 16 cycles, measure the frequency - if (cycles>15) { - cycles=0; - samples=i-samples; // number of samples in these 16 cycles + for (i=0; i0) ) { + cycles++; + // after 16 cycles, measure the frequency + if (cycles>15) { + cycles=0; + samples=i-samples; // number of samples in these 16 cycles - // TI bits are coming to us lsb first so shift them - // right through our 128 bit right shift register - shift0 = (shift0>>1) | (shift1 << 31); - shift1 = (shift1>>1) | (shift2 << 31); - shift2 = (shift2>>1) | (shift3 << 31); - shift3 >>= 1; + // TI bits are coming to us lsb first so shift them + // right through our 128 bit right shift register + shift0 = (shift0>>1) | (shift1 << 31); + shift1 = (shift1>>1) | (shift2 << 31); + shift2 = (shift2>>1) | (shift3 << 31); + shift3 >>= 1; - // check if the cycles fall close to the number - // expected for either the low or high frequency - if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { - // low frequency represents a 1 - shift3 |= (1<<31); - } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { - // high frequency represents a 0 - } else { - // probably detected a gay waveform or noise - // use this as gaydar or discard shift register and start again - shift3 = shift2 = shift1 = shift0 = 0; - } - samples = i; + // check if the cycles fall close to the number + // expected for either the low or high frequency + if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { + // low frequency represents a 1 + shift3 |= (1<<31); + } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { + // high frequency represents a 0 + } else { + // probably detected a gay waveform or noise + // use this as gaydar or discard shift register and start again + shift3 = shift2 = shift1 = shift0 = 0; + } + samples = i; - // for each bit we receive, test if we've detected a valid tag + // for each bit we receive, test if we've detected a valid tag - // if we see 17 zeroes followed by 6 ones, we might have a tag - // remember the bits are backwards - if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { - // if start and end bytes match, we have a tag so break out of the loop - if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { - cycles = 0xF0B; //use this as a flag (ugly but whatever) - break; - } - } - } - } - } + // if we see 17 zeroes followed by 6 ones, we might have a tag + // remember the bits are backwards + if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { + // if start and end bytes match, we have a tag so break out of the loop + if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { + cycles = 0xF0B; //use this as a flag (ugly but whatever) + break; + } + } + } + } + } - // if flag is set we have a tag - if (cycles!=0xF0B) { - DbpString("Info: No valid tag detected."); - } else { - // put 64 bit data into shift1 and shift0 - shift0 = (shift0>>24) | (shift1 << 8); - shift1 = (shift1>>24) | (shift2 << 8); + // if flag is set we have a tag + if (cycles!=0xF0B) { + DbpString("Info: No valid tag detected."); + } else { + // put 64 bit data into shift1 and shift0 + shift0 = (shift0>>24) | (shift1 << 8); + shift1 = (shift1>>24) | (shift2 << 8); - // align 16 bit crc into lower half of shift2 - shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; + // align 16 bit crc into lower half of shift2 + shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; - // if r/w tag, check ident match - if ( shift3&(1<<15) ) { - DbpString("Info: TI tag is rewriteable"); - // only 15 bits compare, last bit of ident is not valid - if ( ((shift3>>16)^shift0)&0x7fff ) { - DbpString("Error: Ident mismatch!"); - } else { - DbpString("Info: TI tag ident is valid"); - } - } else { - DbpString("Info: TI tag is readonly"); - } + // if r/w tag, check ident match + if ( shift3&(1<<15) ) { + DbpString("Info: TI tag is rewriteable"); + // only 15 bits compare, last bit of ident is not valid + if ( ((shift3>>16)^shift0)&0x7fff ) { + DbpString("Error: Ident mismatch!"); + } else { + DbpString("Info: TI tag ident is valid"); + } + } else { + DbpString("Info: TI tag is readonly"); + } - // WARNING the order of the bytes in which we calc crc below needs checking - // i'm 99% sure the crc algorithm is correct, but it may need to eat the - // bytes in reverse or something - // calculate CRC - uint32_t crc=0; + // WARNING the order of the bytes in which we calc crc below needs checking + // i'm 99% sure the crc algorithm is correct, but it may need to eat the + // bytes in reverse or something + // calculate CRC + uint32_t crc=0; - crc = update_crc16(crc, (shift0)&0xff); - crc = update_crc16(crc, (shift0>>8)&0xff); - crc = update_crc16(crc, (shift0>>16)&0xff); - crc = update_crc16(crc, (shift0>>24)&0xff); - crc = update_crc16(crc, (shift1)&0xff); - crc = update_crc16(crc, (shift1>>8)&0xff); - crc = update_crc16(crc, (shift1>>16)&0xff); - crc = update_crc16(crc, (shift1>>24)&0xff); + crc = update_crc16(crc, (shift0)&0xff); + crc = update_crc16(crc, (shift0>>8)&0xff); + crc = update_crc16(crc, (shift0>>16)&0xff); + crc = update_crc16(crc, (shift0>>24)&0xff); + crc = update_crc16(crc, (shift1)&0xff); + crc = update_crc16(crc, (shift1>>8)&0xff); + crc = update_crc16(crc, (shift1>>16)&0xff); + crc = update_crc16(crc, (shift1>>24)&0xff); - Dbprintf("Info: Tag data: %x%08x, crc=%x", - (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); - if (crc != (shift2&0xffff)) { - Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); - } else { - DbpString("Info: CRC is good"); - } - } + Dbprintf("Info: Tag data: %x%08x, crc=%x", + (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); + if (crc != (shift2&0xffff)) { + Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); + } else { + DbpString("Info: CRC is good"); + } + } } void WriteTIbyte(uint8_t b) { - int i = 0; + int i = 0; - // modulate 8 bits out to the antenna - for (i=0; i<8; i++) - { - if (b&(1<PIO_PDR = GPIO_SSC_DIN; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; + // Set up the synchronous serial port + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DIN; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; - // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long - // 48/2 = 24 MHz clock must be divided by 12 - AT91C_BASE_SSC->SSC_CMR = 12; + // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long + // 48/2 = 24 MHz clock must be divided by 12 + AT91C_BASE_SSC->SSC_CMR = 12; - AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; - AT91C_BASE_SSC->SSC_TCMR = 0; - AT91C_BASE_SSC->SSC_TFMR = 0; + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; + AT91C_BASE_SSC->SSC_TCMR = 0; + AT91C_BASE_SSC->SSC_TFMR = 0; - LED_D_ON(); + LED_D_ON(); - // modulate antenna - HIGH(GPIO_SSC_DOUT); + // modulate antenna + HIGH(GPIO_SSC_DOUT); - // Charge TI tag for 50ms. - SpinDelay(50); + // Charge TI tag for 50ms. + SpinDelay(50); - // stop modulating antenna and listen - LOW(GPIO_SSC_DOUT); + // stop modulating antenna and listen + LOW(GPIO_SSC_DOUT); - LED_D_OFF(); + LED_D_OFF(); - i = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer - i++; if(i >= TIBUFLEN) break; - } - WDT_HIT(); - } + i = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer + i++; if(i >= TIBUFLEN) break; + } + WDT_HIT(); + } - // return stolen pin to SSP - AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; + // return stolen pin to SSP + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; - char *dest = (char *)BigBuf; - n = TIBUFLEN*32; - // unpack buffer - for (i=TIBUFLEN-1; i>=0; i--) { - for (j=0; j<32; j++) { - if(BigBuf[i] & (1 << j)) { - dest[--n] = 1; - } else { - dest[--n] = -1; - } - } - } + char *dest = (char *)BigBuf; + n = TIBUFLEN*32; + // unpack buffer + for (i=TIBUFLEN-1; i>=0; i--) { + for (j=0; j<32; j++) { + if(BigBuf[i] & (1 << j)) { + dest[--n] = 1; + } else { + dest[--n] = -1; + } + } + } } // arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc @@ -400,127 +400,127 @@ void AcquireTiType(void) // if not provided a valid crc will be computed from the data and written. void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) { - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - if(crc == 0) { - crc = update_crc16(crc, (idlo)&0xff); - crc = update_crc16(crc, (idlo>>8)&0xff); - crc = update_crc16(crc, (idlo>>16)&0xff); - crc = update_crc16(crc, (idlo>>24)&0xff); - crc = update_crc16(crc, (idhi)&0xff); - crc = update_crc16(crc, (idhi>>8)&0xff); - crc = update_crc16(crc, (idhi>>16)&0xff); - crc = update_crc16(crc, (idhi>>24)&0xff); - } - Dbprintf("Writing to tag: %x%08x, crc=%x", - (unsigned int) idhi, (unsigned int) idlo, crc); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + if(crc == 0) { + crc = update_crc16(crc, (idlo)&0xff); + crc = update_crc16(crc, (idlo>>8)&0xff); + crc = update_crc16(crc, (idlo>>16)&0xff); + crc = update_crc16(crc, (idlo>>24)&0xff); + crc = update_crc16(crc, (idhi)&0xff); + crc = update_crc16(crc, (idhi>>8)&0xff); + crc = update_crc16(crc, (idhi>>16)&0xff); + crc = update_crc16(crc, (idhi>>24)&0xff); + } + Dbprintf("Writing to tag: %x%08x, crc=%x", + (unsigned int) idhi, (unsigned int) idlo, crc); - // TI tags charge at 134.2Khz - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - LED_A_ON(); + // TI tags charge at 134.2Khz + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + LED_A_ON(); - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - // writing algorithm: - // a high bit consists of a field off for 1ms and field on for 1ms - // a low bit consists of a field off for 0.3ms and field on for 1.7ms - // initiate a charge time of 50ms (field on) then immediately start writing bits - // start by writing 0xBB (keyword) and 0xEB (password) - // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) - // finally end with 0x0300 (write frame) - // all data is sent lsb firts - // finish with 15ms programming time + // writing algorithm: + // a high bit consists of a field off for 1ms and field on for 1ms + // a low bit consists of a field off for 0.3ms and field on for 1.7ms + // initiate a charge time of 50ms (field on) then immediately start writing bits + // start by writing 0xBB (keyword) and 0xEB (password) + // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) + // finally end with 0x0300 (write frame) + // all data is sent lsb firts + // finish with 15ms programming time - // modulate antenna - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // charge time + // modulate antenna + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // charge time - WriteTIbyte(0xbb); // keyword - WriteTIbyte(0xeb); // password - WriteTIbyte( (idlo )&0xff ); - WriteTIbyte( (idlo>>8 )&0xff ); - WriteTIbyte( (idlo>>16)&0xff ); - WriteTIbyte( (idlo>>24)&0xff ); - WriteTIbyte( (idhi )&0xff ); - WriteTIbyte( (idhi>>8 )&0xff ); - WriteTIbyte( (idhi>>16)&0xff ); - WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo - WriteTIbyte( (crc )&0xff ); // crc lo - WriteTIbyte( (crc>>8 )&0xff ); // crc hi - WriteTIbyte(0x00); // write frame lo - WriteTIbyte(0x03); // write frame hi - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // programming time + WriteTIbyte(0xbb); // keyword + WriteTIbyte(0xeb); // password + WriteTIbyte( (idlo )&0xff ); + WriteTIbyte( (idlo>>8 )&0xff ); + WriteTIbyte( (idlo>>16)&0xff ); + WriteTIbyte( (idlo>>24)&0xff ); + WriteTIbyte( (idhi )&0xff ); + WriteTIbyte( (idhi>>8 )&0xff ); + WriteTIbyte( (idhi>>16)&0xff ); + WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo + WriteTIbyte( (crc )&0xff ); // crc lo + WriteTIbyte( (crc>>8 )&0xff ); // crc hi + WriteTIbyte(0x00); // write frame lo + WriteTIbyte(0x03); // write frame hi + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // programming time - LED_A_OFF(); + LED_A_OFF(); - // get TI tag data into the buffer - AcquireTiType(); + // get TI tag data into the buffer + AcquireTiType(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("Now use tiread to check"); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("Now use tiread to check"); } void SimulateTagLowFrequency(int period, int gap, int ledcontrol) { - int i; - uint8_t *tab = (uint8_t *)BigBuf; + int i; + uint8_t *tab = (uint8_t *)BigBuf; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; #define SHORT_COIL() LOW(GPIO_SSC_DOUT) #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) - i = 0; - for(;;) { - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } + i = 0; + for(;;) { + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } - if (ledcontrol) - LED_D_ON(); + if (ledcontrol) + LED_D_ON(); - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); - if (ledcontrol) - LED_D_OFF(); + if (ledcontrol) + LED_D_OFF(); - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } - i++; - if(i == period) { - i = 0; - if (gap) { - SHORT_COIL(); - SpinDelayUs(gap); - } - } - } + i++; + if(i == period) { + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } } #define DEBUG_FRAME_CONTENTS 1 @@ -530,315 +530,315 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) // compose fc/8 fc/10 waveform static void fc(int c, int *n) { - uint8_t *dest = (uint8_t *)BigBuf; - int idx; + uint8_t *dest = (uint8_t *)BigBuf; + int idx; - // for when we want an fc8 pattern every 4 logical bits - if(c==0) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples - if(c==8) { - for (idx=0; idx<6; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } + // for when we want an fc8 pattern every 4 logical bits + if(c==0) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples + if(c==8) { + for (idx=0; idx<6; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } - // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples - if(c==10) { - for (idx=0; idx<5; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } + // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples + if(c==10) { + for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } } // prepare a waveform pattern in the buffer based on the ID given then // simulate a HID tag until the button is pressed void CmdHIDsimTAG(int hi, int lo, int ledcontrol) { - int n=0, i=0; - /* - HID tag bitstream format - The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits - A 1 bit is represented as 6 fc8 and 5 fc10 patterns - A 0 bit is represented as 5 fc10 and 6 fc8 patterns - A fc8 is inserted before every 4 bits - A special start of frame pattern is used consisting a0b0 where a and b are neither 0 - nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) - */ + int n=0, i=0; + /* + HID tag bitstream format + The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits + A 1 bit is represented as 6 fc8 and 5 fc10 patterns + A 0 bit is represented as 5 fc10 and 6 fc8 patterns + A fc8 is inserted before every 4 bits + A special start of frame pattern is used consisting a0b0 where a and b are neither 0 + nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) + */ - if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); - return; - } - fc(0,&n); - // special start of frame marker containing invalid bit sequences - fc(8, &n); fc(8, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 - fc(10, &n); fc(10, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 + if (hi>0xFFF) { + DbpString("Tags can only have 44 bits."); + return; + } + fc(0,&n); + // special start of frame marker containing invalid bit sequences + fc(8, &n); fc(8, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 + fc(10, &n); fc(10, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 - WDT_HIT(); - // manchester encode bits 43 to 32 - for (i=11; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((hi>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } + WDT_HIT(); + // manchester encode bits 43 to 32 + for (i=11; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((hi>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } - WDT_HIT(); - // manchester encode bits 31 to 0 - for (i=31; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((lo>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } + WDT_HIT(); + // manchester encode bits 31 to 0 + for (i=31; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((lo>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } - if (ledcontrol) - LED_A_ON(); - SimulateTagLowFrequency(n, 0, ledcontrol); + if (ledcontrol) + LED_A_ON(); + SimulateTagLowFrequency(n, 0, ledcontrol); - if (ledcontrol) - LED_A_OFF(); + if (ledcontrol) + LED_A_OFF(); } // loop to get raw HID waveform then FSK demodulate the TAG ID from it void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = (uint8_t *)BigBuf; - size_t size=0; //, found=0; - uint32_t hi2=0, hi=0, lo=0; + size_t size=0; //, found=0; + uint32_t hi2=0, hi=0, lo=0; - // Configure to go in 125Khz listen mode - LFSetupFPGAForADC(95, true); + // Configure to go in 125Khz listen mode + LFSetupFPGAForADC(95, true); - while(!BUTTON_PRESS()) { + while(!BUTTON_PRESS()) { - WDT_HIT(); - if (ledcontrol) LED_A_ON(); + WDT_HIT(); + if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); - size = sizeof(BigBuf); - if (size < 2000) continue; - // FSK demodulator + DoAcquisition125k_internal(-1,true); + size = sizeof(BigBuf); + if (size < 2000) continue; + // FSK demodulator - int bitLen = HIDdemodFSK(dest,size,&hi2,&hi,&lo); - - WDT_HIT(); + int bitLen = HIDdemodFSK(dest,size,&hi2,&hi,&lo); - if (bitLen>0 && lo>0){ - // final loop, go over previously decoded manchester data and decode into usable tag ID - // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 - if (hi2 != 0){ //extra large HID tags - Dbprintf("TAG ID: %x%08x%08x (%d)", - (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); - }else { //standard HID tags <38 bits - //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd - uint8_t bitlen = 0; - uint32_t fc = 0; - uint32_t cardnum = 0; - if (((hi>>5)&1)==1){//if bit 38 is set then < 37 bit format is used - uint32_t lo2=0; - lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit - uint8_t idx3 = 1; - while(lo2>1){ //find last bit set to 1 (format len bit) - lo2=lo2>>1; - idx3++; - } - bitlen =idx3+19; - fc =0; - cardnum=0; - if(bitlen==26){ - cardnum = (lo>>1)&0xFFFF; - fc = (lo>>17)&0xFF; - } - if(bitlen==37){ - cardnum = (lo>>1)&0x7FFFF; - fc = ((hi&0xF)<<12)|(lo>>20); - } - if(bitlen==34){ - cardnum = (lo>>1)&0xFFFF; - fc= ((hi&1)<<15)|(lo>>17); - } - if(bitlen==35){ - cardnum = (lo>>1)&0xFFFFF; - fc = ((hi&1)<<11)|(lo>>21); - } - } - else { //if bit 38 is not set then 37 bit format is used - bitlen= 37; - fc =0; - cardnum=0; - if(bitlen==37){ - cardnum = (lo>>1)&0x7FFFF; - fc = ((hi&0xF)<<12)|(lo>>20); - } - } - //Dbprintf("TAG ID: %x%08x (%d)", - // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); - Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d", - (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF, - (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum); - } - if (findone){ - if (ledcontrol) LED_A_OFF(); - return; - } - // reset - hi2 = hi = lo = 0; - } - WDT_HIT(); - //SpinDelay(50); - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); + WDT_HIT(); + + if (bitLen>0 && lo>0){ + // final loop, go over previously decoded manchester data and decode into usable tag ID + // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 + if (hi2 != 0){ //extra large HID tags + Dbprintf("TAG ID: %x%08x%08x (%d)", + (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + }else { //standard HID tags <38 bits + //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd + uint8_t bitlen = 0; + uint32_t fc = 0; + uint32_t cardnum = 0; + if (((hi>>5)&1)==1){//if bit 38 is set then < 37 bit format is used + uint32_t lo2=0; + lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit + uint8_t idx3 = 1; + while(lo2>1){ //find last bit set to 1 (format len bit) + lo2=lo2>>1; + idx3++; + } + bitlen =idx3+19; + fc =0; + cardnum=0; + if(bitlen==26){ + cardnum = (lo>>1)&0xFFFF; + fc = (lo>>17)&0xFF; + } + if(bitlen==37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + if(bitlen==34){ + cardnum = (lo>>1)&0xFFFF; + fc= ((hi&1)<<15)|(lo>>17); + } + if(bitlen==35){ + cardnum = (lo>>1)&0xFFFFF; + fc = ((hi&1)<<11)|(lo>>21); + } + } + else { //if bit 38 is not set then 37 bit format is used + bitlen= 37; + fc =0; + cardnum=0; + if(bitlen==37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + } + //Dbprintf("TAG ID: %x%08x (%d)", + // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF, + (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum); + } + if (findone){ + if (ledcontrol) LED_A_OFF(); + return; + } + // reset + hi2 = hi = lo = 0; + } + WDT_HIT(); + //SpinDelay(50); + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); } void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; + uint8_t *dest = (uint8_t *)BigBuf; - size_t size=0; //, found=0; - uint32_t bitLen=0; - int clk=0, invert=0, errCnt=0; - uint64_t lo=0; - // Configure to go in 125Khz listen mode - LFSetupFPGAForADC(95, true); + size_t size=0; //, found=0; + uint32_t bitLen=0; + int clk=0, invert=0, errCnt=0; + uint64_t lo=0; + // Configure to go in 125Khz listen mode + LFSetupFPGAForADC(95, true); - while(!BUTTON_PRESS()) { + while(!BUTTON_PRESS()) { - WDT_HIT(); - if (ledcontrol) LED_A_ON(); + WDT_HIT(); + if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); - size = sizeof(BigBuf); - if (size < 2000) continue; - // FSK demodulator - //int askmandemod(uint8_t *BinStream,uint32_t *BitLen,int *clk, int *invert); - bitLen=size; - //Dbprintf("DEBUG: Buffer got"); - errCnt = askmandemod(dest,&bitLen,&clk,&invert); //HIDdemodFSK(dest,size,&hi2,&hi,&lo); - //Dbprintf("DEBUG: ASK Got"); - WDT_HIT(); + DoAcquisition125k_internal(-1,true); + size = sizeof(BigBuf); + if (size < 2000) continue; + // FSK demodulator + //int askmandemod(uint8_t *BinStream,uint32_t *BitLen,int *clk, int *invert); + bitLen=size; + //Dbprintf("DEBUG: Buffer got"); + errCnt = askmandemod(dest,&bitLen,&clk,&invert); //HIDdemodFSK(dest,size,&hi2,&hi,&lo); + //Dbprintf("DEBUG: ASK Got"); + WDT_HIT(); - if (errCnt>=0){ - lo = Em410xDecode(dest,bitLen); - //Dbprintf("DEBUG: EM GOT"); - //printEM410x(lo); - if (lo>0){ - Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",(uint32_t)(lo>>32),(uint32_t)lo,(uint32_t)(lo&0xFFFF),(uint32_t)((lo>>16LL) & 0xFF),(uint32_t)(lo & 0xFFFFFF)); - } - if (findone){ - if (ledcontrol) LED_A_OFF(); - return; - } - } else{ - //Dbprintf("DEBUG: No Tag"); - } - WDT_HIT(); - lo = 0; - clk=0; - invert=0; - errCnt=0; - size=0; - //SpinDelay(50); - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); + if (errCnt>=0){ + lo = Em410xDecode(dest,bitLen); + //Dbprintf("DEBUG: EM GOT"); + //printEM410x(lo); + if (lo>0){ + Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",(uint32_t)(lo>>32),(uint32_t)lo,(uint32_t)(lo&0xFFFF),(uint32_t)((lo>>16LL) & 0xFF),(uint32_t)(lo & 0xFFFFFF)); + } + if (findone){ + if (ledcontrol) LED_A_OFF(); + return; + } + } else{ + //Dbprintf("DEBUG: No Tag"); + } + WDT_HIT(); + lo = 0; + clk=0; + invert=0; + errCnt=0; + size=0; + //SpinDelay(50); + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); } void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = (uint8_t *)BigBuf; - size_t size=0; - int idx=0; - uint32_t code=0, code2=0; - uint8_t version=0; - uint8_t facilitycode=0; - uint16_t number=0; - // Configure to go in 125Khz listen mode - LFSetupFPGAForADC(95, true); - - while(!BUTTON_PRESS()) { - WDT_HIT(); - if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); - //fskdemod and get start index - WDT_HIT(); - idx = IOdemodFSK(dest,sizeof(BigBuf)); - if (idx>0){ - //valid tag found + uint8_t *dest = (uint8_t *)BigBuf; + size_t size=0; + int idx=0; + uint32_t code=0, code2=0; + uint8_t version=0; + uint8_t facilitycode=0; + uint16_t number=0; + // Configure to go in 125Khz listen mode + LFSetupFPGAForADC(95, true); - //Index map - //0 10 20 30 40 50 60 - //| | | | | | | - //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 - //----------------------------------------------------------------------------- - //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 - // - //XSF(version)facility:codeone+codetwo - //Handle the data - if(findone){ //only print binary if we are doing one - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]); - Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]); - } - code = bytebits_to_byte(dest+idx,32); - code2 = bytebits_to_byte(dest+idx+32,32); - version = bytebits_to_byte(dest+idx+27,8); //14,4 - facilitycode = bytebits_to_byte(dest+idx+18,8) ; - number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 - - Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); - // if we're only looking for one tag - if (findone){ - if (ledcontrol) LED_A_OFF(); - //LED_A_OFF(); - return; - } - code=code2=0; - version=facilitycode=0; - number=0; - idx=0; - } - WDT_HIT(); - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); + while(!BUTTON_PRESS()) { + WDT_HIT(); + if (ledcontrol) LED_A_ON(); + DoAcquisition125k_internal(-1,true); + //fskdemod and get start index + WDT_HIT(); + idx = IOdemodFSK(dest,sizeof(BigBuf)); + if (idx>0){ + //valid tag found + + //Index map + //0 10 20 30 40 50 60 + //| | | | | | | + //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 + //----------------------------------------------------------------------------- + //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 + // + //XSF(version)facility:codeone+codetwo + //Handle the data + if(findone){ //only print binary if we are doing one + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]); + Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]); + } + code = bytebits_to_byte(dest+idx,32); + code2 = bytebits_to_byte(dest+idx+32,32); + version = bytebits_to_byte(dest+idx+27,8); //14,4 + facilitycode = bytebits_to_byte(dest+idx+18,8) ; + number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 + + Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); + // if we're only looking for one tag + if (findone){ + if (ledcontrol) LED_A_OFF(); + //LED_A_OFF(); + return; + } + code=code2=0; + version=facilitycode=0; + number=0; + idx=0; + } + WDT_HIT(); + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); } /*------------------------------ @@ -908,307 +908,307 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) // Write one bit to card void T55xxWriteBit(int bit) { - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - if (bit == 0) - SpinDelayUs(WRITE_0); - else - SpinDelayUs(WRITE_1); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(WRITE_GAP); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + if (bit == 0) + SpinDelayUs(WRITE_0); + else + SpinDelayUs(WRITE_1); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(WRITE_GAP); } // Write one card block in page 0, no lock void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - //unsigned int i; //enio adjustment 12/10/14 - uint32_t i; + //unsigned int i; //enio adjustment 12/10/14 + uint32_t i; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ - // Pwd + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(0); //Page 0 + if (PwdMode == 1){ + // Pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Pwd & i); + } + // Lock bit + T55xxWriteBit(0); + + // Data for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Lock bit - T55xxWriteBit(0); + T55xxWriteBit(Data & i); - // Data - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Data & i); + // Block + for (i = 0x04; i != 0; i >>= 1) + T55xxWriteBit(Block & i); - // Block - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); - - // Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, - // so wait a little more) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - SpinDelay(20); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + // Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, + // so wait a little more) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + SpinDelay(20); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); } // Read one card block in page 0 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - uint8_t *dest = (uint8_t *)BigBuf; - //int m=0, i=0; //enio adjustment 12/10/14 - uint32_t m=0, i=0; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ - // Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Lock bit - T55xxWriteBit(0); - // Block - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); - - // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; - i++; - if (i >= m) break; - } - } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); - DbpString("DONE!"); + uint8_t *dest = (uint8_t *)BigBuf; + //int m=0, i=0; //enio adjustment 12/10/14 + uint32_t m=0, i=0; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + m = sizeof(BigBuf); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + LED_D_ON(); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(0); //Page 0 + if (PwdMode == 1){ + // Pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Pwd & i); + } + // Lock bit + T55xxWriteBit(0); + // Block + for (i = 0x04; i != 0; i >>= 1) + T55xxWriteBit(Block & i); + + // Turn field on to read the response + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + // we don't care about actual value, only if it's more or less than a + // threshold essentially we capture zero crossings for later analysis + // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; + i++; + if (i >= m) break; + } + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); + DbpString("DONE!"); } // Read card traceability data (page 1) void T55xxReadTrace(void){ - uint8_t *dest = (uint8_t *)BigBuf; - int m=0, i=0; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = sizeof(BigBuf); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(1); //Page 1 - - // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); - DbpString("DONE!"); + uint8_t *dest = (uint8_t *)BigBuf; + int m=0, i=0; + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + m = sizeof(BigBuf); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + LED_D_ON(); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(1); //Page 1 + + // Turn field on to read the response + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + i++; + if (i >= m) break; + } + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); + DbpString("DONE!"); } /*-------------- Cloning routines -----------*/ // Copy HID id to card and setup block 0 config void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { - int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format - int last_block = 0; - - if (longFMT){ - // Ensure no more than 84 bits supplied - if (hi2>0xFFFFF) { - DbpString("Tags can only have 84 bits."); - return; - } - // Build the 6 data blocks for supplied 84bit ID - last_block = 6; - data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded) - for (int i=0;i<4;i++) { - if (hi2 & (1<<(19-i))) - data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10 - else - data1 |= (1<<((3-i)*2)); // 0 -> 01 - } - - data2 = 0; - for (int i=0;i<16;i++) { - if (hi2 & (1<<(15-i))) - data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data2 |= (1<<((15-i)*2)); // 0 -> 01 + int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format + int last_block = 0; + + if (longFMT){ + // Ensure no more than 84 bits supplied + if (hi2>0xFFFFF) { + DbpString("Tags can only have 84 bits."); + return; + } + // Build the 6 data blocks for supplied 84bit ID + last_block = 6; + data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded) + for (int i=0;i<4;i++) { + if (hi2 & (1<<(19-i))) + data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10 + else + data1 |= (1<<((3-i)*2)); // 0 -> 01 + } + + data2 = 0; + for (int i=0;i<16;i++) { + if (hi2 & (1<<(15-i))) + data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data2 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data3 = 0; + for (int i=0;i<16;i++) { + if (hi & (1<<(31-i))) + data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data3 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data4 = 0; + for (int i=0;i<16;i++) { + if (hi & (1<<(15-i))) + data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data4 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data5 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(31-i))) + data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data5 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data6 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(15-i))) + data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data6 |= (1<<((15-i)*2)); // 0 -> 01 + } } - - data3 = 0; - for (int i=0;i<16;i++) { - if (hi & (1<<(31-i))) - data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data3 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data4 = 0; - for (int i=0;i<16;i++) { - if (hi & (1<<(15-i))) - data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data4 |= (1<<((15-i)*2)); // 0 -> 01 + else { + // Ensure no more than 44 bits supplied + if (hi>0xFFF) { + DbpString("Tags can only have 44 bits."); + return; + } + + // Build the 3 data blocks for supplied 44bit ID + last_block = 3; + + data1 = 0x1D000000; // load preamble + + for (int i=0;i<12;i++) { + if (hi & (1<<(11-i))) + data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10 + else + data1 |= (1<<((11-i)*2)); // 0 -> 01 + } + + data2 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(31-i))) + data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data2 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data3 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(15-i))) + data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data3 |= (1<<((15-i)*2)); // 0 -> 01 + } } - - data5 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(31-i))) - data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data5 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data6 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(15-i))) - data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data6 |= (1<<((15-i)*2)); // 0 -> 01 + + LED_D_ON(); + // Program the data blocks for supplied ID + // and the block 0 for HID format + T55xxWriteBlock(data1,1,0,0); + T55xxWriteBlock(data2,2,0,0); + T55xxWriteBlock(data3,3,0,0); + + if (longFMT) { // if long format there are 6 blocks + T55xxWriteBlock(data4,4,0,0); + T55xxWriteBlock(data5,5,0,0); + T55xxWriteBlock(data6,6,0,0); } - } - else { - // Ensure no more than 44 bits supplied - if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); - return; - } - - // Build the 3 data blocks for supplied 44bit ID - last_block = 3; - - data1 = 0x1D000000; // load preamble - - for (int i=0;i<12;i++) { - if (hi & (1<<(11-i))) - data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10 - else - data1 |= (1<<((11-i)*2)); // 0 -> 01 - } - - data2 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(31-i))) - data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data2 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data3 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(15-i))) - data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data3 |= (1<<((15-i)*2)); // 0 -> 01 - } - } - - LED_D_ON(); - // Program the data blocks for supplied ID - // and the block 0 for HID format - T55xxWriteBlock(data1,1,0,0); - T55xxWriteBlock(data2,2,0,0); - T55xxWriteBlock(data3,3,0,0); - - if (longFMT) { // if long format there are 6 blocks - T55xxWriteBlock(data4,4,0,0); - T55xxWriteBlock(data5,5,0,0); - T55xxWriteBlock(data6,6,0,0); - } - - // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long) - T55xxWriteBlock(T55x7_BITRATE_RF_50 | - T55x7_MODULATION_FSK2a | - last_block << T55x7_MAXBLOCK_SHIFT, - 0,0,0); - - LED_D_OFF(); - - DbpString("DONE!"); + + // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long) + T55xxWriteBlock(T55x7_BITRATE_RF_50 | + T55x7_MODULATION_FSK2a | + last_block << T55x7_MAXBLOCK_SHIFT, + 0,0,0); + + LED_D_OFF(); + + DbpString("DONE!"); } void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) { - int data1=0, data2=0; //up to six blocks for long format - + int data1=0, data2=0; //up to six blocks for long format + data1 = hi; // load preamble data2 = lo; @@ -1217,11 +1217,11 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) // and the block 0 for HID format T55xxWriteBlock(data1,1,0,0); T55xxWriteBlock(data2,2,0,0); - + //Config Block T55xxWriteBlock(0x00147040,0,0,0); LED_D_OFF(); - + DbpString("DONE!"); } @@ -1231,151 +1231,151 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { - int i, id_bit; - uint64_t id = EM410X_HEADER; - uint64_t rev_id = 0; // reversed ID - int c_parity[4]; // column parity - int r_parity = 0; // row parity - uint32_t clock = 0; + int i, id_bit; + uint64_t id = EM410X_HEADER; + uint64_t rev_id = 0; // reversed ID + int c_parity[4]; // column parity + int r_parity = 0; // row parity + uint32_t clock = 0; - // Reverse ID bits given as parameter (for simpler operations) - for (i = 0; i < EM410X_ID_LENGTH; ++i) { - if (i < 32) { - rev_id = (rev_id << 1) | (id_lo & 1); - id_lo >>= 1; - } else { - rev_id = (rev_id << 1) | (id_hi & 1); - id_hi >>= 1; - } - } + // Reverse ID bits given as parameter (for simpler operations) + for (i = 0; i < EM410X_ID_LENGTH; ++i) { + if (i < 32) { + rev_id = (rev_id << 1) | (id_lo & 1); + id_lo >>= 1; + } else { + rev_id = (rev_id << 1) | (id_hi & 1); + id_hi >>= 1; + } + } - for (i = 0; i < EM410X_ID_LENGTH; ++i) { - id_bit = rev_id & 1; + for (i = 0; i < EM410X_ID_LENGTH; ++i) { + id_bit = rev_id & 1; - if (i % 4 == 0) { - // Don't write row parity bit at start of parsing - if (i) - id = (id << 1) | r_parity; - // Start counting parity for new row - r_parity = id_bit; - } else { - // Count row parity - r_parity ^= id_bit; - } + if (i % 4 == 0) { + // Don't write row parity bit at start of parsing + if (i) + id = (id << 1) | r_parity; + // Start counting parity for new row + r_parity = id_bit; + } else { + // Count row parity + r_parity ^= id_bit; + } - // First elements in column? - if (i < 4) - // Fill out first elements - c_parity[i] = id_bit; - else - // Count column parity - c_parity[i % 4] ^= id_bit; + // First elements in column? + if (i < 4) + // Fill out first elements + c_parity[i] = id_bit; + else + // Count column parity + c_parity[i % 4] ^= id_bit; - // Insert ID bit - id = (id << 1) | id_bit; - rev_id >>= 1; - } + // Insert ID bit + id = (id << 1) | id_bit; + rev_id >>= 1; + } - // Insert parity bit of last row - id = (id << 1) | r_parity; + // Insert parity bit of last row + id = (id << 1) | r_parity; - // Fill out column parity at the end of tag - for (i = 0; i < 4; ++i) - id = (id << 1) | c_parity[i]; + // Fill out column parity at the end of tag + for (i = 0; i < 4; ++i) + id = (id << 1) | c_parity[i]; - // Add stop bit - id <<= 1; + // Add stop bit + id <<= 1; - Dbprintf("Started writing %s tag ...", card ? "T55x7":"T5555"); - LED_D_ON(); + Dbprintf("Started writing %s tag ...", card ? "T55x7":"T5555"); + LED_D_ON(); - // Write EM410x ID - T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0); - T55xxWriteBlock((uint32_t)id, 2, 0, 0); + // Write EM410x ID + T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0); + T55xxWriteBlock((uint32_t)id, 2, 0, 0); - // Config for EM410x (RF/64, Manchester, Maxblock=2) - if (card) { - // Clock rate is stored in bits 8-15 of the card value - clock = (card & 0xFF00) >> 8; - Dbprintf("Clock rate: %d", clock); - switch (clock) - { - case 32: - clock = T55x7_BITRATE_RF_32; - break; - case 16: - clock = T55x7_BITRATE_RF_16; - break; - case 0: - // A value of 0 is assumed to be 64 for backwards-compatibility - // Fall through... - case 64: - clock = T55x7_BITRATE_RF_64; - break; - default: - Dbprintf("Invalid clock rate: %d", clock); - return; - } + // Config for EM410x (RF/64, Manchester, Maxblock=2) + if (card) { + // Clock rate is stored in bits 8-15 of the card value + clock = (card & 0xFF00) >> 8; + Dbprintf("Clock rate: %d", clock); + switch (clock) + { + case 32: + clock = T55x7_BITRATE_RF_32; + break; + case 16: + clock = T55x7_BITRATE_RF_16; + break; + case 0: + // A value of 0 is assumed to be 64 for backwards-compatibility + // Fall through... + case 64: + clock = T55x7_BITRATE_RF_64; + break; + default: + Dbprintf("Invalid clock rate: %d", clock); + return; + } - // Writing configuration for T55x7 tag - T55xxWriteBlock(clock | - T55x7_MODULATION_MANCHESTER | - 2 << T55x7_MAXBLOCK_SHIFT, - 0, 0, 0); - } - else - // Writing configuration for T5555(Q5) tag - T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT | - T5555_MODULATION_MANCHESTER | - 2 << T5555_MAXBLOCK_SHIFT, - 0, 0, 0); + // Writing configuration for T55x7 tag + T55xxWriteBlock(clock | + T55x7_MODULATION_MANCHESTER | + 2 << T55x7_MAXBLOCK_SHIFT, + 0, 0, 0); + } + else + // Writing configuration for T5555(Q5) tag + T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT | + T5555_MODULATION_MANCHESTER | + 2 << T5555_MAXBLOCK_SHIFT, + 0, 0, 0); - LED_D_OFF(); - Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555", - (uint32_t)(id >> 32), (uint32_t)id); + LED_D_OFF(); + Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555", + (uint32_t)(id >> 32), (uint32_t)id); } // Clone Indala 64-bit tag by UID to T55x7 void CopyIndala64toT55x7(int hi, int lo) { - //Program the 2 data blocks for supplied 64bit UID - // and the block 0 for Indala64 format - T55xxWriteBlock(hi,1,0,0); - T55xxWriteBlock(lo,2,0,0); - //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2) - T55xxWriteBlock(T55x7_BITRATE_RF_32 | - T55x7_MODULATION_PSK1 | - 2 << T55x7_MAXBLOCK_SHIFT, - 0, 0, 0); - //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data) -// T5567WriteBlock(0x603E1042,0); + //Program the 2 data blocks for supplied 64bit UID + // and the block 0 for Indala64 format + T55xxWriteBlock(hi,1,0,0); + T55xxWriteBlock(lo,2,0,0); + //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2) + T55xxWriteBlock(T55x7_BITRATE_RF_32 | + T55x7_MODULATION_PSK1 | + 2 << T55x7_MAXBLOCK_SHIFT, + 0, 0, 0); + //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data) + // T5567WriteBlock(0x603E1042,0); - DbpString("DONE!"); + DbpString("DONE!"); } void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7) { - //Program the 7 data blocks for supplied 224bit UID - // and the block 0 for Indala224 format - T55xxWriteBlock(uid1,1,0,0); - T55xxWriteBlock(uid2,2,0,0); - T55xxWriteBlock(uid3,3,0,0); - T55xxWriteBlock(uid4,4,0,0); - T55xxWriteBlock(uid5,5,0,0); - T55xxWriteBlock(uid6,6,0,0); - T55xxWriteBlock(uid7,7,0,0); - //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7) - T55xxWriteBlock(T55x7_BITRATE_RF_32 | - T55x7_MODULATION_PSK1 | - 7 << T55x7_MAXBLOCK_SHIFT, - 0,0,0); - //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data) -// T5567WriteBlock(0x603E10E2,0); + //Program the 7 data blocks for supplied 224bit UID + // and the block 0 for Indala224 format + T55xxWriteBlock(uid1,1,0,0); + T55xxWriteBlock(uid2,2,0,0); + T55xxWriteBlock(uid3,3,0,0); + T55xxWriteBlock(uid4,4,0,0); + T55xxWriteBlock(uid5,5,0,0); + T55xxWriteBlock(uid6,6,0,0); + T55xxWriteBlock(uid7,7,0,0); + //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7) + T55xxWriteBlock(T55x7_BITRATE_RF_32 | + T55x7_MODULATION_PSK1 | + 7 << T55x7_MAXBLOCK_SHIFT, + 0,0,0); + //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data) + // T5567WriteBlock(0x603E10E2,0); - DbpString("DONE!"); + DbpString("DONE!"); } @@ -1384,261 +1384,261 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int #define max(x,y) ( x GraphBuffer[0]) { - while(i < GraphTraceLen) { - if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax) - break; - i++; + uint8_t BitStream[256]; + uint8_t Blocks[8][16]; + uint8_t *GraphBuffer = (uint8_t *)BigBuf; + int GraphTraceLen = sizeof(BigBuf); + int i, j, lastval, bitidx, half_switch; + int clock = 64; + int tolerance = clock / 8; + int pmc, block_done; + int lc, warnings = 0; + int num_blocks = 0; + int lmin=128, lmax=128; + uint8_t dir; + + AcquireRawAdcSamples125k(0); + + lmin = 64; + lmax = 192; + + i = 2; + + /* Find first local max/min */ + if(GraphBuffer[1] > GraphBuffer[0]) { + while(i < GraphTraceLen) { + if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax) + break; + i++; + } + dir = 0; } - dir = 0; - } - else { - while(i < GraphTraceLen) { - if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin) - break; - i++; + else { + while(i < GraphTraceLen) { + if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin) + break; + i++; + } + dir = 1; } - dir = 1; - } - - lastval = i++; - half_switch = 0; - pmc = 0; - block_done = 0; - - for (bitidx = 0; i < GraphTraceLen; i++) - { - if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin)) - { - lc = i - lastval; - lastval = i; - - // Switch depending on lc length: - // Tolerance is 1/8 of clock rate (arbitrary) - if (abs(lc-clock/4) < tolerance) { - // 16T0 - if((i - pmc) == lc) { /* 16T0 was previous one */ - /* It's a PMC ! */ - i += (128+127+16+32+33+16)-1; - lastval = i; - pmc = 0; - block_done = 1; - } - else { - pmc = i; - } - } else if (abs(lc-clock/2) < tolerance) { - // 32TO - if((i - pmc) == lc) { /* 16T0 was previous one */ - /* It's a PMC ! */ - i += (128+127+16+32+33)-1; - lastval = i; - pmc = 0; - block_done = 1; - } - else if(half_switch == 1) { - BitStream[bitidx++] = 0; - half_switch = 0; - } - else - half_switch++; - } else if (abs(lc-clock) < tolerance) { - // 64TO - BitStream[bitidx++] = 1; - } else { - // Error - warnings++; - if (warnings > 10) - { - Dbprintf("Error: too many detection errors, aborting."); - return 0; - } - } - - if(block_done == 1) { - if(bitidx == 128) { - for(j=0; j<16; j++) { - Blocks[num_blocks][j] = 128*BitStream[j*8+7]+ - 64*BitStream[j*8+6]+ - 32*BitStream[j*8+5]+ - 16*BitStream[j*8+4]+ - 8*BitStream[j*8+3]+ - 4*BitStream[j*8+2]+ - 2*BitStream[j*8+1]+ - BitStream[j*8]; - } - num_blocks++; - } - bitidx = 0; - block_done = 0; - half_switch = 0; - } - if(i < GraphTraceLen) - { - if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; - else dir = 1; - } - } - if(bitidx==255) - bitidx=0; - warnings = 0; - if(num_blocks == 4) break; - } - memcpy(outBlocks, Blocks, 16*num_blocks); - return num_blocks; + + lastval = i++; + half_switch = 0; + pmc = 0; + block_done = 0; + + for (bitidx = 0; i < GraphTraceLen; i++) + { + if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin)) + { + lc = i - lastval; + lastval = i; + + // Switch depending on lc length: + // Tolerance is 1/8 of clock rate (arbitrary) + if (abs(lc-clock/4) < tolerance) { + // 16T0 + if((i - pmc) == lc) { /* 16T0 was previous one */ + /* It's a PMC ! */ + i += (128+127+16+32+33+16)-1; + lastval = i; + pmc = 0; + block_done = 1; + } + else { + pmc = i; + } + } else if (abs(lc-clock/2) < tolerance) { + // 32TO + if((i - pmc) == lc) { /* 16T0 was previous one */ + /* It's a PMC ! */ + i += (128+127+16+32+33)-1; + lastval = i; + pmc = 0; + block_done = 1; + } + else if(half_switch == 1) { + BitStream[bitidx++] = 0; + half_switch = 0; + } + else + half_switch++; + } else if (abs(lc-clock) < tolerance) { + // 64TO + BitStream[bitidx++] = 1; + } else { + // Error + warnings++; + if (warnings > 10) + { + Dbprintf("Error: too many detection errors, aborting."); + return 0; + } + } + + if(block_done == 1) { + if(bitidx == 128) { + for(j=0; j<16; j++) { + Blocks[num_blocks][j] = 128*BitStream[j*8+7]+ + 64*BitStream[j*8+6]+ + 32*BitStream[j*8+5]+ + 16*BitStream[j*8+4]+ + 8*BitStream[j*8+3]+ + 4*BitStream[j*8+2]+ + 2*BitStream[j*8+1]+ + BitStream[j*8]; + } + num_blocks++; + } + bitidx = 0; + block_done = 0; + half_switch = 0; + } + if(i < GraphTraceLen) + { + if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; + else dir = 1; + } + } + if(bitidx==255) + bitidx=0; + warnings = 0; + if(num_blocks == 4) break; + } + memcpy(outBlocks, Blocks, 16*num_blocks); + return num_blocks; } int IsBlock0PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled - return 1; - if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ? - return 1; - return 0; + // Assume RFU means 0 :) + if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled + return 1; + if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ? + return 1; + return 0; } int IsBlock1PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0) - if((Block[14] & 0x7f) <= 9 && Block[15] <= 9) - return 1; - - return 0; + // Assume RFU means 0 :) + if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0) + if((Block[14] & 0x7f) <= 9 && Block[15] <= 9) + return 1; + + return 0; } #define ALLOC 16 void ReadPCF7931() { - uint8_t Blocks[8][17]; - uint8_t tmpBlocks[4][16]; - int i, j, ind, ind2, n; - int num_blocks = 0; - int max_blocks = 8; - int ident = 0; - int error = 0; - int tries = 0; - - memset(Blocks, 0, 8*17*sizeof(uint8_t)); - - do { - memset(tmpBlocks, 0, 4*16*sizeof(uint8_t)); - n = DemodPCF7931((uint8_t**)tmpBlocks); - if(!n) - error++; - if(error==10 && num_blocks == 0) { - Dbprintf("Error, no tag or bad tag"); - return; - } - else if (tries==20 || error==10) { - Dbprintf("Error reading the tag"); - Dbprintf("Here is the partial content"); - goto end; - } - - for(i=0; i= 0; ind--,ind2--) { - if(ind2 < 0) - ind2 = max_blocks; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } - for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) { - if(ind2 > max_blocks) - ind2 = 0; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } - } - } + else if (tries==20 || error==10) { + Dbprintf("Error reading the tag"); + Dbprintf("Here is the partial content"); + goto end; } - } - } - tries++; - if (BUTTON_PRESS()) return; - } while (num_blocks != max_blocks); + + for(i=0; i= 0; ind--,ind2--) { + if(ind2 < 0) + ind2 = max_blocks; + if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found + // Dbprintf("Tmp %d -> Block %d", ind, ind2); + memcpy(Blocks[ind2], tmpBlocks[ind], 16); + Blocks[ind2][ALLOC] = 1; + num_blocks++; + if(num_blocks == max_blocks) goto end; + } + } + for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) { + if(ind2 > max_blocks) + ind2 = 0; + if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found + // Dbprintf("Tmp %d -> Block %d", ind, ind2); + memcpy(Blocks[ind2], tmpBlocks[ind], 16); + Blocks[ind2][ALLOC] = 1; + num_blocks++; + if(num_blocks == max_blocks) goto end; + } + } + } + } + } + } + } + tries++; + if (BUTTON_PRESS()) return; + } while (num_blocks != max_blocks); end: - Dbprintf("-----------------------------------------"); - Dbprintf("Memory content:"); - Dbprintf("-----------------------------------------"); - for(i=0; i", i); - } - Dbprintf("-----------------------------------------"); - - return ; + Dbprintf("-----------------------------------------"); + Dbprintf("Memory content:"); + Dbprintf("-----------------------------------------"); + for(i=0; i", i); + } + Dbprintf("-----------------------------------------"); + + return ; } @@ -1662,20 +1662,20 @@ uint8_t * fwd_write_ptr; //forwardlink bit pointer //==================================================================== //-------------------------------------------------------------------- uint8_t Prepare_Cmd( uint8_t cmd ) { - //-------------------------------------------------------------------- - - *forward_ptr++ = 0; //start bit - *forward_ptr++ = 0; //second pause for 4050 code - - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - - return 6; //return number of emited bits + //-------------------------------------------------------------------- + + *forward_ptr++ = 0; //start bit + *forward_ptr++ = 0; //second pause for 4050 code + + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + + return 6; //return number of emited bits } //==================================================================== @@ -1685,21 +1685,21 @@ uint8_t Prepare_Cmd( uint8_t cmd ) { //-------------------------------------------------------------------- uint8_t Prepare_Addr( uint8_t addr ) { - //-------------------------------------------------------------------- - - register uint8_t line_parity; - - uint8_t i; - line_parity = 0; - for(i=0;i<6;i++) { - *forward_ptr++ = addr; - line_parity ^= addr; - addr >>= 1; - } - - *forward_ptr++ = (line_parity & 1); - - return 7; //return number of emited bits + //-------------------------------------------------------------------- + + register uint8_t line_parity; + + uint8_t i; + line_parity = 0; + for(i=0;i<6;i++) { + *forward_ptr++ = addr; + line_parity ^= addr; + addr >>= 1; + } + + *forward_ptr++ = (line_parity & 1); + + return 7; //return number of emited bits } //==================================================================== @@ -1709,36 +1709,36 @@ uint8_t Prepare_Addr( uint8_t addr ) { //-------------------------------------------------------------------- uint8_t Prepare_Data( uint16_t data_low, uint16_t data_hi) { - //-------------------------------------------------------------------- - - register uint8_t line_parity; - register uint8_t column_parity; - register uint8_t i, j; - register uint16_t data; - - data = data_low; - column_parity = 0; - - for(i=0; i<4; i++) { - line_parity = 0; - for(j=0; j<8; j++) { - line_parity ^= data; - column_parity ^= (data & 1) << j; - *forward_ptr++ = data; - data >>= 1; + //-------------------------------------------------------------------- + + register uint8_t line_parity; + register uint8_t column_parity; + register uint8_t i, j; + register uint16_t data; + + data = data_low; + column_parity = 0; + + for(i=0; i<4; i++) { + line_parity = 0; + for(j=0; j<8; j++) { + line_parity ^= data; + column_parity ^= (data & 1) << j; + *forward_ptr++ = data; + data >>= 1; + } + *forward_ptr++ = line_parity; + if(i == 1) + data = data_hi; } - *forward_ptr++ = line_parity; - if(i == 1) - data = data_hi; - } - - for(j=0; j<8; j++) { - *forward_ptr++ = column_parity; - column_parity >>= 1; - } - *forward_ptr = 0; - - return 45; //return number of emited bits + + for(j=0; j<8; j++) { + *forward_ptr++ = column_parity; + column_parity >>= 1; + } + *forward_ptr = 0; + + return 45; //return number of emited bits } //==================================================================== @@ -1747,115 +1747,115 @@ uint8_t Prepare_Data( uint16_t data_low, uint16_t data_hi) { // fwd_bit_count set with number of bits to be sent //==================================================================== void SendForward(uint8_t fwd_bit_count) { - - fwd_write_ptr = forwardLink_data; - fwd_bit_sz = fwd_bit_count; - - LED_D_ON(); - - //Field on - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // force 1st mod pulse (start gap must be longer for 4305) - fwd_bit_sz--; //prepare next bit modulation - fwd_write_ptr++; - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - SpinDelayUs(55*8); //55 cycles off (8us each)for 4305 - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on - SpinDelayUs(16*8); //16 cycles on (8us each) - - // now start writting - while(fwd_bit_sz-- > 0) { //prepare next bit modulation - if(((*fwd_write_ptr++) & 1) == 1) - SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) - else { - //These timings work for 4469/4269/4305 (with the 55*8 above) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - SpinDelayUs(23*8); //16-4 cycles off (8us each) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on - SpinDelayUs(9*8); //16 cycles on (8us each) + + fwd_write_ptr = forwardLink_data; + fwd_bit_sz = fwd_bit_count; + + LED_D_ON(); + + //Field on + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // force 1st mod pulse (start gap must be longer for 4305) + fwd_bit_sz--; //prepare next bit modulation + fwd_write_ptr++; + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + SpinDelayUs(55*8); //55 cycles off (8us each)for 4305 + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on + SpinDelayUs(16*8); //16 cycles on (8us each) + + // now start writting + while(fwd_bit_sz-- > 0) { //prepare next bit modulation + if(((*fwd_write_ptr++) & 1) == 1) + SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) + else { + //These timings work for 4469/4269/4305 (with the 55*8 above) + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + SpinDelayUs(23*8); //16-4 cycles off (8us each) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on + SpinDelayUs(9*8); //16 cycles on (8us each) + } } - } } void EM4xLogin(uint32_t Password) { - - uint8_t fwd_bit_count; - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_LOGIN ); - fwd_bit_count += Prepare_Data( Password&0xFFFF, Password>>16 ); - - SendForward(fwd_bit_count); - - //Wait for command to complete - SpinDelay(20); - + + uint8_t fwd_bit_count; + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_LOGIN ); + fwd_bit_count += Prepare_Data( Password&0xFFFF, Password>>16 ); + + SendForward(fwd_bit_count); + + //Wait for command to complete + SpinDelay(20); + } void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { - - uint8_t fwd_bit_count; - uint8_t *dest = (uint8_t *)BigBuf; - int m=0, i=0; - - //If password mode do login - if (PwdMode == 1) EM4xLogin(Pwd); - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); - fwd_bit_count += Prepare_Addr( Address ); - - m = sizeof(BigBuf); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - SendForward(fwd_bit_count); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; + + uint8_t fwd_bit_count; + uint8_t *dest = (uint8_t *)BigBuf; + int m=0, i=0; + + //If password mode do login + if (PwdMode == 1) EM4xLogin(Pwd); + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); + fwd_bit_count += Prepare_Addr( Address ); + + m = sizeof(BigBuf); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + SendForward(fwd_bit_count); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + i++; + if (i >= m) break; + } } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); } void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { - - uint8_t fwd_bit_count; - - //If password mode do login - if (PwdMode == 1) EM4xLogin(Pwd); - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_WRITE ); - fwd_bit_count += Prepare_Addr( Address ); - fwd_bit_count += Prepare_Data( Data&0xFFFF, Data>>16 ); - - SendForward(fwd_bit_count); - - //Wait for write to complete - SpinDelay(20); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); + + uint8_t fwd_bit_count; + + //If password mode do login + if (PwdMode == 1) EM4xLogin(Pwd); + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_WRITE ); + fwd_bit_count += Prepare_Addr( Address ); + fwd_bit_count += Prepare_Data( Data&0xFFFF, Data>>16 ); + + SendForward(fwd_bit_count); + + //Wait for write to complete + SpinDelay(20); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); } From 854b9a233fee4ca8338d7938ef1633b9ee9075d5 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jan 2015 14:29:07 +0100 Subject: [PATCH 03/11] Removed unused variable --- armsrc/lfops.c | 1 - 1 file changed, 1 deletion(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 847e4525..ab196325 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -780,7 +780,6 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) { uint8_t *dest = (uint8_t *)BigBuf; - size_t size=0; int idx=0; uint32_t code=0, code2=0; uint8_t version=0; From 3400a4358db11337382065c26e58539d28ade5ef Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jan 2015 14:29:22 +0100 Subject: [PATCH 04/11] Fixed indentation --- common/lfdemod.c | 1170 +++++++++++++++++++++++----------------------- 1 file changed, 585 insertions(+), 585 deletions(-) diff --git a/common/lfdemod.c b/common/lfdemod.c index a03e7f02..f88db18b 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -16,66 +16,66 @@ //takes 1s and 0s and searches for EM410x format - output EM ID uint64_t Em410xDecode(uint8_t *BitStream,uint32_t BitLen) { - //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future - // otherwise could be a void with no arguments - //set defaults - int high=0, low=128; - uint64_t lo=0; //hi=0, + //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future + // otherwise could be a void with no arguments + //set defaults + int high=0, low=128; + uint64_t lo=0; //hi=0, - uint32_t i = 0; - uint32_t initLoopMax = 65; - if (initLoopMax>BitLen) initLoopMax=BitLen; + uint32_t i = 0; + uint32_t initLoopMax = 65; + if (initLoopMax>BitLen) initLoopMax=BitLen; - for (;i < initLoopMax; ++i) //65 samples should be plenty to find high and low values - { - if (BitStream[i] > high) - high = BitStream[i]; - else if (BitStream[i] < low) - low = BitStream[i]; - } - if (((high !=1)||(low !=0))){ //allow only 1s and 0s - // PrintAndLog("no data found"); - return 0; - } - uint8_t parityTest=0; - // 111111111 bit pattern represent start of frame - uint8_t frame_marker_mask[] = {1,1,1,1,1,1,1,1,1}; - uint32_t idx = 0; - uint32_t ii=0; - uint8_t resetCnt = 0; - while( (idx + 64) < BitLen) { - restart: - // search for a start of frame marker - if ( memcmp(BitStream+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) - { // frame marker found - idx+=9;//sizeof(frame_marker_mask); - for (i=0; i<10;i++){ - for(ii=0; ii<5; ++ii){ - parityTest += BitStream[(i*5)+ii+idx]; - } - if (parityTest== ((parityTest>>1)<<1)){ - parityTest=0; - for (ii=0; ii<4;++ii){ - //hi = (hi<<1)|(lo>>31); - lo=(lo<<1LL)|(BitStream[(i*5)+ii+idx]); - } - //PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo); - }else {//parity failed - //PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]); - parityTest=0; - idx-=8; - if (resetCnt>5)return 0; - resetCnt++; - goto restart;//continue; - } - } - //skip last 5 bit parity test for simplicity. - return lo; - }else{ - idx++; + for (;i < initLoopMax; ++i) //65 samples should be plenty to find high and low values + { + if (BitStream[i] > high) + high = BitStream[i]; + else if (BitStream[i] < low) + low = BitStream[i]; } - } - return 0; + if (((high !=1)||(low !=0))){ //allow only 1s and 0s + // PrintAndLog("no data found"); + return 0; + } + uint8_t parityTest=0; + // 111111111 bit pattern represent start of frame + uint8_t frame_marker_mask[] = {1,1,1,1,1,1,1,1,1}; + uint32_t idx = 0; + uint32_t ii=0; + uint8_t resetCnt = 0; + while( (idx + 64) < BitLen) { +restart: + // search for a start of frame marker + if ( memcmp(BitStream+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) + { // frame marker found + idx+=9;//sizeof(frame_marker_mask); + for (i=0; i<10;i++){ + for(ii=0; ii<5; ++ii){ + parityTest += BitStream[(i*5)+ii+idx]; + } + if (parityTest== ((parityTest>>1)<<1)){ + parityTest=0; + for (ii=0; ii<4;++ii){ + //hi = (hi<<1)|(lo>>31); + lo=(lo<<1LL)|(BitStream[(i*5)+ii+idx]); + } + //PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo); + }else {//parity failed + //PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]); + parityTest=0; + idx-=8; + if (resetCnt>5)return 0; + resetCnt++; + goto restart;//continue; + } + } + //skip last 5 bit parity test for simplicity. + return lo; + }else{ + idx++; + } + } + return 0; } //by marshmellow @@ -84,125 +84,125 @@ uint64_t Em410xDecode(uint8_t *BitStream,uint32_t BitLen) //prints binary found and saves in graphbuffer for further commands int askmandemod(uint8_t * BinStream,uint32_t *BitLen,int *clk, int *invert) { - int i; - int high = 0, low = 128; - *clk=DetectASKClock(BinStream,(size_t)*BitLen,*clk); //clock default + int i; + int high = 0, low = 128; + *clk=DetectASKClock(BinStream,(size_t)*BitLen,*clk); //clock default - if (*clk<8) *clk =64; - if (*clk<32) *clk=32; - if (*invert != 0 && *invert != 1) *invert=0; - uint32_t initLoopMax = 200; - if (initLoopMax>*BitLen) initLoopMax=*BitLen; - // Detect high and lows - for (i = 0; i < initLoopMax; ++i) //200 samples should be enough to find high and low values - { - if (BinStream[i] > high) - high = BinStream[i]; - else if (BinStream[i] < low) - low = BinStream[i]; - } - if ((high < 158) ){ //throw away static - //PrintAndLog("no data found"); - return -2; - } - //25% fuzz in case highs and lows aren't clipped [marshmellow] - high=(int)((high-128)*.75)+128; - low= (int)((low-128)*.75)+128; - - //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); - int lastBit = 0; //set first clock check - uint32_t bitnum = 0; //output counter - int tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave - if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely - int iii = 0; - uint32_t gLen = *BitLen; - if (gLen > 3000) gLen=3000; - uint8_t errCnt =0; - uint32_t bestStart = *BitLen; - uint32_t bestErrCnt = (*BitLen/1000); - uint32_t maxErr = (*BitLen/1000); - //PrintAndLog("DEBUG - lastbit - %d",lastBit); - //loop to find first wave that works - for (iii=0; iii < gLen; ++iii){ - if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){ - lastBit=iii-*clk; - errCnt=0; - //loop through to see if this start location works - for (i = iii; i < *BitLen; ++i) { - if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){ - lastBit+=*clk; - } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ - //low found and we are expecting a bar - lastBit+=*clk; - } else { - //mid value found or no bar supposed to be here - if ((i-lastBit)>(*clk+tol)){ - //should have hit a high or low based on clock!! - - //debug - //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); - - errCnt++; - lastBit+=*clk;//skip over until hit too many errors - if (errCnt>(maxErr)) break; //allow 1 error for every 1000 samples else start over - } - } - if ((i-iii) >(400 * *clk)) break; //got plenty of bits - } - //we got more than 64 good bits and not all errors - if ((((i-iii)/ *clk) > (64+errCnt)) && (errCnt*BitLen) initLoopMax=*BitLen; + // Detect high and lows + for (i = 0; i < initLoopMax; ++i) //200 samples should be enough to find high and low values + { + if (BinStream[i] > high) + high = BinStream[i]; + else if (BinStream[i] < low) + low = BinStream[i]; } - } - if (bestErrCnt= high) && ((i-lastBit)>(*clk-tol))){ - lastBit+=*clk; - BinStream[bitnum] = *invert; - bitnum++; - } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ - //low found and we are expecting a bar - lastBit+=*clk; - BinStream[bitnum] = 1-*invert; - bitnum++; - } else { - //mid value found or no bar supposed to be here - if ((i-lastBit)>(*clk+tol)){ - //should have hit a high or low based on clock!! - - //debug - //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); - if (bitnum > 0){ - BinStream[bitnum]=77; - bitnum++; - } - - lastBit+=*clk;//skip over error - } - } - if (bitnum >=400) break; + if ((high < 158) ){ //throw away static + //PrintAndLog("no data found"); + return -2; } - *BitLen=bitnum; - } else{ - *invert=bestStart; - *clk=iii; - return -1; - } - return bestErrCnt; + //25% fuzz in case highs and lows aren't clipped [marshmellow] + high=(int)((high-128)*.75)+128; + low= (int)((low-128)*.75)+128; + + //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); + int lastBit = 0; //set first clock check + uint32_t bitnum = 0; //output counter + int tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave + if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely + int iii = 0; + uint32_t gLen = *BitLen; + if (gLen > 3000) gLen=3000; + uint8_t errCnt =0; + uint32_t bestStart = *BitLen; + uint32_t bestErrCnt = (*BitLen/1000); + uint32_t maxErr = (*BitLen/1000); + //PrintAndLog("DEBUG - lastbit - %d",lastBit); + //loop to find first wave that works + for (iii=0; iii < gLen; ++iii){ + if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){ + lastBit=iii-*clk; + errCnt=0; + //loop through to see if this start location works + for (i = iii; i < *BitLen; ++i) { + if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){ + lastBit+=*clk; + } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ + //low found and we are expecting a bar + lastBit+=*clk; + } else { + //mid value found or no bar supposed to be here + if ((i-lastBit)>(*clk+tol)){ + //should have hit a high or low based on clock!! + + //debug + //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); + + errCnt++; + lastBit+=*clk;//skip over until hit too many errors + if (errCnt>(maxErr)) break; //allow 1 error for every 1000 samples else start over + } + } + if ((i-iii) >(400 * *clk)) break; //got plenty of bits + } + //we got more than 64 good bits and not all errors + if ((((i-iii)/ *clk) > (64+errCnt)) && (errCnt= high) && ((i-lastBit)>(*clk-tol))){ + lastBit+=*clk; + BinStream[bitnum] = *invert; + bitnum++; + } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ + //low found and we are expecting a bar + lastBit+=*clk; + BinStream[bitnum] = 1-*invert; + bitnum++; + } else { + //mid value found or no bar supposed to be here + if ((i-lastBit)>(*clk+tol)){ + //should have hit a high or low based on clock!! + + //debug + //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); + if (bitnum > 0){ + BinStream[bitnum]=77; + bitnum++; + } + + lastBit+=*clk;//skip over error + } + } + if (bitnum >=400) break; + } + *BitLen=bitnum; + } else{ + *invert=bestStart; + *clk=iii; + return -1; + } + return bestErrCnt; } //by marshmellow @@ -210,46 +210,46 @@ int askmandemod(uint8_t * BinStream,uint32_t *BitLen,int *clk, int *invert) //run through 2 times and take least errCnt int manrawdecode(uint8_t * BitStream, int *bitLen) { - int bitnum=0; - int errCnt =0; - int i=1; - int bestErr = 1000; - int bestRun = 0; - int ii=1; - for (ii=1;ii<3;++ii){ - i=1; - for (i=i+ii;i<*bitLen-2;i+=2){ - if(BitStream[i]==1 && (BitStream[i+1]==0)){ - } else if((BitStream[i]==0)&& BitStream[i+1]==1){ - } else { - errCnt++; - } - if(bitnum>300) break; - } - if (bestErr>errCnt){ - bestErr=errCnt; - bestRun=ii; - } - errCnt=0; - } - errCnt=bestErr; - if (errCnt<20){ - ii=bestRun; - i=1; - for (i=i+ii;i<*bitLen-2;i+=2){ - if(BitStream[i]==1 && (BitStream[i+1]==0)){ - BitStream[bitnum++]=0; - } else if((BitStream[i]==0)&& BitStream[i+1]==1){ - BitStream[bitnum++]=1; - } else { - BitStream[bitnum++]=77; - //errCnt++; - } - if(bitnum>300) break; - } - *bitLen=bitnum; - } - return errCnt; + int bitnum=0; + int errCnt =0; + int i=1; + int bestErr = 1000; + int bestRun = 0; + int ii=1; + for (ii=1;ii<3;++ii){ + i=1; + for (i=i+ii;i<*bitLen-2;i+=2){ + if(BitStream[i]==1 && (BitStream[i+1]==0)){ + } else if((BitStream[i]==0)&& BitStream[i+1]==1){ + } else { + errCnt++; + } + if(bitnum>300) break; + } + if (bestErr>errCnt){ + bestErr=errCnt; + bestRun=ii; + } + errCnt=0; + } + errCnt=bestErr; + if (errCnt<20){ + ii=bestRun; + i=1; + for (i=i+ii;i<*bitLen-2;i+=2){ + if(BitStream[i]==1 && (BitStream[i+1]==0)){ + BitStream[bitnum++]=0; + } else if((BitStream[i]==0)&& BitStream[i+1]==1){ + BitStream[bitnum++]=1; + } else { + BitStream[bitnum++]=77; + //errCnt++; + } + if(bitnum>300) break; + } + *bitLen=bitnum; + } + return errCnt; } @@ -257,23 +257,23 @@ int manrawdecode(uint8_t * BitStream, int *bitLen) //take 01 or 10 = 0 and 11 or 00 = 1 int BiphaseRawDecode(uint8_t * BitStream, int *bitLen, int offset) { - uint8_t bitnum=0; - uint32_t errCnt =0; - uint32_t i=1; - i=offset; - for (;i<*bitLen-2;i+=2){ - if((BitStream[i]==1 && BitStream[i+1]==0)||(BitStream[i]==0 && BitStream[i+1]==1)){ - BitStream[bitnum++]=1; - } else if((BitStream[i]==0 && BitStream[i+1]==0)||(BitStream[i]==1 && BitStream[i+1]==1)){ - BitStream[bitnum++]=0; - } else { - BitStream[bitnum++]=77; - errCnt++; + uint8_t bitnum=0; + uint32_t errCnt =0; + uint32_t i=1; + i=offset; + for (;i<*bitLen-2;i+=2){ + if((BitStream[i]==1 && BitStream[i+1]==0)||(BitStream[i]==0 && BitStream[i+1]==1)){ + BitStream[bitnum++]=1; + } else if((BitStream[i]==0 && BitStream[i+1]==0)||(BitStream[i]==1 && BitStream[i+1]==1)){ + BitStream[bitnum++]=0; + } else { + BitStream[bitnum++]=77; + errCnt++; + } + if(bitnum>250) break; } - if(bitnum>250) break; - } - *bitLen=bitnum; - return errCnt; + *bitLen=bitnum; + return errCnt; } //by marshmellow @@ -282,352 +282,352 @@ int BiphaseRawDecode(uint8_t * BitStream, int *bitLen, int offset) //prints binary found and saves in graphbuffer for further commands int askrawdemod(uint8_t *BinStream, int *bitLen,int *clk, int *invert) { - uint32_t i; - // int invert=0; //invert default - int high = 0, low = 128; - *clk=DetectASKClock(BinStream,*bitLen,*clk); //clock default - uint8_t BitStream[502] = {0}; + uint32_t i; + // int invert=0; //invert default + int high = 0, low = 128; + *clk=DetectASKClock(BinStream,*bitLen,*clk); //clock default + uint8_t BitStream[502] = {0}; - if (*clk<8) *clk =64; - if (*clk<32) *clk=32; - if (*invert != 0 && *invert != 1) *invert =0; - uint32_t initLoopMax = 200; - if (initLoopMax>*bitLen) initLoopMax=*bitLen; - // Detect high and lows - for (i = 0; i < initLoopMax; ++i) //200 samples should be plenty to find high and low values - { - if (BinStream[i] > high) - high = BinStream[i]; - else if (BinStream[i] < low) - low = BinStream[i]; - } - if ((high < 158)){ //throw away static - // PrintAndLog("no data found"); - return -2; - } - //25% fuzz in case highs and lows aren't clipped [marshmellow] - high=(int)((high-128)*.75)+128; - low= (int)((low-128)*.75)+128; + if (*clk<8) *clk =64; + if (*clk<32) *clk=32; + if (*invert != 0 && *invert != 1) *invert =0; + uint32_t initLoopMax = 200; + if (initLoopMax>*bitLen) initLoopMax=*bitLen; + // Detect high and lows + for (i = 0; i < initLoopMax; ++i) //200 samples should be plenty to find high and low values + { + if (BinStream[i] > high) + high = BinStream[i]; + else if (BinStream[i] < low) + low = BinStream[i]; + } + if ((high < 158)){ //throw away static + // PrintAndLog("no data found"); + return -2; + } + //25% fuzz in case highs and lows aren't clipped [marshmellow] + high=(int)((high-128)*.75)+128; + low= (int)((low-128)*.75)+128; - //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); - int lastBit = 0; //set first clock check - uint32_t bitnum = 0; //output counter - uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave - if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely - uint32_t iii = 0; - uint32_t gLen = *bitLen; - if (gLen > 500) gLen=500; - uint8_t errCnt =0; - uint32_t bestStart = *bitLen; - uint32_t bestErrCnt = (*bitLen/1000); - uint8_t midBit=0; - //PrintAndLog("DEBUG - lastbit - %d",lastBit); - //loop to find first wave that works - for (iii=0; iii < gLen; ++iii){ - if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){ - lastBit=iii-*clk; - //loop through to see if this start location works - for (i = iii; i < *bitLen; ++i) { - if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){ - lastBit+=*clk; - BitStream[bitnum] = *invert; - bitnum++; - midBit=0; - } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ - //low found and we are expecting a bar - lastBit+=*clk; - BitStream[bitnum] = 1-*invert; - bitnum++; - midBit=0; - } else if ((BinStream[i]<=low) && (midBit==0) && ((i-lastBit)>((*clk/2)-tol))){ - //mid bar? - midBit=1; - BitStream[bitnum]= 1-*invert; - bitnum++; - } else if ((BinStream[i]>=high)&&(midBit==0) && ((i-lastBit)>((*clk/2)-tol))){ - //mid bar? - midBit=1; - BitStream[bitnum]= *invert; - bitnum++; - } else if ((i-lastBit)>((*clk/2)+tol)&&(midBit==0)){ - //no mid bar found - midBit=1; - BitStream[bitnum]= BitStream[bitnum-1]; - bitnum++; - } else { - //mid value found or no bar supposed to be here + //PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low); + int lastBit = 0; //set first clock check + uint32_t bitnum = 0; //output counter + uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave + if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely + uint32_t iii = 0; + uint32_t gLen = *bitLen; + if (gLen > 500) gLen=500; + uint8_t errCnt =0; + uint32_t bestStart = *bitLen; + uint32_t bestErrCnt = (*bitLen/1000); + uint8_t midBit=0; + //PrintAndLog("DEBUG - lastbit - %d",lastBit); + //loop to find first wave that works + for (iii=0; iii < gLen; ++iii){ + if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){ + lastBit=iii-*clk; + //loop through to see if this start location works + for (i = iii; i < *bitLen; ++i) { + if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){ + lastBit+=*clk; + BitStream[bitnum] = *invert; + bitnum++; + midBit=0; + } else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){ + //low found and we are expecting a bar + lastBit+=*clk; + BitStream[bitnum] = 1-*invert; + bitnum++; + midBit=0; + } else if ((BinStream[i]<=low) && (midBit==0) && ((i-lastBit)>((*clk/2)-tol))){ + //mid bar? + midBit=1; + BitStream[bitnum]= 1-*invert; + bitnum++; + } else if ((BinStream[i]>=high)&&(midBit==0) && ((i-lastBit)>((*clk/2)-tol))){ + //mid bar? + midBit=1; + BitStream[bitnum]= *invert; + bitnum++; + } else if ((i-lastBit)>((*clk/2)+tol)&&(midBit==0)){ + //no mid bar found + midBit=1; + BitStream[bitnum]= BitStream[bitnum-1]; + bitnum++; + } else { + //mid value found or no bar supposed to be here - if ((i-lastBit)>(*clk+tol)){ - //should have hit a high or low based on clock!! - //debug - //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); - if (bitnum > 0){ - BitStream[bitnum]=77; - bitnum++; + if ((i-lastBit)>(*clk+tol)){ + //should have hit a high or low based on clock!! + //debug + //PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit); + if (bitnum > 0){ + BitStream[bitnum]=77; + bitnum++; + } + + + errCnt++; + lastBit+=*clk;//skip over until hit too many errors + if (errCnt>((*bitLen/1000))){ //allow 1 error for every 1000 samples else start over + errCnt=0; + bitnum=0;//start over + break; + } + } + } + if (bitnum>500) break; } - - - errCnt++; - lastBit+=*clk;//skip over until hit too many errors - if (errCnt>((*bitLen/1000))){ //allow 1 error for every 1000 samples else start over - errCnt=0; - bitnum=0;//start over - break; + //we got more than 64 good bits and not all errors + if ((bitnum > (64+errCnt)) && (errCnt<(*bitLen/1000))) { + //possible good read + if (errCnt==0) break; //great read - finish + if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish + if (errCnt500) break; - } - //we got more than 64 good bits and not all errors - if ((bitnum > (64+errCnt)) && (errCnt<(*bitLen/1000))) { - //possible good read - if (errCnt==0) break; //great read - finish - if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish - if (errCnt=gLen){ //exhausted test + //if there was a ok test go back to that one and re-run the best run (then dump after that run) + if (bestErrCnt < (*bitLen/1000)) iii=bestStart; } - } } - if (iii>=gLen){ //exhausted test - //if there was a ok test go back to that one and re-run the best run (then dump after that run) - if (bestErrCnt < (*bitLen/1000)) iii=bestStart; - } - } - if (bitnum>16){ - - // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum); - //move BitStream back to BinStream - // ClearGraph(0); - for (i=0; i < bitnum; ++i){ - BinStream[i]=BitStream[i]; - } - *bitLen=bitnum; - // RepaintGraphWindow(); - //output - // if (errCnt>0){ - // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); - // } - // PrintAndLog("ASK decoded bitstream:"); - // Now output the bitstream to the scrollback by line of 16 bits - // printBitStream2(BitStream,bitnum); - //int errCnt=0; - //errCnt=manrawdemod(BitStream,bitnum); + if (bitnum>16){ - // Em410xDecode(Cmd); - } else return -1; - return errCnt; + // PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum); + //move BitStream back to BinStream + // ClearGraph(0); + for (i=0; i < bitnum; ++i){ + BinStream[i]=BitStream[i]; + } + *bitLen=bitnum; + // RepaintGraphWindow(); + //output + // if (errCnt>0){ + // PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); + // } + // PrintAndLog("ASK decoded bitstream:"); + // Now output the bitstream to the scrollback by line of 16 bits + // printBitStream2(BitStream,bitnum); + //int errCnt=0; + //errCnt=manrawdemod(BitStream,bitnum); + + // Em410xDecode(Cmd); + } else return -1; + return errCnt; } //translate wave to 11111100000 (1 for each short wave 0 for each long wave) size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow) { - uint32_t last_transition = 0; - uint32_t idx = 1; - uint32_t maxVal=0; - if (fchigh==0) fchigh=10; - if (fclow==0) fclow=8; - // we do care about the actual theshold value as sometimes near the center of the - // wave we may get static that changes direction of wave for one value - // if our value is too low it might affect the read. and if our tag or - // antenna is weak a setting too high might not see anything. [marshmellow] - if (size<100) return 0; - for(idx=1; idx<100; idx++){ - if(maxVal1 transition - if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition - if ((idx-last_transition)<(fclow-2)){ //0-5 = garbage noise - //do nothing with extra garbage - } else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves - dest[numBits]=1; - } else { //9+ = 10 waves - dest[numBits]=0; - } - last_transition = idx; - numBits++; - } - } - return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0 + size_t numBits = 0; + // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8) + // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere + // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10 + for(idx = 1; idx < size; idx++) { + // threshold current value + + if (dest[idx] < threshold_value) dest[idx] = 0; + else dest[idx] = 1; + + // Check for 0->1 transition + if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition + if ((idx-last_transition)<(fclow-2)){ //0-5 = garbage noise + //do nothing with extra garbage + } else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves + dest[numBits]=1; + } else { //9+ = 10 waves + dest[numBits]=0; + } + last_transition = idx; + numBits++; + } + } + return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0 } uint32_t myround2(float f) { - if (f >= 2000) return 2000;//something bad happened - return (uint32_t) (f + (float)0.5); + if (f >= 2000) return 2000;//something bad happened + return (uint32_t) (f + (float)0.5); } //translate 11111100000 to 10 size_t aggregate_bits(uint8_t *dest,size_t size, uint8_t rfLen, uint8_t maxConsequtiveBits, uint8_t invert,uint8_t fchigh,uint8_t fclow )// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value, { - uint8_t lastval=dest[0]; - uint32_t idx=0; - size_t numBits=0; - uint32_t n=1; + uint8_t lastval=dest[0]; + uint32_t idx=0; + size_t numBits=0; + uint32_t n=1; - for( idx=1; idx < size; idx++) { + for( idx=1; idx < size; idx++) { - if (dest[idx]==lastval) { - n++; - continue; - } - //if lastval was 1, we have a 1->0 crossing - if ( dest[idx-1]==1 ) { - n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow)); - //n=(n+1) / h2l_crossing_value; - } else {// 0->1 crossing - n=myround2((float)(n+1)/((float)(rfLen-2)/(float)fchigh)); //-2 for fudge factor - //n=(n+1) / l2h_crossing_value; - } - if (n == 0) n = 1; + if (dest[idx]==lastval) { + n++; + continue; + } + //if lastval was 1, we have a 1->0 crossing + if ( dest[idx-1]==1 ) { + n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow)); + //n=(n+1) / h2l_crossing_value; + } else {// 0->1 crossing + n=myround2((float)(n+1)/((float)(rfLen-2)/(float)fchigh)); //-2 for fudge factor + //n=(n+1) / l2h_crossing_value; + } + if (n == 0) n = 1; - if(n < maxConsequtiveBits) //Consecutive - { - if(invert==0){ //invert bits - memset(dest+numBits, dest[idx-1] , n); - }else{ - memset(dest+numBits, dest[idx-1]^1 , n); - } - numBits += n; - } - n=0; - lastval=dest[idx]; - }//end for - return numBits; + if(n < maxConsequtiveBits) //Consecutive + { + if(invert==0){ //invert bits + memset(dest+numBits, dest[idx-1] , n); + }else{ + memset(dest+numBits, dest[idx-1]^1 , n); + } + numBits += n; + } + n=0; + lastval=dest[idx]; + }//end for + return numBits; } //by marshmellow (from holiman's base) // full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod) int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow) { - // FSK demodulator - size = fsk_wave_demod(dest, size, fchigh, fclow); - size = aggregate_bits(dest, size,rfLen,192,invert,fchigh,fclow); - return size; + // FSK demodulator + size = fsk_wave_demod(dest, size, fchigh, fclow); + size = aggregate_bits(dest, size,rfLen,192,invert,fchigh,fclow); + return size; } // loop to get raw HID waveform then FSK demodulate the TAG ID from it int HIDdemodFSK(uint8_t *dest, size_t size, uint32_t *hi2, uint32_t *hi, uint32_t *lo) { - - size_t idx=0; //, found=0; //size=0, - // FSK demodulator - size = fskdemod(dest, size,50,0,10,8); - // final loop, go over previously decoded manchester data and decode into usable tag ID - // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 - uint8_t frame_marker_mask[] = {1,1,1,0,0,0}; - int numshifts = 0; - idx = 0; - //one scan - while( idx + sizeof(frame_marker_mask) < size) { - // search for a start of frame marker - if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) - { // frame marker found - idx+=sizeof(frame_marker_mask); - while(dest[idx] != dest[idx+1] && idx < size-2) - { - // Keep going until next frame marker (or error) - // Shift in a bit. Start by shifting high registers - *hi2 = (*hi2<<1)|(*hi>>31); - *hi = (*hi<<1)|(*lo>>31); - //Then, shift in a 0 or one into low - if (dest[idx] && !dest[idx+1]) // 1 0 - *lo=(*lo<<1)|0; - else // 0 1 - *lo=(*lo<<1)|1; - numshifts++; - idx += 2; - } - // Hopefully, we read a tag and hit upon the next frame marker - if(idx + sizeof(frame_marker_mask) < size) - { - if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) - { - //good return - return idx; - } - } - // reset - *hi2 = *hi = *lo = 0; - numshifts = 0; - }else { - idx++; - } - } - return -1; + size_t idx=0; //, found=0; //size=0, + // FSK demodulator + size = fskdemod(dest, size,50,0,10,8); + + // final loop, go over previously decoded manchester data and decode into usable tag ID + // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 + uint8_t frame_marker_mask[] = {1,1,1,0,0,0}; + int numshifts = 0; + idx = 0; + //one scan + while( idx + sizeof(frame_marker_mask) < size) { + // search for a start of frame marker + if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) + { // frame marker found + idx+=sizeof(frame_marker_mask); + while(dest[idx] != dest[idx+1] && idx < size-2) + { + // Keep going until next frame marker (or error) + // Shift in a bit. Start by shifting high registers + *hi2 = (*hi2<<1)|(*hi>>31); + *hi = (*hi<<1)|(*lo>>31); + //Then, shift in a 0 or one into low + if (dest[idx] && !dest[idx+1]) // 1 0 + *lo=(*lo<<1)|0; + else // 0 1 + *lo=(*lo<<1)|1; + numshifts++; + idx += 2; + } + // Hopefully, we read a tag and hit upon the next frame marker + if(idx + sizeof(frame_marker_mask) < size) + { + if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) + { + //good return + return idx; + } + } + // reset + *hi2 = *hi = *lo = 0; + numshifts = 0; + }else { + idx++; + } + } + return -1; } uint32_t bytebits_to_byte(uint8_t* src, int numbits) { - uint32_t num = 0; - for(int i = 0 ; i < numbits ; i++) - { - num = (num << 1) | (*src); - src++; - } - return num; + uint32_t num = 0; + for(int i = 0 ; i < numbits ; i++) + { + num = (num << 1) | (*src); + src++; + } + return num; } int IOdemodFSK(uint8_t *dest, size_t size) { - uint32_t idx=0; - //make sure buffer has data - if (size < 66) return -1; - //test samples are not just noise - uint8_t testMax=0; - for(idx=0;idx<65;idx++){ - if (testMax170){ - // FSK demodulator - size = fskdemod(dest, size,64,1,10,8); // RF/64 and invert - if (size < 65) return -1; //did we get a good demod? - //Index map - //0 10 20 30 40 50 60 - //| | | | | | | - //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 - //----------------------------------------------------------------------------- - //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 - // - //XSF(version)facility:codeone+codetwo - //Handle the data - uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1}; - for( idx=0; idx < (size - 65); idx++) { - if ( memcmp(dest + idx, mask, sizeof(mask))==0) { - //frame marker found - if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){ - //confirmed proper separator bits found - //return start position - return (int) idx; - } - } - } - } - return 0; + uint32_t idx=0; + //make sure buffer has data + if (size < 66) return -1; + //test samples are not just noise + uint8_t testMax=0; + for(idx=0;idx<65;idx++){ + if (testMax170){ + // FSK demodulator + size = fskdemod(dest, size,64,1,10,8); // RF/64 and invert + if (size < 65) return -1; //did we get a good demod? + //Index map + //0 10 20 30 40 50 60 + //| | | | | | | + //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 + //----------------------------------------------------------------------------- + //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 + // + //XSF(version)facility:codeone+codetwo + //Handle the data + uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1}; + for( idx=0; idx < (size - 65); idx++) { + if ( memcmp(dest + idx, mask, sizeof(mask))==0) { + //frame marker found + if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){ + //confirmed proper separator bits found + //return start position + return (int) idx; + } + } + } + } + return 0; } // by marshmellow @@ -635,67 +635,67 @@ int IOdemodFSK(uint8_t *dest, size_t size) // maybe somehow adjust peak trimming value based on samples to fix? int DetectASKClock(uint8_t dest[], size_t size, int clock) { - int i=0; - int peak=0; - int low=128; - int clk[]={16,32,40,50,64,100,128,256}; - int loopCnt = 256; //don't need to loop through entire array... - if (sizepeak){ - peak = dest[i]; - } - if(dest[i]=peak) || (dest[ii]<=low)){ - errCnt[clkCnt]=0; - // now that we have the first one lined up test rest of wave array - for (i=0; i<((int)(size/clk[clkCnt])-1); ++i){ - if (dest[ii+(i*clk[clkCnt])]>=peak || dest[ii+(i*clk[clkCnt])]<=low){ - }else if(dest[ii+(i*clk[clkCnt])-tol]>=peak || dest[ii+(i*clk[clkCnt])-tol]<=low){ - }else if(dest[ii+(i*clk[clkCnt])+tol]>=peak || dest[ii+(i*clk[clkCnt])+tol]<=low){ - }else{ //error no peak detected - errCnt[clkCnt]++; - } + //get high and low peak + for (i=0;ipeak){ + peak = dest[i]; + } + if(dest[i]=peak) || (dest[ii]<=low)){ + errCnt[clkCnt]=0; + // now that we have the first one lined up test rest of wave array + for (i=0; i<((int)(size/clk[clkCnt])-1); ++i){ + if (dest[ii+(i*clk[clkCnt])]>=peak || dest[ii+(i*clk[clkCnt])]<=low){ + }else if(dest[ii+(i*clk[clkCnt])-tol]>=peak || dest[ii+(i*clk[clkCnt])-tol]<=low){ + }else if(dest[ii+(i*clk[clkCnt])+tol]>=peak || dest[ii+(i*clk[clkCnt])+tol]<=low){ + }else{ //error no peak detected + errCnt[clkCnt]++; + } + } + //if we found no errors this is correct one - return this clock + if(errCnt[clkCnt]==0) return clk[clkCnt]; + //if we found errors see if it is lowest so far and save it as best run + if(errCnt[clkCnt] Date: Sat, 3 Jan 2015 14:36:38 +0100 Subject: [PATCH 05/11] Set lower threshold for lf iodemod, it had too high threshold for filtering out noise. Now it works better at least with my antenna/setup --- common/lfdemod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/lfdemod.c b/common/lfdemod.c index f88db18b..79c99f73 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -602,7 +602,7 @@ int IOdemodFSK(uint8_t *dest, size_t size) } idx=0; //if not just noise - if (testMax>170){ + if (testMax>20){ // FSK demodulator size = fskdemod(dest, size,64,1,10,8); // RF/64 and invert if (size < 65) return -1; //did we get a good demod? From 2e9d4b3ff492826eeaa7c5eefb905fcff3eb003c Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jan 2015 15:11:48 +0100 Subject: [PATCH 06/11] Some work on iclass, started on some better support in 'hf iclass list' and also fixes to 'hf iclass reader' so it exits better when the button is pressed --- armsrc/iclass.c | 3 +++ client/cmdhficlass.c | 40 +++++++++++++++++++++++++++++++--------- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 28bdb3bc..2b1230f5 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1551,6 +1551,9 @@ void ReaderIClass(uint8_t arg0) { break; } } + + cmd_send(CMD_ACK,0,0,0,card_data, 0); + LED_A_OFF(); } diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 583d518e..19ec57d2 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -42,6 +42,23 @@ int xorbits_8(uint8_t val) return res & 1; } +void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + + switch(cmd[0]) + { + case 0x0a: snprintf(exp,size,"WUP"); break; + case 0x0f: snprintf(exp,size,"SOF"); break; + case 0x0c: snprintf(exp,size,"Read config"); break; + case 0x81: snprintf(exp,size,"SELECT"); break; + case 0x88: snprintf(exp,size,"Read E-purse (CC)"); break; + case 0x05: snprintf(exp,size,"Reader challenge"); break; + case 0x00: snprintf(exp,size,"End"); break; + default: snprintf(exp,size,"?"); break; + } + return; +} + int CmdHFiClassList(const char *Cmd) { bool ShowWaitCycles = false; @@ -67,8 +84,8 @@ int CmdHFiClassList(const char *Cmd) PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); PrintAndLog("All times are in carrier periods (1/13.56Mhz)"); PrintAndLog(""); - PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC "); - PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------------"); + PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC | Explanation|"); + PrintAndLog("-----------|-----------|-----|-------------------------------------------------------------------------------------"); uint16_t tracepos = 0; uint16_t duration; @@ -78,7 +95,7 @@ int CmdHFiClassList(const char *Cmd) uint32_t timestamp; uint32_t first_timestamp; uint32_t EndOfTransmissionTimestamp; - + char explanation[20] = {0}; for (;;) { if(tracepos >= TRACE_SIZE) { @@ -135,7 +152,7 @@ int CmdHFiClassList(const char *Cmd) } - char *crc = ""; + char *crc = " "; if (data_len > 2) { uint8_t b1, b2; if(!isResponse && data_len == 4 ) { @@ -156,20 +173,21 @@ int CmdHFiClassList(const char *Cmd) } EndOfTransmissionTimestamp = timestamp + duration; - + explain(explanation,sizeof(explanation),frame,data_len); int num_lines = (data_len - 1)/16 + 1; for (int j = 0; j < num_lines; j++) { if (j == 0) { - PrintAndLog(" %9d | %9d | %s | %-64s| %s", + PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s", (timestamp - first_timestamp), (EndOfTransmissionTimestamp - first_timestamp), (isResponse ? "Tag" : "Rdr"), line[j], - (j == num_lines-1)?crc:""); + (j == num_lines-1)?crc:" ", + explanation); } else { PrintAndLog(" | | | %-64s| %s", line[j], - (j == num_lines-1)?crc:""); + (j == num_lines-1)?crc:" "); } } @@ -322,7 +340,11 @@ int CmdHFiClassReader(const char *Cmd) uint8_t * data = resp.d.asBytes; PrintAndLog("isOk:%02x", isOK); - + if( isOK == 0){ + //Aborted + PrintAndLog("Quitting..."); + return 0; + } if(isOK > 0) { PrintAndLog("CSN: %s",sprint_hex(data,8)); From c8dd9b092edd38d71c179c5691a6f22f20b0a016 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sun, 4 Jan 2015 14:53:26 +0100 Subject: [PATCH 07/11] Some work on iclass dump and iclass list, now the dumping is a lot more stable. I think the comms should be measured and tuned a bit more, right now it kind of works thanks to retry-functionality, but the retries are probably not needed if we are a bit more careful about timing, so we don't send commands too fast for the tag to handle --- armsrc/iclass.c | 298 ++++++++++++++++++++++--------------------- client/cmdhficlass.c | 37 ++++-- include/usb_cmd.h | 3 +- 3 files changed, 181 insertions(+), 157 deletions(-) diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 2b1230f5..cb5416a0 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1474,100 +1474,133 @@ void setupIclassReader() } +size_t sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, uint8_t expected_size, uint8_t retries) +{ + while(retries-- > 0) + { + ReaderTransmitIClass(command, cmdsize); + if(expected_size == ReaderReceiveIClass(resp)){ + return 0; + } + } + return 1;//Error +} + +/** + * @brief Talks to an iclass tag, sends the commands to get CSN and CC. + * @param card_data where the CSN and CC are stored for return + * @return 0 = fail + * 1 = Got CSN + * 2 = Got CSN and CC + */ +uint8_t handshakeIclassTag(uint8_t *card_data) +{ + static uint8_t act_all[] = { 0x0a }; + static uint8_t identify[] = { 0x0c }; + static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static uint8_t readcheck_cc[]= { 0x88, 0x02 }; + uint8_t *resp = (((uint8_t *)BigBuf) + RECV_RESP_OFFSET); + + uint8_t read_status = 0; + + // Send act_all + ReaderTransmitIClass(act_all, 1); + // Card present? + if(!ReaderReceiveIClass(resp)) return read_status;//Fail + //Send Identify + ReaderTransmitIClass(identify, 1); + //We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC + uint8_t len = ReaderReceiveIClass(resp); + if(len != 10) return read_status;//Fail + + //Copy the Anti-collision CSN to our select-packet + memcpy(&select[1],resp,8); + //Select the card + ReaderTransmitIClass(select, sizeof(select)); + //We expect a 10-byte response here, 8 byte CSN and 2 byte CRC + len = ReaderReceiveIClass(resp); + if(len != 10) return read_status;//Fail + + //Success - level 1, we got CSN + //Save CSN in response data + memcpy(card_data,resp,8); + + //Flag that we got to at least stage 1, read CSN + read_status = 1; + + // Card selected, now read e-purse (cc) + ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); + if(ReaderReceiveIClass(resp) == 8) { + //Save CC (e-purse) in response data + memcpy(card_data+8,resp,8); + + //Got both + read_status = 2; + } + + return read_status; +} + // Reader iClass Anticollission void ReaderIClass(uint8_t arg0) { - uint8_t act_all[] = { 0x0a }; - uint8_t identify[] = { 0x0c }; - uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t readcheck_cc[]= { 0x88, 0x02 }; uint8_t card_data[24]={0}; uint8_t last_csn[8]={0}; - - uint8_t *resp = (((uint8_t *)BigBuf) + RECV_RESP_OFFSET); int read_status= 0; bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; + bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC; setupIclassReader(); size_t datasize = 0; while(!BUTTON_PRESS()) { - WDT_HIT(); - // Send act_all - ReaderTransmitIClass(act_all, 1); - // Card present? - if(ReaderReceiveIClass(resp)) { + if(traceLen > TRACE_SIZE) { + DbpString("Trace full"); + break; + } + WDT_HIT(); - ReaderTransmitIClass(identify, 1); + read_status = handshakeIclassTag(card_data); - if(ReaderReceiveIClass(resp) == 10) { - //Copy the Anti-collision CSN to our select-packet - memcpy(&select[1],resp,8); - //Dbprintf("Anti-collision CSN: %02x %02x %02x %02x %02x %02x %02x %02x",resp[0], resp[1], resp[2], - // resp[3], resp[4], resp[5], - // resp[6], resp[7]); - //Select the card - ReaderTransmitIClass(select, sizeof(select)); + if(read_status == 0) continue; + if(read_status == 1) datasize = 8; + if(read_status == 2) datasize = 16; - if(ReaderReceiveIClass(resp) == 10) { - //Save CSN in response data - memcpy(card_data,resp,8); - datasize += 8; - //Flag that we got to at least stage 1, read CSN - read_status = 1; + LED_B_ON(); + //Send back to client, but don't bother if we already sent this + if(memcmp(last_csn, card_data, 8) != 0) + { - // Card selected - //Dbprintf("Readcheck on Sector 2"); - ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); - if(ReaderReceiveIClass(resp) == 8) { - //Save CC (e-purse) in response data - memcpy(card_data+8,resp,8); - datasize += 8; - //Got both - read_status = 2; - } - - LED_B_ON(); - //Send back to client, but don't bother if we already sent this - if(memcmp(last_csn, card_data, 8) != 0) - cmd_send(CMD_ACK,read_status,0,0,card_data,datasize); - - //Save that we already sent this.... - if(read_status == 2) - memcpy(last_csn, card_data, 8); - - LED_B_OFF(); - - if(abort_after_read) break; - } - } - } - - if(traceLen > TRACE_SIZE) { - DbpString("Trace full"); - break; - } + if(!get_cc || (get_cc && read_status == 2)) + { + cmd_send(CMD_ACK,read_status,0,0,card_data,datasize); + if(abort_after_read) { + LED_A_OFF(); + return; + } + //Save that we already sent this.... + memcpy(last_csn, card_data, 8); + } + //If 'get_cc' was specified and we didn't get a CC, we'll just keep trying... + } + LED_B_OFF(); } - cmd_send(CMD_ACK,0,0,0,card_data, 0); - LED_A_OFF(); } void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { - uint8_t act_all[] = { 0x0a }; - uint8_t identify[] = { 0x0c }; - uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t readcheck_cc[]= { 0x88, 0x02 }; + + uint8_t card_data[24]={0}; + uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 }; uint16_t crc = 0; uint8_t cardsize=0; - bool read_success=false; uint8_t mem=0; static struct memory_t{ @@ -1583,102 +1616,73 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { setupIclassReader(); - for(int i=0;i<1;i++) { + while(!BUTTON_PRESS()) { if(traceLen > TRACE_SIZE) { DbpString("Trace full"); break; } - if (BUTTON_PRESS()) break; - // Send act_all - ReaderTransmitIClass(act_all, 1); - // Card present? - if(ReaderReceiveIClass(resp)) { - ReaderTransmitIClass(identify, 1); - if(ReaderReceiveIClass(resp) == 10) { - // Select card - memcpy(&select[1],resp,8); - ReaderTransmitIClass(select, sizeof(select)); + uint8_t read_status = handshakeIclassTag(card_data); + if(read_status < 2) continue; - if(ReaderReceiveIClass(resp) == 10) { - Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x", - resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - } - // Card selected - Dbprintf("Readcheck on Sector 2"); - ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); - if(ReaderReceiveIClass(resp) == 8) { - Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x", - resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - }else return; - Dbprintf("Authenticate"); - //for now replay captured auth (as cc not updated) - memcpy(check+5,MAC,4); - //Dbprintf(" AA: %02x %02x %02x %02x", - // check[5], check[6], check[7],check[8]); - ReaderTransmitIClass(check, sizeof(check)); - if(ReaderReceiveIClass(resp) == 4) { - Dbprintf(" AR: %02x %02x %02x %02x", - resp[0], resp[1], resp[2],resp[3]); - }else { - Dbprintf("Error: Authentication Fail!"); - return; - } - Dbprintf("Dump Contents"); - //first get configuration block - read_success=false; - read[1]=1; - uint8_t *blockno=&read[1]; - crc = iclass_crc16((char *)blockno,1); - read[2] = crc >> 8; - read[3] = crc & 0xff; - while(!read_success){ - ReaderTransmitIClass(read, sizeof(read)); - if(ReaderReceiveIClass(resp) == 10) { - read_success=true; - mem=resp[5]; - memory.k16= (mem & 0x80); - memory.book= (mem & 0x20); - memory.k2= (mem & 0x8); - memory.lockauth= (mem & 0x2); - memory.keyaccess= (mem & 0x1); + //for now replay captured auth (as cc not updated) + memcpy(check+5,MAC,4); + + if(sendCmdGetResponseWithRetries(check, sizeof(check),resp, 4, 5)) + { + Dbprintf("Error: Authentication Fail!"); + continue; + } + + //first get configuration block + read[1]=1; + uint8_t *blockno=&read[1]; + crc = iclass_crc16((char *)blockno,1); + read[2] = crc >> 8; + read[3] = crc & 0xff; + + if(sendCmdGetResponseWithRetries(read, sizeof(read),resp, 10, 10)) + { + Dbprintf("Dump config block failed"); + continue; + } + + mem=resp[5]; + memory.k16= (mem & 0x80); + memory.book= (mem & 0x20); + memory.k2= (mem & 0x8); + memory.lockauth= (mem & 0x2); + memory.keyaccess= (mem & 0x1); + + cardsize = memory.k16 ? 255 : 32; + WDT_HIT(); + + //then loop around remaining blocks + for(char block=0; block < cardsize; block++){ + + read[1]= block; + crc = iclass_crc16(&block ,1); + read[2] = crc >> 8; + read[3] = crc & 0xff; + + if(!sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 10)) + { + Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x", + block, resp[0], resp[1], resp[2], + resp[3], resp[4], resp[5], + resp[6], resp[7]); + + }else{ + Dbprintf("Failed to dump block %d", block); - } - } - if (memory.k16){ - cardsize=255; - }else cardsize=32; - //then loop around remaining blocks - for(uint8_t j=0; j> 8; - read[3] = crc & 0xff; - while(!read_success){ - ReaderTransmitIClass(read, sizeof(read)); - if(ReaderReceiveIClass(resp) == 10) { - read_success=true; - Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x", - j, resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - } - } - } } } + //If we got here, let's break + break; WDT_HIT(); } - LED_A_OFF(); } diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 19ec57d2..f6261f33 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -42,19 +42,38 @@ int xorbits_8(uint8_t val) return res & 1; } +#define ICLASS_CMD_ACTALL 0x0A +#define ICLASS_CMD_IDENTIFY 0x0C +#define ICLASS_CMD_READ 0x0C + +#define ICLASS_CMD_SELECT 0x81 +#define ICLASS_CMD_PAGESEL 0x84 +#define ICLASS_CMD_READCHECK 0x88 +#define ICLASS_CMD_CHECK 0x05 +#define ICLASS_CMD_SOF 0x0F +#define ICLASS_CMD_HALT 0x00 + + void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { + if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ) + { + snprintf(exp,size,"READ(%d)",cmd[1]); + return; + } + switch(cmd[0]) { - case 0x0a: snprintf(exp,size,"WUP"); break; - case 0x0f: snprintf(exp,size,"SOF"); break; - case 0x0c: snprintf(exp,size,"Read config"); break; - case 0x81: snprintf(exp,size,"SELECT"); break; - case 0x88: snprintf(exp,size,"Read E-purse (CC)"); break; - case 0x05: snprintf(exp,size,"Reader challenge"); break; - case 0x00: snprintf(exp,size,"End"); break; - default: snprintf(exp,size,"?"); break; + case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; + case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break; + case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; + case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; + case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; + case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; + case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break; + case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; + default: snprintf(exp,size,"?"); break; } return; } @@ -447,7 +466,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) UsbCommand c = {CMD_READER_ICLASS, {0}}; - c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE; + c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC; if(!fake_dummy_test) SendCommand(&c); diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 3e00c0a6..4d50de59 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -167,7 +167,8 @@ typedef struct { //Iclass reader flags -#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_GET_CC 0x02 // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: /* Whether a bootloader that understands the common_area is present */ From 4c3de57ad2c0ac268c9eccaf46a2dbf58fb0d313 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sun, 4 Jan 2015 21:22:54 +0100 Subject: [PATCH 08/11] Reworked how 'hf 14a list' and 'hf iclass list' works, to use the same method. Now. use 'hf list 14a' and 'hf list iclass' instead. Plus, the output is now annotated (although the annotation-engine could use a bit more love from someone more familiar with the available commands --- client/cmdhf.c | 279 ++++++++++++++++++++++++++++++++++++++++++- client/cmdhf.h | 2 +- client/cmdhf14a.c | 144 +--------------------- client/cmdhficlass.c | 148 +---------------------- 4 files changed, 283 insertions(+), 290 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index d955fc83..9e8a2105 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -9,6 +9,7 @@ //----------------------------------------------------------------------------- #include +#include //#include "proxusb.h" #include "proxmark3.h" #include "graph.h" @@ -31,6 +32,279 @@ int CmdHFTune(const char *Cmd) SendCommand(&c); return 0; } +// for the time being. Need better Bigbuf handling. +#define TRACE_SIZE 3000 + +#define ICLASS_CMD_ACTALL 0x0A +#define ICLASS_CMD_IDENTIFY 0x0C +#define ICLASS_CMD_READ 0x0C +#define ICLASS_CMD_SELECT 0x81 +#define ICLASS_CMD_PAGESEL 0x84 +#define ICLASS_CMD_READCHECK 0x88 +#define ICLASS_CMD_CHECK 0x05 +#define ICLASS_CMD_SOF 0x0F +#define ICLASS_CMD_HALT 0x00 + +#define iso14443_CMD_WUPA 0x52 +#define iso14443_CMD_SELECT 0x93 +#define iso14443_CMD_SELECT_2 0x95 +#define iso14443_CMD_REQ 0x26 +#define iso14443_CMD_READBLOCK 0x30 +#define iso14443_CMD_WRITEBLOCK 0xA0 +#define iso14443_CMD_INC 0xC0 +#define iso14443_CMD_DEC 0xC1 +#define iso14443_CMD_RESTORE 0xC2 +#define iso14443_CMD_TRANSFER 0xB0 +#define iso14443_CMD_HALT 0x50 +#define iso14443_CMD_RATS 0xE0 + + +void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + switch(cmd[0]) + { + case iso14443_CMD_WUPA: snprintf(exp,size,"WUPA"); break; + case iso14443_CMD_SELECT:{ + if(cmdsize > 2) + { + snprintf(exp,size,"SELECT_UID"); break; + }else + { + snprintf(exp,size,"SELECT_ALL"); break; + } + } + case iso14443_CMD_SELECT_2: snprintf(exp,size,"SELECT_2"); break; + case iso14443_CMD_REQ: snprintf(exp,size,"REW"); break; + case iso14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; + case iso14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; + case iso14443_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; + case iso14443_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; + case iso14443_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; + case iso14443_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; + case iso14443_CMD_HALT: snprintf(exp,size,"HALT"); break; + case iso14443_CMD_RATS: snprintf(exp,size,"RATS"); break; + default: snprintf(exp,size,"?"); break; + } + return; +} + +void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + + if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ) + { + snprintf(exp,size,"READ(%d)",cmd[1]); + return; + } + + switch(cmd[0]) + { + case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; + case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break; + case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; + case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; + case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; + case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; + case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break; + case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; + default: snprintf(exp,size,"?"); break; + } + return; +} + + + +uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles) +{ + bool isResponse; + uint16_t duration, data_len,parity_len; + + uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp; + char explanation[30] = {0}; + + first_timestamp = *((uint32_t *)(trace)); + timestamp = *((uint32_t *)(trace + tracepos)); + // Break and stick with current result if buffer was not completely full + if (timestamp == 0x44444444) return TRACE_SIZE; + + tracepos += 4; + duration = *((uint16_t *)(trace + tracepos)); + tracepos += 2; + data_len = *((uint16_t *)(trace + tracepos)); + tracepos += 2; + + if (data_len & 0x8000) { + data_len &= 0x7fff; + isResponse = true; + } else { + isResponse = false; + } + parity_len = (data_len-1)/8 + 1; + + if (tracepos + data_len + parity_len >= TRACE_SIZE) { + return TRACE_SIZE; + } + + uint8_t *frame = trace + tracepos; + tracepos += data_len; + uint8_t *parityBytes = trace + tracepos; + tracepos += parity_len; + + //--- Draw the data column + char line[16][110]; + for (int j = 0; j < data_len; j++) { + int oddparity = 0x01; + int k; + + for (k=0 ; k<8 ; k++) { + oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01); + } + + uint8_t parityBits = parityBytes[j>>3]; + + if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { + sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]); + } else { + sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]); + } + } + //--- Draw the CRC column + bool crcError = false; + + if (data_len > 2) { + uint8_t b1, b2; + if(iclass) + { + if(!isResponse && data_len == 4 ) { + // Rough guess that this is a command from the reader + // For iClass the command byte is not part of the CRC + ComputeCrc14443(CRC_ICLASS, &frame[1], data_len-3, &b1, &b2); + } + else { + // For other data.. CRC might not be applicable (UPDATE commands etc.) + ComputeCrc14443(CRC_ICLASS, frame, data_len-2, &b1, &b2); + } + + if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { + crcError = true; + } + + }else{//Iso 14443a + + ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2); + + if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { + if(!(isResponse & (data_len < 6))) + { + crcError = true; + } + } + } + + } + char *crc = crcError ? "!crc" :" "; + + EndOfTransmissionTimestamp = timestamp + duration; + + if(!isResponse) + { + if(iclass) annotateIclass(explanation,sizeof(explanation),frame,data_len); + else annotateIso14443a(explanation,sizeof(explanation),frame,data_len); + } + + int num_lines = (data_len - 1)/16 + 1; + for (int j = 0; j < num_lines; j++) { + if (j == 0) { + PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s", + (timestamp - first_timestamp), + (EndOfTransmissionTimestamp - first_timestamp), + (isResponse ? "Tag" : "Rdr"), + line[j], + (j == num_lines-1) ? crc : " ", + (j == num_lines-1) ? explanation : ""); + } else { + PrintAndLog(" | | | %-64s| %s| %s", + line[j], + (j == num_lines-1)?crc:" ", + (j == num_lines-1) ? explanation : ""); + } + } + + bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000; + + if (showWaitCycles && !isResponse && next_isResponse) { + uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); + if (next_timestamp != 0x44444444) { + PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", + (EndOfTransmissionTimestamp - first_timestamp), + (next_timestamp - first_timestamp), + " ", + (next_timestamp - EndOfTransmissionTimestamp)); + } + } + return tracepos; +} + +int CmdHFList(const char *Cmd) +{ + bool showWaitCycles = false; + char type[40] = {0}; + int tlen = param_getstr(Cmd,0,type); + char param = param_getchar(Cmd, 1); + bool errors = false; + bool iclass = false; + //Validate params + if(tlen == 0 || (strcmp(type, "iclass") != 0 && strcmp(type,"14a") != 0)) + { + errors = true; + } + if(param == 'h' || (param !=0 && param != 'f')) + { + errors = true; + } + + if (errors) { + PrintAndLog("List protocol data in trace buffer."); + PrintAndLog("Usage: hf list [14a|iclass] [f]"); + PrintAndLog(" - interpret data as iso14443a communications"); + PrintAndLog(" iclass - interpret data as iclass communications"); + PrintAndLog(" f - show frame delay times as well"); + PrintAndLog(""); + PrintAndLog("example: hf list 14a f"); + PrintAndLog("example: hf list iclass"); + return 0; + } + if(strcmp(type, "iclass") == 0) + { + iclass = true; + } + + if (param == 'f') { + showWaitCycles = true; + } + + + uint8_t trace[TRACE_SIZE]; + uint16_t tracepos = 0; + GetFromBigBuf(trace, TRACE_SIZE, 0); + WaitForResponse(CMD_ACK, NULL); + + PrintAndLog("Recorded Activity"); + PrintAndLog(""); + PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); + PrintAndLog("iso14443a - All times are in carrier periods (1/13.56Mhz)"); + PrintAndLog("iClass - Timings are not as accurate"); + PrintAndLog(""); + PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC | Annotation |"); + PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|"); + + while(tracepos < TRACE_SIZE) + { + tracepos = printTraceLine(tracepos, trace, iclass, showWaitCycles); + } + return 0; +} + static command_t CommandTable[] = { @@ -41,9 +315,10 @@ static command_t CommandTable[] = {"epa", CmdHFEPA, 1, "{ German Identification Card... }"}, {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, - {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, + {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, {"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, - {NULL, NULL, 0, NULL} + {"list", CmdHFList, 1, "List protocol data in trace buffer"}, + {NULL, NULL, 0, NULL} }; int CmdHF(const char *Cmd) diff --git a/client/cmdhf.h b/client/cmdhf.h index ff20a950..026357b5 100644 --- a/client/cmdhf.h +++ b/client/cmdhf.h @@ -13,5 +13,5 @@ int CmdHF(const char *Cmd); int CmdHFTune(const char *Cmd); - +int CmdHFList(const char *Cmd); #endif diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index c9976076..36ffe1b8 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -29,145 +29,7 @@ static void waitCmd(uint8_t iLen); int CmdHF14AList(const char *Cmd) { - bool ShowWaitCycles = false; - char param = param_getchar(Cmd, 0); - - if (param == 'h' || (param != 0 && param != 'f')) { - PrintAndLog("List data in trace buffer."); - PrintAndLog("Usage: hf 14a list [f]"); - PrintAndLog("f - show frame delay times as well"); - PrintAndLog("sample: hf 14a list f"); - return 0; - } - - if (param == 'f') { - ShowWaitCycles = true; - } - -// for the time being. Need better Bigbuf handling. -#define TRACE_SIZE 3000 - - uint8_t trace[TRACE_SIZE]; - GetFromBigBuf(trace, TRACE_SIZE, 0); - WaitForResponse(CMD_ACK, NULL); - - PrintAndLog("Recorded Activity"); - PrintAndLog(""); - PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); - PrintAndLog("All times are in carrier periods (1/13.56Mhz)"); - PrintAndLog(""); - PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC "); - PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------------"); - - uint16_t tracepos = 0; - uint16_t duration; - uint16_t data_len; - uint16_t parity_len; - bool isResponse; - uint32_t timestamp; - uint32_t first_timestamp; - uint32_t EndOfTransmissionTimestamp; - - for (;;) { - - if(tracepos >= TRACE_SIZE) { - break; - } - - timestamp = *((uint32_t *)(trace + tracepos)); - if(tracepos == 0) { - first_timestamp = timestamp; - } - - // Break and stick with current result if buffer was not completely full - if (timestamp == 0x44444444) break; - - tracepos += 4; - duration = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - data_len = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - - if (data_len & 0x8000) { - data_len &= 0x7fff; - isResponse = true; - } else { - isResponse = false; - } - - parity_len = (data_len-1)/8 + 1; - - if (tracepos + data_len + parity_len >= TRACE_SIZE) { - break; - } - - uint8_t *frame = trace + tracepos; - tracepos += data_len; - uint8_t *parityBytes = trace + tracepos; - tracepos += parity_len; - - char line[16][110]; - for (int j = 0; j < data_len; j++) { - int oddparity = 0x01; - int k; - - for (k=0;k<8;k++) { - oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01); - } - - uint8_t parityBits = parityBytes[j>>3]; - if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { - sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]); - } else { - sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]); - } - - } - - char crc[5] = ""; - if (data_len > 2) { - uint8_t b1, b2; - ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2); - if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { - sprintf(crc, (isResponse & (data_len < 6)) ? "" : "!crc"); - } else { - sprintf(crc, ""); - } - } - - EndOfTransmissionTimestamp = timestamp + duration; - - int num_lines = (data_len - 1)/16 + 1; - for (int j = 0; j < num_lines; j++) { - if (j == 0) { - PrintAndLog(" %9d | %9d | %s | %-64s| %s", - (timestamp - first_timestamp), - (EndOfTransmissionTimestamp - first_timestamp), - (isResponse ? "Tag" : "Rdr"), - line[j], - (j == num_lines-1)?crc:""); - } else { - PrintAndLog(" | | | %-64s| %s", - line[j], - (j == num_lines-1)?crc:""); - } - } - - bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000; - - if (ShowWaitCycles && !isResponse && next_isResponse) { - uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); - if (next_timestamp != 0x44444444) { - PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", - (EndOfTransmissionTimestamp - first_timestamp), - (next_timestamp - first_timestamp), - " ", - (next_timestamp - EndOfTransmissionTimestamp)); - } - } - - } - + PrintAndLog("Deprecated command, use 'hf list 14a' instead"); return 0; } @@ -510,7 +372,7 @@ int CmdHF14ASnoop(const char *Cmd) { if (param_getchar(Cmd, 0) == 'h') { PrintAndLog("It get data from the field and saves it into command buffer."); - PrintAndLog("Buffer accessible from command hf 14a list."); + PrintAndLog("Buffer accessible from command hf list 14a."); PrintAndLog("Usage: hf 14a snoop [c][r]"); PrintAndLog("c - triggered by first data from card"); PrintAndLog("r - triggered by first 7-bit request from reader (REQ,WUP,...)"); @@ -671,7 +533,7 @@ static void waitCmd(uint8_t iSelect) static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, - {"list", CmdHF14AList, 0, "List ISO 14443a history"}, + {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, {"cuids", CmdHF14ACUIDs, 0, " Collect n>0 ISO14443 Type A UIDs in one go"}, {"sim", CmdHF14ASim, 0, " -- Fake ISO 14443a tag"}, diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index f6261f33..5146401b 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -80,151 +80,7 @@ void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) int CmdHFiClassList(const char *Cmd) { - bool ShowWaitCycles = false; - char param = param_getchar(Cmd, 0); - - if (param != 0) { - PrintAndLog("List data in trace buffer."); - PrintAndLog("Usage: hf iclass list"); - PrintAndLog("h - help"); - PrintAndLog("sample: hf iclass list"); - return 0; - } - -// for the time being. Need better Bigbuf handling. -#define TRACE_SIZE 3000 - - uint8_t trace[TRACE_SIZE]; - GetFromBigBuf(trace, TRACE_SIZE, 0); - WaitForResponse(CMD_ACK, NULL); - - PrintAndLog("Recorded Activity"); - PrintAndLog(""); - PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); - PrintAndLog("All times are in carrier periods (1/13.56Mhz)"); - PrintAndLog(""); - PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC | Explanation|"); - PrintAndLog("-----------|-----------|-----|-------------------------------------------------------------------------------------"); - - uint16_t tracepos = 0; - uint16_t duration; - uint16_t data_len; - uint16_t parity_len; - bool isResponse; - uint32_t timestamp; - uint32_t first_timestamp; - uint32_t EndOfTransmissionTimestamp; - char explanation[20] = {0}; - for (;;) { - - if(tracepos >= TRACE_SIZE) { - break; - } - - timestamp = *((uint32_t *)(trace + tracepos)); - if(tracepos == 0) { - first_timestamp = timestamp; - } - - // Break and stick with current result if buffer was not completely full - if (timestamp == 0x44444444) break; - - tracepos += 4; - duration = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - data_len = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - - if (data_len & 0x8000) { - data_len &= 0x7fff; - isResponse = true; - } else { - isResponse = false; - } - - parity_len = (data_len-1)/8 + 1; - - if (tracepos + data_len + parity_len >= TRACE_SIZE) { - break; - } - - uint8_t *frame = trace + tracepos; - tracepos += data_len; - uint8_t *parityBytes = trace + tracepos; - tracepos += parity_len; - - char line[16][110]; - for (int j = 0; j < data_len; j++) { - int oddparity = 0x01; - int k; - - for (k=0;k<8;k++) { - oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01); - } - - uint8_t parityBits = parityBytes[j>>3]; - if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { - sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]); - } else { - sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]); - } - - } - - char *crc = " "; - if (data_len > 2) { - uint8_t b1, b2; - if(!isResponse && data_len == 4 ) { - // Rough guess that this is a command from the reader - // For iClass the command byte is not part of the CRC - ComputeCrc14443(CRC_ICLASS, &frame[1], data_len-3, &b1, &b2); - if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { - crc = "!crc"; - } - } - else { - // For other data.. CRC might not be applicable (UPDATE commands etc.) - ComputeCrc14443(CRC_ICLASS, frame, data_len-2, &b1, &b2); - if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { - crc = "!crc"; - } - } - } - - EndOfTransmissionTimestamp = timestamp + duration; - explain(explanation,sizeof(explanation),frame,data_len); - int num_lines = (data_len - 1)/16 + 1; - for (int j = 0; j < num_lines; j++) { - if (j == 0) { - PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s", - (timestamp - first_timestamp), - (EndOfTransmissionTimestamp - first_timestamp), - (isResponse ? "Tag" : "Rdr"), - line[j], - (j == num_lines-1)?crc:" ", - explanation); - } else { - PrintAndLog(" | | | %-64s| %s", - line[j], - (j == num_lines-1)?crc:" "); - } - } - - bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000; - - if (ShowWaitCycles && !isResponse && next_isResponse) { - uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); - if (next_timestamp != 0x44444444) { - PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", - (EndOfTransmissionTimestamp - first_timestamp), - (next_timestamp - first_timestamp), - " ", - (next_timestamp - EndOfTransmissionTimestamp)); - } - } - - } - + PrintAndLog("Deprecated command, use 'hf list iclass' instead"); return 0; } @@ -619,7 +475,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd) static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, - {"list", CmdHFiClassList, 0, "List iClass history"}, + {"list", CmdHFiClassList, 0, "[Deprecated] List iClass history"}, {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, {"reader",CmdHFiClassReader, 0, "Read an iClass tag"}, From 337818f7ab35b1e51e33bd7903877c1cdc7da600 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sun, 4 Jan 2015 21:26:10 +0100 Subject: [PATCH 09/11] Minor dox --- client/cmdhf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 9e8a2105..85cc5425 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -99,15 +99,15 @@ void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) switch(cmd[0]) { - case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; + case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break; - case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; - case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; - case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; - case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; - case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break; - case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; - default: snprintf(exp,size,"?"); break; + case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; + case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; + case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; + case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; + case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break; + case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; + default: snprintf(exp,size,"?"); break; } return; } @@ -266,9 +266,9 @@ int CmdHFList(const char *Cmd) if (errors) { PrintAndLog("List protocol data in trace buffer."); PrintAndLog("Usage: hf list [14a|iclass] [f]"); - PrintAndLog(" - interpret data as iso14443a communications"); + PrintAndLog(" 14a - interpret data as iso14443a communications"); PrintAndLog(" iclass - interpret data as iclass communications"); - PrintAndLog(" f - show frame delay times as well"); + PrintAndLog(" f - show frame delay times as well"); PrintAndLog(""); PrintAndLog("example: hf list 14a f"); PrintAndLog("example: hf list iclass"); From 39d3ce5dd66a1e3e135331db444f38b2ed32691a Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sun, 4 Jan 2015 22:10:25 +0100 Subject: [PATCH 10/11] Moved iclass crc to be based on a lookup table --- armsrc/iclass.c | 24 ++++++++++++++++-------- common/iso15693tools.c | 4 ++-- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/armsrc/iclass.c b/armsrc/iclass.c index cb5416a0..3844ab14 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1595,6 +1595,15 @@ void ReaderIClass(uint8_t arg0) { void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { uint8_t card_data[24]={0}; + uint16_t block_crc_LUT[255] = {0}; + + {//Generate a lookup table for block crc + for(int block = 0; block < 255; block++){ + char bl = block; + block_crc_LUT[block] = iclass_crc16(&bl ,1); + } + } + //Dbprintf("Lookup table: %02x %02x %02x" ,block_crc_LUT[0],block_crc_LUT[1],block_crc_LUT[2]); uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 }; @@ -1618,12 +1627,13 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { while(!BUTTON_PRESS()) { + WDT_HIT(); + if(traceLen > TRACE_SIZE) { DbpString("Trace full"); break; } - uint8_t read_status = handshakeIclassTag(card_data); if(read_status < 2) continue; @@ -1636,16 +1646,15 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { continue; } - //first get configuration block + //first get configuration block (block 1) + crc = block_crc_LUT[1]; read[1]=1; - uint8_t *blockno=&read[1]; - crc = iclass_crc16((char *)blockno,1); read[2] = crc >> 8; read[3] = crc & 0xff; if(sendCmdGetResponseWithRetries(read, sizeof(read),resp, 10, 10)) { - Dbprintf("Dump config block failed"); + Dbprintf("Dump config (block 1) failed"); continue; } @@ -1660,10 +1669,10 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { WDT_HIT(); //then loop around remaining blocks - for(char block=0; block < cardsize; block++){ + for(int block=0; block < cardsize; block++){ read[1]= block; - crc = iclass_crc16(&block ,1); + crc = block_crc_LUT[block]; read[2] = crc >> 8; read[3] = crc & 0xff; @@ -1681,7 +1690,6 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { } //If we got here, let's break break; - WDT_HIT(); } LED_A_OFF(); } diff --git a/common/iso15693tools.c b/common/iso15693tools.c index 0f7a250b..26e636ca 100644 --- a/common/iso15693tools.c +++ b/common/iso15693tools.c @@ -66,11 +66,11 @@ char* Iso15693sprintUID(char *target,uint8_t *uid) { return target; } -unsigned short iclass_crc16(char *data_p, unsigned short length) +uint16_t iclass_crc16(char *data_p, unsigned short length) { unsigned char i; unsigned int data; - unsigned int crc = 0xffff; + uint16_t crc = 0xffff; if (length == 0) return (~crc); From 6f101995b633112d092b4f61b9fb2345f85ba353 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Mon, 5 Jan 2015 09:16:06 +0100 Subject: [PATCH 11/11] Added loclass-functionality into the pm3,the functionality provided by loclass can now be invoked directly from the pm3. Also fixed some issues with how prnlog called PrintAndLog, and added some testdata for the loclass self-tests --- client/cmdhficlass.c | 99 ++++++++++++++++++--------------- client/loclass/elite_crack.c | 17 ++++-- client/loclass/fileutils.c | 8 +-- client/loclass/fileutils.h | 1 + client/loclass/iclass_dump.bin | Bin 0 -> 3024 bytes 5 files changed, 72 insertions(+), 53 deletions(-) create mode 100644 client/loclass/iclass_dump.bin diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 5146401b..dba4f113 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -42,42 +42,6 @@ int xorbits_8(uint8_t val) return res & 1; } -#define ICLASS_CMD_ACTALL 0x0A -#define ICLASS_CMD_IDENTIFY 0x0C -#define ICLASS_CMD_READ 0x0C - -#define ICLASS_CMD_SELECT 0x81 -#define ICLASS_CMD_PAGESEL 0x84 -#define ICLASS_CMD_READCHECK 0x88 -#define ICLASS_CMD_CHECK 0x05 -#define ICLASS_CMD_SOF 0x0F -#define ICLASS_CMD_HALT 0x00 - - -void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - - if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ) - { - snprintf(exp,size,"READ(%d)",cmd[1]); - return; - } - - switch(cmd[0]) - { - case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; - case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break; - case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; - case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; - case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; - case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; - case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break; - case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; - default: snprintf(exp,size,"?"); break; - } - return; -} - int CmdHFiClassList(const char *Cmd) { PrintAndLog("Deprecated command, use 'hf list iclass' instead"); @@ -470,19 +434,64 @@ int CmdHFiClass_iso14443A_write(const char *Cmd) } return 0; } +int CmdHFiClass_loclass(const char *Cmd) +{ + char opt = param_getchar(Cmd, 0); + if (strlen(Cmd)<1 || opt == 'h') { + PrintAndLog("Usage: hf iclass loclass [options]"); + PrintAndLog("Options:"); + PrintAndLog("h Show this help"); + PrintAndLog("t Perform self-test"); + PrintAndLog("f Bruteforce iclass dumpfile"); + PrintAndLog(" An iclass dumpfile is assumed to consist of an arbitrary number of"); + PrintAndLog(" malicious CSNs, and their protocol responses"); + PrintAndLog(" The the binary format of the file is expected to be as follows: "); + PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); + PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); + PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); + PrintAndLog(" ... totalling N*24 bytes"); + return 0; + } + char fileName[255] = {0}; + if(opt == 'f') + { + if(param_getstr(Cmd, 1, fileName) > 0) + { + return bruteforceFileNoKeys(fileName); + }else + { + PrintAndLog("You must specify a filename"); + } + } + else if(opt == 't') + { + int errors = testCipherUtils(); + errors += testMAC(); + errors += doKeyTests(0); + errors += testElite(); + if(errors) + { + prnlog("OBS! There were errors!!!"); + } + return errors; + } + + return 0; +} static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"list", CmdHFiClassList, 0, "[Deprecated] List iClass history"}, - {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, - {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, - {"reader",CmdHFiClassReader, 0, "Read an iClass tag"}, - {"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, - {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, - {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, - {NULL, NULL, 0, NULL} + {"help", CmdHelp, 1, "This help"}, + {"list", CmdHFiClassList, 0, "[Deprecated] List iClass history"}, + {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, + {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, + {"reader",CmdHFiClassReader, 0, "Read an iClass tag"}, + {"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, + {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, + {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, + {"loclass", CmdHFiClass_loclass, 1, "Use loclass to perform bruteforce of reader attack dump"}, + {NULL, NULL, 0, NULL} }; int CmdHFiClass(const char *Cmd) diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index 7dc60396..f0eb964b 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -526,7 +526,7 @@ int bruteforceFile(const char *filename, uint16_t keytable[]) fseek(f, 0, SEEK_SET); uint8_t *dump = malloc(fsize); - size_t bytes_read = fread(dump, fsize, 1, f); + size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); if (bytes_read < fsize) @@ -577,9 +577,18 @@ int _testBruteforce() **** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 **** **/ uint16_t keytable[128] = {0}; - //save some time... - startvalue = 0x7B0000; - errors |= bruteforceFile("iclass_dump.bin",keytable); + + //Test a few variants + if(fileExists("iclass_dump.bin")) + { + errors |= bruteforceFile("iclass_dump.bin",keytable); + }else if(fileExists("loclass/iclass_dump.bin")){ + errors |= bruteforceFile("loclass/iclass_dump.bin",keytable); + }else if(fileExists("client/loclass/iclass_dump.bin")){ + errors |= bruteforceFile("client/loclass/iclass_dump.bin",keytable); + }else{ + prnlog("Error: The file iclass_dump.bin was not found!"); + } } return errors; } diff --git a/client/loclass/fileutils.c b/client/loclass/fileutils.c index 255aa313..9ea9d145 100644 --- a/client/loclass/fileutils.c +++ b/client/loclass/fileutils.c @@ -57,11 +57,11 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si */ void prnlog(char *fmt, ...) { - + char buffer[2048] = {0}; va_list args; va_start(args,fmt); - PrintAndLog(fmt, args); - //vprintf(fmt,args); + vsprintf (buffer,fmt, args); va_end(args); - //printf("\n"); + PrintAndLog(buffer); + } diff --git a/client/loclass/fileutils.h b/client/loclass/fileutils.h index a0f5a799..e02079d5 100644 --- a/client/loclass/fileutils.h +++ b/client/loclass/fileutils.h @@ -21,4 +21,5 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si * @param fmt */ void prnlog(char *fmt, ...); +int fileExists(const char *filename); #endif // FILEUTILS_H diff --git a/client/loclass/iclass_dump.bin b/client/loclass/iclass_dump.bin new file mode 100644 index 0000000000000000000000000000000000000000..bfecd1bae95d3d2681ad38183b22f1408cfc285f GIT binary patch literal 3024 zcmY+@YdqBX9tZH>|381j7-nR$ZdtUf+m8D!LJ7If(8wq!EMqjQnOTNaOU9;i9BI8e z*=$Q{B&=IuC5!AOlyx?h3|VT(tnS2nd3=>HeB zho9Kh%UB{&Y44%?`3HKUC;1#gQ*#5lLt8LKW32TuL8q@k@3_-R$?9K>;QnN0|V6VPL_C%Phi{pS%oWDoR2N^{xo9{w>XgzW=8tN5kbyoW!X6vFa`-VxV1 z7Moz%O@xJcL66pW$Tj1X$_O_%DRk1_k|vYIn@h;X?hiD zuhgFi!Q!qcd1z7VZ=16DHgfD`CGYEZFv*YLN^u%(9rm|>vB`aW#(|@vNqYxfLj6?> zZGAgSrfa^19wDRWHl#Y%BTU5zdVx6P{_v5(tGFtrz>x$=6l7A6o)K{qNKKOS!; zH^EbclhBVaznk;^Q!NzpAr#P`pvJlXvPWZZk!T#c4>fy5?{(9picmBL{lkpc?KWOo zI9V)w1fBD1hk=V>QXiIbSZV)t{pY{k8JpQih{Yo?FO;;5E`4nK2y0`NgFV46e|6}MMMfJ4gpOqAqN7t6o>f zs?cu#L(r=hZg$Jlc|FM2FBW=$+6Fby;{814@2lk3gVl?Q9i7Se-rY()@2pulBgMLp zh@9-JuxHqP=c57r=sCpY*g)TI`NDnM4$~%Lr$;(;pZTIj3Nc=d%xu4hKJ9bWyLj+9?dX?TK#o3C9b>!rh4}GmY?|Jl^YaXI# zsz7(oc618QXsX62G#vUemRLY9$alx7nizCb%+&hq;`1`(?0pn^qM!BkU!G752tIEa zdi24;XCGTKN|BGJ1Ul_LyJmg)9+%|lErRa-+gF1#O|_Y5i_S~v6+^i{Uy_|)K%&FX zp*I*&wVeyt8b~O32K~F{dcmH*Gbre@BeT$JB2O$U=n^-y%a;dzl_gHiJKQ^sG9?4h z;|z1w2KmollSOIwpkF&^pDzqN?urbJ2cbvA=o!cGg6?1$X?LNMS9leX-0?n?n(;gI z(N!<4=viSk3JeZ~KI4&|yWnL!j#z=g(7DlDAMXpMokU?lLD1J8NM3Rz0!tJe8UUSP zwow|MCnu1}_8#b7jIa?bua-it=ll|2$WVEUg=$Yd^CZ*I^CCR@X(IUUNt#RQqhOr`Tf^Xv()?bn4R+(=nw6CORJZ={(&5wi=Z!* z(p_@x%Tkep%h%AyY7PFVYHZy^YU&!$1>a<2i?X^dlAGfx=nY$wlb9#>^&m|O1v)Vm zB?=gtb4BVJWaySby0^E)6QL+Rfq>rZB^am=rRX75k|Fd+np|<4ewRQRAH0J8@|>*V z)dBTsBu;q>J>yQHZBP2YP9Zy+O6Zh|xHL}7Trb+YCkA>OA*jEqvrUfNoC={2EU0IF zr9G{Oj17mNZ