github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-19 04:49:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Documentation to apps.h, documentation/renaming to iclass

Browse source
This commit is contained in:
Martin Holst Swende 2015-01-12 22:08:57 +01:00
commit 55eaed8f2a
2 changed files with 73 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

19
armsrc/apps.h
View file

@ -37,6 +37,25 @@ uint32_t BigBuf[BIGBUF_SIZE / sizeof(uint32_t)];
#define FREE_BUFFER_OFFSET (CARD_MEMORY_OFFSET + CARD_MEMORY_SIZE) #define FREE_BUFFER_OFFSET (CARD_MEMORY_OFFSET + CARD_MEMORY_SIZE)
#define FREE_BUFFER_SIZE (BIGBUF_SIZE - FREE_BUFFER_OFFSET - 1) #define FREE_BUFFER_SIZE (BIGBUF_SIZE - FREE_BUFFER_OFFSET - 1)
/*
The statements above translates into this :
BIGBUF_SIZE = 40000
TRACE_OFFSET = 0
TRACE_SIZE = 3000
RECV_CMD_OFFSET = 3000
MAX_FRAME_SIZE = 256
MAX_PARITY_SIZE = 32
RECV_CMD_PAR_OFFSET = 3256
RECV_RESP_OFFSET = 3288
RECV_RESP_PAR_OFFSET= 3544
CARD_MEMORY_OFFSET = 3576
CARD_MEMORY_SIZE = 4096
DMA_BUFFER_OFFSET = 3576
DMA_BUFFER_SIZE = 4096
FREE_BUFFER_OFFSET = 7672
FREE_BUFFER_SIZE = 32327
*/
extern const uint8_t OddByteParity[256]; extern const uint8_t OddByteParity[256];
extern uint8_t *trace; // = (uint8_t *) BigBuf; extern uint8_t *trace; // = (uint8_t *) BigBuf;
extern int traceLen; // = 0; extern int traceLen; // = 0;

96
armsrc/iclass.c
View file

@ -687,7 +687,8 @@ void RAMFUNC SnoopIClass(void)
SetAdcMuxFor(GPIO_MUXSEL_HIPKD); SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
uint32_t time_0 = GetCountSspClk(); uint32_t time_0 = GetCountSspClk();
uint32_t time_start = 0;
uint32_t time_stop = 0;
int div = 0; int div = 0;
//int div2 = 0; //int div2 = 0;
@ -738,6 +739,7 @@ void RAMFUNC SnoopIClass(void)
smpl = decbyter; smpl = decbyter;
if(OutOfNDecoding((smpl & 0xF0) >> 4)) { if(OutOfNDecoding((smpl & 0xF0) >> 4)) {
rsamples = samples - Uart.samples; rsamples = samples - Uart.samples;
time_stop = (GetCountSspClk()-time_0) << 4;
LED_C_ON(); LED_C_ON();
//if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,TRUE)) break; //if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,TRUE)) break;
@ -745,7 +747,7 @@ void RAMFUNC SnoopIClass(void)
if(tracing) { if(tracing) {
uint8_t parity[MAX_PARITY_SIZE]; uint8_t parity[MAX_PARITY_SIZE];
GetParity(Uart.output, Uart.byteCnt, parity); GetParity(Uart.output, Uart.byteCnt, parity);
LogTrace(Uart.output,Uart.byteCnt, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, TRUE); LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, TRUE);
} }
@ -756,6 +758,8 @@ void RAMFUNC SnoopIClass(void)
Demod.state = DEMOD_UNSYNCD; Demod.state = DEMOD_UNSYNCD;
LED_B_OFF(); LED_B_OFF();
Uart.byteCnt = 0; Uart.byteCnt = 0;
}else{
time_start = (GetCountSspClk()-time_0) << 4;
} }
decbyter = 0; decbyter = 0;
} }
@ -763,21 +767,24 @@ void RAMFUNC SnoopIClass(void)
if(div > 3) { if(div > 3) {
smpl = decbyte; smpl = decbyte;
if(ManchesterDecoding(smpl & 0x0F)) { if(ManchesterDecoding(smpl & 0x0F)) {
rsamples = samples - Demod.samples; time_stop = (GetCountSspClk()-time_0) << 4;
rsamples = samples - Demod.samples;
LED_B_ON(); LED_B_ON();
if(tracing) { if(tracing) {
uint8_t parity[MAX_PARITY_SIZE]; uint8_t parity[MAX_PARITY_SIZE];
GetParity(Demod.output, Demod.len, parity); GetParity(Demod.output, Demod.len, parity);
LogTrace(Demod.output, Demod.len, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, FALSE); LogTrace(Demod.output, Demod.len, time_start, time_stop, parity, FALSE);
} }
// And ready to receive another response. // And ready to receive another response.
memset(&Demod, 0, sizeof(Demod)); memset(&Demod, 0, sizeof(Demod));
Demod.output = tagToReaderResponse; Demod.output = tagToReaderResponse;
Demod.state = DEMOD_UNSYNCD; Demod.state = DEMOD_UNSYNCD;
LED_C_OFF(); LED_C_OFF();
}else{
time_start = (GetCountSspClk()-time_0) << 4;
} }
div = 0; div = 0;
@ -928,6 +935,7 @@ static void CodeIClassTagSOF()
// Convert from last byte pos to length // Convert from last byte pos to length
ToSendMax++; ToSendMax++;
} }
int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf); int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf);
/** /**
* @brief SimulateIClass simulates an iClass card. * @brief SimulateIClass simulates an iClass card.
@ -997,7 +1005,9 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
*/ */
int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf) int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
{ {
// CSN followed by two CRC bytes // CSN followed by two CRC bytes
uint8_t response1[] = { 0x0F} ;
uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0}; uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
memcpy(response3,csn,sizeof(response3)); memcpy(response3,csn,sizeof(response3));
@ -1020,11 +1030,11 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
// Reader 81 anticoll. CSN // Reader 81 anticoll. CSN
// Tag CSN // Tag CSN
uint8_t *resp; uint8_t *modulated_response;
int respLen; int modulated_response_size;
uint8_t* respdata = NULL; uint8_t* trace_data = NULL;
int respsize = 0; int trace_data_size = 0;
uint8_t sof = 0x0f; //uint8_t sof = 0x0f;
// Respond SOF -- takes 8 bytes // Respond SOF -- takes 8 bytes
uint8_t *resp1 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET); uint8_t *resp1 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
@ -1089,11 +1099,6 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
LED_A_ON(); LED_A_ON();
bool buttonPressed = false; bool buttonPressed = false;
/** Hack for testing
memcpy(reader_mac_buf,csn,8);
exitLoop = true;
end hack **/
while(!exitLoop) { while(!exitLoop) {
LED_B_OFF(); LED_B_OFF();
@ -1112,35 +1117,35 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
// Okay, look at the command now. // Okay, look at the command now.
if(receivedCmd[0] == 0x0a ) { if(receivedCmd[0] == 0x0a ) {
// Reader in anticollission phase // Reader in anticollission phase
resp = resp1; respLen = resp1Len; //order = 1; modulated_response = resp1; modulated_response_size = resp1Len; //order = 1;
respdata = &sof; trace_data = response1;
respsize = sizeof(sof); trace_data_size = sizeof(response1);
} else if(receivedCmd[0] == 0x0c) { } else if(receivedCmd[0] == 0x0c) {
// Reader asks for anticollission CSN // Reader asks for anticollission CSN
resp = resp2; respLen = resp2Len; //order = 2; modulated_response = resp2; modulated_response_size = resp2Len; //order = 2;
respdata = response2; trace_data = response2;
respsize = sizeof(response2); trace_data_size = sizeof(response2);
//DbpString("Reader requests anticollission CSN:"); //DbpString("Reader requests anticollission CSN:");
} else if(receivedCmd[0] == 0x81) { } else if(receivedCmd[0] == 0x81) {
// Reader selects anticollission CSN. // Reader selects anticollission CSN.
// Tag sends the corresponding real CSN // Tag sends the corresponding real CSN
resp = resp3; respLen = resp3Len; //order = 3; modulated_response = resp3; modulated_response_size = resp3Len; //order = 3;
respdata = response3; trace_data = response3;
respsize = sizeof(response3); trace_data_size = sizeof(response3);
//DbpString("Reader selects anticollission CSN:"); //DbpString("Reader selects anticollission CSN:");
} else if(receivedCmd[0] == 0x88) { } else if(receivedCmd[0] == 0x88) {
// Read e-purse (88 02) // Read e-purse (88 02)
resp = resp4; respLen = resp4Len; //order = 4; modulated_response = resp4; modulated_response_size = resp4Len; //order = 4;
respdata = response4; trace_data = response4;
respsize = sizeof(response4); trace_data_size = sizeof(response4);
LED_B_ON(); LED_B_ON();
} else if(receivedCmd[0] == 0x05) { } else if(receivedCmd[0] == 0x05) {
// Reader random and reader MAC!!! // Reader random and reader MAC!!!
// Do not respond // Do not respond
// We do not know what to answer, so lets keep quiet // We do not know what to answer, so lets keep quiet
resp = resp1; respLen = 0; //order = 5; modulated_response = resp1; modulated_response_size = 0; //order = 5;
respdata = NULL; trace_data = NULL;
respsize = 0; trace_data_size = 0;
if (breakAfterMacReceived){ if (breakAfterMacReceived){
// dbprintf:ing ... // dbprintf:ing ...
Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x" Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x"
@ -1157,9 +1162,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
} }
} else if(receivedCmd[0] == 0x00 && len == 1) { } else if(receivedCmd[0] == 0x00 && len == 1) {
// Reader ends the session // Reader ends the session
resp = resp1; respLen = 0; //order = 0; modulated_response = resp1; modulated_response_size = 0; //order = 0;
respdata = NULL; trace_data = NULL;
respsize = 0; trace_data_size = 0;
} else { } else {
//#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44 //#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44
// Never seen this command before // Never seen this command before
@ -1169,9 +1174,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
receivedCmd[3], receivedCmd[4], receivedCmd[5], receivedCmd[3], receivedCmd[4], receivedCmd[5],
receivedCmd[6], receivedCmd[7], receivedCmd[8]); receivedCmd[6], receivedCmd[7], receivedCmd[8]);
// Do not respond // Do not respond
resp = resp1; respLen = 0; //order = 0; modulated_response = resp1; modulated_response_size = 0; //order = 0;
respdata = NULL; trace_data = NULL;
respsize = 0; trace_data_size = 0;
} }
if(cmdsRecvd > 100) { if(cmdsRecvd > 100) {
@ -1181,9 +1186,16 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
else { else {
cmdsRecvd++; cmdsRecvd++;
} }
/**
if(respLen > 0) { After changes to parity calculation
SendIClassAnswer(resp, respLen, 21); Time between reader EOT and pm3 SOF
delay 21 -> 480uS
delay 10 -> 220us
delay 16 -> 388us
A legit tag has about 380us.
**/
if(modulated_response_size > 0) {
SendIClassAnswer(modulated_response, modulated_response_size, timeout);
t2r_time = GetCountSspClk(); t2r_time = GetCountSspClk();
} }
@ -1192,9 +1204,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
GetParity(receivedCmd, len, parity); GetParity(receivedCmd, len, parity);
LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, TRUE); LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, TRUE);
if (respdata != NULL) { if (trace_data != NULL) {
GetParity(respdata, respsize, parity); GetParity(trace_data, trace_data_size, parity);
LogTrace(respdata, respsize, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE); LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
} }
if(!tracing) { if(!tracing) {
DbpString("Trace full"); DbpString("Trace full");