From fb0c84c3df8bb19bcefb5d2124d61ff2ac3d0af7 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Thu, 19 Feb 2015 21:21:11 -0500 Subject: [PATCH 01/21] lf simask, lf simfsk and bug fixes --- armsrc/appmain.c | 8 +- armsrc/apps.h | 2 + armsrc/lfops.c | 165 ++++++++++++++++++++++++-- client/cmddata.c | 28 +++-- client/cmddata.h | 3 +- client/cmdlf.c | 218 +++++++++++++++++++++++++++++++++++ client/cmdlf.h | 2 + client/graph.c | 47 ++++---- client/graph.h | 1 + client/hid-flasher/usb_cmd.h | 12 ++ client/lualibs/commands.lua | 10 +- common/lfdemod.c | 1 + include/usb_cmd.h | 4 +- 13 files changed, 451 insertions(+), 50 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 3da34777..bfb4078d 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -662,7 +662,13 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_HID_SIM_TAG: CmdHIDsimTAG(c->arg[0], c->arg[1], 1); break; - case CMD_HID_CLONE_TAG: + case CMD_FSK_SIM_TAG: + CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_ASK_SIM_TAG: + CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; case CMD_IO_DEMOD_FSK: diff --git a/armsrc/apps.h b/armsrc/apps.h index a506f415..8e79a03a 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -118,6 +118,8 @@ void AcquireTiType(void); void AcquireRawBitsTI(void); void SimulateTagLowFrequency(int period, int gap, int ledcontrol); void CmdHIDsimTAG(int hi, int lo, int ledcontrol); +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); +void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index e34eab35..780af199 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -394,8 +394,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { @@ -417,7 +417,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - + //wait for next sample time while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -442,8 +442,9 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) { } -// compose fc/8 fc/10 waveform -static void fc(int c, int *n) { +// compose fc/8 fc/10 waveform (FSK2) +static void fc(int c, int *n) +{ uint8_t *dest = BigBuf_get_addr(); int idx; @@ -451,20 +452,21 @@ static void fc(int c, int *n) { if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -475,6 +477,8 @@ static void fc(int c, int *n) { // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; @@ -483,8 +487,37 @@ static void fc(int c, int *n) { dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + } + } +} +// compose fc/X fc/Y waveform (FSKx) +static void fcAll(uint8_t c, int *n, uint8_t clock) +{ + uint8_t *dest = BigBuf_get_addr(); + uint8_t idx; + uint8_t fcCnt; + // c = count of field clock for this bit + + int mod = clock % c; + // loop through clock - step field clock + for (idx=0; idx < (uint8_t) clock/c; idx++){ + // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + for (fcCnt=0; fcCnt < c; fcCnt++){ + if (fcCnt < c/2){ + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } + } + } + Dbprintf("mod: %d",mod); + if (mod>0){ //for FC counts that don't add up to a full clock cycle padd with extra wave + for (idx=0; idx < mod; idx++){ + if (idx < mod/2) { + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } } } } @@ -545,6 +578,114 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) LED_A_OFF(); } +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains invert and clock +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) +{ + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + //spacer bit + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + //fcAll(0, &n, clk); + + WDT_HIT(); + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + WDT_HIT(); + for (i=0; i 64) PrintAndLog("\nWarning! Length not what is expected - Length: %d bits\n",BitLen); printEM410x(lo); return 1; } @@ -1007,9 +1008,12 @@ int CmdFSKdemodParadox(const char *Cmd) } uint32_t fc = ((hi & 0x3)<<6) | (lo>>26); uint32_t cardnum = (lo>>10)&0xFFFF; - - PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x", - hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF ); + uint32_t rawLo = bytebits_to_byte(BitStream+idx+64,32); + uint32_t rawHi = bytebits_to_byte(BitStream+idx+32,32); + uint32_t rawHi2 = bytebits_to_byte(BitStream+idx,32); + + PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x - RAW: %08x%08x%08x", + hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF, rawHi2, rawHi, rawLo); setDemodBuf(BitStream,BitLen,idx); if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, len: %d, Printing Demod Buffer:", idx, BitLen); @@ -1179,16 +1183,16 @@ int CmdFSKdemodAWID(const char *Cmd) fc = bytebits_to_byte(BitStream+9, 8); cardnum = bytebits_to_byte(BitStream+17, 16); code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+8+(fmtLen-17), 16); if (fmtLen>32){ code1 = bytebits_to_byte(BitStream+8,fmtLen-32); code2 = bytebits_to_byte(BitStream+8+(fmtLen-32),32); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); } else{ code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); } } if (g_debugMode){ @@ -1299,21 +1303,21 @@ int CmdFSKdemodPyramid(const char *Cmd) fc = bytebits_to_byte(BitStream+73, 8); cardnum = bytebits_to_byte(BitStream+81, 16); code1 = bytebits_to_byte(BitStream+72,fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); } else if (fmtLen==45){ fmtLen=42; //end = 10 bits not 7 like 26 bit fmt fc = bytebits_to_byte(BitStream+53, 10); cardnum = bytebits_to_byte(BitStream+63, 32); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+81, 16); if (fmtLen>32){ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen-32); //code2 = bytebits_to_byte(BitStream+(size-32),32); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else{ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } } if (g_debugMode){ diff --git a/client/cmddata.h b/client/cmddata.h index c1a7ecae..f48da516 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -14,7 +14,8 @@ command_t * CmdDataCommands(); int CmdData(const char *Cmd); -void printDemodBuff(); +void printDemodBuff(void); +void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx); int CmdAmp(const char *Cmd); int Cmdaskdemod(const char *Cmd); int CmdAskEM410xDemod(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index f268eaa2..2215aff6 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -529,6 +529,7 @@ int CmdLFSim(const char *Cmd) /* convert to bitstream if necessary */ ChkBitstream(Cmd); + //can send 512 bits at a time (1 byte sent per bit...) printf("Sending [%d bytes]", GraphTraceLen); for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; @@ -548,6 +549,221 @@ int CmdLFSim(const char *Cmd) return 0; } +int usage_lf_simfsk(void) +{ + //print help + PrintAndLog("Usage: lf simfsk [c ] [i] [H ] [L ] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" H Manually set the larger Field Clock"); + PrintAndLog(" L Manually set the smaller Field Clock"); + //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; +} + +int usage_lf_simask(void) +{ + //print help + PrintAndLog("Usage: lf simask [c ] [i] [m|r] [s] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" m sim ask/manchester"); + PrintAndLog(" r sim ask/raw"); + PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; +} + +// by marshmellow - sim ask data given clock, fcHigh, fcLow, invert +// - allow pull data from DemodBuffer +int CmdLFfskSim(const char *Cmd) +{ + //todo - allow data from demodbuffer or parameters + //might be able to autodetect FC and clock from Graphbuffer if using demod buffer + //will need FChigh, FClow, Clock, and bitstream + uint8_t fcHigh=0, fcLow=0, clk=0; + uint8_t invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; // store entered hex data + uint8_t data[255] = {0x00}; + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simfsk(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'H': + errors |= param_getdec(Cmd,cmdp+1,&fcHigh); + cmdp+=2; + break; + case 'L': + errors |= param_getdec(Cmd,cmdp+1,&fcLow); + cmdp+=2; + break; + //case 's': + // separator=1; + // cmdp++; + // break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data"); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simfsk(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk==0 || fcHigh==0 || fcLow==0){ + uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0); + if (ans==0){ + fcHigh=10; + fcLow=8; + clk=50; + } + } + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 50; + if (fcHigh == 0) fcHigh = 10; + if (fcLow == 0) fcLow = 8; + + uint16_t arg1, arg2; + arg1 = fcHigh << 8 | fcLow; + arg2 = invert << 8 | clk; + UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; + if (DemodBufferLen > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + } + memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + SendCommand(&c); + return 0; +} + +// by marshmellow - sim ask data given clock, invert, manchester or raw, separator +// - allow pull data from DemodBuffer +int CmdLFaskSim(const char *Cmd) +{ + //todo - allow data from demodbuffer or parameters + //autodetect clock from Graphbuffer if using demod buffer + //will need clock, invert, manchester/raw as m or r, separator as s, and bitstream + uint8_t manchester = 1, separator = 0; + //char cmdp = Cmd[0], par3='m', par4=0; + uint8_t clk=0, invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; + uint8_t data[255]= {0x00}; // store entered hex data + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simask(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'm': + manchester=1; + cmdp++; + break; + case 'r': + manchester=0; + cmdp++; + break; + case 's': + separator=1; + cmdp++; + break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data, datalen: %d",dataLen); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simask(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk == 0) clk = GetAskClock("0", false, false); + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 64; + + uint16_t arg1, arg2; + arg1 = clk << 8 | manchester; + arg2 = invert << 8 | separator; + UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; + if (DemodBufferLen > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + } + PrintAndLog("preparing to sim ask data: %d bits", DemodBufferLen); + memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + SendCommand(&c); + return 0; +} + + int CmdLFSimBidir(const char *Cmd) { // Set ADC to twice the carrier for a slight supersampling @@ -766,6 +982,8 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] -- Simulate LF ASK tag from demodbuffer"}, + {"simfsk", CmdLFfskSim, 0, "[invert <1|0>] -- Simulate LF FSK tag from demodbuffer"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index e298d659..22f7f818 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -19,6 +19,8 @@ int CmdIndalaDemod(const char *Cmd); int CmdIndalaClone(const char *Cmd); int CmdLFRead(const char *Cmd); int CmdLFSim(const char *Cmd); +int CmdLFaskSim(const char *Cmd); +int CmdLFfskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); diff --git a/client/graph.c b/client/graph.c index 11dbc4d5..c9457ff1 100644 --- a/client/graph.c +++ b/client/graph.c @@ -18,14 +18,14 @@ int GraphBuffer[MAX_GRAPH_TRACE_LEN]; int GraphTraceLen; -/* write a bit to the graph */ +/* write a manchester bit to the graph */ void AppendGraph(int redraw, int clock, int bit) { int i; - + //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) for (i = 0; i < (int)(clock / 2); ++i) GraphBuffer[GraphTraceLen++] = bit ^ 1; - + //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) for (i = (int)(clock / 2); i < clock; ++i) GraphBuffer[GraphTraceLen++] = bit; @@ -193,24 +193,10 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) clock = 0; if (clock != 0) return (uint8_t)clock; - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; - size_t size = getFromGraphBuf(BitStream); - if (size==0) return 0; - uint8_t dummy = 0; - uint16_t ans = countFC(BitStream, size, &dummy); - if (ans==0) { - if (verbose) PrintAndLog("DEBUG: No data found"); - return 0; - } - uint8_t fc1, fc2; - fc1 = (ans >> 8) & 0xFF; - fc2 = ans & 0xFF; - uint8_t rf1 = detectFSKClk(BitStream, size, fc1, fc2); - if (rf1==0) { - if (verbose) PrintAndLog("DEBUG: Clock detect error"); - return 0; - } + uint8_t fc1=0, fc2=0, rf1=0; + uint8_t ans = fskClocks(&fc1, &fc2, &rf1, verbose); + if (ans == 0) return 0; if ((fc1==10 && fc2==8) || (fc1==8 && fc2==5)){ if (printAns) PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1); return rf1; @@ -221,3 +207,24 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) } return 0; } +uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) +{ + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; + size_t size = getFromGraphBuf(BitStream); + if (size==0) return 0; + uint8_t dummy = 0; + uint16_t ans = countFC(BitStream, size, &dummy); + if (ans==0) { + if (verbose) PrintAndLog("DEBUG: No data found"); + return 0; + } + *fc1 = (ans >> 8) & 0xFF; + *fc2 = ans & 0xFF; + + *rf1 = detectFSKClk(BitStream, size, *fc1, *fc2); + if (*rf1==0) { + if (verbose) PrintAndLog("DEBUG: Clock detect error"); + return 0; + } + return 1; +} diff --git a/client/graph.h b/client/graph.h index e4872afc..3c6de014 100644 --- a/client/graph.h +++ b/client/graph.h @@ -20,6 +20,7 @@ int GetAskClock(const char str[], bool printAns, bool verbose); int GetPskClock(const char str[], bool printAns, bool verbose); uint8_t GetNrzClock(const char str[], bool printAns, bool verbose); uint8_t GetFskClock(const char str[], bool printAns, bool verbose); +uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose); void setGraphBuf(uint8_t *buff, size_t size); bool HasGraphData(); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index a7552b3e..53c4dffe 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -71,6 +71,18 @@ typedef struct { #define CMD_INDALA_CLONE_TAG 0x0212 // for 224 bits UID #define CMD_INDALA_CLONE_TAG_L 0x0213 +#define CMD_T55XX_READ_BLOCK 0x0214 +#define CMD_T55XX_WRITE_BLOCK 0x0215 +#define CMD_T55XX_READ_TRACE 0x0216 +#define CMD_PCF7931_READ 0x0217 +#define CMD_EM4X_READ_WORD 0x0218 +#define CMD_EM4X_WRITE_WORD 0x0219 +#define CMD_IO_DEMOD_FSK 0x021A +#define CMD_IO_CLONE_TAG 0x021B +#define CMD_EM410X_DEMOD 0x021c +#define CMD_SET_LF_SAMPLING_CONFIG 0x021d +#define CMD_FSK_SIM_TAG 0x021E +#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index a5442f2a..9b47a994 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -48,8 +48,12 @@ local _commands = { CMD_EM4X_READ_WORD = 0x0218, CMD_EM4X_WRITE_WORD = 0x0219, CMD_IO_DEMOD_FSK = 0x021A, - CMD_IO_CLONE_TAG = 0x021B, - CMD_EM410X_DEMOD = 0x021c, + CMD_IO_CLONE_TAG = 0x021B, + CMD_EM410X_DEMOD = 0x021c, + CMD_SET_LF_SAMPLING_CONFIG = 0x021d, + CMD_FSK_SIM_TAG = 0x021E, + CMD_ASK_SIM_TAG = 0x021F, + --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ --// For the 13.56 MHz tags @@ -215,4 +219,4 @@ function Command:getBytes() return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data); end -return _commands \ No newline at end of file +return _commands diff --git a/common/lfdemod.c b/common/lfdemod.c index 47e63ef6..96b187b7 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -108,6 +108,7 @@ uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx) errChk = 0; break; } + //set uint64 with ID from BitStream for (uint8_t ii=0; ii<4; ii++){ lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]); } diff --git a/include/usb_cmd.h b/include/usb_cmd.h index d9a950ae..d73fac54 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -89,9 +89,11 @@ typedef struct{ #define CMD_EM4X_WRITE_WORD 0x0219 #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B -#define CMD_EM410X_DEMOD 0x021c +#define CMD_EM410X_DEMOD 0x021c // Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d +#define CMD_FSK_SIM_TAG 0x021E +#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ From e396001c47364fd52177960ef3b9ca3bef7adc3f Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Thu, 19 Feb 2015 21:22:05 -0500 Subject: [PATCH 02/21] Revert "lf simask, lf simfsk and bug fixes" This reverts commit fb0c84c3df8bb19bcefb5d2124d61ff2ac3d0af7. --- armsrc/appmain.c | 8 +- armsrc/apps.h | 2 - armsrc/lfops.c | 165 ++------------------------ client/cmddata.c | 28 ++--- client/cmddata.h | 3 +- client/cmdlf.c | 218 ----------------------------------- client/cmdlf.h | 2 - client/graph.c | 47 ++++---- client/graph.h | 1 - client/hid-flasher/usb_cmd.h | 12 -- client/lualibs/commands.lua | 10 +- common/lfdemod.c | 1 - include/usb_cmd.h | 4 +- 13 files changed, 50 insertions(+), 451 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index bfb4078d..3da34777 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -662,13 +662,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_HID_SIM_TAG: CmdHIDsimTAG(c->arg[0], c->arg[1], 1); break; - case CMD_FSK_SIM_TAG: - CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); - break; - case CMD_ASK_SIM_TAG: - CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); - break; - case CMD_HID_CLONE_TAG: + case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; case CMD_IO_DEMOD_FSK: diff --git a/armsrc/apps.h b/armsrc/apps.h index 8e79a03a..a506f415 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -118,8 +118,6 @@ void AcquireTiType(void); void AcquireRawBitsTI(void); void SimulateTagLowFrequency(int period, int gap, int ledcontrol); void CmdHIDsimTAG(int hi, int lo, int ledcontrol); -void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); -void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 780af199..e34eab35 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -394,8 +394,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - #define SHORT_COIL() LOW(GPIO_SSC_DOUT) - #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) +#define SHORT_COIL() LOW(GPIO_SSC_DOUT) +#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { @@ -417,7 +417,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - //wait for next sample time + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -442,9 +442,8 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) { } -// compose fc/8 fc/10 waveform (FSK2) -static void fc(int c, int *n) -{ +// compose fc/8 fc/10 waveform +static void fc(int c, int *n) { uint8_t *dest = BigBuf_get_addr(); int idx; @@ -452,21 +451,20 @@ static void fc(int c, int *n) if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -477,8 +475,6 @@ static void fc(int c, int *n) // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; @@ -487,37 +483,8 @@ static void fc(int c, int *n) dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; - } - } -} -// compose fc/X fc/Y waveform (FSKx) -static void fcAll(uint8_t c, int *n, uint8_t clock) -{ - uint8_t *dest = BigBuf_get_addr(); - uint8_t idx; - uint8_t fcCnt; - // c = count of field clock for this bit - - int mod = clock % c; - // loop through clock - step field clock - for (idx=0; idx < (uint8_t) clock/c; idx++){ - // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) - for (fcCnt=0; fcCnt < c; fcCnt++){ - if (fcCnt < c/2){ - dest[((*n)++)]=1; - } else { - dest[((*n)++)]=0; - } - } - } - Dbprintf("mod: %d",mod); - if (mod>0){ //for FC counts that don't add up to a full clock cycle padd with extra wave - for (idx=0; idx < mod; idx++){ - if (idx < mod/2) { - dest[((*n)++)]=1; - } else { - dest[((*n)++)]=0; - } + dest[((*n)++)]=0; + dest[((*n)++)]=0; } } } @@ -578,114 +545,6 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) LED_A_OFF(); } -// prepare a waveform pattern in the buffer based on the ID given then -// simulate a FSK tag until the button is pressed -// arg1 contains fcHigh and fcLow, arg2 contains invert and clock -void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) -{ - int ledcontrol=1; - int n=0, i=0; - uint8_t fcHigh = arg1 >> 8; - uint8_t fcLow = arg1 & 0xFF; - //spacer bit - uint8_t clk = arg2 & 0xFF; - uint8_t invert = (arg2 >> 8) & 1; - //fcAll(0, &n, clk); - - WDT_HIT(); - for (i=0; i> 8) & 0xFF; - uint8_t manchester = arg1 & 1; - uint8_t separator = arg2 & 1; - uint8_t invert = (arg2 >> 8) & 1; - WDT_HIT(); - for (i=0; i 64) PrintAndLog("\nWarning! Length not what is expected - Length: %d bits\n",BitLen); printEM410x(lo); return 1; } @@ -1008,12 +1007,9 @@ int CmdFSKdemodParadox(const char *Cmd) } uint32_t fc = ((hi & 0x3)<<6) | (lo>>26); uint32_t cardnum = (lo>>10)&0xFFFF; - uint32_t rawLo = bytebits_to_byte(BitStream+idx+64,32); - uint32_t rawHi = bytebits_to_byte(BitStream+idx+32,32); - uint32_t rawHi2 = bytebits_to_byte(BitStream+idx,32); - - PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x - RAW: %08x%08x%08x", - hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF, rawHi2, rawHi, rawLo); + + PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x", + hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF ); setDemodBuf(BitStream,BitLen,idx); if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, len: %d, Printing Demod Buffer:", idx, BitLen); @@ -1183,16 +1179,16 @@ int CmdFSKdemodAWID(const char *Cmd) fc = bytebits_to_byte(BitStream+9, 8); cardnum = bytebits_to_byte(BitStream+17, 16); code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+8+(fmtLen-17), 16); if (fmtLen>32){ code1 = bytebits_to_byte(BitStream+8,fmtLen-32); code2 = bytebits_to_byte(BitStream+8+(fmtLen-32),32); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); } else{ code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); } } if (g_debugMode){ @@ -1303,21 +1299,21 @@ int CmdFSKdemodPyramid(const char *Cmd) fc = bytebits_to_byte(BitStream+73, 8); cardnum = bytebits_to_byte(BitStream+81, 16); code1 = bytebits_to_byte(BitStream+72,fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); } else if (fmtLen==45){ fmtLen=42; //end = 10 bits not 7 like 26 bit fmt fc = bytebits_to_byte(BitStream+53, 10); cardnum = bytebits_to_byte(BitStream+63, 32); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+81, 16); if (fmtLen>32){ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen-32); //code2 = bytebits_to_byte(BitStream+(size-32),32); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else{ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } } if (g_debugMode){ diff --git a/client/cmddata.h b/client/cmddata.h index f48da516..c1a7ecae 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -14,8 +14,7 @@ command_t * CmdDataCommands(); int CmdData(const char *Cmd); -void printDemodBuff(void); -void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx); +void printDemodBuff(); int CmdAmp(const char *Cmd); int Cmdaskdemod(const char *Cmd); int CmdAskEM410xDemod(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index 2215aff6..f268eaa2 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -529,7 +529,6 @@ int CmdLFSim(const char *Cmd) /* convert to bitstream if necessary */ ChkBitstream(Cmd); - //can send 512 bits at a time (1 byte sent per bit...) printf("Sending [%d bytes]", GraphTraceLen); for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; @@ -549,221 +548,6 @@ int CmdLFSim(const char *Cmd) return 0; } -int usage_lf_simfsk(void) -{ - //print help - PrintAndLog("Usage: lf simfsk [c ] [i] [H ] [L ] [d ]"); - PrintAndLog("Options: "); - PrintAndLog(" h This help"); - PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); - PrintAndLog(" i invert data"); - PrintAndLog(" H Manually set the larger Field Clock"); - PrintAndLog(" L Manually set the smaller Field Clock"); - //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); - PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); - return 0; -} - -int usage_lf_simask(void) -{ - //print help - PrintAndLog("Usage: lf simask [c ] [i] [m|r] [s] [d ]"); - PrintAndLog("Options: "); - PrintAndLog(" h This help"); - PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); - PrintAndLog(" i invert data"); - PrintAndLog(" m sim ask/manchester"); - PrintAndLog(" r sim ask/raw"); - PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); - PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); - return 0; -} - -// by marshmellow - sim ask data given clock, fcHigh, fcLow, invert -// - allow pull data from DemodBuffer -int CmdLFfskSim(const char *Cmd) -{ - //todo - allow data from demodbuffer or parameters - //might be able to autodetect FC and clock from Graphbuffer if using demod buffer - //will need FChigh, FClow, Clock, and bitstream - uint8_t fcHigh=0, fcLow=0, clk=0; - uint8_t invert=0; - bool errors = FALSE; - char hexData[32] = {0x00}; // store entered hex data - uint8_t data[255] = {0x00}; - int dataLen = 0; - uint8_t cmdp = 0; - while(param_getchar(Cmd, cmdp) != 0x00) - { - switch(param_getchar(Cmd, cmdp)) - { - case 'h': - return usage_lf_simfsk(); - case 'i': - invert = 1; - cmdp++; - break; - case 'c': - errors |= param_getdec(Cmd,cmdp+1,&clk); - cmdp+=2; - break; - case 'H': - errors |= param_getdec(Cmd,cmdp+1,&fcHigh); - cmdp+=2; - break; - case 'L': - errors |= param_getdec(Cmd,cmdp+1,&fcLow); - cmdp+=2; - break; - //case 's': - // separator=1; - // cmdp++; - // break; - case 'd': - dataLen = param_getstr(Cmd, cmdp+1, hexData); - if (dataLen==0) { - errors=TRUE; - } else { - dataLen = hextobinarray((char *)data, hexData); - } if (dataLen==0) errors=TRUE; - if (errors) PrintAndLog ("Error getting hex data"); - cmdp+=2; - break; - default: - PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = TRUE; - break; - } - if(errors) break; - } - if(cmdp == 0 && DemodBufferLen == 0) - { - errors = TRUE;// No args - } - - //Validations - if(errors) - { - return usage_lf_simfsk(); - } - if (dataLen == 0){ //using DemodBuffer - if (clk==0 || fcHigh==0 || fcLow==0){ - uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0); - if (ans==0){ - fcHigh=10; - fcLow=8; - clk=50; - } - } - } else { - setDemodBuf(data, dataLen, 0); - } - if (clk == 0) clk = 50; - if (fcHigh == 0) fcHigh = 10; - if (fcLow == 0) fcLow = 8; - - uint16_t arg1, arg2; - arg1 = fcHigh << 8 | fcLow; - arg2 = invert << 8 | clk; - UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; - if (DemodBufferLen > USB_CMD_DATA_SIZE) { - PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); - } - memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); - SendCommand(&c); - return 0; -} - -// by marshmellow - sim ask data given clock, invert, manchester or raw, separator -// - allow pull data from DemodBuffer -int CmdLFaskSim(const char *Cmd) -{ - //todo - allow data from demodbuffer or parameters - //autodetect clock from Graphbuffer if using demod buffer - //will need clock, invert, manchester/raw as m or r, separator as s, and bitstream - uint8_t manchester = 1, separator = 0; - //char cmdp = Cmd[0], par3='m', par4=0; - uint8_t clk=0, invert=0; - bool errors = FALSE; - char hexData[32] = {0x00}; - uint8_t data[255]= {0x00}; // store entered hex data - int dataLen = 0; - uint8_t cmdp = 0; - while(param_getchar(Cmd, cmdp) != 0x00) - { - switch(param_getchar(Cmd, cmdp)) - { - case 'h': - return usage_lf_simask(); - case 'i': - invert = 1; - cmdp++; - break; - case 'c': - errors |= param_getdec(Cmd,cmdp+1,&clk); - cmdp+=2; - break; - case 'm': - manchester=1; - cmdp++; - break; - case 'r': - manchester=0; - cmdp++; - break; - case 's': - separator=1; - cmdp++; - break; - case 'd': - dataLen = param_getstr(Cmd, cmdp+1, hexData); - if (dataLen==0) { - errors=TRUE; - } else { - dataLen = hextobinarray((char *)data, hexData); - } - if (dataLen==0) errors=TRUE; - if (errors) PrintAndLog ("Error getting hex data, datalen: %d",dataLen); - cmdp+=2; - break; - default: - PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = TRUE; - break; - } - if(errors) break; - } - if(cmdp == 0 && DemodBufferLen == 0) - { - errors = TRUE;// No args - } - - //Validations - if(errors) - { - return usage_lf_simask(); - } - if (dataLen == 0){ //using DemodBuffer - if (clk == 0) clk = GetAskClock("0", false, false); - } else { - setDemodBuf(data, dataLen, 0); - } - if (clk == 0) clk = 64; - - uint16_t arg1, arg2; - arg1 = clk << 8 | manchester; - arg2 = invert << 8 | separator; - UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; - if (DemodBufferLen > USB_CMD_DATA_SIZE) { - PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); - } - PrintAndLog("preparing to sim ask data: %d bits", DemodBufferLen); - memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); - SendCommand(&c); - return 0; -} - - int CmdLFSimBidir(const char *Cmd) { // Set ADC to twice the carrier for a slight supersampling @@ -982,8 +766,6 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] -- Simulate LF ASK tag from demodbuffer"}, - {"simfsk", CmdLFfskSim, 0, "[invert <1|0>] -- Simulate LF FSK tag from demodbuffer"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 22f7f818..e298d659 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -19,8 +19,6 @@ int CmdIndalaDemod(const char *Cmd); int CmdIndalaClone(const char *Cmd); int CmdLFRead(const char *Cmd); int CmdLFSim(const char *Cmd); -int CmdLFaskSim(const char *Cmd); -int CmdLFfskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); diff --git a/client/graph.c b/client/graph.c index c9457ff1..11dbc4d5 100644 --- a/client/graph.c +++ b/client/graph.c @@ -18,14 +18,14 @@ int GraphBuffer[MAX_GRAPH_TRACE_LEN]; int GraphTraceLen; -/* write a manchester bit to the graph */ +/* write a bit to the graph */ void AppendGraph(int redraw, int clock, int bit) { int i; - //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) + for (i = 0; i < (int)(clock / 2); ++i) GraphBuffer[GraphTraceLen++] = bit ^ 1; - //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) + for (i = (int)(clock / 2); i < clock; ++i) GraphBuffer[GraphTraceLen++] = bit; @@ -193,10 +193,24 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) clock = 0; if (clock != 0) return (uint8_t)clock; + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; + size_t size = getFromGraphBuf(BitStream); + if (size==0) return 0; + uint8_t dummy = 0; + uint16_t ans = countFC(BitStream, size, &dummy); + if (ans==0) { + if (verbose) PrintAndLog("DEBUG: No data found"); + return 0; + } + uint8_t fc1, fc2; + fc1 = (ans >> 8) & 0xFF; + fc2 = ans & 0xFF; - uint8_t fc1=0, fc2=0, rf1=0; - uint8_t ans = fskClocks(&fc1, &fc2, &rf1, verbose); - if (ans == 0) return 0; + uint8_t rf1 = detectFSKClk(BitStream, size, fc1, fc2); + if (rf1==0) { + if (verbose) PrintAndLog("DEBUG: Clock detect error"); + return 0; + } if ((fc1==10 && fc2==8) || (fc1==8 && fc2==5)){ if (printAns) PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1); return rf1; @@ -207,24 +221,3 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) } return 0; } -uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) -{ - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; - size_t size = getFromGraphBuf(BitStream); - if (size==0) return 0; - uint8_t dummy = 0; - uint16_t ans = countFC(BitStream, size, &dummy); - if (ans==0) { - if (verbose) PrintAndLog("DEBUG: No data found"); - return 0; - } - *fc1 = (ans >> 8) & 0xFF; - *fc2 = ans & 0xFF; - - *rf1 = detectFSKClk(BitStream, size, *fc1, *fc2); - if (*rf1==0) { - if (verbose) PrintAndLog("DEBUG: Clock detect error"); - return 0; - } - return 1; -} diff --git a/client/graph.h b/client/graph.h index 3c6de014..e4872afc 100644 --- a/client/graph.h +++ b/client/graph.h @@ -20,7 +20,6 @@ int GetAskClock(const char str[], bool printAns, bool verbose); int GetPskClock(const char str[], bool printAns, bool verbose); uint8_t GetNrzClock(const char str[], bool printAns, bool verbose); uint8_t GetFskClock(const char str[], bool printAns, bool verbose); -uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose); void setGraphBuf(uint8_t *buff, size_t size); bool HasGraphData(); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index 53c4dffe..a7552b3e 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -71,18 +71,6 @@ typedef struct { #define CMD_INDALA_CLONE_TAG 0x0212 // for 224 bits UID #define CMD_INDALA_CLONE_TAG_L 0x0213 -#define CMD_T55XX_READ_BLOCK 0x0214 -#define CMD_T55XX_WRITE_BLOCK 0x0215 -#define CMD_T55XX_READ_TRACE 0x0216 -#define CMD_PCF7931_READ 0x0217 -#define CMD_EM4X_READ_WORD 0x0218 -#define CMD_EM4X_WRITE_WORD 0x0219 -#define CMD_IO_DEMOD_FSK 0x021A -#define CMD_IO_CLONE_TAG 0x021B -#define CMD_EM410X_DEMOD 0x021c -#define CMD_SET_LF_SAMPLING_CONFIG 0x021d -#define CMD_FSK_SIM_TAG 0x021E -#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 9b47a994..a5442f2a 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -48,12 +48,8 @@ local _commands = { CMD_EM4X_READ_WORD = 0x0218, CMD_EM4X_WRITE_WORD = 0x0219, CMD_IO_DEMOD_FSK = 0x021A, - CMD_IO_CLONE_TAG = 0x021B, - CMD_EM410X_DEMOD = 0x021c, - CMD_SET_LF_SAMPLING_CONFIG = 0x021d, - CMD_FSK_SIM_TAG = 0x021E, - CMD_ASK_SIM_TAG = 0x021F, - + CMD_IO_CLONE_TAG = 0x021B, + CMD_EM410X_DEMOD = 0x021c, --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ --// For the 13.56 MHz tags @@ -219,4 +215,4 @@ function Command:getBytes() return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data); end -return _commands +return _commands \ No newline at end of file diff --git a/common/lfdemod.c b/common/lfdemod.c index 96b187b7..47e63ef6 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -108,7 +108,6 @@ uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx) errChk = 0; break; } - //set uint64 with ID from BitStream for (uint8_t ii=0; ii<4; ii++){ lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]); } diff --git a/include/usb_cmd.h b/include/usb_cmd.h index d73fac54..d9a950ae 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -89,11 +89,9 @@ typedef struct{ #define CMD_EM4X_WRITE_WORD 0x0219 #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B -#define CMD_EM410X_DEMOD 0x021c +#define CMD_EM410X_DEMOD 0x021c // Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d -#define CMD_FSK_SIM_TAG 0x021E -#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ From abd6112fc4075484480914590b09144c5b9db80b Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Thu, 19 Feb 2015 21:35:34 -0500 Subject: [PATCH 03/21] Revert "Revert "lf simask, lf simfsk and bug fixes"" This reverts commit e396001c47364fd52177960ef3b9ca3bef7adc3f. --- armsrc/appmain.c | 8 +- armsrc/apps.h | 2 + armsrc/lfops.c | 165 ++++++++++++++++++++++++-- client/cmddata.c | 28 +++-- client/cmddata.h | 3 +- client/cmdlf.c | 218 +++++++++++++++++++++++++++++++++++ client/cmdlf.h | 2 + client/graph.c | 47 ++++---- client/graph.h | 1 + client/hid-flasher/usb_cmd.h | 12 ++ client/lualibs/commands.lua | 10 +- common/lfdemod.c | 1 + include/usb_cmd.h | 4 +- 13 files changed, 451 insertions(+), 50 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 3da34777..bfb4078d 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -662,7 +662,13 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_HID_SIM_TAG: CmdHIDsimTAG(c->arg[0], c->arg[1], 1); break; - case CMD_HID_CLONE_TAG: + case CMD_FSK_SIM_TAG: + CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_ASK_SIM_TAG: + CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; case CMD_IO_DEMOD_FSK: diff --git a/armsrc/apps.h b/armsrc/apps.h index a506f415..8e79a03a 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -118,6 +118,8 @@ void AcquireTiType(void); void AcquireRawBitsTI(void); void SimulateTagLowFrequency(int period, int gap, int ledcontrol); void CmdHIDsimTAG(int hi, int lo, int ledcontrol); +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); +void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index e34eab35..780af199 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -394,8 +394,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) i = 0; for(;;) { @@ -417,7 +417,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - + //wait for next sample time while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -442,8 +442,9 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0) { } -// compose fc/8 fc/10 waveform -static void fc(int c, int *n) { +// compose fc/8 fc/10 waveform (FSK2) +static void fc(int c, int *n) +{ uint8_t *dest = BigBuf_get_addr(); int idx; @@ -451,20 +452,21 @@ static void fc(int c, int *n) { if(c==0) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; @@ -475,6 +477,8 @@ static void fc(int c, int *n) { // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; dest[((*n)++)]=1; @@ -483,8 +487,37 @@ static void fc(int c, int *n) { dest[((*n)++)]=0; dest[((*n)++)]=0; dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; + } + } +} +// compose fc/X fc/Y waveform (FSKx) +static void fcAll(uint8_t c, int *n, uint8_t clock) +{ + uint8_t *dest = BigBuf_get_addr(); + uint8_t idx; + uint8_t fcCnt; + // c = count of field clock for this bit + + int mod = clock % c; + // loop through clock - step field clock + for (idx=0; idx < (uint8_t) clock/c; idx++){ + // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + for (fcCnt=0; fcCnt < c; fcCnt++){ + if (fcCnt < c/2){ + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } + } + } + Dbprintf("mod: %d",mod); + if (mod>0){ //for FC counts that don't add up to a full clock cycle padd with extra wave + for (idx=0; idx < mod; idx++){ + if (idx < mod/2) { + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } } } } @@ -545,6 +578,114 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) LED_A_OFF(); } +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains invert and clock +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) +{ + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + //spacer bit + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + //fcAll(0, &n, clk); + + WDT_HIT(); + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + WDT_HIT(); + for (i=0; i 64) PrintAndLog("\nWarning! Length not what is expected - Length: %d bits\n",BitLen); printEM410x(lo); return 1; } @@ -1007,9 +1008,12 @@ int CmdFSKdemodParadox(const char *Cmd) } uint32_t fc = ((hi & 0x3)<<6) | (lo>>26); uint32_t cardnum = (lo>>10)&0xFFFF; - - PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x", - hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF ); + uint32_t rawLo = bytebits_to_byte(BitStream+idx+64,32); + uint32_t rawHi = bytebits_to_byte(BitStream+idx+32,32); + uint32_t rawHi2 = bytebits_to_byte(BitStream+idx,32); + + PrintAndLog("Paradox TAG ID: %x%08x - FC: %d - Card: %d - Checksum: %02x - RAW: %08x%08x%08x", + hi>>10, (hi & 0x3)<<26 | (lo>>10), fc, cardnum, (lo>>2) & 0xFF, rawHi2, rawHi, rawLo); setDemodBuf(BitStream,BitLen,idx); if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, len: %d, Printing Demod Buffer:", idx, BitLen); @@ -1179,16 +1183,16 @@ int CmdFSKdemodAWID(const char *Cmd) fc = bytebits_to_byte(BitStream+9, 8); cardnum = bytebits_to_byte(BitStream+17, 16); code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+8+(fmtLen-17), 16); if (fmtLen>32){ code1 = bytebits_to_byte(BitStream+8,fmtLen-32); code2 = bytebits_to_byte(BitStream+8+(fmtLen-32),32); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); } else{ code1 = bytebits_to_byte(BitStream+8,fmtLen); - PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); + PrintAndLog("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); } } if (g_debugMode){ @@ -1299,21 +1303,21 @@ int CmdFSKdemodPyramid(const char *Cmd) fc = bytebits_to_byte(BitStream+73, 8); cardnum = bytebits_to_byte(BitStream+81, 16); code1 = bytebits_to_byte(BitStream+72,fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo); } else if (fmtLen==45){ fmtLen=42; //end = 10 bits not 7 like 26 bit fmt fc = bytebits_to_byte(BitStream+53, 10); cardnum = bytebits_to_byte(BitStream+63, 32); - PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else { cardnum = bytebits_to_byte(BitStream+81, 16); if (fmtLen>32){ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen-32); //code2 = bytebits_to_byte(BitStream+(size-32),32); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } else{ //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen); - PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); + PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo); } } if (g_debugMode){ diff --git a/client/cmddata.h b/client/cmddata.h index c1a7ecae..f48da516 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -14,7 +14,8 @@ command_t * CmdDataCommands(); int CmdData(const char *Cmd); -void printDemodBuff(); +void printDemodBuff(void); +void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx); int CmdAmp(const char *Cmd); int Cmdaskdemod(const char *Cmd); int CmdAskEM410xDemod(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index f268eaa2..2215aff6 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -529,6 +529,7 @@ int CmdLFSim(const char *Cmd) /* convert to bitstream if necessary */ ChkBitstream(Cmd); + //can send 512 bits at a time (1 byte sent per bit...) printf("Sending [%d bytes]", GraphTraceLen); for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; @@ -548,6 +549,221 @@ int CmdLFSim(const char *Cmd) return 0; } +int usage_lf_simfsk(void) +{ + //print help + PrintAndLog("Usage: lf simfsk [c ] [i] [H ] [L ] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" H Manually set the larger Field Clock"); + PrintAndLog(" L Manually set the smaller Field Clock"); + //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; +} + +int usage_lf_simask(void) +{ + //print help + PrintAndLog("Usage: lf simask [c ] [i] [m|r] [s] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" m sim ask/manchester"); + PrintAndLog(" r sim ask/raw"); + PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; +} + +// by marshmellow - sim ask data given clock, fcHigh, fcLow, invert +// - allow pull data from DemodBuffer +int CmdLFfskSim(const char *Cmd) +{ + //todo - allow data from demodbuffer or parameters + //might be able to autodetect FC and clock from Graphbuffer if using demod buffer + //will need FChigh, FClow, Clock, and bitstream + uint8_t fcHigh=0, fcLow=0, clk=0; + uint8_t invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; // store entered hex data + uint8_t data[255] = {0x00}; + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simfsk(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'H': + errors |= param_getdec(Cmd,cmdp+1,&fcHigh); + cmdp+=2; + break; + case 'L': + errors |= param_getdec(Cmd,cmdp+1,&fcLow); + cmdp+=2; + break; + //case 's': + // separator=1; + // cmdp++; + // break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data"); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simfsk(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk==0 || fcHigh==0 || fcLow==0){ + uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0); + if (ans==0){ + fcHigh=10; + fcLow=8; + clk=50; + } + } + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 50; + if (fcHigh == 0) fcHigh = 10; + if (fcLow == 0) fcLow = 8; + + uint16_t arg1, arg2; + arg1 = fcHigh << 8 | fcLow; + arg2 = invert << 8 | clk; + UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; + if (DemodBufferLen > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + } + memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + SendCommand(&c); + return 0; +} + +// by marshmellow - sim ask data given clock, invert, manchester or raw, separator +// - allow pull data from DemodBuffer +int CmdLFaskSim(const char *Cmd) +{ + //todo - allow data from demodbuffer or parameters + //autodetect clock from Graphbuffer if using demod buffer + //will need clock, invert, manchester/raw as m or r, separator as s, and bitstream + uint8_t manchester = 1, separator = 0; + //char cmdp = Cmd[0], par3='m', par4=0; + uint8_t clk=0, invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; + uint8_t data[255]= {0x00}; // store entered hex data + int dataLen = 0; + uint8_t cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simask(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'm': + manchester=1; + cmdp++; + break; + case 'r': + manchester=0; + cmdp++; + break; + case 's': + separator=1; + cmdp++; + break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data, datalen: %d",dataLen); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if(errors) break; + } + if(cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if(errors) + { + return usage_lf_simask(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk == 0) clk = GetAskClock("0", false, false); + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk == 0) clk = 64; + + uint16_t arg1, arg2; + arg1 = clk << 8 | manchester; + arg2 = invert << 8 | separator; + UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; + if (DemodBufferLen > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + } + PrintAndLog("preparing to sim ask data: %d bits", DemodBufferLen); + memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + SendCommand(&c); + return 0; +} + + int CmdLFSimBidir(const char *Cmd) { // Set ADC to twice the carrier for a slight supersampling @@ -766,6 +982,8 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] -- Simulate LF ASK tag from demodbuffer"}, + {"simfsk", CmdLFfskSim, 0, "[invert <1|0>] -- Simulate LF FSK tag from demodbuffer"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index e298d659..22f7f818 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -19,6 +19,8 @@ int CmdIndalaDemod(const char *Cmd); int CmdIndalaClone(const char *Cmd); int CmdLFRead(const char *Cmd); int CmdLFSim(const char *Cmd); +int CmdLFaskSim(const char *Cmd); +int CmdLFfskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); diff --git a/client/graph.c b/client/graph.c index 11dbc4d5..c9457ff1 100644 --- a/client/graph.c +++ b/client/graph.c @@ -18,14 +18,14 @@ int GraphBuffer[MAX_GRAPH_TRACE_LEN]; int GraphTraceLen; -/* write a bit to the graph */ +/* write a manchester bit to the graph */ void AppendGraph(int redraw, int clock, int bit) { int i; - + //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) for (i = 0; i < (int)(clock / 2); ++i) GraphBuffer[GraphTraceLen++] = bit ^ 1; - + //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) for (i = (int)(clock / 2); i < clock; ++i) GraphBuffer[GraphTraceLen++] = bit; @@ -193,24 +193,10 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) clock = 0; if (clock != 0) return (uint8_t)clock; - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; - size_t size = getFromGraphBuf(BitStream); - if (size==0) return 0; - uint8_t dummy = 0; - uint16_t ans = countFC(BitStream, size, &dummy); - if (ans==0) { - if (verbose) PrintAndLog("DEBUG: No data found"); - return 0; - } - uint8_t fc1, fc2; - fc1 = (ans >> 8) & 0xFF; - fc2 = ans & 0xFF; - uint8_t rf1 = detectFSKClk(BitStream, size, fc1, fc2); - if (rf1==0) { - if (verbose) PrintAndLog("DEBUG: Clock detect error"); - return 0; - } + uint8_t fc1=0, fc2=0, rf1=0; + uint8_t ans = fskClocks(&fc1, &fc2, &rf1, verbose); + if (ans == 0) return 0; if ((fc1==10 && fc2==8) || (fc1==8 && fc2==5)){ if (printAns) PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1); return rf1; @@ -221,3 +207,24 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) } return 0; } +uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) +{ + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; + size_t size = getFromGraphBuf(BitStream); + if (size==0) return 0; + uint8_t dummy = 0; + uint16_t ans = countFC(BitStream, size, &dummy); + if (ans==0) { + if (verbose) PrintAndLog("DEBUG: No data found"); + return 0; + } + *fc1 = (ans >> 8) & 0xFF; + *fc2 = ans & 0xFF; + + *rf1 = detectFSKClk(BitStream, size, *fc1, *fc2); + if (*rf1==0) { + if (verbose) PrintAndLog("DEBUG: Clock detect error"); + return 0; + } + return 1; +} diff --git a/client/graph.h b/client/graph.h index e4872afc..3c6de014 100644 --- a/client/graph.h +++ b/client/graph.h @@ -20,6 +20,7 @@ int GetAskClock(const char str[], bool printAns, bool verbose); int GetPskClock(const char str[], bool printAns, bool verbose); uint8_t GetNrzClock(const char str[], bool printAns, bool verbose); uint8_t GetFskClock(const char str[], bool printAns, bool verbose); +uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose); void setGraphBuf(uint8_t *buff, size_t size); bool HasGraphData(); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index a7552b3e..53c4dffe 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -71,6 +71,18 @@ typedef struct { #define CMD_INDALA_CLONE_TAG 0x0212 // for 224 bits UID #define CMD_INDALA_CLONE_TAG_L 0x0213 +#define CMD_T55XX_READ_BLOCK 0x0214 +#define CMD_T55XX_WRITE_BLOCK 0x0215 +#define CMD_T55XX_READ_TRACE 0x0216 +#define CMD_PCF7931_READ 0x0217 +#define CMD_EM4X_READ_WORD 0x0218 +#define CMD_EM4X_WRITE_WORD 0x0219 +#define CMD_IO_DEMOD_FSK 0x021A +#define CMD_IO_CLONE_TAG 0x021B +#define CMD_EM410X_DEMOD 0x021c +#define CMD_SET_LF_SAMPLING_CONFIG 0x021d +#define CMD_FSK_SIM_TAG 0x021E +#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index a5442f2a..9b47a994 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -48,8 +48,12 @@ local _commands = { CMD_EM4X_READ_WORD = 0x0218, CMD_EM4X_WRITE_WORD = 0x0219, CMD_IO_DEMOD_FSK = 0x021A, - CMD_IO_CLONE_TAG = 0x021B, - CMD_EM410X_DEMOD = 0x021c, + CMD_IO_CLONE_TAG = 0x021B, + CMD_EM410X_DEMOD = 0x021c, + CMD_SET_LF_SAMPLING_CONFIG = 0x021d, + CMD_FSK_SIM_TAG = 0x021E, + CMD_ASK_SIM_TAG = 0x021F, + --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ --// For the 13.56 MHz tags @@ -215,4 +219,4 @@ function Command:getBytes() return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data); end -return _commands \ No newline at end of file +return _commands diff --git a/common/lfdemod.c b/common/lfdemod.c index 47e63ef6..96b187b7 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -108,6 +108,7 @@ uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx) errChk = 0; break; } + //set uint64 with ID from BitStream for (uint8_t ii=0; ii<4; ii++){ lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]); } diff --git a/include/usb_cmd.h b/include/usb_cmd.h index d9a950ae..d73fac54 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -89,9 +89,11 @@ typedef struct{ #define CMD_EM4X_WRITE_WORD 0x0219 #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B -#define CMD_EM410X_DEMOD 0x021c +#define CMD_EM410X_DEMOD 0x021c // Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d +#define CMD_FSK_SIM_TAG 0x021E +#define CMD_ASK_SIM_TAG 0x021F /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ From 4ac906d1c2144cad9fec5726b0026c85497a9e9e Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 21 Feb 2015 00:27:48 -0500 Subject: [PATCH 04/21] split output from rawdemod functions now allows for non-verbose calling: ASKmanDemod ASKrawDemod FSKrawDemod PSKDemod --- client/cmddata.c | 227 ++++++++++++++++++++++++++--------------------- client/cmddata.h | 4 + 2 files changed, 130 insertions(+), 101 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 7ea7e898..1c74b284 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -318,30 +318,12 @@ int CmdAskEM410xDemod(const char *Cmd) return 0; } -//by marshmellow -//takes 3 arguments - clock, invert, maxErr as integers -//attempts to demodulate ask while decoding manchester -//prints binary found and saves in graphbuffer for further commands -int Cmdaskmandemod(const char *Cmd) +int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch) { int invert=0; int clk=0; int maxErr=100; - char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { - PrintAndLog("Usage: data rawdemod am [clock] <0|1> [maxError]"); - PrintAndLog(" [set clock as integer] optional, if not set, autodetect."); - PrintAndLog(" , 1 for invert output"); - PrintAndLog(" [set maximum allowed errors], default = 100."); - PrintAndLog(""); - PrintAndLog(" sample: data rawdemod am = demod an ask/manchester tag from GraphBuffer"); - PrintAndLog(" : data rawdemod am 32 = demod an ask/manchester tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data rawdemod am 32 1 = demod an ask/manchester tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data rawdemod am 1 = demod an ask/manchester tag from GraphBuffer while inverting data"); - PrintAndLog(" : data rawdemod am 64 1 0 = demod an ask/manchester tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); - - return 0; - } + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; sscanf(Cmd, "%i %i %i", &clk, &invert, &maxErr); if (invert != 0 && invert != 1) { @@ -361,33 +343,58 @@ int Cmdaskmandemod(const char *Cmd) if (g_debugMode==1) PrintAndLog("no data found %d, errors:%d, bitlen:%d, clock:%d",errCnt,invert,BitLen,clk); return 0; } - PrintAndLog("\nUsing Clock: %d - Invert: %d - Bits Found: %d",clk,invert,BitLen); + if (verbose) PrintAndLog("\nUsing Clock: %d - Invert: %d - Bits Found: %d",clk,invert,BitLen); //output if (errCnt>0){ - PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); + if (verbose) PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); } - PrintAndLog("ASK/Manchester decoded bitstream:"); + if (verbose) PrintAndLog("ASK/Manchester decoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits setDemodBuf(BitStream,BitLen,0); - printDemodBuff(); + if (verbose) printDemodBuff(); uint64_t lo =0; size_t idx=0; - lo = Em410xDecode(BitStream, &BitLen, &idx); - if (lo>0){ - //set GraphBuffer for clone or sim command - setDemodBuf(BitStream, BitLen, idx); - if (g_debugMode){ - PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, BitLen); - printDemodBuff(); + if (emSearch){ + lo = Em410xDecode(BitStream, &BitLen, &idx); + if (lo>0){ + //set GraphBuffer for clone or sim command + setDemodBuf(BitStream, BitLen, idx); + if (g_debugMode){ + PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, BitLen); + printDemodBuff(); + } + if (verbose) PrintAndLog("EM410x pattern found: "); + if (verbose) printEM410x(lo); + return 1; } - PrintAndLog("EM410x pattern found: "); - printEM410x(lo); - return 1; } return 1; } +//by marshmellow +//takes 3 arguments - clock, invert, maxErr as integers +//attempts to demodulate ask while decoding manchester +//prints binary found and saves in graphbuffer for further commands +int Cmdaskmandemod(const char *Cmd) +{ + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: data rawdemod am [clock] <0|1> [maxError]"); + PrintAndLog(" [set clock as integer] optional, if not set, autodetect."); + PrintAndLog(" , 1 for invert output"); + PrintAndLog(" [set maximum allowed errors], default = 100."); + PrintAndLog(""); + PrintAndLog(" sample: data rawdemod am = demod an ask/manchester tag from GraphBuffer"); + PrintAndLog(" : data rawdemod am 32 = demod an ask/manchester tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod am 32 1 = demod an ask/manchester tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data rawdemod am 1 = demod an ask/manchester tag from GraphBuffer while inverting data"); + PrintAndLog(" : data rawdemod am 64 1 0 = demod an ask/manchester tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + return 0; + } + return ASKmanDemod(Cmd, TRUE, TRUE); +} + //by marshmellow //manchester decode //stricktly take 10 and 01 and convert to 0 and 1 @@ -500,13 +507,53 @@ int CmdBiphaseDecodeRaw(const char *Cmd) //takes 4 arguments - clock, invert, maxErr as integers and amplify as char //attempts to demodulate ask only //prints binary found and saves in graphbuffer for further commands -int Cmdaskrawdemod(const char *Cmd) +int ASKrawDemod(const char *Cmd, bool verbose) { int invert=0; int clk=0; int maxErr=100; uint8_t askAmp = 0; char amp = param_getchar(Cmd, 0); + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; + sscanf(Cmd, "%i %i %i %c", &clk, &invert, &maxErr, &); + if (invert != 0 && invert != 1) { + if (verbose) PrintAndLog("Invalid argument: %s", Cmd); + return 0; + } + if (clk==1){ + invert=1; + clk=0; + } + if (amp == 'a' || amp == 'A') askAmp=1; + size_t BitLen = getFromGraphBuf(BitStream); + if (BitLen==0) return 0; + int errCnt=0; + errCnt = askrawdemod(BitStream, &BitLen, &clk, &invert, maxErr, askAmp); + if (errCnt==-1||BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) + if (verbose) PrintAndLog("no data found"); + if (g_debugMode==1 && verbose) PrintAndLog("errCnt: %d, BitLen: %d, clk: %d, invert: %d", errCnt, BitLen, clk, invert); + return 0; + } + if (verbose) PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d", clk, invert, BitLen); + + //move BitStream back to DemodBuffer + setDemodBuf(BitStream,BitLen,0); + + //output + if (errCnt>0 && verbose){ + PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d", errCnt); + } + if (verbose){ + PrintAndLog("ASK demoded bitstream:"); + // Now output the bitstream to the scrollback by line of 16 bits + printBitStream(BitStream,BitLen); + } + return 1; +} + +//by marshmellow - see ASKrawDemod +int Cmdaskrawdemod(const char *Cmd) +{ char cmdp = param_getchar(Cmd, 0); if (strlen(Cmd) > 12 || cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: data rawdemod ar [clock] [maxError] [amplify]"); @@ -524,40 +571,7 @@ int Cmdaskrawdemod(const char *Cmd) PrintAndLog(" : data rawdemod ar 64 1 0 a = demod an ask tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors, and amp"); return 0; } - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; - sscanf(Cmd, "%i %i %i %c", &clk, &invert, &maxErr, &); - if (invert != 0 && invert != 1) { - PrintAndLog("Invalid argument: %s", Cmd); - return 0; - } - if (clk==1){ - invert=1; - clk=0; - } - if (amp == 'a' || amp == 'A') askAmp=1; - size_t BitLen = getFromGraphBuf(BitStream); - if (BitLen==0) return 0; - int errCnt=0; - errCnt = askrawdemod(BitStream, &BitLen, &clk, &invert, maxErr, askAmp); - if (errCnt==-1||BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) - PrintAndLog("no data found"); - if (g_debugMode==1) PrintAndLog("errCnt: %d, BitLen: %d, clk: %d, invert: %d", errCnt, BitLen, clk, invert); - return 0; - } - PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d", clk, invert, BitLen); - - //move BitStream back to DemodBuffer - setDemodBuf(BitStream,BitLen,0); - - //output - if (errCnt>0){ - PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d", errCnt); - } - PrintAndLog("ASK demoded bitstream:"); - // Now output the bitstream to the scrollback by line of 16 bits - printBitStream(BitStream,BitLen); - - return 1; + return ASKrawDemod(Cmd, TRUE); } int CmdAutoCorr(const char *Cmd) @@ -815,31 +829,15 @@ int CmdDetectClockRate(const char *Cmd) //fsk raw demod and print binary //takes 4 arguments - Clock, invert, fchigh, fclow //defaults: clock = 50, invert=1, fchigh=10, fclow=8 (RF/10 RF/8 (fsk2a)) -int CmdFSKrawdemod(const char *Cmd) +int FSKrawDemod(const char *Cmd, bool verbose) { //raw fsk demod no manchester decoding no start bit finding just get binary from wave //set defaults int rfLen = 0; - int invert=0; - int fchigh=0; - int fclow=0; - char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { - PrintAndLog("Usage: data rawdemod fs [clock] [fchigh] [fclow]"); - PrintAndLog(" [set clock as integer] optional, omit for autodetect."); - PrintAndLog(" , 1 for invert output, can be used even if the clock is omitted"); - PrintAndLog(" [fchigh], larger field clock length, omit for autodetect"); - PrintAndLog(" [fclow], small field clock length, omit for autodetect"); - PrintAndLog(""); - PrintAndLog(" sample: data rawdemod fs = demod an fsk tag from GraphBuffer using autodetect"); - PrintAndLog(" : data rawdemod fs 32 = demod an fsk tag from GraphBuffer using a clock of RF/32, autodetect fc"); - PrintAndLog(" : data rawdemod fs 1 = demod an fsk tag from GraphBuffer using autodetect, invert output"); - PrintAndLog(" : data rawdemod fs 32 1 = demod an fsk tag from GraphBuffer using a clock of RF/32, invert output, autodetect fc"); - PrintAndLog(" : data rawdemod fs 64 0 8 5 = demod an fsk1 RF/64 tag from GraphBuffer"); - PrintAndLog(" : data rawdemod fs 50 0 10 8 = demod an fsk2 RF/50 tag from GraphBuffer"); - PrintAndLog(" : data rawdemod fs 50 1 10 8 = demod an fsk2a RF/50 tag from GraphBuffer"); - return 0; - } + int invert = 0; + int fchigh = 0; + int fclow = 0; + //set options from parameters entered with the command sscanf(Cmd, "%i %i %i %i", &rfLen, &invert, &fchigh, &fclow); @@ -857,7 +855,7 @@ int CmdFSKrawdemod(const char *Cmd) uint16_t fcs=0; uint8_t dummy=0; if (fchigh==0 || fclow == 0){ - fcs=countFC(BitStream, BitLen, &dummy); + fcs = countFC(BitStream, BitLen, &dummy); if (fcs==0){ fchigh=10; fclow=8; @@ -871,22 +869,50 @@ int CmdFSKrawdemod(const char *Cmd) rfLen = detectFSKClk(BitStream, BitLen, fchigh, fclow); if (rfLen == 0) rfLen = 50; } - PrintAndLog("Args invert: %d - Clock:%d - fchigh:%d - fclow: %d",invert,rfLen,fchigh, fclow); + if (verbose) PrintAndLog("Args invert: %d - Clock:%d - fchigh:%d - fclow: %d",invert,rfLen,fchigh, fclow); int size = fskdemod(BitStream,BitLen,(uint8_t)rfLen,(uint8_t)invert,(uint8_t)fchigh,(uint8_t)fclow); if (size>0){ - PrintAndLog("FSK decoded bitstream:"); setDemodBuf(BitStream,size,0); // Now output the bitstream to the scrollback by line of 16 bits if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size - printBitStream(BitStream,size); + if (verbose) { + PrintAndLog("FSK decoded bitstream:"); + printBitStream(BitStream,size); + } return 1; } else{ - PrintAndLog("no FSK data found"); + if (verbose) PrintAndLog("no FSK data found"); } return 0; } +//by marshmellow +//fsk raw demod and print binary +//takes 4 arguments - Clock, invert, fchigh, fclow +//defaults: clock = 50, invert=1, fchigh=10, fclow=8 (RF/10 RF/8 (fsk2a)) +int CmdFSKrawdemod(const char *Cmd) +{ + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: data rawdemod fs [clock] [fchigh] [fclow]"); + PrintAndLog(" [set clock as integer] optional, omit for autodetect."); + PrintAndLog(" , 1 for invert output, can be used even if the clock is omitted"); + PrintAndLog(" [fchigh], larger field clock length, omit for autodetect"); + PrintAndLog(" [fclow], small field clock length, omit for autodetect"); + PrintAndLog(""); + PrintAndLog(" sample: data rawdemod fs = demod an fsk tag from GraphBuffer using autodetect"); + PrintAndLog(" : data rawdemod fs 32 = demod an fsk tag from GraphBuffer using a clock of RF/32, autodetect fc"); + PrintAndLog(" : data rawdemod fs 1 = demod an fsk tag from GraphBuffer using autodetect, invert output"); + PrintAndLog(" : data rawdemod fs 32 1 = demod an fsk tag from GraphBuffer using a clock of RF/32, invert output, autodetect fc"); + PrintAndLog(" : data rawdemod fs 64 0 8 5 = demod an fsk1 RF/64 tag from GraphBuffer"); + PrintAndLog(" : data rawdemod fs 50 0 10 8 = demod an fsk2 RF/50 tag from GraphBuffer"); + PrintAndLog(" : data rawdemod fs 50 1 10 8 = demod an fsk2a RF/50 tag from GraphBuffer"); + return 0; + } + return FSKrawDemod(Cmd, TRUE); +} + //by marshmellow (based on existing demod + holiman's refactor) //HID Prox demod - FSK RF/50 with preamble of 00011101 (then manchester encoded) //print full HID Prox ID and some bit format details if found @@ -1447,7 +1473,7 @@ int CmdFSKdemod(const char *Cmd) //old CmdFSKdemod needs updating //by marshmellow //attempt to psk1 demod graph buffer -int PSKDemod(const char *Cmd, uint8_t verbose) +int PSKDemod(const char *Cmd, bool verbose) { int invert=0; int clk=0; @@ -1458,7 +1484,7 @@ int PSKDemod(const char *Cmd, uint8_t verbose) clk=0; } if (invert != 0 && invert != 1) { - PrintAndLog("Invalid argument: %s", Cmd); + if (verbose) PrintAndLog("Invalid argument: %s", Cmd); return -1; } uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; @@ -1467,11 +1493,11 @@ int PSKDemod(const char *Cmd, uint8_t verbose) int errCnt=0; errCnt = pskRawDemod(BitStream, &BitLen,&clk,&invert); if (errCnt > maxErr){ - if (g_debugMode==1) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return -1; } if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) - if (g_debugMode==1) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return -1; } if (verbose) PrintAndLog("Tried PSK Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); @@ -1643,7 +1669,7 @@ int CmdPSK1rawDemod(const char *Cmd) PrintAndLog(" : data psk1rawdemod 64 1 0 = demod a psk1 tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); return 0; } - errCnt = PSKDemod(Cmd, 1); + errCnt = PSKDemod(Cmd, TRUE); //output if (errCnt<0){ if (g_debugMode) PrintAndLog("Error demoding: %d",errCnt); @@ -1651,7 +1677,6 @@ int CmdPSK1rawDemod(const char *Cmd) } if (errCnt>0){ PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); - }else{ } PrintAndLog("PSK demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits diff --git a/client/cmddata.h b/client/cmddata.h index f48da516..47651477 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -59,6 +59,10 @@ int CmdThreshold(const char *Cmd); int CmdDirectionalThreshold(const char *Cmd); int CmdZerocrossings(const char *Cmd); int CmdIndalaDecode(const char *Cmd); +int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch); +int ASKrawDemod(const char *Cmd, bool verbose); +int FSKrawDemod(const char *Cmd, bool verbose); +int PSKDemod(const char *Cmd, bool verbose); #define MAX_DEMOD_BUF_LEN (1024*128) extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; From b4a2fcf67695c45c63f485e9e65859b1320050bd Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 21 Feb 2015 18:37:15 -0500 Subject: [PATCH 05/21] Split output from nrz raw demod function missed this one last time --- client/cmddata.c | 55 ++++++++++++++++++++++++++---------------------- client/cmddata.h | 1 + 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 1c74b284..513c287f 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1591,27 +1591,12 @@ int CmdIndalaDecode(const char *Cmd) // takes 3 arguments - clock, invert, maxErr as integers // attempts to demodulate nrz only // prints binary found and saves in demodbuffer for further commands -int CmdNRZrawDemod(const char *Cmd) + +int NRZrawDemod(const char *Cmd, bool verbose) { int invert=0; int clk=0; int maxErr=100; - char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { - PrintAndLog("Usage: data rawdemod nr [clock] <0|1> [maxError]"); - PrintAndLog(" [set clock as integer] optional, if not set, autodetect."); - PrintAndLog(" , 1 for invert output"); - PrintAndLog(" [set maximum allowed errors], default = 100."); - PrintAndLog(""); - PrintAndLog(" sample: data nrzrawdemod = demod a nrz/direct tag from GraphBuffer"); - PrintAndLog(" : data nrzrawdemod 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data nrzrawdemod 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data nrzrawdemod 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); - PrintAndLog(" : data nrzrawdemod 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); - - return 0; - } - sscanf(Cmd, "%i %i %i", &clk, &invert, &maxErr); if (clk==1){ invert=1; @@ -1627,25 +1612,45 @@ int CmdNRZrawDemod(const char *Cmd) int errCnt=0; errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr); if (errCnt > maxErr){ - if (g_debugMode==1) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; } if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) - if (g_debugMode==1) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); + if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; } PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen); //prime demod buffer for output setDemodBuf(BitStream,BitLen,0); - if (errCnt>0){ + if (errCnt>0 && verbose){ PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt); - }else{ } - PrintAndLog("NRZ demoded bitstream:"); - // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); - return 1; + if (verbose) { + PrintAndLog("NRZ demoded bitstream:"); + // Now output the bitstream to the scrollback by line of 16 bits + printDemodBuff(); + } + return 1; +} + +int CmdNRZrawDemod(const char *Cmd) +{ + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: data rawdemod nr [clock] <0|1> [maxError]"); + PrintAndLog(" [set clock as integer] optional, if not set, autodetect."); + PrintAndLog(" , 1 for invert output"); + PrintAndLog(" [set maximum allowed errors], default = 100."); + PrintAndLog(""); + PrintAndLog(" sample: data nrzrawdemod = demod a nrz/direct tag from GraphBuffer"); + PrintAndLog(" : data nrzrawdemod 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data nrzrawdemod 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data nrzrawdemod 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); + PrintAndLog(" : data nrzrawdemod 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + return 0; + } + return NRZrawDemod(Cmd, TRUE); } // by marshmellow diff --git a/client/cmddata.h b/client/cmddata.h index 47651477..aba3369e 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -63,6 +63,7 @@ int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch); int ASKrawDemod(const char *Cmd, bool verbose); int FSKrawDemod(const char *Cmd, bool verbose); int PSKDemod(const char *Cmd, bool verbose); +int NRZrawDemod(const char *Cmd, bool verbose); #define MAX_DEMOD_BUF_LEN (1024*128) extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; From 872e3d4d6f6dd1ae01ef67e4ad8255243f1e24ec Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 21 Feb 2015 21:36:02 -0500 Subject: [PATCH 06/21] NEW lf simpsk --- armsrc/appmain.c | 5 +- armsrc/apps.h | 1 + armsrc/lfops.c | 67 +++++++++++++++++- client/cmdlf.c | 129 ++++++++++++++++++++++++++++++++--- client/cmdlf.h | 1 + client/graph.c | 20 ++++++ client/graph.h | 1 + client/hid-flasher/usb_cmd.h | 1 + client/lualibs/commands.lua | 1 + common/lfdemod.c | 2 +- include/usb_cmd.h | 1 + 11 files changed, 216 insertions(+), 13 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index bfb4078d..3e670f0b 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -668,7 +668,10 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_ASK_SIM_TAG: CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; - case CMD_HID_CLONE_TAG: + case CMD_PSK_SIM_TAG: + CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; case CMD_IO_DEMOD_FSK: diff --git a/armsrc/apps.h b/armsrc/apps.h index 8e79a03a..928a3075 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -120,6 +120,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol); void CmdHIDsimTAG(int hi, int lo, int ledcontrol); void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); +void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 780af199..ea36cdec 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -594,7 +594,6 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) WDT_HIT(); for (i=0; i> 8; + uint8_t carrier = arg1 & 0xFF; + uint8_t invert = arg2 & 0xFF; + uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase + //uint8_t invert = (arg2 >> 8) & 1; + uint8_t curPhase = 0; + WDT_HIT(); + for (i=0; i Manually set the smaller Field Clock"); //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap"); PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + PrintAndLog("\n NOTE: if you set one clock manually set them all manually"); return 0; } @@ -579,11 +580,25 @@ int usage_lf_simask(void) return 0; } +int usage_lf_simpsk(void) +{ + //print help + PrintAndLog("Usage: lf simpsk [1|2|3] [c ] [i] [r ] [d ]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" c Manually set clock - can autodetect if using DemodBuffer"); + PrintAndLog(" i invert data"); + PrintAndLog(" 1 set PSK1 (default)"); + PrintAndLog(" 2 set PSK2"); + PrintAndLog(" 3 set PSK3"); + PrintAndLog(" r 2|4|8 are valid carriers: default = 2"); + PrintAndLog(" d Data to sim as hex - omit to sim from DemodBuffer"); + return 0; +} // by marshmellow - sim ask data given clock, fcHigh, fcLow, invert // - allow pull data from DemodBuffer int CmdLFfskSim(const char *Cmd) { - //todo - allow data from demodbuffer or parameters //might be able to autodetect FC and clock from Graphbuffer if using demod buffer //will need FChigh, FClow, Clock, and bitstream uint8_t fcHigh=0, fcLow=0, clk=0; @@ -625,7 +640,8 @@ int CmdLFfskSim(const char *Cmd) errors=TRUE; } else { dataLen = hextobinarray((char *)data, hexData); - } if (dataLen==0) errors=TRUE; + } + if (dataLen==0) errors=TRUE; if (errors) PrintAndLog ("Error getting hex data"); cmdp+=2; break; @@ -646,13 +662,14 @@ int CmdLFfskSim(const char *Cmd) { return usage_lf_simfsk(); } - if (dataLen == 0){ //using DemodBuffer - if (clk==0 || fcHigh==0 || fcLow==0){ + + if (dataLen == 0){ //using DemodBuffer + if (clk==0 || fcHigh==0 || fcLow==0){ //manual settings must set them all uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0); if (ans==0){ - fcHigh=10; - fcLow=8; - clk=50; + if (!fcHigh) fcHigh=10; + if (!fcLow) fcLow=8; + if (!clk) clk=50; } } } else { @@ -678,7 +695,6 @@ int CmdLFfskSim(const char *Cmd) // - allow pull data from DemodBuffer int CmdLFaskSim(const char *Cmd) { - //todo - allow data from demodbuffer or parameters //autodetect clock from Graphbuffer if using demod buffer //will need clock, invert, manchester/raw as m or r, separator as s, and bitstream uint8_t manchester = 1, separator = 0; @@ -763,6 +779,98 @@ int CmdLFaskSim(const char *Cmd) return 0; } +// by marshmellow - sim psk data given carrier, clock, invert +// - allow pull data from DemodBuffer or parameters +int CmdLFpskSim(const char *Cmd) +{ + //might be able to autodetect FC and clock from Graphbuffer if using demod buffer + //will need carrier, Clock, and bitstream + uint8_t carrier=0, clk=0; + uint8_t invert=0; + bool errors = FALSE; + char hexData[32] = {0x00}; // store entered hex data + uint8_t data[255] = {0x00}; + int dataLen = 0; + uint8_t cmdp = 0; + uint8_t pskType = 1; + while(param_getchar(Cmd, cmdp) != 0x00) + { + switch(param_getchar(Cmd, cmdp)) + { + case 'h': + return usage_lf_simpsk(); + case 'i': + invert = 1; + cmdp++; + break; + case 'c': + errors |= param_getdec(Cmd,cmdp+1,&clk); + cmdp+=2; + break; + case 'r': + errors |= param_getdec(Cmd,cmdp+1,&carrier); + cmdp+=2; + break; + case '1': + pskType=1; + cmdp++; + break; + case '2': + pskType=2; + cmdp++; + break; + case '3': + pskType=3; + cmdp++; + break; + case 'd': + dataLen = param_getstr(Cmd, cmdp+1, hexData); + if (dataLen==0) { + errors=TRUE; + } else { + dataLen = hextobinarray((char *)data, hexData); + } + if (dataLen==0) errors=TRUE; + if (errors) PrintAndLog ("Error getting hex data"); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = TRUE; + break; + } + if (errors) break; + } + if (cmdp == 0 && DemodBufferLen == 0) + { + errors = TRUE;// No args + } + + //Validations + if (errors) + { + return usage_lf_simpsk(); + } + if (dataLen == 0){ //using DemodBuffer + if (clk==0) clk = GetPskClock(NULL, FALSE, FALSE); + if (!carrier) carrier = GetPskCarrier(NULL, FALSE, FALSE); + } else { + setDemodBuf(data, dataLen, 0); + } + if (clk <= 0) clk = 32; + if (carrier == 0) carrier = 2; + + uint16_t arg1, arg2; + arg1 = clk << 8 | carrier; + arg2 = invert; + UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; + if (DemodBufferLen > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + } + memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + SendCommand(&c); + return 0; +} int CmdLFSimBidir(const char *Cmd) { @@ -982,8 +1090,9 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] -- Simulate LF ASK tag from demodbuffer"}, - {"simfsk", CmdLFfskSim, 0, "[invert <1|0>] -- Simulate LF FSK tag from demodbuffer"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, + {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 22f7f818..18a28b10 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -21,6 +21,7 @@ int CmdLFRead(const char *Cmd); int CmdLFSim(const char *Cmd); int CmdLFaskSim(const char *Cmd); int CmdLFfskSim(const char *Cmd); +int CmdLFpskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); diff --git a/client/graph.c b/client/graph.c index c9457ff1..243da466 100644 --- a/client/graph.c +++ b/client/graph.c @@ -134,6 +134,26 @@ int GetAskClock(const char str[], bool printAns, bool verbose) return clock; } +uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose) +{ + uint8_t carrier=0; + uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; + size_t size = getFromGraphBuf(grph); + if ( size == 0 ) { + if (verbose) + PrintAndLog("Failed to copy from graphbuffer"); + return 0; + } + //uint8_t countPSK_FC(uint8_t *BitStream, size_t size) + + carrier = countPSK_FC(grph,size); + // Only print this message if we're not looping something + if (printAns){ + PrintAndLog("Auto-detected PSK carrier rate: %d", carrier); + } + return carrier; +} + int GetPskClock(const char str[], bool printAns, bool verbose) { int clock; diff --git a/client/graph.h b/client/graph.h index 3c6de014..8f810669 100644 --- a/client/graph.h +++ b/client/graph.h @@ -18,6 +18,7 @@ int ClearGraph(int redraw); size_t getFromGraphBuf(uint8_t *buff); int GetAskClock(const char str[], bool printAns, bool verbose); int GetPskClock(const char str[], bool printAns, bool verbose); +uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose); uint8_t GetNrzClock(const char str[], bool printAns, bool verbose); uint8_t GetFskClock(const char str[], bool printAns, bool verbose); uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index 53c4dffe..c5b91f99 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -83,6 +83,7 @@ typedef struct { #define CMD_SET_LF_SAMPLING_CONFIG 0x021d #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F +#define CMD_PSK_SIM_TAG 0x0220 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 9b47a994..ad8f6e00 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -53,6 +53,7 @@ local _commands = { CMD_SET_LF_SAMPLING_CONFIG = 0x021d, CMD_FSK_SIM_TAG = 0x021E, CMD_ASK_SIM_TAG = 0x021F, + CMD_PSK_SIM_TAG = 0x0220, --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/common/lfdemod.c b/common/lfdemod.c index 96b187b7..79252dd9 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -25,7 +25,7 @@ uint8_t justNoise(uint8_t *BitStream, size_t size) } //by marshmellow -//get high and low with passed in fuzz factor. also return noise test = 1 for passed or 0 for only noise +//get high and low values of a wave with passed in fuzz factor. also return noise test = 1 for passed or 0 for only noise int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo) { *high=0; diff --git a/include/usb_cmd.h b/include/usb_cmd.h index d73fac54..aab631da 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -94,6 +94,7 @@ typedef struct{ #define CMD_SET_LF_SAMPLING_CONFIG 0x021d #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F +#define CMD_PSK_SIM_TAG 0x0220 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ From 3bc66a96fe60139015ddaa0b8fb12259675ff897 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 21 Feb 2015 22:54:52 -0500 Subject: [PATCH 07/21] added PSK2 to lf simpsk testing still ongoing. --- client/cmdlf.c | 12 ++++++++++-- common/lfdemod.c | 17 +++++++++++++++++ common/lfdemod.h | 1 + 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index b2372101..d3ea8eea 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -28,6 +28,7 @@ #include "cmdlft55xx.h" #include "cmdlfpcf7931.h" #include "cmdlfio.h" +#include "lfdemod.h" static int CmdHelp(const char *Cmd); @@ -853,13 +854,20 @@ int CmdLFpskSim(const char *Cmd) } if (dataLen == 0){ //using DemodBuffer if (clk==0) clk = GetPskClock(NULL, FALSE, FALSE); - if (!carrier) carrier = GetPskCarrier(NULL, FALSE, FALSE); + if (!carrier) carrier = GetPskCarrier(NULL, FALSE, FALSE); } else { setDemodBuf(data, dataLen, 0); } if (clk <= 0) clk = 32; if (carrier == 0) carrier = 2; - + if (pskType != 1){ + if (pskType == 2){ + //need to convert psk2 to psk1 data before sim + psk2TOpsk1(DemodBuffer, DemodBufferLen); + } else { + PrintAndLog("Sorry, PSK3 not yet available"); + } + } uint16_t arg1, arg2; arg1 = clk << 8 | carrier; arg2 = invert; diff --git a/common/lfdemod.c b/common/lfdemod.c index 79252dd9..bee87ece 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -1068,6 +1068,23 @@ void psk1TOpsk2(uint8_t *BitStream, size_t size) return; } +// by marshmellow +// convert psk2 demod to psk1 demod +// from only transition waves are 1s to phase shifts change bit +void psk2TOpsk1(uint8_t *BitStream, size_t size) +{ + size_t i; + uint8_t phase=BitStream[0]; + //uint8_t lastBit=BitStream[0]; + for (i=1; i Date: Sun, 22 Feb 2015 20:09:58 -0500 Subject: [PATCH 08/21] PSK demod adjustment add carrier length test to weed out false positive demods --- client/cmddata.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 513c287f..2ed5166f 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -880,6 +880,7 @@ int FSKrawDemod(const char *Cmd, bool verbose) PrintAndLog("FSK decoded bitstream:"); printBitStream(BitStream,size); } + return 1; } else{ if (verbose) PrintAndLog("no FSK data found"); @@ -1489,9 +1490,14 @@ int PSKDemod(const char *Cmd, bool verbose) } uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; size_t BitLen = getFromGraphBuf(BitStream); - if (BitLen==0) return 0; + if (BitLen==0) return -1; + uint8_t carrier=countPSK_FC(BitStream, BitLen); + if (carrier!=2 && carrier!=4 || carrier!=8){ + //invalid carrier + return -1 + } int errCnt=0; - errCnt = pskRawDemod(BitStream, &BitLen,&clk,&invert); + errCnt = pskRawDemod(BitStream, &BitLen, &clk, &invert); if (errCnt > maxErr){ if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return -1; @@ -1708,7 +1714,7 @@ int CmdPSK2rawDemod(const char *Cmd) PrintAndLog(" : data psk2rawdemod 64 1 0 = demod a psk2 tag from GraphBuffer using a clock of RF/64, inverting output and allowing 0 demod errors"); return 0; } - errCnt=PSKDemod(Cmd, 1); + errCnt=PSKDemod(Cmd, TRUE); if (errCnt<0){ if (g_debugMode) PrintAndLog("Error demoding: %d",errCnt); return 0; From ec9882b18c9e12a60bb0face34ea4bcc072c2dfb Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sun, 22 Feb 2015 21:11:25 -0500 Subject: [PATCH 09/21] PSKDemod Bug Fix --- client/cmddata.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 2ed5166f..15f4d3eb 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1492,9 +1492,9 @@ int PSKDemod(const char *Cmd, bool verbose) size_t BitLen = getFromGraphBuf(BitStream); if (BitLen==0) return -1; uint8_t carrier=countPSK_FC(BitStream, BitLen); - if (carrier!=2 && carrier!=4 || carrier!=8){ + if (carrier!=2 && carrier!=4 && carrier!=8){ //invalid carrier - return -1 + return -1; } int errCnt=0; errCnt = pskRawDemod(BitStream, &BitLen, &clk, &invert); From 73da8187432925a1f89c3d5cdb302fec1997d7b1 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 28 Feb 2015 14:33:05 -0500 Subject: [PATCH 10/21] lf simulation tests added SimulateTagLowFrequencyTest function with some adjustments that help ASK simulations FSK and PSK still need help. Left original HID sim alone as for some it may partially work. --- armsrc/lfops.c | 166 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 138 insertions(+), 28 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index ea36cdec..866ff5d2 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -399,6 +399,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) i = 0; for(;;) { + //wait until SSC_CLK goes HIGH while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { if(BUTTON_PRESS()) { DbpString("Stopped"); @@ -406,7 +407,6 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } WDT_HIT(); } - if (ledcontrol) LED_D_ON(); @@ -417,17 +417,18 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) if (ledcontrol) LED_D_OFF(); - //wait for next sample time + //wait until SSC_CLK goes LOW while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { if(BUTTON_PRESS()) { DbpString("Stopped"); return; } WDT_HIT(); - } - + } + i++; if(i == period) { + i = 0; if (gap) { SHORT_COIL(); @@ -437,6 +438,68 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } +//Testing to fix timing issues +void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol) +{ + int i; + uint8_t *tab = BigBuf_get_addr(); + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + + i = 0; + while(!BUTTON_PRESS()) { + + WDT_HIT(); + //wait until reader carrier is HIGH + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + WDT_HIT(); + } + if (i>0 && tab[i]!=tab[i-1]){ + // transition + if (ledcontrol) + LED_D_ON(); + + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + } else { //no transition + //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened + // skip test for readers Carrier = LOW, otherwise we get a bit behind + + //wait until reader carrier is LOW + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + WDT_HIT(); + } + } + + i++; + if(i == period) { + // end of data stream, gap then repeat + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } + DbpString("Stopped"); + return; +} + #define DEBUG_FRAME_CONTENTS 1 void SimulateTagLowFrequencyBidir(int divisor, int t0) { @@ -491,27 +554,43 @@ static void fc(int c, int *n) } } // compose fc/X fc/Y waveform (FSKx) -static void fcAll(uint8_t c, int *n, uint8_t clock) +static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) { uint8_t *dest = BigBuf_get_addr(); uint8_t idx; uint8_t fcCnt; // c = count of field clock for this bit - - int mod = clock % c; + uint8_t mod = clock % c; + uint8_t modAdj = c/mod; + bool modAdjOk=FALSE; + if (c % mod==0) modAdjOk=TRUE; // loop through clock - step field clock for (idx=0; idx < (uint8_t) clock/c; idx++){ // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) - for (fcCnt=0; fcCnt < c; fcCnt++){ + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 if (fcCnt < c/2){ dest[((*n)++)]=1; } else { + //fudge low to high transition + //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; dest[((*n)++)]=0; } } } - Dbprintf("mod: %d",mod); - if (mod>0){ //for FC counts that don't add up to a full clock cycle padd with extra wave + if (mod>0) (*modCnt)++; + if ((mod>0) && modAdjOk){ //fsk2 + if ((*modCnt % modAdj) == 0){ + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 + if (fcCnt < c/2){ + dest[((*n)++)]=1; + } else { + dest[((*n)++)]=0; + } + } + } + } + //Dbprintf("mod: %d, modAdj %d, modc %d",mod, modAdj, c % mod); + if (mod>0 && !modAdjOk){ //fsk1 for (idx=0; idx < mod; idx++){ if (idx < mod/2) { dest[((*n)++)]=1; @@ -587,6 +666,7 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) int n=0, i=0; uint8_t fcHigh = arg1 >> 8; uint8_t fcLow = arg1 & 0xFF; + uint16_t modCnt = 0; //spacer bit uint8_t clk = arg2 & 0xFF; uint8_t invert = (arg2 >> 8) & 1; @@ -595,26 +675,48 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) WDT_HIT(); for (i=0; i> 8; uint8_t carrier = arg1 & 0xFF; uint8_t invert = arg2 & 0xFF; - uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase + //uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase //uint8_t invert = (arg2 >> 8) & 1; uint8_t curPhase = 0; WDT_HIT(); @@ -728,11 +830,11 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) if (BitStream[i] == curPhase){ pskSimBit(carrier, &n, clk, &curPhase, FALSE); } else { - pskSimBit(phase, &n, clk, &curPhase, TRUE); + pskSimBit(carrier, &n, clk, &curPhase, TRUE); } } Dbprintf("Simulating with Carrier: %d, clk: %d, invert: %d, n: %d",carrier, clk, invert, n); - Dbprintf("First 64:"); + Dbprintf("First 128:"); uint8_t *dest = BigBuf_get_addr(); i=0; Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); @@ -742,10 +844,18 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); i+=16; Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); + i+=16; + Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); + i+=16; + Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); + i+=16; + Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); + i+=16; + Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequency(n, 0, ledcontrol); + SimulateTagLowFrequencyTest(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); From 8d960002c8713dfbaed0f0dd52fe7d7cb2dd77b1 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 2 Mar 2015 14:42:55 -0500 Subject: [PATCH 11/21] lf cmds fix, add, show show command to UI: data printdemodbuffer - allow printing of demod buffer Add: data askgproxiidemod - demod a gproxii tag Fix: adjust lf simxxx commands further for testing --- armsrc/lfops.c | 74 ++++++++++++++++--------- client/FLASH - OS.bat | 61 +++++++++++++++++++++ client/cmddata.c | 125 +++++++++++++++++++++++++++++++++++++++++- client/cmddata.h | 1 + client/cmdlf.c | 29 +++++++--- 5 files changed, 254 insertions(+), 36 deletions(-) create mode 100644 client/FLASH - OS.bat diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 866ff5d2..3684eaaf 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -438,8 +438,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } -//Testing to fix timing issues -void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol) +//Testing to fix timing issues by marshmellow (MM) +void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol) { int i; uint8_t *tab = BigBuf_get_addr(); @@ -463,7 +463,31 @@ void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol) while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { WDT_HIT(); } - if (i>0 && tab[i]!=tab[i-1]){ + if (i>0){ + if (tab[i]!=tab[i-1]){ + // transition + if (ledcontrol) + LED_D_ON(); + + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + + } else { //no transition + //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened + // skip test for readers Carrier = LOW, otherwise we get a bit behind + + //wait until reader carrier is LOW + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + WDT_HIT(); + } + } + } else { // transition if (ledcontrol) LED_D_ON(); @@ -475,16 +499,10 @@ void SimulateTagLowFrequencyTest(int period, int gap, int ledcontrol) SHORT_COIL(); if (ledcontrol) - LED_D_OFF(); - } else { //no transition - //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened - // skip test for readers Carrier = LOW, otherwise we get a bit behind - - //wait until reader carrier is LOW - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - WDT_HIT(); - } - } + LED_D_OFF(); + } + WDT_HIT(); + i++; if(i == period) { @@ -568,23 +586,25 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) for (idx=0; idx < (uint8_t) clock/c; idx++){ // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2){ - dest[((*n)++)]=1; + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; } else { //fudge low to high transition - //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; - dest[((*n)++)]=0; + //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; } } } if (mod>0) (*modCnt)++; - if ((mod>0) && modAdjOk){ //fsk2 - if ((*modCnt % modAdj) == 0){ + if ((mod>0) && modAdjOk){ //fsk2 + if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2){ - dest[((*n)++)]=1; + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; } else { - dest[((*n)++)]=0; + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; } } } @@ -593,9 +613,9 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) if (mod>0 && !modAdjOk){ //fsk1 for (idx=0; idx < mod; idx++){ if (idx < mod/2) { - dest[((*n)++)]=1; - } else { dest[((*n)++)]=0; + } else { + dest[((*n)++)]=1; } } } @@ -716,7 +736,7 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequencyTest(n, 0, ledcontrol); + SimulateTagLowFrequencyMM(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); @@ -781,7 +801,7 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequencyTest(n, 0, ledcontrol); + SimulateTagLowFrequencyMM(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); @@ -855,7 +875,7 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequencyTest(n, 0, ledcontrol); + SimulateTagLowFrequencyMM(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); diff --git a/client/FLASH - OS.bat b/client/FLASH - OS.bat new file mode 100644 index 00000000..46605190 --- /dev/null +++ b/client/FLASH - OS.bat @@ -0,0 +1,61 @@ +@echo off +color 0a +MODE CON COLS=80 LINES=36 +title OS FLASH FILE +echo. +echo. +echo. +echo ====================================================================== +echo ©¦!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! O__O !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!©¦ +echo ©¦==================================================================©¦ +echo ©¦OS-ONLY FLASHER BATCH FILE ©¦ +echo ©¦ ©¦ +echo ©¦you will need to have this file (FLASH - OS.bat) in \win32 folder ©¦ +echo ©¦you will need to have flasher.exe in \win32 folder ©¦ +echo ©¦you will need to have osimage.elf in \firmware_win folder ©¦ +echo ©¦ ©¦ +echo ©¦ ©¦ +echo ©¦IF YOU HAVE THOSE REQUISITES HIT ANY BUTTON TO CONTINUE ! ©¦ +echo ©¦------------------------------------------------------------------©¦ +echo ====================================================================== +pause. + +cls +echo. +echo ==================================== +echo FLASHING osimage.elf, please wait... +echo ==================================== +echo. +flasher.exe com3 ..\armsrc\obj\osimage.elf + +pause. + +cls +title DONE +echo. +echo ___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___ +echo / \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \ +echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ +echo / \___/ \___/ \ +echo \___/ \___/ +echo / \ / \ +echo \___/ \___/ +echo / \ FLASHING OPERATION SUCCESSFUL ! Enjoy it ! / \ +echo \___/ \___/ +echo / \ / \ +echo \___/ \___/ +echo / \ BATCH FILE BY ASPER / \ +echo \___/ \___/ +echo / \ / \ +echo \___/ \___/ +echo / \___ ___/ \ +echo \___/ \___ ___ ___ ___ ___ ___ ___/ \___/ +echo / \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \ +echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ +echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ + +echo. +pause. +cls +MODE CON COLS=130 LINES=36 +cmd.exe diff --git a/client/cmddata.c b/client/cmddata.c index 15f4d3eb..b8b95c04 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -84,7 +84,11 @@ void printDemodBuff(void) return; } - +int CmdPrintDemodBuff(const char *Cmd) +{ + printDemodBuff(); + return 1; +} int CmdAmp(const char *Cmd) { int i, rising, falling; @@ -503,6 +507,29 @@ int CmdBiphaseDecodeRaw(const char *Cmd) return 1; } +// set demod buffer back to raw after biphase demod +void setBiphaseDemodBuf(uint8_t *BitStream, size_t size) +{ + uint8_t rawStream[512]={0x00}; + size_t i=0; + uint8_t curPhase=0; + if (size > 256) { + PrintAndLog("ERROR - Biphase Demod Buffer overrun"); + return; + } + for (size_t idx=0; idx>2; + uint32_t FC = 0; + uint32_t Card = 0; + uint32_t raw1 = bytebits_to_byte(DemodBuffer+ans,32); + uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32); + uint32_t raw3 = bytebits_to_byte(DemodBuffer+ans+64, 32); + + if (fmtLen==36){ + FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1); + Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5); + PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card); + } else if(fmtLen==26){ + FC = ((ByteStream[3] & 0x7F)<<1) | (ByteStream[4]>>7); + Card = ((ByteStream[4]&0x7F)<<9) | (ByteStream[5]<<1) | (ByteStream[6]>>7); + PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card); + } else { + PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",fmtLen); + } + PrintAndLog("Raw: %08x%08x%08x", raw1,raw2,raw3); + setBiphaseDemodBuf(DemodBuffer+ans, 96); + return 1; +} + //by marshmellow - see ASKrawDemod int Cmdaskrawdemod(const char *Cmd) { @@ -2422,6 +2543,7 @@ static command_t CommandTable[] = //{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"}, {"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"}, {"askem410xdemod",CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"}, + {"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"}, //{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"}, //{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"}, {"autocorr", CmdAutoCorr, 1, " -- Autocorrelation over window"}, @@ -2454,6 +2576,7 @@ static command_t CommandTable[] = //{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, + {"printdemodbuffer",CmdPrintDemodBuff,1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, {"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, //{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"}, //{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"}, diff --git a/client/cmddata.h b/client/cmddata.h index aba3369e..673a2ba0 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -19,6 +19,7 @@ void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx); int CmdAmp(const char *Cmd); int Cmdaskdemod(const char *Cmd); int CmdAskEM410xDemod(const char *Cmd); +int CmdG_Prox_II_Demod(const char *Cmd); int Cmdaskrawdemod(const char *Cmd); int Cmdaskmandemod(const char *Cmd); int CmdAutoCorr(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index d3ea8eea..1222b3ce 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -766,16 +766,19 @@ int CmdLFaskSim(const char *Cmd) setDemodBuf(data, dataLen, 0); } if (clk == 0) clk = 64; - + if (manchester == 0) clk = clk/2; //askraw needs to double the clock speed uint16_t arg1, arg2; + size_t size=DemodBufferLen; arg1 = clk << 8 | manchester; arg2 = invert << 8 | separator; - UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; - if (DemodBufferLen > USB_CMD_DATA_SIZE) { - PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size = USB_CMD_DATA_SIZE; } - PrintAndLog("preparing to sim ask data: %d bits", DemodBufferLen); - memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}}; + + PrintAndLog("preparing to sim ask data: %d bits", size); + memcpy(c.d.asBytes, DemodBuffer, size); SendCommand(&c); return 0; } @@ -853,11 +856,15 @@ int CmdLFpskSim(const char *Cmd) return usage_lf_simpsk(); } if (dataLen == 0){ //using DemodBuffer - if (clk==0) clk = GetPskClock(NULL, FALSE, FALSE); - if (!carrier) carrier = GetPskCarrier(NULL, FALSE, FALSE); + PrintAndLog("Getting Clocks"); + if (clk==0) clk = GetPskClock("", FALSE, FALSE); + PrintAndLog("clk: %d",clk); + if (!carrier) carrier = GetPskCarrier("", FALSE, FALSE); + PrintAndLog("carrier: %d", carrier); } else { setDemodBuf(data, dataLen, 0); } + if (clk <= 0) clk = 32; if (carrier == 0) carrier = 2; if (pskType != 1){ @@ -875,6 +882,7 @@ int CmdLFpskSim(const char *Cmd) if (DemodBufferLen > USB_CMD_DATA_SIZE) { PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); } + PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen); memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); SendCommand(&c); return 0; @@ -1055,6 +1063,11 @@ int CmdLFfind(const char *Cmd) PrintAndLog("\nValid EM410x ID Found!"); return 1; } + ans=CmdG_Prox_II_Demod(""); + if (ans>0) { + PrintAndLog("\nValid G Prox II ID Found!"); + return 1; + } PrintAndLog("\nNo Known Tags Found!\n"); if (testRaw=='u' || testRaw=='U'){ //test unknown tag formats (raw mode) From 40b9bb85e6e157193d12b77609673e71388654cd Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 2 Mar 2015 14:44:05 -0500 Subject: [PATCH 12/21] oops... should this file should not have been there --- client/FLASH - OS.bat | 61 ------------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 client/FLASH - OS.bat diff --git a/client/FLASH - OS.bat b/client/FLASH - OS.bat deleted file mode 100644 index 46605190..00000000 --- a/client/FLASH - OS.bat +++ /dev/null @@ -1,61 +0,0 @@ -@echo off -color 0a -MODE CON COLS=80 LINES=36 -title OS FLASH FILE -echo. -echo. -echo. -echo ====================================================================== -echo ©¦!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! O__O !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!©¦ -echo ©¦==================================================================©¦ -echo ©¦OS-ONLY FLASHER BATCH FILE ©¦ -echo ©¦ ©¦ -echo ©¦you will need to have this file (FLASH - OS.bat) in \win32 folder ©¦ -echo ©¦you will need to have flasher.exe in \win32 folder ©¦ -echo ©¦you will need to have osimage.elf in \firmware_win folder ©¦ -echo ©¦ ©¦ -echo ©¦ ©¦ -echo ©¦IF YOU HAVE THOSE REQUISITES HIT ANY BUTTON TO CONTINUE ! ©¦ -echo ©¦------------------------------------------------------------------©¦ -echo ====================================================================== -pause. - -cls -echo. -echo ==================================== -echo FLASHING osimage.elf, please wait... -echo ==================================== -echo. -flasher.exe com3 ..\armsrc\obj\osimage.elf - -pause. - -cls -title DONE -echo. -echo ___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___ -echo / \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \ -echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ -echo / \___/ \___/ \ -echo \___/ \___/ -echo / \ / \ -echo \___/ \___/ -echo / \ FLASHING OPERATION SUCCESSFUL ! Enjoy it ! / \ -echo \___/ \___/ -echo / \ / \ -echo \___/ \___/ -echo / \ BATCH FILE BY ASPER / \ -echo \___/ \___/ -echo / \ / \ -echo \___/ \___/ -echo / \___ ___/ \ -echo \___/ \___ ___ ___ ___ ___ ___ ___/ \___/ -echo / \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \ -echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ -echo \___/ \___/ \___/ \___/ \___/ \___/ \___/ \___/ - -echo. -pause. -cls -MODE CON COLS=130 LINES=36 -cmd.exe From 11081e0459f303518350b195b9d1c54b415eb6d7 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Tue, 3 Mar 2015 16:20:18 -0500 Subject: [PATCH 13/21] finish gProxII_Demod --- common/lfdemod.c | 23 ++++++++++++++++++++++- common/lfdemod.h | 1 + 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/common/lfdemod.c b/common/lfdemod.c index bee87ece..144cb327 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -354,7 +354,6 @@ void askAmp(uint8_t *BitStream, size_t size) //by marshmellow //takes 3 arguments - clock, invert and maxErr as integers //attempts to demodulate ask only -//prints binary found and saves in graphbuffer for further commands int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr, uint8_t amp) { uint32_t i; @@ -501,6 +500,28 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max } return bestErrCnt; } + +// demod gProxIIDemod +// error returns as -x +// success returns start position in BitStream +// BitStream must contain previously askrawdemod and biphasedemoded data +int gProxII_Demod(uint8_t BitStream[], size_t *size) +{ + size_t startIdx=0; + uint8_t preamble[] = {1,1,1,1,1,0}; + + uint8_t errChk = preambleSearch(BitStream, preamble, sizeof(preamble), size, &startIdx); + if (errChk == 0) return -3; //preamble not found + if (*size != 96) return -2; //should have found 96 bits + //check first 6 spacer bits to verify format + if (!BitStream[startIdx+5] && !BitStream[startIdx+10] && !BitStream[startIdx+15] && !BitStream[startIdx+20] && !BitStream[startIdx+25] && !BitStream[startIdx+30]){ + //confirmed proper separator bits found + //return start position + return (int) startIdx; + } + return -5; +} + //translate wave to 11111100000 (1 for each short wave 0 for each long wave) size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow) { diff --git a/common/lfdemod.h b/common/lfdemod.h index 9d55d064..23525a48 100644 --- a/common/lfdemod.h +++ b/common/lfdemod.h @@ -22,6 +22,7 @@ int ManchesterEncode(uint8_t *BitStream, size_t size); int manrawdecode(uint8_t *BitStream, size_t *size); int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert); int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr, uint8_t amp); +int gProxII_Demod(uint8_t BitStream[], size_t *size); int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo); int IOdemodFSK(uint8_t *dest, size_t size); int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow); From 293de1bad7bbea39eb285b2297760d51cccf07b3 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 6 Mar 2015 12:25:36 -0500 Subject: [PATCH 14/21] lf sim fixes/creations fixed lf simpsk fixed lf em em410xsim fixed lf sim (can go right from lf search to lf sim if you have a strong antenna - if not use a demod first) --- armsrc/lfops.c | 2112 -------------------------------------------- client/cmddata.c | 34 +- client/cmddata.h | 1 + client/cmdlf.c | 14 +- client/cmdlf.h | 2 +- client/cmdlfem4x.c | 2 +- client/graph.c | 4 +- 7 files changed, 40 insertions(+), 2129 deletions(-) delete mode 100644 armsrc/lfops.c diff --git a/armsrc/lfops.c b/armsrc/lfops.c deleted file mode 100644 index 3684eaaf..00000000 --- a/armsrc/lfops.c +++ /dev/null @@ -1,2112 +0,0 @@ -//----------------------------------------------------------------------------- -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// Miscellaneous routines for low frequency tag operations. -// Tags supported here so far are Texas Instruments (TI), HID -// Also routines for raw mode reading/simulating of LF waveform -//----------------------------------------------------------------------------- - -#include "proxmark3.h" -#include "apps.h" -#include "util.h" -#include "hitag2.h" -#include "crc16.h" -#include "string.h" -#include "lfdemod.h" -#include "lfsampling.h" - - -/** - * Function to do a modulation and then get samples. - * @param delay_off - * @param period_0 - * @param period_1 - * @param command - */ -void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) -{ - - int divisor_used = 95; // 125 KHz - // see if 'h' was specified - - if (command[strlen((char *) command) - 1] == 'h') - divisor_used = 88; // 134.8 KHz - - sample_config sc = { 0,0,1, divisor_used, 0}; - setSamplingConfig(&sc); - - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); - - LFSetupFPGAForADC(sc.divisor, 1); - - // And a little more time for the tag to fully power up - SpinDelay(2000); - - // now modulate the reader field - while(*command != '\0' && *command != ' ') { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - LED_D_ON(); - if(*(command++) == '0') - SpinDelayUs(period_0); - else - SpinDelayUs(period_1); - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // now do the read - DoAcquisition_config(false); -} - - - -/* blank r/w tag data stream -...0000000000000000 01111111 -1010101010101010101010101010101010101010101010101010101010101010 -0011010010100001 -01111111 -101010101010101[0]000... - -[5555fe852c5555555555555555fe0000] -*/ -void ReadTItag(void) -{ - // some hardcoded initial params - // when we read a TI tag we sample the zerocross line at 2Mhz - // TI tags modulate a 1 as 16 cycles of 123.2Khz - // TI tags modulate a 0 as 16 cycles of 134.2Khz - #define FSAMPLE 2000000 - #define FREQLO 123200 - #define FREQHI 134200 - - signed char *dest = (signed char *)BigBuf_get_addr(); - uint16_t n = BigBuf_max_traceLen(); - // 128 bit shift register [shift3:shift2:shift1:shift0] - uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; - - int i, cycles=0, samples=0; - // how many sample points fit in 16 cycles of each frequency - uint32_t sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; - // when to tell if we're close enough to one freq or another - uint32_t threshold = (sampleslo - sampleshi + 1)>>1; - - // TI tags charge at 134.2Khz - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - - // get TI tag data into the buffer - AcquireTiType(); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - - for (i=0; i0) ) { - cycles++; - // after 16 cycles, measure the frequency - if (cycles>15) { - cycles=0; - samples=i-samples; // number of samples in these 16 cycles - - // TI bits are coming to us lsb first so shift them - // right through our 128 bit right shift register - shift0 = (shift0>>1) | (shift1 << 31); - shift1 = (shift1>>1) | (shift2 << 31); - shift2 = (shift2>>1) | (shift3 << 31); - shift3 >>= 1; - - // check if the cycles fall close to the number - // expected for either the low or high frequency - if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { - // low frequency represents a 1 - shift3 |= (1<<31); - } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { - // high frequency represents a 0 - } else { - // probably detected a gay waveform or noise - // use this as gaydar or discard shift register and start again - shift3 = shift2 = shift1 = shift0 = 0; - } - samples = i; - - // for each bit we receive, test if we've detected a valid tag - - // if we see 17 zeroes followed by 6 ones, we might have a tag - // remember the bits are backwards - if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { - // if start and end bytes match, we have a tag so break out of the loop - if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { - cycles = 0xF0B; //use this as a flag (ugly but whatever) - break; - } - } - } - } - } - - // if flag is set we have a tag - if (cycles!=0xF0B) { - DbpString("Info: No valid tag detected."); - } else { - // put 64 bit data into shift1 and shift0 - shift0 = (shift0>>24) | (shift1 << 8); - shift1 = (shift1>>24) | (shift2 << 8); - - // align 16 bit crc into lower half of shift2 - shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; - - // if r/w tag, check ident match - if (shift3 & (1<<15) ) { - DbpString("Info: TI tag is rewriteable"); - // only 15 bits compare, last bit of ident is not valid - if (((shift3 >> 16) ^ shift0) & 0x7fff ) { - DbpString("Error: Ident mismatch!"); - } else { - DbpString("Info: TI tag ident is valid"); - } - } else { - DbpString("Info: TI tag is readonly"); - } - - // WARNING the order of the bytes in which we calc crc below needs checking - // i'm 99% sure the crc algorithm is correct, but it may need to eat the - // bytes in reverse or something - // calculate CRC - uint32_t crc=0; - - crc = update_crc16(crc, (shift0)&0xff); - crc = update_crc16(crc, (shift0>>8)&0xff); - crc = update_crc16(crc, (shift0>>16)&0xff); - crc = update_crc16(crc, (shift0>>24)&0xff); - crc = update_crc16(crc, (shift1)&0xff); - crc = update_crc16(crc, (shift1>>8)&0xff); - crc = update_crc16(crc, (shift1>>16)&0xff); - crc = update_crc16(crc, (shift1>>24)&0xff); - - Dbprintf("Info: Tag data: %x%08x, crc=%x", - (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); - if (crc != (shift2&0xffff)) { - Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); - } else { - DbpString("Info: CRC is good"); - } - } -} - -void WriteTIbyte(uint8_t b) -{ - int i = 0; - - // modulate 8 bits out to the antenna - for (i=0; i<8; i++) - { - if (b&(1<PIO_PDR = GPIO_SSC_DIN; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; - - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; - - // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long - // 48/2 = 24 MHz clock must be divided by 12 - AT91C_BASE_SSC->SSC_CMR = 12; - - AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; - AT91C_BASE_SSC->SSC_TCMR = 0; - AT91C_BASE_SSC->SSC_TFMR = 0; - - LED_D_ON(); - - // modulate antenna - HIGH(GPIO_SSC_DOUT); - - // Charge TI tag for 50ms. - SpinDelay(50); - - // stop modulating antenna and listen - LOW(GPIO_SSC_DOUT); - - LED_D_OFF(); - - i = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer - i++; if(i >= TIBUFLEN) break; - } - WDT_HIT(); - } - - // return stolen pin to SSP - AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; - - char *dest = (char *)BigBuf_get_addr(); - n = TIBUFLEN*32; - // unpack buffer - for (i=TIBUFLEN-1; i>=0; i--) { - for (j=0; j<32; j++) { - if(BigBuf[i] & (1 << j)) { - dest[--n] = 1; - } else { - dest[--n] = -1; - } - } - } -} - -// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc -// if crc provided, it will be written with the data verbatim (even if bogus) -// if not provided a valid crc will be computed from the data and written. -void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) -{ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - if(crc == 0) { - crc = update_crc16(crc, (idlo)&0xff); - crc = update_crc16(crc, (idlo>>8)&0xff); - crc = update_crc16(crc, (idlo>>16)&0xff); - crc = update_crc16(crc, (idlo>>24)&0xff); - crc = update_crc16(crc, (idhi)&0xff); - crc = update_crc16(crc, (idhi>>8)&0xff); - crc = update_crc16(crc, (idhi>>16)&0xff); - crc = update_crc16(crc, (idhi>>24)&0xff); - } - Dbprintf("Writing to tag: %x%08x, crc=%x", - (unsigned int) idhi, (unsigned int) idlo, crc); - - // TI tags charge at 134.2Khz - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - LED_A_ON(); - - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - - // writing algorithm: - // a high bit consists of a field off for 1ms and field on for 1ms - // a low bit consists of a field off for 0.3ms and field on for 1.7ms - // initiate a charge time of 50ms (field on) then immediately start writing bits - // start by writing 0xBB (keyword) and 0xEB (password) - // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) - // finally end with 0x0300 (write frame) - // all data is sent lsb firts - // finish with 15ms programming time - - // modulate antenna - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // charge time - - WriteTIbyte(0xbb); // keyword - WriteTIbyte(0xeb); // password - WriteTIbyte( (idlo )&0xff ); - WriteTIbyte( (idlo>>8 )&0xff ); - WriteTIbyte( (idlo>>16)&0xff ); - WriteTIbyte( (idlo>>24)&0xff ); - WriteTIbyte( (idhi )&0xff ); - WriteTIbyte( (idhi>>8 )&0xff ); - WriteTIbyte( (idhi>>16)&0xff ); - WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo - WriteTIbyte( (crc )&0xff ); // crc lo - WriteTIbyte( (crc>>8 )&0xff ); // crc hi - WriteTIbyte(0x00); // write frame lo - WriteTIbyte(0x03); // write frame hi - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // programming time - - LED_A_OFF(); - - // get TI tag data into the buffer - AcquireTiType(); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("Now use tiread to check"); -} - -void SimulateTagLowFrequency(int period, int gap, int ledcontrol) -{ - int i; - uint8_t *tab = BigBuf_get_addr(); - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); - - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - - #define SHORT_COIL() LOW(GPIO_SSC_DOUT) - #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) - - i = 0; - for(;;) { - //wait until SSC_CLK goes HIGH - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } - if (ledcontrol) - LED_D_ON(); - - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - //wait until SSC_CLK goes LOW - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } - - i++; - if(i == period) { - - i = 0; - if (gap) { - SHORT_COIL(); - SpinDelayUs(gap); - } - } - } -} - -//Testing to fix timing issues by marshmellow (MM) -void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol) -{ - int i; - uint8_t *tab = BigBuf_get_addr(); - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); - - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - - #define SHORT_COIL() LOW(GPIO_SSC_DOUT) - #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) - - i = 0; - while(!BUTTON_PRESS()) { - - WDT_HIT(); - //wait until reader carrier is HIGH - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - WDT_HIT(); - } - if (i>0){ - if (tab[i]!=tab[i-1]){ - // transition - if (ledcontrol) - LED_D_ON(); - - // modulate coil - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - - } else { //no transition - //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened - // skip test for readers Carrier = LOW, otherwise we get a bit behind - - //wait until reader carrier is LOW - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - WDT_HIT(); - } - } - } else { - // transition - if (ledcontrol) - LED_D_ON(); - - // modulate coil - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - } - WDT_HIT(); - - - i++; - if(i == period) { - // end of data stream, gap then repeat - i = 0; - if (gap) { - SHORT_COIL(); - SpinDelayUs(gap); - } - } - } - DbpString("Stopped"); - return; -} - -#define DEBUG_FRAME_CONTENTS 1 -void SimulateTagLowFrequencyBidir(int divisor, int t0) -{ -} - -// compose fc/8 fc/10 waveform (FSK2) -static void fc(int c, int *n) -{ - uint8_t *dest = BigBuf_get_addr(); - int idx; - - // for when we want an fc8 pattern every 4 logical bits - if(c==0) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples - if(c==8) { - for (idx=0; idx<6; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } - - // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples - if(c==10) { - for (idx=0; idx<5; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } -} -// compose fc/X fc/Y waveform (FSKx) -static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) -{ - uint8_t *dest = BigBuf_get_addr(); - uint8_t idx; - uint8_t fcCnt; - // c = count of field clock for this bit - uint8_t mod = clock % c; - uint8_t modAdj = c/mod; - bool modAdjOk=FALSE; - if (c % mod==0) modAdjOk=TRUE; - // loop through clock - step field clock - for (idx=0; idx < (uint8_t) clock/c; idx++){ - // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) - for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2+1){ - dest[((*n)++)]=0; - } else { - //fudge low to high transition - //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; - //if (c==8 && fcCnt==5) continue; - dest[((*n)++)]=1; - } - } - } - if (mod>0) (*modCnt)++; - if ((mod>0) && modAdjOk){ //fsk2 - if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave - for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2+1){ - dest[((*n)++)]=0; - } else { - //if (c==8 && fcCnt==5) continue; - dest[((*n)++)]=1; - } - } - } - } - //Dbprintf("mod: %d, modAdj %d, modc %d",mod, modAdj, c % mod); - if (mod>0 && !modAdjOk){ //fsk1 - for (idx=0; idx < mod; idx++){ - if (idx < mod/2) { - dest[((*n)++)]=0; - } else { - dest[((*n)++)]=1; - } - } - } -} - -// prepare a waveform pattern in the buffer based on the ID given then -// simulate a HID tag until the button is pressed -void CmdHIDsimTAG(int hi, int lo, int ledcontrol) -{ - int n=0, i=0; - /* - HID tag bitstream format - The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits - A 1 bit is represented as 6 fc8 and 5 fc10 patterns - A 0 bit is represented as 5 fc10 and 6 fc8 patterns - A fc8 is inserted before every 4 bits - A special start of frame pattern is used consisting a0b0 where a and b are neither 0 - nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) - */ - - if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); - return; - } - fc(0,&n); - // special start of frame marker containing invalid bit sequences - fc(8, &n); fc(8, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 - fc(10, &n); fc(10, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 - - WDT_HIT(); - // manchester encode bits 43 to 32 - for (i=11; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((hi>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } - - WDT_HIT(); - // manchester encode bits 31 to 0 - for (i=31; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((lo>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } - - if (ledcontrol) - LED_A_ON(); - SimulateTagLowFrequency(n, 0, ledcontrol); - - if (ledcontrol) - LED_A_OFF(); -} - -// prepare a waveform pattern in the buffer based on the ID given then -// simulate a FSK tag until the button is pressed -// arg1 contains fcHigh and fcLow, arg2 contains invert and clock -void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) -{ - int ledcontrol=1; - int n=0, i=0; - uint8_t fcHigh = arg1 >> 8; - uint8_t fcLow = arg1 & 0xFF; - uint16_t modCnt = 0; - //spacer bit - uint8_t clk = arg2 & 0xFF; - uint8_t invert = (arg2 >> 8) & 1; - //fcAll(0, &n, clk); - - WDT_HIT(); - for (i=0; i> 8) & 0xFF; - uint8_t manchester = arg1 & 1; - uint8_t separator = arg2 & 1; - uint8_t invert = (arg2 >> 8) & 1; - WDT_HIT(); - for (i=0; i> 8; - uint8_t carrier = arg1 & 0xFF; - uint8_t invert = arg2 & 0xFF; - //uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase - //uint8_t invert = (arg2 >> 8) & 1; - uint8_t curPhase = 0; - WDT_HIT(); - for (i=0; i0 && lo>0){ - // final loop, go over previously decoded manchester data and decode into usable tag ID - // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 - if (hi2 != 0){ //extra large HID tags - Dbprintf("TAG ID: %x%08x%08x (%d)", - (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); - }else { //standard HID tags <38 bits - //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd - uint8_t bitlen = 0; - uint32_t fc = 0; - uint32_t cardnum = 0; - if (((hi>>5)&1) == 1){//if bit 38 is set then < 37 bit format is used - uint32_t lo2=0; - lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit - uint8_t idx3 = 1; - while(lo2 > 1){ //find last bit set to 1 (format len bit) - lo2=lo2 >> 1; - idx3++; - } - bitlen = idx3+19; - fc =0; - cardnum=0; - if(bitlen == 26){ - cardnum = (lo>>1)&0xFFFF; - fc = (lo>>17)&0xFF; - } - if(bitlen == 37){ - cardnum = (lo>>1)&0x7FFFF; - fc = ((hi&0xF)<<12)|(lo>>20); - } - if(bitlen == 34){ - cardnum = (lo>>1)&0xFFFF; - fc= ((hi&1)<<15)|(lo>>17); - } - if(bitlen == 35){ - cardnum = (lo>>1)&0xFFFFF; - fc = ((hi&1)<<11)|(lo>>21); - } - } - else { //if bit 38 is not set then 37 bit format is used - bitlen= 37; - fc =0; - cardnum=0; - if(bitlen==37){ - cardnum = (lo>>1)&0x7FFFF; - fc = ((hi&0xF)<<12)|(lo>>20); - } - } - //Dbprintf("TAG ID: %x%08x (%d)", - // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); - Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d", - (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF, - (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum); - } - if (findone){ - if (ledcontrol) LED_A_OFF(); - *high = hi; - *low = lo; - return; - } - // reset - hi2 = hi = lo = 0; - } - WDT_HIT(); - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); -} - -void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) -{ - uint8_t *dest = BigBuf_get_addr(); - - size_t size=0, idx=0; - int clk=0, invert=0, errCnt=0, maxErr=20; - uint64_t lo=0; - // Configure to go in 125Khz listen mode - LFSetupFPGAForADC(95, true); - - while(!BUTTON_PRESS()) { - - WDT_HIT(); - if (ledcontrol) LED_A_ON(); - - DoAcquisition_default(-1,true); - size = BigBuf_max_traceLen(); - //Dbprintf("DEBUG: Buffer got"); - //askdemod and manchester decode - errCnt = askmandemod(dest, &size, &clk, &invert, maxErr); - //Dbprintf("DEBUG: ASK Got"); - WDT_HIT(); - - if (errCnt>=0){ - lo = Em410xDecode(dest, &size, &idx); - //Dbprintf("DEBUG: EM GOT"); - if (lo>0){ - Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", - (uint32_t)(lo>>32), - (uint32_t)lo, - (uint32_t)(lo&0xFFFF), - (uint32_t)((lo>>16LL) & 0xFF), - (uint32_t)(lo & 0xFFFFFF)); - } - if (findone){ - if (ledcontrol) LED_A_OFF(); - *high=lo>>32; - *low=lo & 0xFFFFFFFF; - return; - } - } else{ - //Dbprintf("DEBUG: No Tag"); - } - WDT_HIT(); - lo = 0; - clk=0; - invert=0; - errCnt=0; - size=0; - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); -} - -void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) -{ - uint8_t *dest = BigBuf_get_addr(); - int idx=0; - uint32_t code=0, code2=0; - uint8_t version=0; - uint8_t facilitycode=0; - uint16_t number=0; - // Configure to go in 125Khz listen mode - LFSetupFPGAForADC(95, true); - - while(!BUTTON_PRESS()) { - WDT_HIT(); - if (ledcontrol) LED_A_ON(); - DoAcquisition_default(-1,true); - //fskdemod and get start index - WDT_HIT(); - idx = IOdemodFSK(dest, BigBuf_max_traceLen()); - if (idx>0){ - //valid tag found - - //Index map - //0 10 20 30 40 50 60 - //| | | | | | | - //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 - //----------------------------------------------------------------------------- - //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 - // - //XSF(version)facility:codeone+codetwo - //Handle the data - if(findone){ //only print binary if we are doing one - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]); - Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]); - Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]); - } - code = bytebits_to_byte(dest+idx,32); - code2 = bytebits_to_byte(dest+idx+32,32); - version = bytebits_to_byte(dest+idx+27,8); //14,4 - facilitycode = bytebits_to_byte(dest+idx+18,8) ; - number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 - - Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); - // if we're only looking for one tag - if (findone){ - if (ledcontrol) LED_A_OFF(); - //LED_A_OFF(); - *high=code; - *low=code2; - return; - } - code=code2=0; - version=facilitycode=0; - number=0; - idx=0; - } - WDT_HIT(); - } - DbpString("Stopped"); - if (ledcontrol) LED_A_OFF(); -} - -/*------------------------------ - * T5555/T5557/T5567 routines - *------------------------------ - */ - -/* T55x7 configuration register definitions */ -#define T55x7_POR_DELAY 0x00000001 -#define T55x7_ST_TERMINATOR 0x00000008 -#define T55x7_PWD 0x00000010 -#define T55x7_MAXBLOCK_SHIFT 5 -#define T55x7_AOR 0x00000200 -#define T55x7_PSKCF_RF_2 0 -#define T55x7_PSKCF_RF_4 0x00000400 -#define T55x7_PSKCF_RF_8 0x00000800 -#define T55x7_MODULATION_DIRECT 0 -#define T55x7_MODULATION_PSK1 0x00001000 -#define T55x7_MODULATION_PSK2 0x00002000 -#define T55x7_MODULATION_PSK3 0x00003000 -#define T55x7_MODULATION_FSK1 0x00004000 -#define T55x7_MODULATION_FSK2 0x00005000 -#define T55x7_MODULATION_FSK1a 0x00006000 -#define T55x7_MODULATION_FSK2a 0x00007000 -#define T55x7_MODULATION_MANCHESTER 0x00008000 -#define T55x7_MODULATION_BIPHASE 0x00010000 -#define T55x7_BITRATE_RF_8 0 -#define T55x7_BITRATE_RF_16 0x00040000 -#define T55x7_BITRATE_RF_32 0x00080000 -#define T55x7_BITRATE_RF_40 0x000C0000 -#define T55x7_BITRATE_RF_50 0x00100000 -#define T55x7_BITRATE_RF_64 0x00140000 -#define T55x7_BITRATE_RF_100 0x00180000 -#define T55x7_BITRATE_RF_128 0x001C0000 - -/* T5555 (Q5) configuration register definitions */ -#define T5555_ST_TERMINATOR 0x00000001 -#define T5555_MAXBLOCK_SHIFT 0x00000001 -#define T5555_MODULATION_MANCHESTER 0 -#define T5555_MODULATION_PSK1 0x00000010 -#define T5555_MODULATION_PSK2 0x00000020 -#define T5555_MODULATION_PSK3 0x00000030 -#define T5555_MODULATION_FSK1 0x00000040 -#define T5555_MODULATION_FSK2 0x00000050 -#define T5555_MODULATION_BIPHASE 0x00000060 -#define T5555_MODULATION_DIRECT 0x00000070 -#define T5555_INVERT_OUTPUT 0x00000080 -#define T5555_PSK_RF_2 0 -#define T5555_PSK_RF_4 0x00000100 -#define T5555_PSK_RF_8 0x00000200 -#define T5555_USE_PWD 0x00000400 -#define T5555_USE_AOR 0x00000800 -#define T5555_BITRATE_SHIFT 12 -#define T5555_FAST_WRITE 0x00004000 -#define T5555_PAGE_SELECT 0x00008000 - -/* - * Relevant times in microsecond - * To compensate antenna falling times shorten the write times - * and enlarge the gap ones. - */ -#define START_GAP 250 -#define WRITE_GAP 160 -#define WRITE_0 144 // 192 -#define WRITE_1 400 // 432 for T55x7; 448 for E5550 - -// Write one bit to card -void T55xxWriteBit(int bit) -{ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - if (bit == 0) - SpinDelayUs(WRITE_0); - else - SpinDelayUs(WRITE_1); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(WRITE_GAP); -} - -// Write one card block in page 0, no lock -void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) -{ - //unsigned int i; //enio adjustment 12/10/14 - uint32_t i; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ - // Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Lock bit - T55xxWriteBit(0); - - // Data - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Data & i); - - // Block - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); - - // Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, - // so wait a little more) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - SpinDelay(20); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); -} - -// Read one card block in page 0 -void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) -{ - uint8_t *dest = BigBuf_get_addr(); - //int m=0, i=0; //enio adjustment 12/10/14 - uint32_t m=0, i=0; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ - // Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Lock bit - T55xxWriteBit(0); - // Block - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); - - // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; - i++; - if (i >= m) break; - } - } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); - DbpString("DONE!"); -} - -// Read card traceability data (page 1) -void T55xxReadTrace(void){ - uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelayUs(START_GAP); - - // Opcode - T55xxWriteBit(1); - T55xxWriteBit(1); //Page 1 - - // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); - DbpString("DONE!"); -} - -/*-------------- Cloning routines -----------*/ -// Copy HID id to card and setup block 0 config -void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) -{ - int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format - int last_block = 0; - - if (longFMT){ - // Ensure no more than 84 bits supplied - if (hi2>0xFFFFF) { - DbpString("Tags can only have 84 bits."); - return; - } - // Build the 6 data blocks for supplied 84bit ID - last_block = 6; - data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded) - for (int i=0;i<4;i++) { - if (hi2 & (1<<(19-i))) - data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10 - else - data1 |= (1<<((3-i)*2)); // 0 -> 01 - } - - data2 = 0; - for (int i=0;i<16;i++) { - if (hi2 & (1<<(15-i))) - data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data2 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data3 = 0; - for (int i=0;i<16;i++) { - if (hi & (1<<(31-i))) - data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data3 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data4 = 0; - for (int i=0;i<16;i++) { - if (hi & (1<<(15-i))) - data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data4 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data5 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(31-i))) - data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data5 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data6 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(15-i))) - data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data6 |= (1<<((15-i)*2)); // 0 -> 01 - } - } - else { - // Ensure no more than 44 bits supplied - if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); - return; - } - - // Build the 3 data blocks for supplied 44bit ID - last_block = 3; - - data1 = 0x1D000000; // load preamble - - for (int i=0;i<12;i++) { - if (hi & (1<<(11-i))) - data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10 - else - data1 |= (1<<((11-i)*2)); // 0 -> 01 - } - - data2 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(31-i))) - data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data2 |= (1<<((15-i)*2)); // 0 -> 01 - } - - data3 = 0; - for (int i=0;i<16;i++) { - if (lo & (1<<(15-i))) - data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 - else - data3 |= (1<<((15-i)*2)); // 0 -> 01 - } - } - - LED_D_ON(); - // Program the data blocks for supplied ID - // and the block 0 for HID format - T55xxWriteBlock(data1,1,0,0); - T55xxWriteBlock(data2,2,0,0); - T55xxWriteBlock(data3,3,0,0); - - if (longFMT) { // if long format there are 6 blocks - T55xxWriteBlock(data4,4,0,0); - T55xxWriteBlock(data5,5,0,0); - T55xxWriteBlock(data6,6,0,0); - } - - // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long) - T55xxWriteBlock(T55x7_BITRATE_RF_50 | - T55x7_MODULATION_FSK2a | - last_block << T55x7_MAXBLOCK_SHIFT, - 0,0,0); - - LED_D_OFF(); - - DbpString("DONE!"); -} - -void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) -{ - int data1=0, data2=0; //up to six blocks for long format - - data1 = hi; // load preamble - data2 = lo; - - LED_D_ON(); - // Program the data blocks for supplied ID - // and the block 0 for HID format - T55xxWriteBlock(data1,1,0,0); - T55xxWriteBlock(data2,2,0,0); - - //Config Block - T55xxWriteBlock(0x00147040,0,0,0); - LED_D_OFF(); - - DbpString("DONE!"); -} - -// Define 9bit header for EM410x tags -#define EM410X_HEADER 0x1FF -#define EM410X_ID_LENGTH 40 - -void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) -{ - int i, id_bit; - uint64_t id = EM410X_HEADER; - uint64_t rev_id = 0; // reversed ID - int c_parity[4]; // column parity - int r_parity = 0; // row parity - uint32_t clock = 0; - - // Reverse ID bits given as parameter (for simpler operations) - for (i = 0; i < EM410X_ID_LENGTH; ++i) { - if (i < 32) { - rev_id = (rev_id << 1) | (id_lo & 1); - id_lo >>= 1; - } else { - rev_id = (rev_id << 1) | (id_hi & 1); - id_hi >>= 1; - } - } - - for (i = 0; i < EM410X_ID_LENGTH; ++i) { - id_bit = rev_id & 1; - - if (i % 4 == 0) { - // Don't write row parity bit at start of parsing - if (i) - id = (id << 1) | r_parity; - // Start counting parity for new row - r_parity = id_bit; - } else { - // Count row parity - r_parity ^= id_bit; - } - - // First elements in column? - if (i < 4) - // Fill out first elements - c_parity[i] = id_bit; - else - // Count column parity - c_parity[i % 4] ^= id_bit; - - // Insert ID bit - id = (id << 1) | id_bit; - rev_id >>= 1; - } - - // Insert parity bit of last row - id = (id << 1) | r_parity; - - // Fill out column parity at the end of tag - for (i = 0; i < 4; ++i) - id = (id << 1) | c_parity[i]; - - // Add stop bit - id <<= 1; - - Dbprintf("Started writing %s tag ...", card ? "T55x7":"T5555"); - LED_D_ON(); - - // Write EM410x ID - T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0); - T55xxWriteBlock((uint32_t)id, 2, 0, 0); - - // Config for EM410x (RF/64, Manchester, Maxblock=2) - if (card) { - // Clock rate is stored in bits 8-15 of the card value - clock = (card & 0xFF00) >> 8; - Dbprintf("Clock rate: %d", clock); - switch (clock) - { - case 32: - clock = T55x7_BITRATE_RF_32; - break; - case 16: - clock = T55x7_BITRATE_RF_16; - break; - case 0: - // A value of 0 is assumed to be 64 for backwards-compatibility - // Fall through... - case 64: - clock = T55x7_BITRATE_RF_64; - break; - default: - Dbprintf("Invalid clock rate: %d", clock); - return; - } - - // Writing configuration for T55x7 tag - T55xxWriteBlock(clock | - T55x7_MODULATION_MANCHESTER | - 2 << T55x7_MAXBLOCK_SHIFT, - 0, 0, 0); - } - else - // Writing configuration for T5555(Q5) tag - T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT | - T5555_MODULATION_MANCHESTER | - 2 << T5555_MAXBLOCK_SHIFT, - 0, 0, 0); - - LED_D_OFF(); - Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555", - (uint32_t)(id >> 32), (uint32_t)id); -} - -// Clone Indala 64-bit tag by UID to T55x7 -void CopyIndala64toT55x7(int hi, int lo) -{ - - //Program the 2 data blocks for supplied 64bit UID - // and the block 0 for Indala64 format - T55xxWriteBlock(hi,1,0,0); - T55xxWriteBlock(lo,2,0,0); - //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2) - T55xxWriteBlock(T55x7_BITRATE_RF_32 | - T55x7_MODULATION_PSK1 | - 2 << T55x7_MAXBLOCK_SHIFT, - 0, 0, 0); - //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data) - // T5567WriteBlock(0x603E1042,0); - - DbpString("DONE!"); - -} - -void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7) -{ - - //Program the 7 data blocks for supplied 224bit UID - // and the block 0 for Indala224 format - T55xxWriteBlock(uid1,1,0,0); - T55xxWriteBlock(uid2,2,0,0); - T55xxWriteBlock(uid3,3,0,0); - T55xxWriteBlock(uid4,4,0,0); - T55xxWriteBlock(uid5,5,0,0); - T55xxWriteBlock(uid6,6,0,0); - T55xxWriteBlock(uid7,7,0,0); - //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7) - T55xxWriteBlock(T55x7_BITRATE_RF_32 | - T55x7_MODULATION_PSK1 | - 7 << T55x7_MAXBLOCK_SHIFT, - 0,0,0); - //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data) - // T5567WriteBlock(0x603E10E2,0); - - DbpString("DONE!"); - -} - - -#define abs(x) ( ((x)<0) ? -(x) : (x) ) -#define max(x,y) ( x GraphBuffer[0]) { - while(i < GraphTraceLen) { - if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax) - break; - i++; - } - dir = 0; - } - else { - while(i < GraphTraceLen) { - if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin) - break; - i++; - } - dir = 1; - } - - lastval = i++; - half_switch = 0; - pmc = 0; - block_done = 0; - - for (bitidx = 0; i < GraphTraceLen; i++) - { - if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin)) - { - lc = i - lastval; - lastval = i; - - // Switch depending on lc length: - // Tolerance is 1/8 of clock rate (arbitrary) - if (abs(lc-clock/4) < tolerance) { - // 16T0 - if((i - pmc) == lc) { /* 16T0 was previous one */ - /* It's a PMC ! */ - i += (128+127+16+32+33+16)-1; - lastval = i; - pmc = 0; - block_done = 1; - } - else { - pmc = i; - } - } else if (abs(lc-clock/2) < tolerance) { - // 32TO - if((i - pmc) == lc) { /* 16T0 was previous one */ - /* It's a PMC ! */ - i += (128+127+16+32+33)-1; - lastval = i; - pmc = 0; - block_done = 1; - } - else if(half_switch == 1) { - BitStream[bitidx++] = 0; - half_switch = 0; - } - else - half_switch++; - } else if (abs(lc-clock) < tolerance) { - // 64TO - BitStream[bitidx++] = 1; - } else { - // Error - warnings++; - if (warnings > 10) - { - Dbprintf("Error: too many detection errors, aborting."); - return 0; - } - } - - if(block_done == 1) { - if(bitidx == 128) { - for(j=0; j<16; j++) { - Blocks[num_blocks][j] = 128*BitStream[j*8+7]+ - 64*BitStream[j*8+6]+ - 32*BitStream[j*8+5]+ - 16*BitStream[j*8+4]+ - 8*BitStream[j*8+3]+ - 4*BitStream[j*8+2]+ - 2*BitStream[j*8+1]+ - BitStream[j*8]; - } - num_blocks++; - } - bitidx = 0; - block_done = 0; - half_switch = 0; - } - if(i < GraphTraceLen) - { - if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; - else dir = 1; - } - } - if(bitidx==255) - bitidx=0; - warnings = 0; - if(num_blocks == 4) break; - } - memcpy(outBlocks, Blocks, 16*num_blocks); - return num_blocks; -} - -int IsBlock0PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled - return 1; - if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ? - return 1; - return 0; -} - -int IsBlock1PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0) - if((Block[14] & 0x7f) <= 9 && Block[15] <= 9) - return 1; - - return 0; -} - -#define ALLOC 16 - -void ReadPCF7931() { - uint8_t Blocks[8][17]; - uint8_t tmpBlocks[4][16]; - int i, j, ind, ind2, n; - int num_blocks = 0; - int max_blocks = 8; - int ident = 0; - int error = 0; - int tries = 0; - - memset(Blocks, 0, 8*17*sizeof(uint8_t)); - - do { - memset(tmpBlocks, 0, 4*16*sizeof(uint8_t)); - n = DemodPCF7931((uint8_t**)tmpBlocks); - if(!n) - error++; - if(error==10 && num_blocks == 0) { - Dbprintf("Error, no tag or bad tag"); - return; - } - else if (tries==20 || error==10) { - Dbprintf("Error reading the tag"); - Dbprintf("Here is the partial content"); - goto end; - } - - for(i=0; i= 0; ind--,ind2--) { - if(ind2 < 0) - ind2 = max_blocks; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } - for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) { - if(ind2 > max_blocks) - ind2 = 0; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } - } - } - } - } - } - tries++; - if (BUTTON_PRESS()) return; - } while (num_blocks != max_blocks); - end: - Dbprintf("-----------------------------------------"); - Dbprintf("Memory content:"); - Dbprintf("-----------------------------------------"); - for(i=0; i", i); - } - Dbprintf("-----------------------------------------"); - - return ; -} - - -//----------------------------------- -// EM4469 / EM4305 routines -//----------------------------------- -#define FWD_CMD_LOGIN 0xC //including the even parity, binary mirrored -#define FWD_CMD_WRITE 0xA -#define FWD_CMD_READ 0x9 -#define FWD_CMD_DISABLE 0x5 - - -uint8_t forwardLink_data[64]; //array of forwarded bits -uint8_t * forward_ptr; //ptr for forward message preparation -uint8_t fwd_bit_sz; //forwardlink bit counter -uint8_t * fwd_write_ptr; //forwardlink bit pointer - -//==================================================================== -// prepares command bits -// see EM4469 spec -//==================================================================== -//-------------------------------------------------------------------- -uint8_t Prepare_Cmd( uint8_t cmd ) { - //-------------------------------------------------------------------- - - *forward_ptr++ = 0; //start bit - *forward_ptr++ = 0; //second pause for 4050 code - - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - cmd >>= 1; - *forward_ptr++ = cmd; - - return 6; //return number of emited bits -} - -//==================================================================== -// prepares address bits -// see EM4469 spec -//==================================================================== - -//-------------------------------------------------------------------- -uint8_t Prepare_Addr( uint8_t addr ) { - //-------------------------------------------------------------------- - - register uint8_t line_parity; - - uint8_t i; - line_parity = 0; - for(i=0;i<6;i++) { - *forward_ptr++ = addr; - line_parity ^= addr; - addr >>= 1; - } - - *forward_ptr++ = (line_parity & 1); - - return 7; //return number of emited bits -} - -//==================================================================== -// prepares data bits intreleaved with parity bits -// see EM4469 spec -//==================================================================== - -//-------------------------------------------------------------------- -uint8_t Prepare_Data( uint16_t data_low, uint16_t data_hi) { - //-------------------------------------------------------------------- - - register uint8_t line_parity; - register uint8_t column_parity; - register uint8_t i, j; - register uint16_t data; - - data = data_low; - column_parity = 0; - - for(i=0; i<4; i++) { - line_parity = 0; - for(j=0; j<8; j++) { - line_parity ^= data; - column_parity ^= (data & 1) << j; - *forward_ptr++ = data; - data >>= 1; - } - *forward_ptr++ = line_parity; - if(i == 1) - data = data_hi; - } - - for(j=0; j<8; j++) { - *forward_ptr++ = column_parity; - column_parity >>= 1; - } - *forward_ptr = 0; - - return 45; //return number of emited bits -} - -//==================================================================== -// Forward Link send function -// Requires: forwarLink_data filled with valid bits (1 bit per byte) -// fwd_bit_count set with number of bits to be sent -//==================================================================== -void SendForward(uint8_t fwd_bit_count) { - - fwd_write_ptr = forwardLink_data; - fwd_bit_sz = fwd_bit_count; - - LED_D_ON(); - - //Field on - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // force 1st mod pulse (start gap must be longer for 4305) - fwd_bit_sz--; //prepare next bit modulation - fwd_write_ptr++; - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - SpinDelayUs(55*8); //55 cycles off (8us each)for 4305 - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on - SpinDelayUs(16*8); //16 cycles on (8us each) - - // now start writting - while(fwd_bit_sz-- > 0) { //prepare next bit modulation - if(((*fwd_write_ptr++) & 1) == 1) - SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) - else { - //These timings work for 4469/4269/4305 (with the 55*8 above) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - SpinDelayUs(23*8); //16-4 cycles off (8us each) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on - SpinDelayUs(9*8); //16 cycles on (8us each) - } - } -} - -void EM4xLogin(uint32_t Password) { - - uint8_t fwd_bit_count; - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_LOGIN ); - fwd_bit_count += Prepare_Data( Password&0xFFFF, Password>>16 ); - - SendForward(fwd_bit_count); - - //Wait for command to complete - SpinDelay(20); - -} - -void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { - - uint8_t fwd_bit_count; - uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; - - //If password mode do login - if (PwdMode == 1) EM4xLogin(Pwd); - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); - fwd_bit_count += Prepare_Addr( Address ); - - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - SendForward(fwd_bit_count); - - // Now do the acquisition - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); -} - -void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { - - uint8_t fwd_bit_count; - - //If password mode do login - if (PwdMode == 1) EM4xLogin(Pwd); - - forward_ptr = forwardLink_data; - fwd_bit_count = Prepare_Cmd( FWD_CMD_WRITE ); - fwd_bit_count += Prepare_Addr( Address ); - fwd_bit_count += Prepare_Data( Data&0xFFFF, Data>>16 ); - - SendForward(fwd_bit_count); - - //Wait for write to complete - SpinDelay(20); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - LED_D_OFF(); -} diff --git a/client/cmddata.c b/client/cmddata.c index b8b95c04..966e2a00 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -133,20 +133,19 @@ int CmdAmp(const char *Cmd) * Updates the Graph trace with 0/1 values * * Arguments: - * c : 0 or 1 + * c : 0 or 1 (or invert) */ - //this method is dependant on all highs and lows to be the same(or clipped) this creates issues[marshmellow] it also ignores the clock + //this method ignores the clock + + //this function strictly converts highs and lows to 1s and 0s for each sample in the graphbuffer int Cmdaskdemod(const char *Cmd) { int i; int c, high = 0, low = 0; - // TODO: complain if we do not give 2 arguments here ! - // (AL - this doesn't make sense! we're only using one argument!!!) sscanf(Cmd, "%i", &c); - /* Detect high and lows and clock */ - // (AL - clock???) + /* Detect high and lows */ for (i = 0; i < GraphTraceLen; ++i) { if (GraphBuffer[i] > high) @@ -176,9 +175,9 @@ int Cmdaskdemod(const char *Cmd) * down) */ //[marhsmellow] change == to >= for high and <= for low for fuzz - if ((GraphBuffer[i] == high) && (GraphBuffer[i - 1] == c)) { + if ((GraphBuffer[i] >= high) && (GraphBuffer[i - 1] == c)) { GraphBuffer[i] = 1 - c; - } else if ((GraphBuffer[i] == low) && (GraphBuffer[i - 1] == (1 - c))){ + } else if ((GraphBuffer[i] <= low) && (GraphBuffer[i - 1] == (1 - c))){ GraphBuffer[i] = c; } else { /* No transition */ @@ -189,6 +188,23 @@ int Cmdaskdemod(const char *Cmd) return 0; } +//this function strictly converts >1 to 1 and <1 to 0 for each sample in the graphbuffer +int CmdGetBitStream(const char *Cmd) +{ + int i; + CmdHpf(Cmd); + for (i = 0; i < GraphTraceLen; i++) { + if (GraphBuffer[i] >= 1) { + GraphBuffer[i] = 1; + } else { + GraphBuffer[i] = 0; + } + } + RepaintGraphWindow(); + return 0; +} + + //by marshmellow void printBitStream(uint8_t BitStream[], uint32_t bitLen) { @@ -1954,6 +1970,7 @@ int CmdHide(const char *Cmd) return 0; } +//zero mean GraphBuffer int CmdHpf(const char *Cmd) { int i; @@ -2561,6 +2578,7 @@ static command_t CommandTable[] = {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, //{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, + {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, {"hide", CmdHide, 1, "Hide graph window"}, diff --git a/client/cmddata.h b/client/cmddata.h index 673a2ba0..a746d89f 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -39,6 +39,7 @@ int CmdFSKrawdemod(const char *Cmd); int CmdPSK1rawDemod(const char *Cmd); int CmdPSK2rawDemod(const char *Cmd); int CmdGrid(const char *Cmd); +int CmdGetBitStream(const char *Cmd); int CmdHexsamples(const char *Cmd); int CmdHide(const char *Cmd); int CmdHpf(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index 1222b3ce..1c53c204 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -510,11 +510,11 @@ int CmdLFSnoop(const char *Cmd) static void ChkBitstream(const char *str) { int i; - + /* convert to bitstream if necessary */ for (i = 0; i < (int)(GraphTraceLen / 2); i++){ if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) { - CmdBitstream(str); + CmdGetBitStream(""); break; } } @@ -528,6 +528,7 @@ int CmdLFSim(const char *Cmd) sscanf(Cmd, "%i", &gap); /* convert to bitstream if necessary */ + ChkBitstream(Cmd); //can send 512 bits at a time (1 byte sent per bit...) @@ -878,6 +879,7 @@ int CmdLFpskSim(const char *Cmd) uint16_t arg1, arg2; arg1 = clk << 8 | carrier; arg2 = invert; + UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; if (DemodBufferLen > USB_CMD_DATA_SIZE) { PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); @@ -885,6 +887,7 @@ int CmdLFpskSim(const char *Cmd) PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen); memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); SendCommand(&c); + return 0; } @@ -899,6 +902,7 @@ int CmdLFSimBidir(const char *Cmd) } /* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */ +/* int CmdLFSimManchester(const char *Cmd) { static int clock, gap; @@ -919,7 +923,7 @@ int CmdLFSimManchester(const char *Cmd) CmdLFSim(gapstring); return 0; } - +*/ int CmdVchDemod(const char *Cmd) { @@ -1111,11 +1115,11 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, - {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, + //{"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 18a28b10..254d8807 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -23,7 +23,7 @@ int CmdLFaskSim(const char *Cmd); int CmdLFfskSim(const char *Cmd); int CmdLFpskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); -int CmdLFSimManchester(const char *Cmd); +//int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); int CmdVchDemod(const char *Cmd); int CmdLFfind(const char *Cmd); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 232d5635..f6671bcd 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -266,7 +266,7 @@ int CmdEM410xSim(const char *Cmd) /* stop bit */ AppendGraph(1, clock, 0); - CmdLFSim("240"); //240 start_gap. + CmdLFSim("0"); //240 start_gap. return 0; } diff --git a/client/graph.c b/client/graph.c index 243da466..190dfe8f 100644 --- a/client/graph.c +++ b/client/graph.c @@ -24,10 +24,10 @@ void AppendGraph(int redraw, int clock, int bit) int i; //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) for (i = 0; i < (int)(clock / 2); ++i) - GraphBuffer[GraphTraceLen++] = bit ^ 1; + GraphBuffer[GraphTraceLen++] = bit ; //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) for (i = (int)(clock / 2); i < clock; ++i) - GraphBuffer[GraphTraceLen++] = bit; + GraphBuffer[GraphTraceLen++] = bit ^ 1; if (redraw) RepaintGraphWindow(); From e09f21fa7b754a2f214efbebc622045138828096 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 6 Mar 2015 12:26:33 -0500 Subject: [PATCH 15/21] Revert "lf sim fixes/creations" This reverts commit 293de1bad7bbea39eb285b2297760d51cccf07b3. --- armsrc/lfops.c | 2112 ++++++++++++++++++++++++++++++++++++++++++++ client/cmddata.c | 34 +- client/cmddata.h | 1 - client/cmdlf.c | 14 +- client/cmdlf.h | 2 +- client/cmdlfem4x.c | 2 +- client/graph.c | 4 +- 7 files changed, 2129 insertions(+), 40 deletions(-) create mode 100644 armsrc/lfops.c diff --git a/armsrc/lfops.c b/armsrc/lfops.c new file mode 100644 index 00000000..3684eaaf --- /dev/null +++ b/armsrc/lfops.c @@ -0,0 +1,2112 @@ +//----------------------------------------------------------------------------- +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Miscellaneous routines for low frequency tag operations. +// Tags supported here so far are Texas Instruments (TI), HID +// Also routines for raw mode reading/simulating of LF waveform +//----------------------------------------------------------------------------- + +#include "proxmark3.h" +#include "apps.h" +#include "util.h" +#include "hitag2.h" +#include "crc16.h" +#include "string.h" +#include "lfdemod.h" +#include "lfsampling.h" + + +/** + * Function to do a modulation and then get samples. + * @param delay_off + * @param period_0 + * @param period_1 + * @param command + */ +void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) +{ + + int divisor_used = 95; // 125 KHz + // see if 'h' was specified + + if (command[strlen((char *) command) - 1] == 'h') + divisor_used = 88; // 134.8 KHz + + sample_config sc = { 0,0,1, divisor_used, 0}; + setSamplingConfig(&sc); + + /* Make sure the tag is reset */ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(2500); + + LFSetupFPGAForADC(sc.divisor, 1); + + // And a little more time for the tag to fully power up + SpinDelay(2000); + + // now modulate the reader field + while(*command != '\0' && *command != ' ') { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + LED_D_ON(); + if(*(command++) == '0') + SpinDelayUs(period_0); + else + SpinDelayUs(period_1); + } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // now do the read + DoAcquisition_config(false); +} + + + +/* blank r/w tag data stream +...0000000000000000 01111111 +1010101010101010101010101010101010101010101010101010101010101010 +0011010010100001 +01111111 +101010101010101[0]000... + +[5555fe852c5555555555555555fe0000] +*/ +void ReadTItag(void) +{ + // some hardcoded initial params + // when we read a TI tag we sample the zerocross line at 2Mhz + // TI tags modulate a 1 as 16 cycles of 123.2Khz + // TI tags modulate a 0 as 16 cycles of 134.2Khz + #define FSAMPLE 2000000 + #define FREQLO 123200 + #define FREQHI 134200 + + signed char *dest = (signed char *)BigBuf_get_addr(); + uint16_t n = BigBuf_max_traceLen(); + // 128 bit shift register [shift3:shift2:shift1:shift0] + uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; + + int i, cycles=0, samples=0; + // how many sample points fit in 16 cycles of each frequency + uint32_t sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; + // when to tell if we're close enough to one freq or another + uint32_t threshold = (sampleslo - sampleshi + 1)>>1; + + // TI tags charge at 134.2Khz + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + + // get TI tag data into the buffer + AcquireTiType(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + + for (i=0; i0) ) { + cycles++; + // after 16 cycles, measure the frequency + if (cycles>15) { + cycles=0; + samples=i-samples; // number of samples in these 16 cycles + + // TI bits are coming to us lsb first so shift them + // right through our 128 bit right shift register + shift0 = (shift0>>1) | (shift1 << 31); + shift1 = (shift1>>1) | (shift2 << 31); + shift2 = (shift2>>1) | (shift3 << 31); + shift3 >>= 1; + + // check if the cycles fall close to the number + // expected for either the low or high frequency + if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { + // low frequency represents a 1 + shift3 |= (1<<31); + } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { + // high frequency represents a 0 + } else { + // probably detected a gay waveform or noise + // use this as gaydar or discard shift register and start again + shift3 = shift2 = shift1 = shift0 = 0; + } + samples = i; + + // for each bit we receive, test if we've detected a valid tag + + // if we see 17 zeroes followed by 6 ones, we might have a tag + // remember the bits are backwards + if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { + // if start and end bytes match, we have a tag so break out of the loop + if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { + cycles = 0xF0B; //use this as a flag (ugly but whatever) + break; + } + } + } + } + } + + // if flag is set we have a tag + if (cycles!=0xF0B) { + DbpString("Info: No valid tag detected."); + } else { + // put 64 bit data into shift1 and shift0 + shift0 = (shift0>>24) | (shift1 << 8); + shift1 = (shift1>>24) | (shift2 << 8); + + // align 16 bit crc into lower half of shift2 + shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; + + // if r/w tag, check ident match + if (shift3 & (1<<15) ) { + DbpString("Info: TI tag is rewriteable"); + // only 15 bits compare, last bit of ident is not valid + if (((shift3 >> 16) ^ shift0) & 0x7fff ) { + DbpString("Error: Ident mismatch!"); + } else { + DbpString("Info: TI tag ident is valid"); + } + } else { + DbpString("Info: TI tag is readonly"); + } + + // WARNING the order of the bytes in which we calc crc below needs checking + // i'm 99% sure the crc algorithm is correct, but it may need to eat the + // bytes in reverse or something + // calculate CRC + uint32_t crc=0; + + crc = update_crc16(crc, (shift0)&0xff); + crc = update_crc16(crc, (shift0>>8)&0xff); + crc = update_crc16(crc, (shift0>>16)&0xff); + crc = update_crc16(crc, (shift0>>24)&0xff); + crc = update_crc16(crc, (shift1)&0xff); + crc = update_crc16(crc, (shift1>>8)&0xff); + crc = update_crc16(crc, (shift1>>16)&0xff); + crc = update_crc16(crc, (shift1>>24)&0xff); + + Dbprintf("Info: Tag data: %x%08x, crc=%x", + (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); + if (crc != (shift2&0xffff)) { + Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); + } else { + DbpString("Info: CRC is good"); + } + } +} + +void WriteTIbyte(uint8_t b) +{ + int i = 0; + + // modulate 8 bits out to the antenna + for (i=0; i<8; i++) + { + if (b&(1<PIO_PDR = GPIO_SSC_DIN; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; + + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; + + // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long + // 48/2 = 24 MHz clock must be divided by 12 + AT91C_BASE_SSC->SSC_CMR = 12; + + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; + AT91C_BASE_SSC->SSC_TCMR = 0; + AT91C_BASE_SSC->SSC_TFMR = 0; + + LED_D_ON(); + + // modulate antenna + HIGH(GPIO_SSC_DOUT); + + // Charge TI tag for 50ms. + SpinDelay(50); + + // stop modulating antenna and listen + LOW(GPIO_SSC_DOUT); + + LED_D_OFF(); + + i = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer + i++; if(i >= TIBUFLEN) break; + } + WDT_HIT(); + } + + // return stolen pin to SSP + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; + + char *dest = (char *)BigBuf_get_addr(); + n = TIBUFLEN*32; + // unpack buffer + for (i=TIBUFLEN-1; i>=0; i--) { + for (j=0; j<32; j++) { + if(BigBuf[i] & (1 << j)) { + dest[--n] = 1; + } else { + dest[--n] = -1; + } + } + } +} + +// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc +// if crc provided, it will be written with the data verbatim (even if bogus) +// if not provided a valid crc will be computed from the data and written. +void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) +{ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + if(crc == 0) { + crc = update_crc16(crc, (idlo)&0xff); + crc = update_crc16(crc, (idlo>>8)&0xff); + crc = update_crc16(crc, (idlo>>16)&0xff); + crc = update_crc16(crc, (idlo>>24)&0xff); + crc = update_crc16(crc, (idhi)&0xff); + crc = update_crc16(crc, (idhi>>8)&0xff); + crc = update_crc16(crc, (idhi>>16)&0xff); + crc = update_crc16(crc, (idhi>>24)&0xff); + } + Dbprintf("Writing to tag: %x%08x, crc=%x", + (unsigned int) idhi, (unsigned int) idlo, crc); + + // TI tags charge at 134.2Khz + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + LED_A_ON(); + + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + // writing algorithm: + // a high bit consists of a field off for 1ms and field on for 1ms + // a low bit consists of a field off for 0.3ms and field on for 1.7ms + // initiate a charge time of 50ms (field on) then immediately start writing bits + // start by writing 0xBB (keyword) and 0xEB (password) + // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) + // finally end with 0x0300 (write frame) + // all data is sent lsb firts + // finish with 15ms programming time + + // modulate antenna + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // charge time + + WriteTIbyte(0xbb); // keyword + WriteTIbyte(0xeb); // password + WriteTIbyte( (idlo )&0xff ); + WriteTIbyte( (idlo>>8 )&0xff ); + WriteTIbyte( (idlo>>16)&0xff ); + WriteTIbyte( (idlo>>24)&0xff ); + WriteTIbyte( (idhi )&0xff ); + WriteTIbyte( (idhi>>8 )&0xff ); + WriteTIbyte( (idhi>>16)&0xff ); + WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo + WriteTIbyte( (crc )&0xff ); // crc lo + WriteTIbyte( (crc>>8 )&0xff ); // crc hi + WriteTIbyte(0x00); // write frame lo + WriteTIbyte(0x03); // write frame hi + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // programming time + + LED_A_OFF(); + + // get TI tag data into the buffer + AcquireTiType(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("Now use tiread to check"); +} + +void SimulateTagLowFrequency(int period, int gap, int ledcontrol) +{ + int i; + uint8_t *tab = BigBuf_get_addr(); + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + + i = 0; + for(;;) { + //wait until SSC_CLK goes HIGH + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } + if (ledcontrol) + LED_D_ON(); + + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + //wait until SSC_CLK goes LOW + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } + + i++; + if(i == period) { + + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } +} + +//Testing to fix timing issues by marshmellow (MM) +void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol) +{ + int i; + uint8_t *tab = BigBuf_get_addr(); + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + + #define SHORT_COIL() LOW(GPIO_SSC_DOUT) + #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + + i = 0; + while(!BUTTON_PRESS()) { + + WDT_HIT(); + //wait until reader carrier is HIGH + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + WDT_HIT(); + } + if (i>0){ + if (tab[i]!=tab[i-1]){ + // transition + if (ledcontrol) + LED_D_ON(); + + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + + } else { //no transition + //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened + // skip test for readers Carrier = LOW, otherwise we get a bit behind + + //wait until reader carrier is LOW + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + WDT_HIT(); + } + } + } else { + // transition + if (ledcontrol) + LED_D_ON(); + + // modulate coil + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + } + WDT_HIT(); + + + i++; + if(i == period) { + // end of data stream, gap then repeat + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } + DbpString("Stopped"); + return; +} + +#define DEBUG_FRAME_CONTENTS 1 +void SimulateTagLowFrequencyBidir(int divisor, int t0) +{ +} + +// compose fc/8 fc/10 waveform (FSK2) +static void fc(int c, int *n) +{ + uint8_t *dest = BigBuf_get_addr(); + int idx; + + // for when we want an fc8 pattern every 4 logical bits + if(c==0) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples + if(c==8) { + for (idx=0; idx<6; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } + + // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples + if(c==10) { + for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } +} +// compose fc/X fc/Y waveform (FSKx) +static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) +{ + uint8_t *dest = BigBuf_get_addr(); + uint8_t idx; + uint8_t fcCnt; + // c = count of field clock for this bit + uint8_t mod = clock % c; + uint8_t modAdj = c/mod; + bool modAdjOk=FALSE; + if (c % mod==0) modAdjOk=TRUE; + // loop through clock - step field clock + for (idx=0; idx < (uint8_t) clock/c; idx++){ + // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; + } else { + //fudge low to high transition + //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; + } + } + } + if (mod>0) (*modCnt)++; + if ((mod>0) && modAdjOk){ //fsk2 + if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave + for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 + if (fcCnt < c/2+1){ + dest[((*n)++)]=0; + } else { + //if (c==8 && fcCnt==5) continue; + dest[((*n)++)]=1; + } + } + } + } + //Dbprintf("mod: %d, modAdj %d, modc %d",mod, modAdj, c % mod); + if (mod>0 && !modAdjOk){ //fsk1 + for (idx=0; idx < mod; idx++){ + if (idx < mod/2) { + dest[((*n)++)]=0; + } else { + dest[((*n)++)]=1; + } + } + } +} + +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a HID tag until the button is pressed +void CmdHIDsimTAG(int hi, int lo, int ledcontrol) +{ + int n=0, i=0; + /* + HID tag bitstream format + The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits + A 1 bit is represented as 6 fc8 and 5 fc10 patterns + A 0 bit is represented as 5 fc10 and 6 fc8 patterns + A fc8 is inserted before every 4 bits + A special start of frame pattern is used consisting a0b0 where a and b are neither 0 + nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) + */ + + if (hi>0xFFF) { + DbpString("Tags can only have 44 bits."); + return; + } + fc(0,&n); + // special start of frame marker containing invalid bit sequences + fc(8, &n); fc(8, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 + fc(10, &n); fc(10, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 + + WDT_HIT(); + // manchester encode bits 43 to 32 + for (i=11; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((hi>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } + + WDT_HIT(); + // manchester encode bits 31 to 0 + for (i=31; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((lo>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } + + if (ledcontrol) + LED_A_ON(); + SimulateTagLowFrequency(n, 0, ledcontrol); + + if (ledcontrol) + LED_A_OFF(); +} + +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains invert and clock +void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) +{ + int ledcontrol=1; + int n=0, i=0; + uint8_t fcHigh = arg1 >> 8; + uint8_t fcLow = arg1 & 0xFF; + uint16_t modCnt = 0; + //spacer bit + uint8_t clk = arg2 & 0xFF; + uint8_t invert = (arg2 >> 8) & 1; + //fcAll(0, &n, clk); + + WDT_HIT(); + for (i=0; i> 8) & 0xFF; + uint8_t manchester = arg1 & 1; + uint8_t separator = arg2 & 1; + uint8_t invert = (arg2 >> 8) & 1; + WDT_HIT(); + for (i=0; i> 8; + uint8_t carrier = arg1 & 0xFF; + uint8_t invert = arg2 & 0xFF; + //uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase + //uint8_t invert = (arg2 >> 8) & 1; + uint8_t curPhase = 0; + WDT_HIT(); + for (i=0; i0 && lo>0){ + // final loop, go over previously decoded manchester data and decode into usable tag ID + // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 + if (hi2 != 0){ //extra large HID tags + Dbprintf("TAG ID: %x%08x%08x (%d)", + (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + }else { //standard HID tags <38 bits + //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd + uint8_t bitlen = 0; + uint32_t fc = 0; + uint32_t cardnum = 0; + if (((hi>>5)&1) == 1){//if bit 38 is set then < 37 bit format is used + uint32_t lo2=0; + lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit + uint8_t idx3 = 1; + while(lo2 > 1){ //find last bit set to 1 (format len bit) + lo2=lo2 >> 1; + idx3++; + } + bitlen = idx3+19; + fc =0; + cardnum=0; + if(bitlen == 26){ + cardnum = (lo>>1)&0xFFFF; + fc = (lo>>17)&0xFF; + } + if(bitlen == 37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + if(bitlen == 34){ + cardnum = (lo>>1)&0xFFFF; + fc= ((hi&1)<<15)|(lo>>17); + } + if(bitlen == 35){ + cardnum = (lo>>1)&0xFFFFF; + fc = ((hi&1)<<11)|(lo>>21); + } + } + else { //if bit 38 is not set then 37 bit format is used + bitlen= 37; + fc =0; + cardnum=0; + if(bitlen==37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + } + //Dbprintf("TAG ID: %x%08x (%d)", + // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF, + (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum); + } + if (findone){ + if (ledcontrol) LED_A_OFF(); + *high = hi; + *low = lo; + return; + } + // reset + hi2 = hi = lo = 0; + } + WDT_HIT(); + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); +} + +void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol) +{ + uint8_t *dest = BigBuf_get_addr(); + + size_t size=0, idx=0; + int clk=0, invert=0, errCnt=0, maxErr=20; + uint64_t lo=0; + // Configure to go in 125Khz listen mode + LFSetupFPGAForADC(95, true); + + while(!BUTTON_PRESS()) { + + WDT_HIT(); + if (ledcontrol) LED_A_ON(); + + DoAcquisition_default(-1,true); + size = BigBuf_max_traceLen(); + //Dbprintf("DEBUG: Buffer got"); + //askdemod and manchester decode + errCnt = askmandemod(dest, &size, &clk, &invert, maxErr); + //Dbprintf("DEBUG: ASK Got"); + WDT_HIT(); + + if (errCnt>=0){ + lo = Em410xDecode(dest, &size, &idx); + //Dbprintf("DEBUG: EM GOT"); + if (lo>0){ + Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", + (uint32_t)(lo>>32), + (uint32_t)lo, + (uint32_t)(lo&0xFFFF), + (uint32_t)((lo>>16LL) & 0xFF), + (uint32_t)(lo & 0xFFFFFF)); + } + if (findone){ + if (ledcontrol) LED_A_OFF(); + *high=lo>>32; + *low=lo & 0xFFFFFFFF; + return; + } + } else{ + //Dbprintf("DEBUG: No Tag"); + } + WDT_HIT(); + lo = 0; + clk=0; + invert=0; + errCnt=0; + size=0; + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); +} + +void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) +{ + uint8_t *dest = BigBuf_get_addr(); + int idx=0; + uint32_t code=0, code2=0; + uint8_t version=0; + uint8_t facilitycode=0; + uint16_t number=0; + // Configure to go in 125Khz listen mode + LFSetupFPGAForADC(95, true); + + while(!BUTTON_PRESS()) { + WDT_HIT(); + if (ledcontrol) LED_A_ON(); + DoAcquisition_default(-1,true); + //fskdemod and get start index + WDT_HIT(); + idx = IOdemodFSK(dest, BigBuf_max_traceLen()); + if (idx>0){ + //valid tag found + + //Index map + //0 10 20 30 40 50 60 + //| | | | | | | + //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 + //----------------------------------------------------------------------------- + //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 + // + //XSF(version)facility:codeone+codetwo + //Handle the data + if(findone){ //only print binary if we are doing one + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]); + Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]); + Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]); + } + code = bytebits_to_byte(dest+idx,32); + code2 = bytebits_to_byte(dest+idx+32,32); + version = bytebits_to_byte(dest+idx+27,8); //14,4 + facilitycode = bytebits_to_byte(dest+idx+18,8) ; + number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 + + Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); + // if we're only looking for one tag + if (findone){ + if (ledcontrol) LED_A_OFF(); + //LED_A_OFF(); + *high=code; + *low=code2; + return; + } + code=code2=0; + version=facilitycode=0; + number=0; + idx=0; + } + WDT_HIT(); + } + DbpString("Stopped"); + if (ledcontrol) LED_A_OFF(); +} + +/*------------------------------ + * T5555/T5557/T5567 routines + *------------------------------ + */ + +/* T55x7 configuration register definitions */ +#define T55x7_POR_DELAY 0x00000001 +#define T55x7_ST_TERMINATOR 0x00000008 +#define T55x7_PWD 0x00000010 +#define T55x7_MAXBLOCK_SHIFT 5 +#define T55x7_AOR 0x00000200 +#define T55x7_PSKCF_RF_2 0 +#define T55x7_PSKCF_RF_4 0x00000400 +#define T55x7_PSKCF_RF_8 0x00000800 +#define T55x7_MODULATION_DIRECT 0 +#define T55x7_MODULATION_PSK1 0x00001000 +#define T55x7_MODULATION_PSK2 0x00002000 +#define T55x7_MODULATION_PSK3 0x00003000 +#define T55x7_MODULATION_FSK1 0x00004000 +#define T55x7_MODULATION_FSK2 0x00005000 +#define T55x7_MODULATION_FSK1a 0x00006000 +#define T55x7_MODULATION_FSK2a 0x00007000 +#define T55x7_MODULATION_MANCHESTER 0x00008000 +#define T55x7_MODULATION_BIPHASE 0x00010000 +#define T55x7_BITRATE_RF_8 0 +#define T55x7_BITRATE_RF_16 0x00040000 +#define T55x7_BITRATE_RF_32 0x00080000 +#define T55x7_BITRATE_RF_40 0x000C0000 +#define T55x7_BITRATE_RF_50 0x00100000 +#define T55x7_BITRATE_RF_64 0x00140000 +#define T55x7_BITRATE_RF_100 0x00180000 +#define T55x7_BITRATE_RF_128 0x001C0000 + +/* T5555 (Q5) configuration register definitions */ +#define T5555_ST_TERMINATOR 0x00000001 +#define T5555_MAXBLOCK_SHIFT 0x00000001 +#define T5555_MODULATION_MANCHESTER 0 +#define T5555_MODULATION_PSK1 0x00000010 +#define T5555_MODULATION_PSK2 0x00000020 +#define T5555_MODULATION_PSK3 0x00000030 +#define T5555_MODULATION_FSK1 0x00000040 +#define T5555_MODULATION_FSK2 0x00000050 +#define T5555_MODULATION_BIPHASE 0x00000060 +#define T5555_MODULATION_DIRECT 0x00000070 +#define T5555_INVERT_OUTPUT 0x00000080 +#define T5555_PSK_RF_2 0 +#define T5555_PSK_RF_4 0x00000100 +#define T5555_PSK_RF_8 0x00000200 +#define T5555_USE_PWD 0x00000400 +#define T5555_USE_AOR 0x00000800 +#define T5555_BITRATE_SHIFT 12 +#define T5555_FAST_WRITE 0x00004000 +#define T5555_PAGE_SELECT 0x00008000 + +/* + * Relevant times in microsecond + * To compensate antenna falling times shorten the write times + * and enlarge the gap ones. + */ +#define START_GAP 250 +#define WRITE_GAP 160 +#define WRITE_0 144 // 192 +#define WRITE_1 400 // 432 for T55x7; 448 for E5550 + +// Write one bit to card +void T55xxWriteBit(int bit) +{ + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + if (bit == 0) + SpinDelayUs(WRITE_0); + else + SpinDelayUs(WRITE_1); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(WRITE_GAP); +} + +// Write one card block in page 0, no lock +void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) +{ + //unsigned int i; //enio adjustment 12/10/14 + uint32_t i; + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(0); //Page 0 + if (PwdMode == 1){ + // Pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Pwd & i); + } + // Lock bit + T55xxWriteBit(0); + + // Data + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Data & i); + + // Block + for (i = 0x04; i != 0; i >>= 1) + T55xxWriteBit(Block & i); + + // Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, + // so wait a little more) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + SpinDelay(20); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); +} + +// Read one card block in page 0 +void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) +{ + uint8_t *dest = BigBuf_get_addr(); + //int m=0, i=0; //enio adjustment 12/10/14 + uint32_t m=0, i=0; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + m = BigBuf_max_traceLen(); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + LED_D_ON(); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(0); //Page 0 + if (PwdMode == 1){ + // Pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Pwd & i); + } + // Lock bit + T55xxWriteBit(0); + // Block + for (i = 0x04; i != 0; i >>= 1) + T55xxWriteBit(Block & i); + + // Turn field on to read the response + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + // we don't care about actual value, only if it's more or less than a + // threshold essentially we capture zero crossings for later analysis + // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; + i++; + if (i >= m) break; + } + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); + DbpString("DONE!"); +} + +// Read card traceability data (page 1) +void T55xxReadTrace(void){ + uint8_t *dest = BigBuf_get_addr(); + int m=0, i=0; + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + m = BigBuf_max_traceLen(); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + LED_D_ON(); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // Now start writting + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode + T55xxWriteBit(1); + T55xxWriteBit(1); //Page 1 + + // Turn field on to read the response + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + i++; + if (i >= m) break; + } + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); + DbpString("DONE!"); +} + +/*-------------- Cloning routines -----------*/ +// Copy HID id to card and setup block 0 config +void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) +{ + int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format + int last_block = 0; + + if (longFMT){ + // Ensure no more than 84 bits supplied + if (hi2>0xFFFFF) { + DbpString("Tags can only have 84 bits."); + return; + } + // Build the 6 data blocks for supplied 84bit ID + last_block = 6; + data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded) + for (int i=0;i<4;i++) { + if (hi2 & (1<<(19-i))) + data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10 + else + data1 |= (1<<((3-i)*2)); // 0 -> 01 + } + + data2 = 0; + for (int i=0;i<16;i++) { + if (hi2 & (1<<(15-i))) + data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data2 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data3 = 0; + for (int i=0;i<16;i++) { + if (hi & (1<<(31-i))) + data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data3 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data4 = 0; + for (int i=0;i<16;i++) { + if (hi & (1<<(15-i))) + data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data4 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data5 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(31-i))) + data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data5 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data6 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(15-i))) + data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data6 |= (1<<((15-i)*2)); // 0 -> 01 + } + } + else { + // Ensure no more than 44 bits supplied + if (hi>0xFFF) { + DbpString("Tags can only have 44 bits."); + return; + } + + // Build the 3 data blocks for supplied 44bit ID + last_block = 3; + + data1 = 0x1D000000; // load preamble + + for (int i=0;i<12;i++) { + if (hi & (1<<(11-i))) + data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10 + else + data1 |= (1<<((11-i)*2)); // 0 -> 01 + } + + data2 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(31-i))) + data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data2 |= (1<<((15-i)*2)); // 0 -> 01 + } + + data3 = 0; + for (int i=0;i<16;i++) { + if (lo & (1<<(15-i))) + data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10 + else + data3 |= (1<<((15-i)*2)); // 0 -> 01 + } + } + + LED_D_ON(); + // Program the data blocks for supplied ID + // and the block 0 for HID format + T55xxWriteBlock(data1,1,0,0); + T55xxWriteBlock(data2,2,0,0); + T55xxWriteBlock(data3,3,0,0); + + if (longFMT) { // if long format there are 6 blocks + T55xxWriteBlock(data4,4,0,0); + T55xxWriteBlock(data5,5,0,0); + T55xxWriteBlock(data6,6,0,0); + } + + // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long) + T55xxWriteBlock(T55x7_BITRATE_RF_50 | + T55x7_MODULATION_FSK2a | + last_block << T55x7_MAXBLOCK_SHIFT, + 0,0,0); + + LED_D_OFF(); + + DbpString("DONE!"); +} + +void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) +{ + int data1=0, data2=0; //up to six blocks for long format + + data1 = hi; // load preamble + data2 = lo; + + LED_D_ON(); + // Program the data blocks for supplied ID + // and the block 0 for HID format + T55xxWriteBlock(data1,1,0,0); + T55xxWriteBlock(data2,2,0,0); + + //Config Block + T55xxWriteBlock(0x00147040,0,0,0); + LED_D_OFF(); + + DbpString("DONE!"); +} + +// Define 9bit header for EM410x tags +#define EM410X_HEADER 0x1FF +#define EM410X_ID_LENGTH 40 + +void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) +{ + int i, id_bit; + uint64_t id = EM410X_HEADER; + uint64_t rev_id = 0; // reversed ID + int c_parity[4]; // column parity + int r_parity = 0; // row parity + uint32_t clock = 0; + + // Reverse ID bits given as parameter (for simpler operations) + for (i = 0; i < EM410X_ID_LENGTH; ++i) { + if (i < 32) { + rev_id = (rev_id << 1) | (id_lo & 1); + id_lo >>= 1; + } else { + rev_id = (rev_id << 1) | (id_hi & 1); + id_hi >>= 1; + } + } + + for (i = 0; i < EM410X_ID_LENGTH; ++i) { + id_bit = rev_id & 1; + + if (i % 4 == 0) { + // Don't write row parity bit at start of parsing + if (i) + id = (id << 1) | r_parity; + // Start counting parity for new row + r_parity = id_bit; + } else { + // Count row parity + r_parity ^= id_bit; + } + + // First elements in column? + if (i < 4) + // Fill out first elements + c_parity[i] = id_bit; + else + // Count column parity + c_parity[i % 4] ^= id_bit; + + // Insert ID bit + id = (id << 1) | id_bit; + rev_id >>= 1; + } + + // Insert parity bit of last row + id = (id << 1) | r_parity; + + // Fill out column parity at the end of tag + for (i = 0; i < 4; ++i) + id = (id << 1) | c_parity[i]; + + // Add stop bit + id <<= 1; + + Dbprintf("Started writing %s tag ...", card ? "T55x7":"T5555"); + LED_D_ON(); + + // Write EM410x ID + T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0); + T55xxWriteBlock((uint32_t)id, 2, 0, 0); + + // Config for EM410x (RF/64, Manchester, Maxblock=2) + if (card) { + // Clock rate is stored in bits 8-15 of the card value + clock = (card & 0xFF00) >> 8; + Dbprintf("Clock rate: %d", clock); + switch (clock) + { + case 32: + clock = T55x7_BITRATE_RF_32; + break; + case 16: + clock = T55x7_BITRATE_RF_16; + break; + case 0: + // A value of 0 is assumed to be 64 for backwards-compatibility + // Fall through... + case 64: + clock = T55x7_BITRATE_RF_64; + break; + default: + Dbprintf("Invalid clock rate: %d", clock); + return; + } + + // Writing configuration for T55x7 tag + T55xxWriteBlock(clock | + T55x7_MODULATION_MANCHESTER | + 2 << T55x7_MAXBLOCK_SHIFT, + 0, 0, 0); + } + else + // Writing configuration for T5555(Q5) tag + T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT | + T5555_MODULATION_MANCHESTER | + 2 << T5555_MAXBLOCK_SHIFT, + 0, 0, 0); + + LED_D_OFF(); + Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555", + (uint32_t)(id >> 32), (uint32_t)id); +} + +// Clone Indala 64-bit tag by UID to T55x7 +void CopyIndala64toT55x7(int hi, int lo) +{ + + //Program the 2 data blocks for supplied 64bit UID + // and the block 0 for Indala64 format + T55xxWriteBlock(hi,1,0,0); + T55xxWriteBlock(lo,2,0,0); + //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2) + T55xxWriteBlock(T55x7_BITRATE_RF_32 | + T55x7_MODULATION_PSK1 | + 2 << T55x7_MAXBLOCK_SHIFT, + 0, 0, 0); + //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data) + // T5567WriteBlock(0x603E1042,0); + + DbpString("DONE!"); + +} + +void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7) +{ + + //Program the 7 data blocks for supplied 224bit UID + // and the block 0 for Indala224 format + T55xxWriteBlock(uid1,1,0,0); + T55xxWriteBlock(uid2,2,0,0); + T55xxWriteBlock(uid3,3,0,0); + T55xxWriteBlock(uid4,4,0,0); + T55xxWriteBlock(uid5,5,0,0); + T55xxWriteBlock(uid6,6,0,0); + T55xxWriteBlock(uid7,7,0,0); + //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7) + T55xxWriteBlock(T55x7_BITRATE_RF_32 | + T55x7_MODULATION_PSK1 | + 7 << T55x7_MAXBLOCK_SHIFT, + 0,0,0); + //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data) + // T5567WriteBlock(0x603E10E2,0); + + DbpString("DONE!"); + +} + + +#define abs(x) ( ((x)<0) ? -(x) : (x) ) +#define max(x,y) ( x GraphBuffer[0]) { + while(i < GraphTraceLen) { + if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax) + break; + i++; + } + dir = 0; + } + else { + while(i < GraphTraceLen) { + if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin) + break; + i++; + } + dir = 1; + } + + lastval = i++; + half_switch = 0; + pmc = 0; + block_done = 0; + + for (bitidx = 0; i < GraphTraceLen; i++) + { + if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin)) + { + lc = i - lastval; + lastval = i; + + // Switch depending on lc length: + // Tolerance is 1/8 of clock rate (arbitrary) + if (abs(lc-clock/4) < tolerance) { + // 16T0 + if((i - pmc) == lc) { /* 16T0 was previous one */ + /* It's a PMC ! */ + i += (128+127+16+32+33+16)-1; + lastval = i; + pmc = 0; + block_done = 1; + } + else { + pmc = i; + } + } else if (abs(lc-clock/2) < tolerance) { + // 32TO + if((i - pmc) == lc) { /* 16T0 was previous one */ + /* It's a PMC ! */ + i += (128+127+16+32+33)-1; + lastval = i; + pmc = 0; + block_done = 1; + } + else if(half_switch == 1) { + BitStream[bitidx++] = 0; + half_switch = 0; + } + else + half_switch++; + } else if (abs(lc-clock) < tolerance) { + // 64TO + BitStream[bitidx++] = 1; + } else { + // Error + warnings++; + if (warnings > 10) + { + Dbprintf("Error: too many detection errors, aborting."); + return 0; + } + } + + if(block_done == 1) { + if(bitidx == 128) { + for(j=0; j<16; j++) { + Blocks[num_blocks][j] = 128*BitStream[j*8+7]+ + 64*BitStream[j*8+6]+ + 32*BitStream[j*8+5]+ + 16*BitStream[j*8+4]+ + 8*BitStream[j*8+3]+ + 4*BitStream[j*8+2]+ + 2*BitStream[j*8+1]+ + BitStream[j*8]; + } + num_blocks++; + } + bitidx = 0; + block_done = 0; + half_switch = 0; + } + if(i < GraphTraceLen) + { + if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; + else dir = 1; + } + } + if(bitidx==255) + bitidx=0; + warnings = 0; + if(num_blocks == 4) break; + } + memcpy(outBlocks, Blocks, 16*num_blocks); + return num_blocks; +} + +int IsBlock0PCF7931(uint8_t *Block) { + // Assume RFU means 0 :) + if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled + return 1; + if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ? + return 1; + return 0; +} + +int IsBlock1PCF7931(uint8_t *Block) { + // Assume RFU means 0 :) + if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0) + if((Block[14] & 0x7f) <= 9 && Block[15] <= 9) + return 1; + + return 0; +} + +#define ALLOC 16 + +void ReadPCF7931() { + uint8_t Blocks[8][17]; + uint8_t tmpBlocks[4][16]; + int i, j, ind, ind2, n; + int num_blocks = 0; + int max_blocks = 8; + int ident = 0; + int error = 0; + int tries = 0; + + memset(Blocks, 0, 8*17*sizeof(uint8_t)); + + do { + memset(tmpBlocks, 0, 4*16*sizeof(uint8_t)); + n = DemodPCF7931((uint8_t**)tmpBlocks); + if(!n) + error++; + if(error==10 && num_blocks == 0) { + Dbprintf("Error, no tag or bad tag"); + return; + } + else if (tries==20 || error==10) { + Dbprintf("Error reading the tag"); + Dbprintf("Here is the partial content"); + goto end; + } + + for(i=0; i= 0; ind--,ind2--) { + if(ind2 < 0) + ind2 = max_blocks; + if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found + // Dbprintf("Tmp %d -> Block %d", ind, ind2); + memcpy(Blocks[ind2], tmpBlocks[ind], 16); + Blocks[ind2][ALLOC] = 1; + num_blocks++; + if(num_blocks == max_blocks) goto end; + } + } + for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) { + if(ind2 > max_blocks) + ind2 = 0; + if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found + // Dbprintf("Tmp %d -> Block %d", ind, ind2); + memcpy(Blocks[ind2], tmpBlocks[ind], 16); + Blocks[ind2][ALLOC] = 1; + num_blocks++; + if(num_blocks == max_blocks) goto end; + } + } + } + } + } + } + } + tries++; + if (BUTTON_PRESS()) return; + } while (num_blocks != max_blocks); + end: + Dbprintf("-----------------------------------------"); + Dbprintf("Memory content:"); + Dbprintf("-----------------------------------------"); + for(i=0; i", i); + } + Dbprintf("-----------------------------------------"); + + return ; +} + + +//----------------------------------- +// EM4469 / EM4305 routines +//----------------------------------- +#define FWD_CMD_LOGIN 0xC //including the even parity, binary mirrored +#define FWD_CMD_WRITE 0xA +#define FWD_CMD_READ 0x9 +#define FWD_CMD_DISABLE 0x5 + + +uint8_t forwardLink_data[64]; //array of forwarded bits +uint8_t * forward_ptr; //ptr for forward message preparation +uint8_t fwd_bit_sz; //forwardlink bit counter +uint8_t * fwd_write_ptr; //forwardlink bit pointer + +//==================================================================== +// prepares command bits +// see EM4469 spec +//==================================================================== +//-------------------------------------------------------------------- +uint8_t Prepare_Cmd( uint8_t cmd ) { + //-------------------------------------------------------------------- + + *forward_ptr++ = 0; //start bit + *forward_ptr++ = 0; //second pause for 4050 code + + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + cmd >>= 1; + *forward_ptr++ = cmd; + + return 6; //return number of emited bits +} + +//==================================================================== +// prepares address bits +// see EM4469 spec +//==================================================================== + +//-------------------------------------------------------------------- +uint8_t Prepare_Addr( uint8_t addr ) { + //-------------------------------------------------------------------- + + register uint8_t line_parity; + + uint8_t i; + line_parity = 0; + for(i=0;i<6;i++) { + *forward_ptr++ = addr; + line_parity ^= addr; + addr >>= 1; + } + + *forward_ptr++ = (line_parity & 1); + + return 7; //return number of emited bits +} + +//==================================================================== +// prepares data bits intreleaved with parity bits +// see EM4469 spec +//==================================================================== + +//-------------------------------------------------------------------- +uint8_t Prepare_Data( uint16_t data_low, uint16_t data_hi) { + //-------------------------------------------------------------------- + + register uint8_t line_parity; + register uint8_t column_parity; + register uint8_t i, j; + register uint16_t data; + + data = data_low; + column_parity = 0; + + for(i=0; i<4; i++) { + line_parity = 0; + for(j=0; j<8; j++) { + line_parity ^= data; + column_parity ^= (data & 1) << j; + *forward_ptr++ = data; + data >>= 1; + } + *forward_ptr++ = line_parity; + if(i == 1) + data = data_hi; + } + + for(j=0; j<8; j++) { + *forward_ptr++ = column_parity; + column_parity >>= 1; + } + *forward_ptr = 0; + + return 45; //return number of emited bits +} + +//==================================================================== +// Forward Link send function +// Requires: forwarLink_data filled with valid bits (1 bit per byte) +// fwd_bit_count set with number of bits to be sent +//==================================================================== +void SendForward(uint8_t fwd_bit_count) { + + fwd_write_ptr = forwardLink_data; + fwd_bit_sz = fwd_bit_count; + + LED_D_ON(); + + //Field on + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // Give it a bit of time for the resonant antenna to settle. + // And for the tag to fully power up + SpinDelay(150); + + // force 1st mod pulse (start gap must be longer for 4305) + fwd_bit_sz--; //prepare next bit modulation + fwd_write_ptr++; + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + SpinDelayUs(55*8); //55 cycles off (8us each)for 4305 + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on + SpinDelayUs(16*8); //16 cycles on (8us each) + + // now start writting + while(fwd_bit_sz-- > 0) { //prepare next bit modulation + if(((*fwd_write_ptr++) & 1) == 1) + SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) + else { + //These timings work for 4469/4269/4305 (with the 55*8 above) + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + SpinDelayUs(23*8); //16-4 cycles off (8us each) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on + SpinDelayUs(9*8); //16 cycles on (8us each) + } + } +} + +void EM4xLogin(uint32_t Password) { + + uint8_t fwd_bit_count; + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_LOGIN ); + fwd_bit_count += Prepare_Data( Password&0xFFFF, Password>>16 ); + + SendForward(fwd_bit_count); + + //Wait for command to complete + SpinDelay(20); + +} + +void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { + + uint8_t fwd_bit_count; + uint8_t *dest = BigBuf_get_addr(); + int m=0, i=0; + + //If password mode do login + if (PwdMode == 1) EM4xLogin(Pwd); + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); + fwd_bit_count += Prepare_Addr( Address ); + + m = BigBuf_max_traceLen(); + // Clear destination buffer before sending the command + memset(dest, 128, m); + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + SendForward(fwd_bit_count); + + // Now do the acquisition + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + i++; + if (i >= m) break; + } + } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); +} + +void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { + + uint8_t fwd_bit_count; + + //If password mode do login + if (PwdMode == 1) EM4xLogin(Pwd); + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_WRITE ); + fwd_bit_count += Prepare_Addr( Address ); + fwd_bit_count += Prepare_Data( Data&0xFFFF, Data>>16 ); + + SendForward(fwd_bit_count); + + //Wait for write to complete + SpinDelay(20); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_D_OFF(); +} diff --git a/client/cmddata.c b/client/cmddata.c index 966e2a00..b8b95c04 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -133,19 +133,20 @@ int CmdAmp(const char *Cmd) * Updates the Graph trace with 0/1 values * * Arguments: - * c : 0 or 1 (or invert) + * c : 0 or 1 */ - //this method ignores the clock - - //this function strictly converts highs and lows to 1s and 0s for each sample in the graphbuffer + //this method is dependant on all highs and lows to be the same(or clipped) this creates issues[marshmellow] it also ignores the clock int Cmdaskdemod(const char *Cmd) { int i; int c, high = 0, low = 0; + // TODO: complain if we do not give 2 arguments here ! + // (AL - this doesn't make sense! we're only using one argument!!!) sscanf(Cmd, "%i", &c); - /* Detect high and lows */ + /* Detect high and lows and clock */ + // (AL - clock???) for (i = 0; i < GraphTraceLen; ++i) { if (GraphBuffer[i] > high) @@ -175,9 +176,9 @@ int Cmdaskdemod(const char *Cmd) * down) */ //[marhsmellow] change == to >= for high and <= for low for fuzz - if ((GraphBuffer[i] >= high) && (GraphBuffer[i - 1] == c)) { + if ((GraphBuffer[i] == high) && (GraphBuffer[i - 1] == c)) { GraphBuffer[i] = 1 - c; - } else if ((GraphBuffer[i] <= low) && (GraphBuffer[i - 1] == (1 - c))){ + } else if ((GraphBuffer[i] == low) && (GraphBuffer[i - 1] == (1 - c))){ GraphBuffer[i] = c; } else { /* No transition */ @@ -188,23 +189,6 @@ int Cmdaskdemod(const char *Cmd) return 0; } -//this function strictly converts >1 to 1 and <1 to 0 for each sample in the graphbuffer -int CmdGetBitStream(const char *Cmd) -{ - int i; - CmdHpf(Cmd); - for (i = 0; i < GraphTraceLen; i++) { - if (GraphBuffer[i] >= 1) { - GraphBuffer[i] = 1; - } else { - GraphBuffer[i] = 0; - } - } - RepaintGraphWindow(); - return 0; -} - - //by marshmellow void printBitStream(uint8_t BitStream[], uint32_t bitLen) { @@ -1970,7 +1954,6 @@ int CmdHide(const char *Cmd) return 0; } -//zero mean GraphBuffer int CmdHpf(const char *Cmd) { int i; @@ -2578,7 +2561,6 @@ static command_t CommandTable[] = {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, //{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, - {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, {"hide", CmdHide, 1, "Hide graph window"}, diff --git a/client/cmddata.h b/client/cmddata.h index a746d89f..673a2ba0 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -39,7 +39,6 @@ int CmdFSKrawdemod(const char *Cmd); int CmdPSK1rawDemod(const char *Cmd); int CmdPSK2rawDemod(const char *Cmd); int CmdGrid(const char *Cmd); -int CmdGetBitStream(const char *Cmd); int CmdHexsamples(const char *Cmd); int CmdHide(const char *Cmd); int CmdHpf(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index 1c53c204..1222b3ce 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -510,11 +510,11 @@ int CmdLFSnoop(const char *Cmd) static void ChkBitstream(const char *str) { int i; - + /* convert to bitstream if necessary */ for (i = 0; i < (int)(GraphTraceLen / 2); i++){ if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) { - CmdGetBitStream(""); + CmdBitstream(str); break; } } @@ -528,7 +528,6 @@ int CmdLFSim(const char *Cmd) sscanf(Cmd, "%i", &gap); /* convert to bitstream if necessary */ - ChkBitstream(Cmd); //can send 512 bits at a time (1 byte sent per bit...) @@ -879,7 +878,6 @@ int CmdLFpskSim(const char *Cmd) uint16_t arg1, arg2; arg1 = clk << 8 | carrier; arg2 = invert; - UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; if (DemodBufferLen > USB_CMD_DATA_SIZE) { PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); @@ -887,7 +885,6 @@ int CmdLFpskSim(const char *Cmd) PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen); memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); SendCommand(&c); - return 0; } @@ -902,7 +899,6 @@ int CmdLFSimBidir(const char *Cmd) } /* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */ -/* int CmdLFSimManchester(const char *Cmd) { static int clock, gap; @@ -923,7 +919,7 @@ int CmdLFSimManchester(const char *Cmd) CmdLFSim(gapstring); return 0; } -*/ + int CmdVchDemod(const char *Cmd) { @@ -1115,11 +1111,11 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, - //{"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, + {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 254d8807..18a28b10 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -23,7 +23,7 @@ int CmdLFaskSim(const char *Cmd); int CmdLFfskSim(const char *Cmd); int CmdLFpskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); -//int CmdLFSimManchester(const char *Cmd); +int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); int CmdVchDemod(const char *Cmd); int CmdLFfind(const char *Cmd); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index f6671bcd..232d5635 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -266,7 +266,7 @@ int CmdEM410xSim(const char *Cmd) /* stop bit */ AppendGraph(1, clock, 0); - CmdLFSim("0"); //240 start_gap. + CmdLFSim("240"); //240 start_gap. return 0; } diff --git a/client/graph.c b/client/graph.c index 190dfe8f..243da466 100644 --- a/client/graph.c +++ b/client/graph.c @@ -24,10 +24,10 @@ void AppendGraph(int redraw, int clock, int bit) int i; //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) for (i = 0; i < (int)(clock / 2); ++i) - GraphBuffer[GraphTraceLen++] = bit ; + GraphBuffer[GraphTraceLen++] = bit ^ 1; //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) for (i = (int)(clock / 2); i < clock; ++i) - GraphBuffer[GraphTraceLen++] = bit ^ 1; + GraphBuffer[GraphTraceLen++] = bit; if (redraw) RepaintGraphWindow(); From 78f5b1a77cad221aaa9739b8003c4ab3d2c7fbe8 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 6 Mar 2015 12:28:54 -0500 Subject: [PATCH 16/21] lf sim fixes/creations correct now fixed lf simpsk fixed lf em em410xsim fixed lf sim (can go right from lf search to lf sim if you have a strong antenna - if not use a demod first) --- armsrc/lfops.c | 106 ++++++--------------------------------------- client/cmddata.c | 34 +++++++++++---- client/cmddata.h | 1 + client/cmdlf.c | 14 +++--- client/cmdlf.h | 2 +- client/cmdlfem4x.c | 2 +- client/graph.c | 4 +- 7 files changed, 54 insertions(+), 109 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 3684eaaf..13cf2967 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -438,86 +438,6 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) } } -//Testing to fix timing issues by marshmellow (MM) -void SimulateTagLowFrequencyMM(int period, int gap, int ledcontrol) -{ - int i; - uint8_t *tab = BigBuf_get_addr(); - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); - - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - - #define SHORT_COIL() LOW(GPIO_SSC_DOUT) - #define OPEN_COIL() HIGH(GPIO_SSC_DOUT) - - i = 0; - while(!BUTTON_PRESS()) { - - WDT_HIT(); - //wait until reader carrier is HIGH - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - WDT_HIT(); - } - if (i>0){ - if (tab[i]!=tab[i-1]){ - // transition - if (ledcontrol) - LED_D_ON(); - - // modulate coil - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - - } else { //no transition - //NOTE: it appears the COIL transition messes with the detection of the carrier, so if a transition happened - // skip test for readers Carrier = LOW, otherwise we get a bit behind - - //wait until reader carrier is LOW - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - WDT_HIT(); - } - } - } else { - // transition - if (ledcontrol) - LED_D_ON(); - - // modulate coil - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - } - WDT_HIT(); - - - i++; - if(i == period) { - // end of data stream, gap then repeat - i = 0; - if (gap) { - SHORT_COIL(); - SpinDelayUs(gap); - } - } - } - DbpString("Stopped"); - return; -} - #define DEBUG_FRAME_CONTENTS 1 void SimulateTagLowFrequencyBidir(int divisor, int t0) { @@ -586,7 +506,7 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) for (idx=0; idx < (uint8_t) clock/c; idx++){ // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2+1){ + if (fcCnt < c/2){ dest[((*n)++)]=0; } else { //fudge low to high transition @@ -600,7 +520,7 @@ static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) if ((mod>0) && modAdjOk){ //fsk2 if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2+1){ + if (fcCnt < c/2){ dest[((*n)++)]=0; } else { //if (c==8 && fcCnt==5) continue; @@ -637,7 +557,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol) */ if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); + DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags"); return; } fc(0,&n); @@ -701,7 +621,8 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) } } Dbprintf("Simulating with fcHigh: %d, fcLow: %d, clk: %d, invert: %d, n: %d",fcHigh, fcLow, clk, invert, n); - Dbprintf("First 64:"); + WDT_HIT(); + /*Dbprintf("First 64:"); uint8_t *dest = BigBuf_get_addr(); i=0; Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); @@ -733,10 +654,10 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); i+=16; Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]); - + */ if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequencyMM(n, 0, ledcontrol); + SimulateTagLowFrequency(n, 0, ledcontrol); if (ledcontrol) LED_A_OFF(); @@ -779,7 +700,6 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) uint8_t manchester = arg1 & 1; uint8_t separator = arg2 & 1; uint8_t invert = (arg2 >> 8) & 1; - WDT_HIT(); for (i=0; i> 8) & 1; - uint8_t curPhase = 0; WDT_HIT(); + uint8_t curPhase = 0; for (i=0; i high) @@ -176,9 +175,9 @@ int Cmdaskdemod(const char *Cmd) * down) */ //[marhsmellow] change == to >= for high and <= for low for fuzz - if ((GraphBuffer[i] == high) && (GraphBuffer[i - 1] == c)) { + if ((GraphBuffer[i] >= high) && (GraphBuffer[i - 1] == c)) { GraphBuffer[i] = 1 - c; - } else if ((GraphBuffer[i] == low) && (GraphBuffer[i - 1] == (1 - c))){ + } else if ((GraphBuffer[i] <= low) && (GraphBuffer[i - 1] == (1 - c))){ GraphBuffer[i] = c; } else { /* No transition */ @@ -189,6 +188,23 @@ int Cmdaskdemod(const char *Cmd) return 0; } +//this function strictly converts >1 to 1 and <1 to 0 for each sample in the graphbuffer +int CmdGetBitStream(const char *Cmd) +{ + int i; + CmdHpf(Cmd); + for (i = 0; i < GraphTraceLen; i++) { + if (GraphBuffer[i] >= 1) { + GraphBuffer[i] = 1; + } else { + GraphBuffer[i] = 0; + } + } + RepaintGraphWindow(); + return 0; +} + + //by marshmellow void printBitStream(uint8_t BitStream[], uint32_t bitLen) { @@ -1954,6 +1970,7 @@ int CmdHide(const char *Cmd) return 0; } +//zero mean GraphBuffer int CmdHpf(const char *Cmd) { int i; @@ -2561,6 +2578,7 @@ static command_t CommandTable[] = {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"}, {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"}, //{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"}, + {"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"}, {"grid", CmdGrid, 1, " -- overlay grid on graph window, use zero value to turn off either"}, {"hexsamples", CmdHexsamples, 0, " [] -- Dump big buffer as hex bytes"}, {"hide", CmdHide, 1, "Hide graph window"}, diff --git a/client/cmddata.h b/client/cmddata.h index 673a2ba0..a746d89f 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -39,6 +39,7 @@ int CmdFSKrawdemod(const char *Cmd); int CmdPSK1rawDemod(const char *Cmd); int CmdPSK2rawDemod(const char *Cmd); int CmdGrid(const char *Cmd); +int CmdGetBitStream(const char *Cmd); int CmdHexsamples(const char *Cmd); int CmdHide(const char *Cmd); int CmdHpf(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index 1222b3ce..1c53c204 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -510,11 +510,11 @@ int CmdLFSnoop(const char *Cmd) static void ChkBitstream(const char *str) { int i; - + /* convert to bitstream if necessary */ for (i = 0; i < (int)(GraphTraceLen / 2); i++){ if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) { - CmdBitstream(str); + CmdGetBitStream(""); break; } } @@ -528,6 +528,7 @@ int CmdLFSim(const char *Cmd) sscanf(Cmd, "%i", &gap); /* convert to bitstream if necessary */ + ChkBitstream(Cmd); //can send 512 bits at a time (1 byte sent per bit...) @@ -878,6 +879,7 @@ int CmdLFpskSim(const char *Cmd) uint16_t arg1, arg2; arg1 = clk << 8 | carrier; arg2 = invert; + UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; if (DemodBufferLen > USB_CMD_DATA_SIZE) { PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); @@ -885,6 +887,7 @@ int CmdLFpskSim(const char *Cmd) PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen); memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); SendCommand(&c); + return 0; } @@ -899,6 +902,7 @@ int CmdLFSimBidir(const char *Cmd) } /* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */ +/* int CmdLFSimManchester(const char *Cmd) { static int clock, gap; @@ -919,7 +923,7 @@ int CmdLFSimManchester(const char *Cmd) CmdLFSim(gapstring); return 0; } - +*/ int CmdVchDemod(const char *Cmd) { @@ -1111,11 +1115,11 @@ static command_t CommandTable[] = {"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [trs separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, - {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, + //{"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 18a28b10..254d8807 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -23,7 +23,7 @@ int CmdLFaskSim(const char *Cmd); int CmdLFfskSim(const char *Cmd); int CmdLFpskSim(const char *Cmd); int CmdLFSimBidir(const char *Cmd); -int CmdLFSimManchester(const char *Cmd); +//int CmdLFSimManchester(const char *Cmd); int CmdLFSnoop(const char *Cmd); int CmdVchDemod(const char *Cmd); int CmdLFfind(const char *Cmd); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 232d5635..f6671bcd 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -266,7 +266,7 @@ int CmdEM410xSim(const char *Cmd) /* stop bit */ AppendGraph(1, clock, 0); - CmdLFSim("240"); //240 start_gap. + CmdLFSim("0"); //240 start_gap. return 0; } diff --git a/client/graph.c b/client/graph.c index 243da466..190dfe8f 100644 --- a/client/graph.c +++ b/client/graph.c @@ -24,10 +24,10 @@ void AppendGraph(int redraw, int clock, int bit) int i; //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) for (i = 0; i < (int)(clock / 2); ++i) - GraphBuffer[GraphTraceLen++] = bit ^ 1; + GraphBuffer[GraphTraceLen++] = bit ; //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) for (i = (int)(clock / 2); i < clock; ++i) - GraphBuffer[GraphTraceLen++] = bit; + GraphBuffer[GraphTraceLen++] = bit ^ 1; if (redraw) RepaintGraphWindow(); From 712ebfa6df669447f50f23680b029df07e98d429 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 7 Mar 2015 23:31:23 -0500 Subject: [PATCH 17/21] 1 bug fix + code trimming --- armsrc/lfops.c | 178 ++++++++++++----------------------------------- client/cmddata.h | 1 + client/cmdlf.c | 15 ++-- common/lfdemod.c | 8 +-- 4 files changed, 58 insertions(+), 144 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 13cf2967..a5c4a64d 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -461,7 +461,7 @@ static void fc(int c, int *n) dest[((*n)++)]=0; } - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples + // an fc/8 encoded bit is a bit pattern of 11110000 x6 = 48 samples if(c==8) { for (idx=0; idx<6; idx++) { dest[((*n)++)]=1; @@ -475,7 +475,7 @@ static void fc(int c, int *n) } } - // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples + // an fc/10 encoded bit is a bit pattern of 1111100000 x5 = 50 samples if(c==10) { for (idx=0; idx<5; idx++) { dest[((*n)++)]=1; @@ -492,52 +492,33 @@ static void fc(int c, int *n) } } // compose fc/X fc/Y waveform (FSKx) -static void fcAll(uint8_t c, int *n, uint8_t clock, uint16_t *modCnt) +static void fcAll(uint8_t fc, int *n, uint8_t clock, uint16_t *modCnt) { uint8_t *dest = BigBuf_get_addr(); - uint8_t idx; - uint8_t fcCnt; - // c = count of field clock for this bit - uint8_t mod = clock % c; - uint8_t modAdj = c/mod; - bool modAdjOk=FALSE; - if (c % mod==0) modAdjOk=TRUE; + uint8_t halfFC = fc/2; + uint8_t wavesPerClock = clock/fc; + uint8_t mod = clock % fc; //modifier + uint8_t modAdj = fc/mod; //how often to apply modifier + bool modAdjOk = !(fc % mod); //if (fc % mod==0) modAdjOk=TRUE; // loop through clock - step field clock - for (idx=0; idx < (uint8_t) clock/c; idx++){ - // loop through field clock length - put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) - for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2){ - dest[((*n)++)]=0; - } else { - //fudge low to high transition - //if (idx==clock/c && dest[*n-1]==1 && mod>0) dest[((*n++))]=0; - //if (c==8 && fcCnt==5) continue; - dest[((*n)++)]=1; - } - } + for (uint8_t idx=0; idx < wavesPerClock; idx++){ + // put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave) + memset(dest+(*n), 0, fc-halfFC); //in case of odd number use extra here + memset(dest+(*n)+(fc-halfFC), 1, halfFC); + *n += fc; } if (mod>0) (*modCnt)++; if ((mod>0) && modAdjOk){ //fsk2 if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave - for (fcCnt=0; fcCnt < c; fcCnt++){ //fudge slow transition from low to high - shorten wave by 1 - if (fcCnt < c/2){ - dest[((*n)++)]=0; - } else { - //if (c==8 && fcCnt==5) continue; - dest[((*n)++)]=1; - } - } + memset(dest+(*n), 0, fc-halfFC); + memset(dest+(*n)+(fc-halfFC), 1, halfFC); + *n += fc; } } - //Dbprintf("mod: %d, modAdj %d, modc %d",mod, modAdj, c % mod); if (mod>0 && !modAdjOk){ //fsk1 - for (idx=0; idx < mod; idx++){ - if (idx < mod/2) { - dest[((*n)++)]=0; - } else { - dest[((*n)++)]=1; - } - } + memset(dest+(*n), 0, mod-(mod/2)); + memset(dest+(*n)+(mod-(mod/2)), 1, mod/2); + *n += mod; } } @@ -607,12 +588,9 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) uint8_t fcHigh = arg1 >> 8; uint8_t fcLow = arg1 & 0xFF; uint16_t modCnt = 0; - //spacer bit uint8_t clk = arg2 & 0xFF; uint8_t invert = (arg2 >> 8) & 1; - //fcAll(0, &n, clk); - - WDT_HIT(); + for (i=0; i> 8; uint8_t carrier = arg1 & 0xFF; uint8_t invert = arg2 & 0xFF; - //uint8_t phase = carrier/2; //extra phase changing bits = 1/2 a carrier wave to change the phase - //uint8_t invert = (arg2 >> 8) & 1; - WDT_HIT(); uint8_t curPhase = 0; for (i=0; i Data to sim as hex - omit to sim from DemodBuffer"); return 0; } + // by marshmellow - sim ask data given clock, fcHigh, fcLow, invert // - allow pull data from DemodBuffer int CmdLFfskSim(const char *Cmd) diff --git a/common/lfdemod.c b/common/lfdemod.c index 144cb327..b6135fb7 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -1094,11 +1094,9 @@ void psk1TOpsk2(uint8_t *BitStream, size_t size) // from only transition waves are 1s to phase shifts change bit void psk2TOpsk1(uint8_t *BitStream, size_t size) { - size_t i; - uint8_t phase=BitStream[0]; - //uint8_t lastBit=BitStream[0]; - for (i=1; i Date: Sun, 8 Mar 2015 18:07:01 -0400 Subject: [PATCH 18/21] fixed rawdemod help options --- client/cmddata.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 966e2a00..0bd8a7a9 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1786,11 +1786,11 @@ int CmdNRZrawDemod(const char *Cmd) PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data nrzrawdemod = demod a nrz/direct tag from GraphBuffer"); - PrintAndLog(" : data nrzrawdemod 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data nrzrawdemod 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data nrzrawdemod 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); - PrintAndLog(" : data nrzrawdemod 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod nr = demod a nrz/direct tag from GraphBuffer"); + PrintAndLog(" : data rawdemod nr 32 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod nr 32 1 = demod a nrz/direct tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data rawdemod nr 1 = demod a nrz/direct tag from GraphBuffer while inverting data"); + PrintAndLog(" : data rawdemod nr 64 1 0 = demod a nrz/direct tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); return 0; } return NRZrawDemod(Cmd, TRUE); @@ -1810,11 +1810,11 @@ int CmdPSK1rawDemod(const char *Cmd) PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data psk1rawdemod = demod a psk1 tag from GraphBuffer"); - PrintAndLog(" : data psk1rawdemod 32 = demod a psk1 tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data psk1rawdemod 32 1 = demod a psk1 tag from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLog(" : data psk1rawdemod 1 = demod a psk1 tag from GraphBuffer while inverting data"); - PrintAndLog(" : data psk1rawdemod 64 1 0 = demod a psk1 tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod p1 = demod a psk1 tag from GraphBuffer"); + PrintAndLog(" : data rawdemod p1 32 = demod a psk1 tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod p1 32 1 = demod a psk1 tag from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLog(" : data rawdemod p1 1 = demod a psk1 tag from GraphBuffer while inverting data"); + PrintAndLog(" : data rawdemod p1 64 1 0 = demod a psk1 tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"); return 0; } errCnt = PSKDemod(Cmd, TRUE); @@ -1844,11 +1844,11 @@ int CmdPSK2rawDemod(const char *Cmd) PrintAndLog(" , 1 for invert output"); PrintAndLog(" [set maximum allowed errors], default = 100."); PrintAndLog(""); - PrintAndLog(" sample: data psk2rawdemod = demod a psk2 tag from GraphBuffer, autodetect clock"); - PrintAndLog(" : data psk2rawdemod 32 = demod a psk2 tag from GraphBuffer using a clock of RF/32"); - PrintAndLog(" : data psk2rawdemod 32 1 = demod a psk2 tag from GraphBuffer using a clock of RF/32 and inverting output"); - PrintAndLog(" : data psk2rawdemod 1 = demod a psk2 tag from GraphBuffer, autodetect clock and invert output"); - PrintAndLog(" : data psk2rawdemod 64 1 0 = demod a psk2 tag from GraphBuffer using a clock of RF/64, inverting output and allowing 0 demod errors"); + PrintAndLog(" sample: data rawdemod p2 = demod a psk2 tag from GraphBuffer, autodetect clock"); + PrintAndLog(" : data rawdemod p2 32 = demod a psk2 tag from GraphBuffer using a clock of RF/32"); + PrintAndLog(" : data rawdemod p2 32 1 = demod a psk2 tag from GraphBuffer using a clock of RF/32 and inverting output"); + PrintAndLog(" : data rawdemod p2 1 = demod a psk2 tag from GraphBuffer, autodetect clock and invert output"); + PrintAndLog(" : data rawdemod p2 64 1 0 = demod a psk2 tag from GraphBuffer using a clock of RF/64, inverting output and allowing 0 demod errors"); return 0; } errCnt=PSKDemod(Cmd, TRUE); From ada339a10f1dbe7694ae92393271a9e156fe9ec4 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 9 Mar 2015 15:27:20 -0400 Subject: [PATCH 19/21] biphase bug fixes --- armsrc/lfops.c | 5 +++++ client/cmddata.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index a5c4a64d..468f5830 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -642,6 +642,11 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream) for (i=0; i Date: Mon, 9 Mar 2015 15:58:06 -0400 Subject: [PATCH 20/21] sim buffer max settings tests --- client/cmdlf.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index c72d84d7..79d6787b 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -685,11 +685,14 @@ int CmdLFfskSim(const char *Cmd) uint16_t arg1, arg2; arg1 = fcHigh << 8 | fcLow; arg2 = invert << 8 | clk; - UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; - if (DemodBufferLen > USB_CMD_DATA_SIZE) { - PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); - } - memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + size_t size = DemodBufferLen; + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size = USB_CMD_DATA_SIZE; + } + UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}}; + + memcpy(c.d.asBytes, DemodBuffer, size); SendCommand(&c); return 0; } @@ -778,7 +781,6 @@ int CmdLFaskSim(const char *Cmd) size = USB_CMD_DATA_SIZE; } UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}}; - PrintAndLog("preparing to sim ask data: %d bits", size); memcpy(c.d.asBytes, DemodBuffer, size); SendCommand(&c); @@ -880,13 +882,14 @@ int CmdLFpskSim(const char *Cmd) uint16_t arg1, arg2; arg1 = clk << 8 | carrier; arg2 = invert; - - UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, DemodBufferLen}}; - if (DemodBufferLen > USB_CMD_DATA_SIZE) { - PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", DemodBufferLen, USB_CMD_DATA_SIZE); + size_t size=DemodBufferLen; + if (size > USB_CMD_DATA_SIZE) { + PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE); + size=USB_CMD_DATA_SIZE; } - PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", DemodBufferLen); - memcpy(c.d.asBytes, DemodBuffer, DemodBufferLen); + UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, size}}; + PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", size); + memcpy(c.d.asBytes, DemodBuffer, size); SendCommand(&c); return 0; From 13024283676d477113b2a9d5a5ccf71c50bc7bbe Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 9 Mar 2015 16:56:00 -0400 Subject: [PATCH 21/21] finish data printdemodbuffer command --- client/cmddata.c | 21 +++++++++++++++++++-- common/lfdemod.c | 2 +- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index e6e4dc0a..95c7dc87 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -86,7 +86,24 @@ void printDemodBuff(void) int CmdPrintDemodBuff(const char *Cmd) { - printDemodBuff(); + char hex; + char printBuff[512]={0x00}; + uint8_t numBits = DemodBufferLen & 0xFFF0; + sscanf(Cmd, "%c", &hex); + if (hex == 'h'){ + PrintAndLog("Usage: data printdemodbuffer [x]"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" x output in hex (omit for binary output)"); + return 0; + } + if (hex == 'x'){ + numBits = binarraytohex(printBuff, (char *)DemodBuffer, numBits); + if (numBits==0) return 0; + PrintAndLog("DemodBuffer: %s",printBuff); + } else { + printDemodBuff(); + } return 1; } int CmdAmp(const char *Cmd) @@ -2595,7 +2612,7 @@ static command_t CommandTable[] = //{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"}, - {"printdemodbuffer",CmdPrintDemodBuff,1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, + {"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"}, {"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"}, //{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"}, //{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"}, diff --git a/common/lfdemod.c b/common/lfdemod.c index b6135fb7..a42566ad 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -1598,7 +1598,7 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert) *clock = DetectPSKClock(dest, *size, *clock); if (*clock==0) return -1; int avgWaveVal=0, lastAvgWaveVal=0; - //find first full wave + //find first phase shift for (i=0; i= dest[i+2]){ if (waveStart == 0) {