Merge branch 'master' into GenericTracing

Conflicts:
	armsrc/iso14443a.c

armsrc/appmain.c

@@ -136,12 +136,25 @@ static int ReadAdc(int ch)
 
 	AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
 	AT91C_BASE_ADC->ADC_MR =
-		ADC_MODE_PRESCALE(32) |
+		ADC_MODE_PRESCALE(63  /* was 32 */) |							// ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
-		ADC_MODE_STARTUP_TIME(16) |
+		ADC_MODE_STARTUP_TIME(1  /* was 16 */) |						// Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us     Note: must be > 20us
-		ADC_MODE_SAMPLE_HOLD_TIME(8);
+		ADC_MODE_SAMPLE_HOLD_TIME(15  /* was 8 */); 					// Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
+
+	// Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value. 
+	// Both AMPL_LO and AMPL_HI are very high impedance (10MOhm) outputs, the input capacitance of the ADC is 12pF (typical). This results in a time constant
+	// of RC = 10MOhm * 12pF = 120us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged. 
+	// 
+	// The maths are:
+	// If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
+	//
+	//       v_cap = v_in * (1 - exp(-RC/SHTIM))  =   v_in * (1 - exp(-3))  =  v_in * 0,95                   (i.e. an error of 5%)
+	// 
+	// Note: with the "historic" values in the comments above, the error was 34%  !!!
+	
 	AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
 
 	AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
+
 	while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
 		;
 	d = AT91C_BASE_ADC->ADC_CDR[ch];
@@ -184,9 +197,7 @@ void MeasureAntennaTuning(void)
     WDT_HIT();
 		FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
 		SpinDelay(20);
-		// Vref = 3.3V, and a 10000:240 voltage divider on the input
+		adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
-		// can measure voltages up to 137500 mV
-		adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
 		if (i==95) 	vLf125 = adcval; // voltage at 125Khz
 		if (i==89) 	vLf134 = adcval; // voltage at 134Khz
 
@@ -206,11 +217,9 @@ void MeasureAntennaTuning(void)
   	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
 	SpinDelay(20);
-	// Vref = 3300mV, and an 10:1 voltage divider on the input
+	vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
-	// can measure voltages up to 33000 mV
-	vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
 
-	cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
+	cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LED_A_OFF();
 	LED_B_OFF();
@@ -223,19 +232,21 @@ void MeasureAntennaTuningHf(void)
 
 	DbpString("Measuring HF antenna, press button to exit");
 
+	// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
+	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
+
 	for (;;) {
-		// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
-		FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-		FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
 		SpinDelay(20);
-		// Vref = 3300mV, and an 10:1 voltage divider on the input
+		vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
-		// can measure voltages up to 33000 mV
-		vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
 
 		Dbprintf("%d mV",vHf);
 		if (BUTTON_PRESS()) break;
 	}
 	DbpString("cancelled");
+
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+
 }
 
 
@@ -513,26 +524,32 @@ static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
 
 void ListenReaderField(int limit)
 {
-	int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
+	int lf_av, lf_av_new, lf_baseline= 0, lf_max;
-	int hf_av, hf_av_new,  hf_baseline= 0, hf_count= 0, hf_max;
+	int hf_av, hf_av_new,  hf_baseline= 0, hf_max;
 	int mode=1, display_val, display_max, i;
 
-#define LF_ONLY		1
+#define LF_ONLY						1
-#define HF_ONLY		2
+#define HF_ONLY						2
+#define REPORT_CHANGE			 	10    // report new values only if they have changed at least by REPORT_CHANGE
+
+
+	// switch off FPGA - we don't want to measure our own signal
+	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 
 	LEDsoff();
 
-	lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
+	lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
 
 	if(limit != HF_ONLY) {
-		Dbprintf("LF 125/134 Baseline: %d", lf_av);
+		Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
 		lf_baseline = lf_av;
 	}
 
-	hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
+	hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
 
 	if (limit != LF_ONLY) {
-		Dbprintf("HF 13.56 Baseline: %d", hf_av);
+		Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
 		hf_baseline = hf_av;
 	}
 
@@ -555,38 +572,38 @@ void ListenReaderField(int limit)
 		WDT_HIT();
 
 		if (limit != HF_ONLY) {
-			if(mode==1) {
+			if(mode == 1) {
-				if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
+				if (abs(lf_av - lf_baseline) > REPORT_CHANGE) 
-				else                               LED_D_OFF();
+					LED_D_ON();
+				else
+					LED_D_OFF();
 			}
 
-			++lf_count;
+			lf_av_new = AvgAdc(ADC_CHAN_LF);
-			lf_av_new= ReadAdc(ADC_CHAN_LF);
 			// see if there's a significant change
-			if(abs(lf_av - lf_av_new) > 10) {
+			if(abs(lf_av - lf_av_new) > REPORT_CHANGE) {
-				Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
+				Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
 				lf_av = lf_av_new;
 				if (lf_av > lf_max)
 					lf_max = lf_av;
-				lf_count= 0;
 			}
 		}
 
 		if (limit != LF_ONLY) {
 			if (mode == 1){
-				if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
+				if (abs(hf_av - hf_baseline) > REPORT_CHANGE) 	
-				else                               LED_B_OFF();
+					LED_B_ON();
+				else
+					LED_B_OFF();
 			}
 
-			++hf_count;
+			hf_av_new = AvgAdc(ADC_CHAN_HF);
-			hf_av_new= ReadAdc(ADC_CHAN_HF);
 			// see if there's a significant change
-			if(abs(hf_av - hf_av_new) > 10) {
+			if(abs(hf_av - hf_av_new) > REPORT_CHANGE) {
-				Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
+				Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
 				hf_av = hf_av_new;
 				if (hf_av > hf_max)
 					hf_max = hf_av;
-				hf_count= 0;
 			}
 		}
 

armsrc/apps.h

@@ -38,6 +38,10 @@ void DbpString(char *str);
 void Dbprintf(const char *fmt, ...);
 void Dbhexdump(int len, uint8_t *d, bool bAsci);
 
+// ADC Vref = 3300mV, and an (10M+1M):1M voltage divider on the HF input can measure voltages up to 36300 mV
+#define MAX_ADC_HF_VOLTAGE 36300
+// ADC Vref = 3300mV, and an (10000k+240k):240k voltage divider on the LF input can measure voltages up to 140800 mV
+#define MAX_ADC_LF_VOLTAGE 140800
 int AvgAdc(int ch);
 
 void ToSendStuffBit(int b);

armsrc/iso14443a.c

@@ -243,26 +243,27 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
 
 	Uart.twoBits = (Uart.twoBits << 8) | bit;
 	
-	if (Uart.state == STATE_UNSYNCD) {												// not yet synced
+	if (Uart.state == STATE_UNSYNCD) {											// not yet synced
 	
-		if (Uart.highCnt < 7) {													// wait for a stable unmodulated signal
+		if (Uart.highCnt < 2) {													// wait for a stable unmodulated signal
 			if (Uart.twoBits == 0xffff) {
 				Uart.highCnt++;
 			} else {
 				Uart.highCnt = 0;
 			}
 		} else {	
-			Uart.syncBit = 0xFFFF; // not set
+			Uart.syncBit = 0xFFFF; 												// not set
-			// look for 00xx1111 (the start bit)
+																				// we look for a ...1111111100x11111xxxxxx pattern (the start bit)
-			if 		((Uart.twoBits & 0x6780) == 0x0780) Uart.syncBit = 7; 
+			if 		((Uart.twoBits & 0xDF00) == 0x1F00) Uart.syncBit = 8;   	// mask is   11x11111 xxxxxxxx, 
-			else if ((Uart.twoBits & 0x33C0) == 0x03C0) Uart.syncBit = 6;
+																				// check for 00x11111 xxxxxxxx
-			else if ((Uart.twoBits & 0x19E0) == 0x01E0) Uart.syncBit = 5;
+			else if	((Uart.twoBits & 0xEF80) == 0x8F80) Uart.syncBit = 7;		// both masks shifted right one bit, left padded with '1'
-			else if ((Uart.twoBits & 0x0CF0) == 0x00F0) Uart.syncBit = 4;
+			else if ((Uart.twoBits & 0xF7C0) == 0xC7C0) Uart.syncBit = 6;		// ...
-			else if ((Uart.twoBits & 0x0678) == 0x0078) Uart.syncBit = 3;
+			else if ((Uart.twoBits & 0xFBE0) == 0xE3E0) Uart.syncBit = 5;
-			else if ((Uart.twoBits & 0x033C) == 0x003C) Uart.syncBit = 2;
+			else if ((Uart.twoBits & 0xFDF0) == 0xF1F0) Uart.syncBit = 4;
-			else if ((Uart.twoBits & 0x019E) == 0x001E) Uart.syncBit = 1;
+			else if ((Uart.twoBits & 0xFEF8) == 0xF8F8) Uart.syncBit = 3;
-			else if ((Uart.twoBits & 0x00CF) == 0x000F) Uart.syncBit = 0;
+			else if ((Uart.twoBits & 0xFF7C) == 0xFC7C) Uart.syncBit = 2;
-			if (Uart.syncBit != 0xFFFF) {
+			else if ((Uart.twoBits & 0xFFBE) == 0xFE3E) Uart.syncBit = 1;
+			if (Uart.syncBit != 0xFFFF) {										// found a sync bit
 				Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
 				Uart.startTime -= Uart.syncBit;
 				Uart.endTime = Uart.startTime;
@@ -275,11 +276,9 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
 		if (IsMillerModulationNibble1(Uart.twoBits >> Uart.syncBit)) {			
 			if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) {		// Modulation in both halves - error
 				UartReset();
-				Uart.highCnt = 6;
 			} else {															// Modulation in first half = Sequence Z = logic "0"
 				if (Uart.state == STATE_MILLER_X) {								// error - must not follow after X
 					UartReset();
-					Uart.highCnt = 6;
 				} else {
 					Uart.bitCount++;
 					Uart.shiftReg = (Uart.shiftReg >> 1);						// add a 0 to the shiftreg
@@ -334,12 +333,13 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
 					if (Uart.len) {
 						return TRUE;											// we are finished with decoding the raw data sequence
 					} else {
-						UartReset();					// Nothing receiver - start over
+						UartReset();											// Nothing received - start over
+						Uart.highCnt = 1;
 					}
 				}
 				if (Uart.state == STATE_START_OF_COMMUNICATION) {				// error - must not follow directly after SOC
 					UartReset();
-					Uart.highCnt = 6;
+					Uart.highCnt = 1;
 				} else {														// a logic "0"
 					Uart.bitCount++;
 					Uart.shiftReg = (Uart.shiftReg >> 1);						// add a 0 to the shiftreg
@@ -1358,6 +1358,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p
   CodeIso14443aBitsAsReaderPar(cmd, len*8, parity);
 }
 
+
 //-----------------------------------------------------------------------------
 // Wait for commands from reader
 // Stop when button is pressed (return 1) or field was gone (return 2)
@@ -1380,9 +1381,9 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
 	// Set ADC to read field strength
 	AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
 	AT91C_BASE_ADC->ADC_MR =
-				ADC_MODE_PRESCALE(32) |
+				ADC_MODE_PRESCALE(63) |
-				ADC_MODE_STARTUP_TIME(16) |
+				ADC_MODE_STARTUP_TIME(1) |
-				ADC_MODE_SAMPLE_HOLD_TIME(8);
+				ADC_MODE_SAMPLE_HOLD_TIME(15);
 	AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
 	// start ADC
 	AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
@@ -1404,7 +1405,7 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
 			analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
 			AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
 			if (analogCnt >= 32) {
-				if ((33000 * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
+				if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
 					vtime = GetTickCount();
 					if (!timer) timer = vtime;
 					// 50ms no field --> card to idle state
@@ -1479,7 +1480,8 @@ static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNe
 	}
 
 	// Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
-	for (i = 0; i < 2 ; ) {
+	uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
+	for (i = 0; i <= fpga_queued_bits/8 + 1; ) {
 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
 			AT91C_BASE_SSC->SSC_THR = SEC_F;
 			FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@@ -2197,6 +2199,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 
 	// free eventually allocated BigBuf memory but keep Emulator Memory
 	BigBuf_free_keep_EM();
+
 	// clear trace
 	clear_trace();
 	set_tracing(TRUE);
@@ -2261,10 +2264,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 		WDT_HIT();
 
 		// find reader field
-		// Vref = 3300mV, and an 10:1 voltage divider on the input
-		// can measure voltages up to 33000 mV
 		if (cardSTATE == MFEMUL_NOFIELD) {
-			vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
+			vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
 			if (vHf > MF_MINFIELDV) {
 				cardSTATE_TO_IDLE();
 				LED_A_ON();
@@ -2339,6 +2340,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 					LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 					break;
 				}
+
 				uint32_t ar = bytes_to_num(receivedCmd, 4);
 				uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
 
@@ -2445,6 +2447,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 						ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); 
 						num_to_bytes(ans, 4, rAUTH_AT);
 					}
+
 					EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
 					//Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
 					cardSTATE = MFEMUL_AUTH1;
@@ -2625,7 +2628,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 		if(ar_nr_collected > 1) {
 			Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
 			Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
-					 ar_nr_responses[0], // UID
+					ar_nr_responses[0], // UID
 					ar_nr_responses[1], //NT
 					ar_nr_responses[2], //AR1
 					ar_nr_responses[3], //NR1
@@ -2645,6 +2648,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 		}
 	}
 	if (MF_DBGLEVEL >= 1)	Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ",	tracing, BigBuf_get_traceLen());
+	
 }
 
 

armsrc/lfops.c

@@ -640,7 +640,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
     uint8_t *dest = BigBuf_get_addr();
 
 	size_t size=0, idx=0;
-    int clk=0, invert=0, errCnt=0;
+    int clk=0, invert=0, errCnt=0, maxErr=20;
     uint64_t lo=0;
     // Configure to go in 125Khz listen mode
     LFSetupFPGAForADC(95, true);
@@ -654,7 +654,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
 		size  = BigBuf_max_traceLen();
         //Dbprintf("DEBUG: Buffer got");
 		//askdemod and manchester decode
-		errCnt = askmandemod(dest, &size, &clk, &invert);
+		errCnt = askmandemod(dest, &size, &clk, &invert, maxErr);
         //Dbprintf("DEBUG: ASK Got");
         WDT_HIT();
 

client/cmddata.h

@@ -17,6 +17,7 @@ int CmdData(const char *Cmd);
 void printDemodBuff();
 int CmdAmp(const char *Cmd);
 int Cmdaskdemod(const char *Cmd);
+int CmdAskEM410xDemod(const char *Cmd);
 int Cmdaskrawdemod(const char *Cmd);
 int Cmdaskmandemod(const char *Cmd);
 int CmdAutoCorr(const char *Cmd);
@@ -33,8 +34,8 @@ int CmdFSKdemodIO(const char *Cmd);
 int CmdFSKdemodParadox(const char *Cmd);
 int CmdFSKdemodPyramid(const char *Cmd);
 int CmdFSKrawdemod(const char *Cmd);
-int CmdDetectNRZpskClockRate(const char *Cmd);
+int CmdPSK1rawDemod(const char *Cmd);
-int CmdpskNRZrawDemod(const char *Cmd);
+int CmdPSK2rawDemod(const char *Cmd);
 int CmdGrid(const char *Cmd);
 int CmdHexsamples(const char *Cmd);
 int CmdHide(const char *Cmd);
@@ -46,6 +47,7 @@ int Cmdmandecoderaw(const char *Cmd);
 int CmdManchesterDemod(const char *Cmd);
 int CmdManchesterMod(const char *Cmd);
 int CmdNorm(const char *Cmd);
+int CmdNRZrawDemod(const char *Cmd);
 int CmdPlot(const char *Cmd);
 int CmdSamples(const char *Cmd);
 int CmdTuneSamples(const char *Cmd);

client/cmdhfmf.c

@@ -1433,27 +1433,60 @@ int CmdHF14AMfCSetUID(const char *Cmd)
 	uint8_t wipeCard = 0;
 	uint8_t uid[8] = {0x00};
 	uint8_t oldUid[8] = {0x00};
+	uint8_t atqa[2] = {0x00};
+	uint8_t sak[1] = {0x00};
+	uint8_t atqaPresent = 1;
 	int res;
+	char ctmp;
+	int argi=0;
 
-	if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
+	if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {
-		PrintAndLog("Usage:  hf mf csetuid <UID 8 hex symbols> <w>");
+		PrintAndLog("Usage:  hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");
-		PrintAndLog("sample:  hf mf csetuid 01020304 w");
+		PrintAndLog("sample:  hf mf csetuid 01020304");
-		PrintAndLog("Set UID for magic Chinese card (only works with!!!)");
+		PrintAndLog("sample:  hf mf csetuid 01020304 0004 08 w");
-		PrintAndLog("If you want wipe card then add 'w' into command line. \n");
+		PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
+		PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
 		return 0;
 	}
 
-	if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
+	if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {
 		PrintAndLog("UID must include 8 HEX symbols");
 		return 1;
 	}
+	argi++;
 
-	char ctmp = param_getchar(Cmd, 1);
+	ctmp = param_getchar(Cmd, argi);
-	if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;
+	if (ctmp == 'w' || ctmp == 'W') {
+		wipeCard = 1;
+		atqaPresent = 0;
+	}
+
+	if (atqaPresent) {
+		if (param_getchar(Cmd, argi)) {
+			if (param_gethex(Cmd, argi, atqa, 4)) {
+				PrintAndLog("ATQA must include 4 HEX symbols");
+				return 1;
+			}
+			argi++;
+			if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {
+				PrintAndLog("SAK must include 2 HEX symbols");
+				return 1;
+			}
+			argi++;
+		} else
+			atqaPresent = 0;
+	}
+
+	if(!wipeCard) {
+		ctmp = param_getchar(Cmd, argi);
+		if (ctmp == 'w' || ctmp == 'W') {
+			wipeCard = 1;
+		}
+	}
 
 	PrintAndLog("--wipe card:%s  uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));
 
-	res = mfCSetUID(uid, oldUid, wipeCard);
+	res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);
 	if (res) {
 			PrintAndLog("Can't set UID. error=%d", res);
 			return 1;

client/cmdlf.c

@@ -662,26 +662,31 @@ int CmdVchDemod(const char *Cmd)
 int CmdLFfind(const char *Cmd)
 {
   int ans=0;
-	char cmdp = param_getchar(Cmd, 0);
+  char cmdp = param_getchar(Cmd, 0);
+  char testRaw = param_getchar(Cmd, 1);
+  if (strlen(Cmd) > 2 || cmdp == 'h' || cmdp == 'H') {
+    PrintAndLog("Usage:  lf search <0|1> [u]");
+    PrintAndLog("     <use data from Graphbuffer> , if not set, try reading data from tag.");
+    PrintAndLog("     [Search for Unknown tags] , if not set, reads only known tags.");
+    PrintAndLog("");
+    PrintAndLog("    sample: lf search     = try reading data from tag & search for known tags");
+    PrintAndLog("          : lf search 1   = use data from GraphBuffer & search for known tags");
+    PrintAndLog("          : lf search u   = try reading data from tag & search for known and unknown tags");
+    PrintAndLog("          : lf search 1 u = use data from GraphBuffer & search for known and unknown tags");
 
-	if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {
+    return 0;
-		PrintAndLog("Usage:  lf search <0|1>");
-		PrintAndLog("     <use data from Graphbuffer>, if not set, try reading data from tag.");
-		PrintAndLog("");
-		PrintAndLog("    sample: lf search");
-		PrintAndLog("          : lf search 1");
-		return 0;
-	}
-
-	if (!offline && (cmdp != '1')){
-    ans=CmdLFRead("");
-    ans=CmdSamples("20000");
-	} else if (GraphTraceLen < 1000) {
-		PrintAndLog("Data in Graphbuffer was too small.");
-		return 0;
   }
 
+  if (!offline && (cmdp != '1')){
+    ans=CmdLFRead("");
+    ans=CmdSamples("20000");
+  } else if (GraphTraceLen < 1000) {
+    PrintAndLog("Data in Graphbuffer was too small.");
+    return 0;
+  }
+  if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
   PrintAndLog("NOTE: some demods output possible binary\n  if it finds something that looks like a tag");
+  PrintAndLog("False Positives ARE possible\n");  
   PrintAndLog("\nChecking for known tags:\n");
   ans=CmdFSKdemodIO("");
   if (ans>0) {
@@ -714,12 +719,37 @@ int CmdLFfind(const char *Cmd)
     PrintAndLog("\nValid Indala ID Found!");
     return 1;
   }
-  ans=Cmdaskmandemod("");
+  ans=CmdAskEM410xDemod("");
   if (ans>0) {
     PrintAndLog("\nValid EM410x ID Found!");
     return 1;
   }
-  PrintAndLog("No Known Tags Found!\n");
+  PrintAndLog("\nNo Known Tags Found!\n");
+  if (testRaw=='u' || testRaw=='U'){
+    //test unknown tag formats (raw mode)
+    PrintAndLog("\nChecking for Unknown tags:\n");
+    ans=CmdDetectClockRate("f");
+    if (ans != 0){ //fsk
+      ans=CmdFSKrawdemod("");
+      if (ans>0) {
+        PrintAndLog("\nUnknown FSK Modulated Tag Found!");
+        return 1;
+      }
+    }
+    ans=Cmdaskmandemod("");
+    if (ans>0) {
+      PrintAndLog("\nUnknown ASK Modulated and Manchester encoded Tag Found!");
+      return 1;
+    }
+    ans=CmdPSK1rawDemod("");
+    if (ans>0) {
+      PrintAndLog("Possible unknown PSK1 Modulated Tag Found above!\n\nCould also be PSK2 - try 'data psk2rawdemod'");
+      PrintAndLog("\nCould also be PSK3 - [currently not supported]");
+      PrintAndLog("\nCould also be NRZ - try 'data nrzrawdemod");
+      return 1;
+    }
+    PrintAndLog("\nNo Data Found!\n");
+  }
   return 0;
 }
 
@@ -735,7 +765,7 @@ static command_t CommandTable[] =
   {"indalademod", CmdIndalaDemod,     1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
   {"indalaclone", CmdIndalaClone,     0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
   {"read",        CmdLFRead,          0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
-  {"search",      CmdLFfind,          1, "Read and Search for valid known tag (in offline mode it you can load first then search)"},
+  {"search",      CmdLFfind,          1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
   {"sim",         CmdLFSim,           0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
   {"simbidir",    CmdLFSimBidir,      0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
   {"simman",      CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},

client/cmdlfem4x.c

@@ -61,7 +61,7 @@ int CmdEM410xRead(const char *Cmd)
   }
 
   /* get clock */
-  clock = GetClock(Cmd, high, 0);
+  clock = GetAskClock(Cmd, false, false);
 
   /* parity for our 4 columns */
   parity[0] = parity[1] = parity[2] = parity[3] = 0;

client/graph.c

@@ -56,52 +56,24 @@ void setGraphBuf(uint8_t *buff, size_t size)
 	uint16_t i = 0;  
 	if ( size > MAX_GRAPH_TRACE_LEN )
 		size = MAX_GRAPH_TRACE_LEN;
-  ClearGraph(0);
+	ClearGraph(0);
-  for (; i < size; ++i){
+	for (; i < size; ++i){
 		GraphBuffer[i]=buff[i]-128;
-  }
+	}
-  GraphTraceLen=size;
+	GraphTraceLen=size;
-  RepaintGraphWindow();
+	RepaintGraphWindow();
-  return;
+	return;
 }
 size_t getFromGraphBuf(uint8_t *buff)
 {
-	if ( buff == NULL ) return 0;
+	if (buff == NULL ) return 0;
-	
+	uint32_t i;
-  uint32_t i;
+	for (i=0;i<GraphTraceLen;++i){
-  for (i=0;i<GraphTraceLen;++i){
+		if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
-    if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
+		if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
-    if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
+		buff[i]=(uint8_t)(GraphBuffer[i]+128);
-    buff[i]=(uint8_t)(GraphBuffer[i]+128);
-  }
-  return i;
-}
-
-
-// Get or auto-detect clock rate
-int GetClock(const char *str, int peak, int verbose)
-{
-	int clock;
-	sscanf(str, "%i", &clock);
-	if (!strcmp(str, ""))
-		clock = 0;
-
-	// Auto-detect clock
-	if (!clock)
-	{
-		uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
-		size_t size = getFromGraphBuf(grph);
-		if ( size == 0 ) {
-			PrintAndLog("Failed to copy from graphbuffer");
-			return -1;
-		}
-		clock = DetectASKClock(grph,size,0);
-		// Only print this message if we're not looping something
-		if (!verbose){
-			PrintAndLog("Auto-detected clock rate: %d", clock);
-		}
 	}
-	return clock;
+	return i;
 }
 
 // A simple test to see if there is any data inside Graphbuffer. 
@@ -136,27 +108,116 @@ void DetectHighLowInGraph(int *high, int *low, bool addFuzz) {
 	}
 }
 
-int GetNRZpskClock(const char *str, int peak, int verbose)
+// Get or auto-detect ask clock rate
+int GetAskClock(const char str[], bool printAns, bool verbose)
 {
 	int clock;
 	sscanf(str, "%i", &clock);
 	if (!strcmp(str, ""))
 		clock = 0;
 
+	if (clock != 0) 
+		return clock;
 	// Auto-detect clock
-	if (!clock)
+	uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
-	{
+	size_t size = getFromGraphBuf(grph);
-		uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
+	if (size == 0) {
-		size_t size = getFromGraphBuf(grph);
+		if (verbose)
-		if ( size == 0 ) {
 			PrintAndLog("Failed to copy from graphbuffer");
-			return -1;
+		return -1;
-		}
+	}
-		clock = DetectpskNRZClock(grph,size,0);
+	DetectASKClock(grph, size, &clock, 20);
-		// Only print this message if we're not looping something
+	// Only print this message if we're not looping something
-		if (!verbose){
+	if (printAns){
-			PrintAndLog("Auto-detected clock rate: %d", clock);
+		PrintAndLog("Auto-detected clock rate: %d", clock);
-		}
 	}
 	return clock;
 }
+
+int GetPskClock(const char str[], bool printAns, bool verbose)
+{
+	int clock;
+	sscanf(str, "%i", &clock);
+	if (!strcmp(str, "")) 
+		clock = 0;
+
+	if (clock!=0) 
+		return clock;
+	// Auto-detect clock
+	uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
+	size_t size = getFromGraphBuf(grph);
+	if ( size == 0 ) {
+		if (verbose) 
+			PrintAndLog("Failed to copy from graphbuffer");
+		return -1;
+	}
+	clock = DetectPSKClock(grph,size,0);
+	// Only print this message if we're not looping something
+	if (printAns){
+		PrintAndLog("Auto-detected clock rate: %d", clock);
+	}
+	return clock;
+}
+
+uint8_t GetNrzClock(const char str[], bool printAns, bool verbose)
+{
+	int clock;
+	sscanf(str, "%i", &clock);
+	if (!strcmp(str, ""))
+		clock = 0;
+
+	if (clock!=0) 
+		return clock;
+	// Auto-detect clock
+	uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
+	size_t size = getFromGraphBuf(grph);
+	if ( size == 0 ) {
+		if (verbose) 
+			PrintAndLog("Failed to copy from graphbuffer");
+		return -1;
+	}
+	clock = DetectNRZClock(grph, size, 0);
+	// Only print this message if we're not looping something
+	if (printAns){
+		PrintAndLog("Auto-detected clock rate: %d", clock);
+	}
+	return clock;
+}
+//by marshmellow
+//attempt to detect the field clock and bit clock for FSK
+uint8_t GetFskClock(const char str[], bool printAns, bool verbose)
+{
+	int clock;
+	sscanf(str, "%i", &clock);
+	if (!strcmp(str, ""))
+		clock = 0;
+	if (clock != 0) return (uint8_t)clock;
+
+	uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
+	size_t size = getFromGraphBuf(BitStream);
+	if (size==0) return 0;
+	uint8_t dummy = 0;
+	uint16_t ans = countFC(BitStream, size, &dummy); 
+	if (ans==0) {
+		if (verbose) PrintAndLog("DEBUG: No data found");
+		return 0;
+	}
+	uint8_t fc1, fc2;
+	fc1 = (ans >> 8) & 0xFF;
+	fc2 = ans & 0xFF;
+
+	uint8_t rf1 = detectFSKClk(BitStream, size, fc1, fc2);
+	if (rf1==0) {
+		if (verbose) PrintAndLog("DEBUG: Clock detect error");
+		return 0;
+	}
+	if ((fc1==10 && fc2==8) || (fc1==8 && fc2==5)){
+		if (printAns) PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1);
+		return rf1;
+	}
+	if (verbose){
+		PrintAndLog("DEBUG: unknown fsk field clock detected");
+		PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1);
+	}
+	return 0;
+}

client/graph.h

@@ -16,8 +16,10 @@ void AppendGraph(int redraw, int clock, int bit);
 int ClearGraph(int redraw);
 //int DetectClock(int peak);
 size_t getFromGraphBuf(uint8_t *buff);
-int GetClock(const char *str, int peak, int verbose);
+int GetAskClock(const char str[], bool printAns, bool verbose);
-int GetNRZpskClock(const char *str, int peak, int verbose);
+int GetPskClock(const char str[], bool printAns, bool verbose);
+uint8_t GetNrzClock(const char str[], bool printAns, bool verbose);
+uint8_t GetFskClock(const char str[], bool printAns, bool verbose);
 void setGraphBuf(uint8_t *buff, size_t size);
 
 bool HasGraphData();

client/mifarehost.c

@@ -231,28 +231,31 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
 
 // "MAGIC" CARD
 
-int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
+int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {
-	
 	uint8_t oldblock0[16] = {0x00};
 	uint8_t block0[16] = {0x00};
-	memcpy(block0, uid, 4); 
-	block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
-	// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
-	//block0[5] = 0x08;
-	//block0[6] = 0x04;
-	//block0[7] = 0x00;
-	
-	block0[5] = 0x01;  //sak
-	block0[6] = 0x01;
-	block0[7] = 0x0f;
 
 	int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
-	if ( old == 0) {
+	if (old == 0) {
-		memcpy(block0+8, oldblock0+8, 8);
+		memcpy(block0, oldblock0, 16);
-		PrintAndLog("block 0:  %s", sprint_hex(block0,16));
+		PrintAndLog("old block 0:  %s", sprint_hex(block0,16));
 	} else {
-		PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");
+		PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
 	}
+
+	// fill in the new values
+	// UID
+	memcpy(block0, uid, 4); 
+	// Mifare UID BCC
+	block0[4] = block0[0]^block0[1]^block0[2]^block0[3];
+	// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
+	if (sak!=NULL)
+		block0[5]=sak[0];
+	if (atqa!=NULL) {
+		block0[6]=atqa[1];
+		block0[7]=atqa[0];
+	}
+	PrintAndLog("new block 0:  %s", sprint_hex(block0,16));
 	return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
 }
 

client/mifarehost.h

@@ -55,7 +55,7 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key
 int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
 int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
 
-int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe);
+int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);
 int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);
 int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);
 

common/lfdemod.h

@@ -15,31 +15,34 @@
 #define LFDEMOD_H__
 #include <stdint.h>
 
-int DetectASKClock(uint8_t dest[], size_t size, int clock);
+int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
-int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert);
+int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
 uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
 int ManchesterEncode(uint8_t *BitStream, size_t size);
 int manrawdecode(uint8_t *BitStream, size_t *size);
 int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert);
-int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert);
+int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr, uint8_t amp);
 int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
 int IOdemodFSK(uint8_t *dest, size_t size);
 int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
 uint32_t bytebits_to_byte(uint8_t* src, size_t numbits);
-int pskNRZrawDemod(uint8_t *dest, size_t *size, int *clk, int *invert);
+int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr);
 void psk1TOpsk2(uint8_t *BitStream, size_t size);
-int DetectpskNRZClock(uint8_t dest[], size_t size, int clock);
+int DetectNRZClock(uint8_t dest[], size_t size, int clock);
 int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
 void pskCleanWave(uint8_t *bitStream, size_t size);
 int PyramiddemodFSK(uint8_t *dest, size_t *size);
 int AWIDdemodFSK(uint8_t *dest, size_t *size);
 size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen);
-uint16_t countFC(uint8_t *BitStream, size_t size);
+uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t *mostFC);
 uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow);
 int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
 int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
 uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx);
 uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType);
 uint8_t justNoise(uint8_t *BitStream, size_t size);
+uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
+int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
+int DetectPSKClock(uint8_t dest[], size_t size, int clock);
 
 #endif