github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-20 13:23:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into GenericTracing

Browse source 
Conflicts:
	armsrc/iso14443a.c
This commit is contained in:
Martin Holst Swende 2015-02-10 21:25:14 +01:00
commit 61972abbdd
15 changed files with 1491 additions and 779 deletions
Download patch file Download diff file Expand all files Collapse all files

95
armsrc/appmain.c
View file

@ -136,12 +136,25 @@ static int ReadAdc(int ch)
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
AT91C_BASE_ADC->ADC_MR =
ADC_MODE_PRESCALE(32) |
ADC_MODE_STARTUP_TIME(16) |
ADC_MODE_SAMPLE_HOLD_TIME(8);
ADC_MODE_PRESCALE(63 /* was 32 */) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
ADC_MODE_STARTUP_TIME(1 /* was 16 */) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
ADC_MODE_SAMPLE_HOLD_TIME(15 /* was 8 */); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
// Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
// Both AMPL_LO and AMPL_HI are very high impedance (10MOhm) outputs, the input capacitance of the ADC is 12pF (typical). This results in a time constant
// of RC = 10MOhm * 12pF = 120us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
//
// The maths are:
// If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
//
// v_cap = v_in * (1 - exp(-RC/SHTIM)) = v_in * (1 - exp(-3)) = v_in * 0,95 (i.e. an error of 5%)
//
// Note: with the "historic" values in the comments above, the error was 34% !!!
AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
;
d = AT91C_BASE_ADC->ADC_CDR[ch];
@ -184,9 +197,7 @@ void MeasureAntennaTuning(void)
WDT_HIT();
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
SpinDelay(20);
// Vref = 3.3V, and a 10000:240 voltage divider on the input
// can measure voltages up to 137500 mV
adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
if (i==95) vLf125 = adcval; // voltage at 125Khz
if (i==89) vLf134 = adcval; // voltage at 134Khz
@ -206,11 +217,9 @@ void MeasureAntennaTuning(void)
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(20);
// Vref = 3300mV, and an 10:1 voltage divider on the input
// can measure voltages up to 33000 mV
vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_A_OFF();
LED_B_OFF();
@ -223,19 +232,21 @@ void MeasureAntennaTuningHf(void)
DbpString("Measuring HF antenna, press button to exit");
// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
for (;;) {
// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(20);
// Vref = 3300mV, and an 10:1 voltage divider on the input
// can measure voltages up to 33000 mV
vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
Dbprintf("%d mV",vHf);
if (BUTTON_PRESS()) break;
}
DbpString("cancelled");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
}
@ -513,26 +524,32 @@ static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
void ListenReaderField(int limit)
{
int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
int lf_av, lf_av_new, lf_baseline= 0, lf_max;
int hf_av, hf_av_new, hf_baseline= 0, hf_max;
int mode=1, display_val, display_max, i;
#define LF_ONLY 1
#define HF_ONLY 2
#define LF_ONLY 1
#define HF_ONLY 2
#define REPORT_CHANGE 10 // report new values only if they have changed at least by REPORT_CHANGE
// switch off FPGA - we don't want to measure our own signal
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
if(limit != HF_ONLY) {
Dbprintf("LF 125/134 Baseline: %d", lf_av);
Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
lf_baseline = lf_av;
}
hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
if (limit != LF_ONLY) {
Dbprintf("HF 13.56 Baseline: %d", hf_av);
Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
hf_baseline = hf_av;
}
@ -555,38 +572,38 @@ void ListenReaderField(int limit)
WDT_HIT();
if (limit != HF_ONLY) {
if(mode==1) {
if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
else LED_D_OFF();
if(mode == 1) {
if (abs(lf_av - lf_baseline) > REPORT_CHANGE)
LED_D_ON();
else
LED_D_OFF();
}
++lf_count;
lf_av_new= ReadAdc(ADC_CHAN_LF);
lf_av_new = AvgAdc(ADC_CHAN_LF);
// see if there's a significant change
if(abs(lf_av - lf_av_new) > 10) {
Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
if(abs(lf_av - lf_av_new) > REPORT_CHANGE) {
Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
lf_av = lf_av_new;
if (lf_av > lf_max)
lf_max = lf_av;
lf_count= 0;
}
}
if (limit != LF_ONLY) {
if (mode == 1){
if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
else LED_B_OFF();
if (abs(hf_av - hf_baseline) > REPORT_CHANGE)
LED_B_ON();
else
LED_B_OFF();
}
++hf_count;
hf_av_new= ReadAdc(ADC_CHAN_HF);
hf_av_new = AvgAdc(ADC_CHAN_HF);
// see if there's a significant change
if(abs(hf_av - hf_av_new) > 10) {
Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
if(abs(hf_av - hf_av_new) > REPORT_CHANGE) {
Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
hf_av = hf_av_new;
if (hf_av > hf_max)
hf_max = hf_av;
hf_count= 0;
}
}

4
armsrc/apps.h
View file

@ -38,6 +38,10 @@ void DbpString(char *str);
void Dbprintf(const char *fmt, ...);
void Dbhexdump(int len, uint8_t *d, bool bAsci);
// ADC Vref = 3300mV, and an (10M+1M):1M voltage divider on the HF input can measure voltages up to 36300 mV
#define MAX_ADC_HF_VOLTAGE 36300
// ADC Vref = 3300mV, and an (10000k+240k):240k voltage divider on the LF input can measure voltages up to 140800 mV
#define MAX_ADC_LF_VOLTAGE 140800
int AvgAdc(int ch);
void ToSendStuffBit(int b);

56
armsrc/iso14443a.c
View file

@ -243,26 +243,27 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
Uart.twoBits = (Uart.twoBits << 8) | bit;
if (Uart.state == STATE_UNSYNCD) { // not yet synced
if (Uart.state == STATE_UNSYNCD) { // not yet synced
if (Uart.highCnt < 7) { // wait for a stable unmodulated signal
if (Uart.highCnt < 2) { // wait for a stable unmodulated signal
if (Uart.twoBits == 0xffff) {
Uart.highCnt++;
} else {
Uart.highCnt = 0;
}
} else {
Uart.syncBit = 0xFFFF; // not set
// look for 00xx1111 (the start bit)
if ((Uart.twoBits & 0x6780) == 0x0780) Uart.syncBit = 7;
else if ((Uart.twoBits & 0x33C0) == 0x03C0) Uart.syncBit = 6;
else if ((Uart.twoBits & 0x19E0) == 0x01E0) Uart.syncBit = 5;
else if ((Uart.twoBits & 0x0CF0) == 0x00F0) Uart.syncBit = 4;
else if ((Uart.twoBits & 0x0678) == 0x0078) Uart.syncBit = 3;
else if ((Uart.twoBits & 0x033C) == 0x003C) Uart.syncBit = 2;
else if ((Uart.twoBits & 0x019E) == 0x001E) Uart.syncBit = 1;
else if ((Uart.twoBits & 0x00CF) == 0x000F) Uart.syncBit = 0;
if (Uart.syncBit != 0xFFFF) {
Uart.syncBit = 0xFFFF; // not set
// we look for a ...1111111100x11111xxxxxx pattern (the start bit)
if ((Uart.twoBits & 0xDF00) == 0x1F00) Uart.syncBit = 8; // mask is 11x11111 xxxxxxxx,
// check for 00x11111 xxxxxxxx
else if ((Uart.twoBits & 0xEF80) == 0x8F80) Uart.syncBit = 7; // both masks shifted right one bit, left padded with '1'
else if ((Uart.twoBits & 0xF7C0) == 0xC7C0) Uart.syncBit = 6; // ...
else if ((Uart.twoBits & 0xFBE0) == 0xE3E0) Uart.syncBit = 5;
else if ((Uart.twoBits & 0xFDF0) == 0xF1F0) Uart.syncBit = 4;
else if ((Uart.twoBits & 0xFEF8) == 0xF8F8) Uart.syncBit = 3;
else if ((Uart.twoBits & 0xFF7C) == 0xFC7C) Uart.syncBit = 2;
else if ((Uart.twoBits & 0xFFBE) == 0xFE3E) Uart.syncBit = 1;
if (Uart.syncBit != 0xFFFF) { // found a sync bit
Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
Uart.startTime -= Uart.syncBit;
Uart.endTime = Uart.startTime;
@ -275,11 +276,9 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (IsMillerModulationNibble1(Uart.twoBits >> Uart.syncBit)) {
if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) { // Modulation in both halves - error
UartReset();
Uart.highCnt = 6;
} else { // Modulation in first half = Sequence Z = logic "0"
if (Uart.state == STATE_MILLER_X) { // error - must not follow after X
UartReset();
Uart.highCnt = 6;
} else {
Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
@ -334,12 +333,13 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (Uart.len) {
return TRUE; // we are finished with decoding the raw data sequence
} else {
UartReset(); // Nothing receiver - start over
UartReset(); // Nothing received - start over
Uart.highCnt = 1;
}
}
if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
UartReset();
Uart.highCnt = 6;
Uart.highCnt = 1;
} else { // a logic "0"
Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
@ -1358,6 +1358,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p
CodeIso14443aBitsAsReaderPar(cmd, len*8, parity);
}
//-----------------------------------------------------------------------------
// Wait for commands from reader
// Stop when button is pressed (return 1) or field was gone (return 2)
@ -1380,9 +1381,9 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
// Set ADC to read field strength
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
AT91C_BASE_ADC->ADC_MR =
ADC_MODE_PRESCALE(32) |
ADC_MODE_STARTUP_TIME(16) |
ADC_MODE_SAMPLE_HOLD_TIME(8);
ADC_MODE_PRESCALE(63) |
ADC_MODE_STARTUP_TIME(1) |
ADC_MODE_SAMPLE_HOLD_TIME(15);
AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
// start ADC
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
@ -1404,7 +1405,7 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
if (analogCnt >= 32) {
if ((33000 * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
vtime = GetTickCount();
if (!timer) timer = vtime;
// 50ms no field --> card to idle state
@ -1479,7 +1480,8 @@ static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNe
}
// Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
for (i = 0; i < 2 ; ) {
uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
for (i = 0; i <= fpga_queued_bits/8 + 1; ) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = SEC_F;
FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@ -2197,6 +2199,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
// free eventually allocated BigBuf memory but keep Emulator Memory
BigBuf_free_keep_EM();
// clear trace
clear_trace();
set_tracing(TRUE);
@ -2261,10 +2264,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
WDT_HIT();
// find reader field
// Vref = 3300mV, and an 10:1 voltage divider on the input
// can measure voltages up to 33000 mV
if (cardSTATE == MFEMUL_NOFIELD) {
vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
if (vHf > MF_MINFIELDV) {
cardSTATE_TO_IDLE();
LED_A_ON();
@ -2339,6 +2340,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
uint32_t ar = bytes_to_num(receivedCmd, 4);
uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
@ -2445,6 +2447,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
num_to_bytes(ans, 4, rAUTH_AT);
}
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
//Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
cardSTATE = MFEMUL_AUTH1;
@ -2625,7 +2628,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
if(ar_nr_collected > 1) {
Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
ar_nr_responses[0], // UID
ar_nr_responses[0], // UID
ar_nr_responses[1], //NT
ar_nr_responses[2], //AR1
ar_nr_responses[3], //NR1
@ -2645,6 +2648,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
}
}
if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
}

4
armsrc/lfops.c
View file

@ -640,7 +640,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
uint8_t *dest = BigBuf_get_addr();
size_t size=0, idx=0;
int clk=0, invert=0, errCnt=0;
int clk=0, invert=0, errCnt=0, maxErr=20;
uint64_t lo=0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -654,7 +654,7 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
size = BigBuf_max_traceLen();
//Dbprintf("DEBUG: Buffer got");
//askdemod and manchester decode
errCnt = askmandemod(dest, &size, &clk, &invert);
errCnt = askmandemod(dest, &size, &clk, &invert, maxErr);
//Dbprintf("DEBUG: ASK Got");
WDT_HIT();

807
client/cmddata.c
View file

File diff suppressed because it is too large Load diff

6
client/cmddata.h
View file

@ -17,6 +17,7 @@ int CmdData(const char *Cmd);
void printDemodBuff();
int CmdAmp(const char *Cmd);
int Cmdaskdemod(const char *Cmd);
int CmdAskEM410xDemod(const char *Cmd);
int Cmdaskrawdemod(const char *Cmd);
int Cmdaskmandemod(const char *Cmd);
int CmdAutoCorr(const char *Cmd);
@ -33,8 +34,8 @@ int CmdFSKdemodIO(const char *Cmd);
int CmdFSKdemodParadox(const char *Cmd);
int CmdFSKdemodPyramid(const char *Cmd);
int CmdFSKrawdemod(const char *Cmd);
int CmdDetectNRZpskClockRate(const char *Cmd);
int CmdpskNRZrawDemod(const char *Cmd);
int CmdPSK1rawDemod(const char *Cmd);
int CmdPSK2rawDemod(const char *Cmd);
int CmdGrid(const char *Cmd);
int CmdHexsamples(const char *Cmd);
int CmdHide(const char *Cmd);
@ -46,6 +47,7 @@ int Cmdmandecoderaw(const char *Cmd);
int CmdManchesterDemod(const char *Cmd);
int CmdManchesterMod(const char *Cmd);
int CmdNorm(const char *Cmd);
int CmdNRZrawDemod(const char *Cmd);
int CmdPlot(const char *Cmd);
int CmdSamples(const char *Cmd);
int CmdTuneSamples(const char *Cmd);

51
client/cmdhfmf.c
View file

@ -1433,27 +1433,60 @@ int CmdHF14AMfCSetUID(const char *Cmd)
uint8_t wipeCard = 0;
uint8_t uid[8] = {0x00};
uint8_t oldUid[8] = {0x00};
uint8_t atqa[2] = {0x00};
uint8_t sak[1] = {0x00};
uint8_t atqaPresent = 1;
int res;
char ctmp;
int argi=0;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> <w>");
PrintAndLog("sample: hf mf csetuid 01020304 w");
PrintAndLog("Set UID for magic Chinese card (only works with!!!)");
PrintAndLog("If you want wipe card then add 'w' into command line. \n");
if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");
PrintAndLog("sample: hf mf csetuid 01020304");
PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w");
PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
return 0;
}
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {
PrintAndLog("UID must include 8 HEX symbols");
return 1;
}
argi++;
char ctmp = param_getchar(Cmd, 1);
if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
atqaPresent = 0;
}
if (atqaPresent) {
if (param_getchar(Cmd, argi)) {
if (param_gethex(Cmd, argi, atqa, 4)) {
PrintAndLog("ATQA must include 4 HEX symbols");
return 1;
}
argi++;
if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {
PrintAndLog("SAK must include 2 HEX symbols");
return 1;
}
argi++;
} else
atqaPresent = 0;
}
if(!wipeCard) {
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
}
}
PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));
res = mfCSetUID(uid, oldUid, wipeCard);
res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);
if (res) {
PrintAndLog("Can't set UID. error=%d", res);
return 1;

68
client/cmdlf.c
View file

@ -662,26 +662,31 @@ int CmdVchDemod(const char *Cmd)
int CmdLFfind(const char *Cmd)
{
int ans=0;
char cmdp = param_getchar(Cmd, 0);
char cmdp = param_getchar(Cmd, 0);
char testRaw = param_getchar(Cmd, 1);
if (strlen(Cmd) > 2 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: lf search <0|1> [u]");
PrintAndLog(" <use data from Graphbuffer> , if not set, try reading data from tag.");
PrintAndLog(" [Search for Unknown tags] , if not set, reads only known tags.");
PrintAndLog("");
PrintAndLog(" sample: lf search = try reading data from tag & search for known tags");
PrintAndLog(" : lf search 1 = use data from GraphBuffer & search for known tags");
PrintAndLog(" : lf search u = try reading data from tag & search for known and unknown tags");
PrintAndLog(" : lf search 1 u = use data from GraphBuffer & search for known and unknown tags");
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: lf search <0|1>");
PrintAndLog(" <use data from Graphbuffer>, if not set, try reading data from tag.");
PrintAndLog("");
PrintAndLog(" sample: lf search");
PrintAndLog(" : lf search 1");
return 0;
}
if (!offline && (cmdp != '1')){
ans=CmdLFRead("");
ans=CmdSamples("20000");
} else if (GraphTraceLen < 1000) {
PrintAndLog("Data in Graphbuffer was too small.");
return 0;
return 0;
}
if (!offline && (cmdp != '1')){
ans=CmdLFRead("");
ans=CmdSamples("20000");
} else if (GraphTraceLen < 1000) {
PrintAndLog("Data in Graphbuffer was too small.");
return 0;
}
if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
PrintAndLog("False Positives ARE possible\n");
PrintAndLog("\nChecking for known tags:\n");
ans=CmdFSKdemodIO("");
if (ans>0) {
@ -714,12 +719,37 @@ int CmdLFfind(const char *Cmd)
PrintAndLog("\nValid Indala ID Found!");
return 1;
}
ans=Cmdaskmandemod("");
ans=CmdAskEM410xDemod("");
if (ans>0) {
PrintAndLog("\nValid EM410x ID Found!");
return 1;
}
PrintAndLog("No Known Tags Found!\n");
PrintAndLog("\nNo Known Tags Found!\n");
if (testRaw=='u' || testRaw=='U'){
//test unknown tag formats (raw mode)
PrintAndLog("\nChecking for Unknown tags:\n");
ans=CmdDetectClockRate("f");
if (ans != 0){ //fsk
ans=CmdFSKrawdemod("");
if (ans>0) {
PrintAndLog("\nUnknown FSK Modulated Tag Found!");
return 1;
}
}
ans=Cmdaskmandemod("");
if (ans>0) {
PrintAndLog("\nUnknown ASK Modulated and Manchester encoded Tag Found!");
return 1;
}
ans=CmdPSK1rawDemod("");
if (ans>0) {
PrintAndLog("Possible unknown PSK1 Modulated Tag Found above!\n\nCould also be PSK2 - try 'data psk2rawdemod'");
PrintAndLog("\nCould also be PSK3 - [currently not supported]");
PrintAndLog("\nCould also be NRZ - try 'data nrzrawdemod");
return 1;
}
PrintAndLog("\nNo Data Found!\n");
}
return 0;
}
@ -735,7 +765,7 @@ static command_t CommandTable[] =
{"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
{"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
{"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
{"search", CmdLFfind, 1, "Read and Search for valid known tag (in offline mode it you can load first then search)"},
{"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
{"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
{"simman", CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},

2
client/cmdlfem4x.c
View file

@ -61,7 +61,7 @@ int CmdEM410xRead(const char *Cmd)
}
/* get clock */
clock = GetClock(Cmd, high, 0);
clock = GetAskClock(Cmd, false, false);
/* parity for our 4 columns */
parity[0] = parity[1] = parity[2] = parity[3] = 0;

169
client/graph.c
View file

@ -56,52 +56,24 @@ void setGraphBuf(uint8_t *buff, size_t size)
uint16_t i = 0;
if ( size > MAX_GRAPH_TRACE_LEN )
size = MAX_GRAPH_TRACE_LEN;
ClearGraph(0);
for (; i < size; ++i){
ClearGraph(0);
for (; i < size; ++i){
GraphBuffer[i]=buff[i]-128;
}
GraphTraceLen=size;
RepaintGraphWindow();
return;
}
GraphTraceLen=size;
RepaintGraphWindow();
return;
}
size_t getFromGraphBuf(uint8_t *buff)
{
if ( buff == NULL ) return 0;
uint32_t i;
for (i=0;i<GraphTraceLen;++i){
if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
buff[i]=(uint8_t)(GraphBuffer[i]+128);
}
return i;
}
// Get or auto-detect clock rate
int GetClock(const char *str, int peak, int verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
// Auto-detect clock
if (!clock)
{
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
if ( size == 0 ) {
PrintAndLog("Failed to copy from graphbuffer");
return -1;
}
clock = DetectASKClock(grph,size,0);
// Only print this message if we're not looping something
if (!verbose){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
if (buff == NULL ) return 0;
uint32_t i;
for (i=0;i<GraphTraceLen;++i){
if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
buff[i]=(uint8_t)(GraphBuffer[i]+128);
}
return clock;
return i;
}
// A simple test to see if there is any data inside Graphbuffer.
@ -136,27 +108,116 @@ void DetectHighLowInGraph(int *high, int *low, bool addFuzz) {
}
}
int GetNRZpskClock(const char *str, int peak, int verbose)
// Get or auto-detect ask clock rate
int GetAskClock(const char str[], bool printAns, bool verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
if (clock != 0)
return clock;
// Auto-detect clock
if (!clock)
{
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
if ( size == 0 ) {
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
if (size == 0) {
if (verbose)
PrintAndLog("Failed to copy from graphbuffer");
return -1;
}
clock = DetectpskNRZClock(grph,size,0);
// Only print this message if we're not looping something
if (!verbose){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
return -1;
}
DetectASKClock(grph, size, &clock, 20);
// Only print this message if we're not looping something
if (printAns){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
return clock;
}
int GetPskClock(const char str[], bool printAns, bool verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
if (clock!=0)
return clock;
// Auto-detect clock
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
if ( size == 0 ) {
if (verbose)
PrintAndLog("Failed to copy from graphbuffer");
return -1;
}
clock = DetectPSKClock(grph,size,0);
// Only print this message if we're not looping something
if (printAns){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
return clock;
}
uint8_t GetNrzClock(const char str[], bool printAns, bool verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
if (clock!=0)
return clock;
// Auto-detect clock
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
if ( size == 0 ) {
if (verbose)
PrintAndLog("Failed to copy from graphbuffer");
return -1;
}
clock = DetectNRZClock(grph, size, 0);
// Only print this message if we're not looping something
if (printAns){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
return clock;
}
//by marshmellow
//attempt to detect the field clock and bit clock for FSK
uint8_t GetFskClock(const char str[], bool printAns, bool verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
if (clock != 0) return (uint8_t)clock;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(BitStream);
if (size==0) return 0;
uint8_t dummy = 0;
uint16_t ans = countFC(BitStream, size, &dummy);
if (ans==0) {
if (verbose) PrintAndLog("DEBUG: No data found");
return 0;
}
uint8_t fc1, fc2;
fc1 = (ans >> 8) & 0xFF;
fc2 = ans & 0xFF;
uint8_t rf1 = detectFSKClk(BitStream, size, fc1, fc2);
if (rf1==0) {
if (verbose) PrintAndLog("DEBUG: Clock detect error");
return 0;
}
if ((fc1==10 && fc2==8) || (fc1==8 && fc2==5)){
if (printAns) PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1);
return rf1;
}
if (verbose){
PrintAndLog("DEBUG: unknown fsk field clock detected");
PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1);
}
return 0;
}

6
client/graph.h
View file

@ -16,8 +16,10 @@ void AppendGraph(int redraw, int clock, int bit);
int ClearGraph(int redraw);
//int DetectClock(int peak);
size_t getFromGraphBuf(uint8_t *buff);
int GetClock(const char *str, int peak, int verbose);
int GetNRZpskClock(const char *str, int peak, int verbose);
int GetAskClock(const char str[], bool printAns, bool verbose);
int GetPskClock(const char str[], bool printAns, bool verbose);
uint8_t GetNrzClock(const char str[], bool printAns, bool verbose);
uint8_t GetFskClock(const char str[], bool printAns, bool verbose);
void setGraphBuf(uint8_t *buff, size_t size);
bool HasGraphData();

35
client/mifarehost.c
View file

@ -231,28 +231,31 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
// "MAGIC" CARD
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {
uint8_t oldblock0[16] = {0x00};
uint8_t block0[16] = {0x00};
memcpy(block0, uid, 4);
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
//block0[5] = 0x08;
//block0[6] = 0x04;
//block0[7] = 0x00;
block0[5] = 0x01; //sak
block0[6] = 0x01;
block0[7] = 0x0f;
int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
if ( old == 0) {
memcpy(block0+8, oldblock0+8, 8);
PrintAndLog("block 0: %s", sprint_hex(block0,16));
if (old == 0) {
memcpy(block0, oldblock0, 16);
PrintAndLog("old block 0: %s", sprint_hex(block0,16));
} else {
PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");
PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
}
// fill in the new values
// UID
memcpy(block0, uid, 4);
// Mifare UID BCC
block0[4] = block0[0]^block0[1]^block0[2]^block0[3];
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
if (sak!=NULL)
block0[5]=sak[0];
if (atqa!=NULL) {
block0[6]=atqa[1];
block0[7]=atqa[0];
}
PrintAndLog("new block 0: %s", sprint_hex(block0,16));
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
}

2
client/mifarehost.h
View file

@ -55,7 +55,7 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe);
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);

922
common/lfdemod.c
View file

File diff suppressed because it is too large Load diff

15
common/lfdemod.h
View file

@ -15,31 +15,34 @@
#define LFDEMOD_H__
#include <stdint.h>
int DetectASKClock(uint8_t dest[], size_t size, int clock);
int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert);
int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
int ManchesterEncode(uint8_t *BitStream, size_t size);
int manrawdecode(uint8_t *BitStream, size_t *size);
int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert);
int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert);
int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr, uint8_t amp);
int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
int IOdemodFSK(uint8_t *dest, size_t size);
int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
uint32_t bytebits_to_byte(uint8_t* src, size_t numbits);
int pskNRZrawDemod(uint8_t *dest, size_t *size, int *clk, int *invert);
int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr);
void psk1TOpsk2(uint8_t *BitStream, size_t size);
int DetectpskNRZClock(uint8_t dest[], size_t size, int clock);
int DetectNRZClock(uint8_t dest[], size_t size, int clock);
int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
void pskCleanWave(uint8_t *bitStream, size_t size);
int PyramiddemodFSK(uint8_t *dest, size_t *size);
int AWIDdemodFSK(uint8_t *dest, size_t *size);
size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen);
uint16_t countFC(uint8_t *BitStream, size_t size);
uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t *mostFC);
uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow);
int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx);
uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType);
uint8_t justNoise(uint8_t *BitStream, size_t size);
uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
int DetectPSKClock(uint8_t dest[], size_t size, int clock);
#endif