github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-20 13:23:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into topaz

Browse source 
Conflicts:
	armsrc/Makefile
	client/Makefile
This commit is contained in:
pwpiwi 2015-04-05 19:32:12 +02:00
commit 6306ff4bac
31 changed files with 6975 additions and 5480 deletions
Download patch file Download diff file Expand all files Collapse all files

28
CHANGELOG.md Normal file
View file

@ -0,0 +1,28 @@
# Change Log
All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [Unreleased][unreleased]
### Changed
- Iclass read, `hf iclass read` now also reads tag config and prints configuration. (holiman)
### Fixed
- Fixed issue #19, problems with LF T55xx commands (marshmellow)
### Added
- Added changelog
## [2.0.0] - 2015-03-25
### Changed
- LF sim operations now abort when new commands arrive over the USB - not required to push the device button anymore.
### Fixed
- Mifare simulation, `hf mf sim` (was broken a long time) (pwpiwi)
- Major improvements in LF area and data operations. (marshmellow, iceman1001)
- Issues regarding LF simulation (pwpiwi)
### Added
- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers don't seem to enforce update. (holiman).
- iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode.

12
Makefile
View file

@ -23,8 +23,8 @@ help:
@echo + all - Make bootrom, armsrc and the OS-specific host directory @echo + all - Make bootrom, armsrc and the OS-specific host directory
@echo + client - Make only the OS-specific host directory @echo + client - Make only the OS-specific host directory
@echo + flash-bootrom - Make bootrom and flash it @echo + flash-bootrom - Make bootrom and flash it
@echo + flash-os - Make armsrc and flash os @echo + flash-os - Make armsrc and flash os (includes fpga)
@echo + flash-fpga - Make armsrc and flash fpga @echo + flash-fpga - (Deprecated:) Make armsrc and flash fpga
@echo + flash-both - Make armsrc and flash os and fpga image @echo + flash-both - Make armsrc and flash os and fpga image
@echo + flash-all - Make bootrom and armsrc and flash bootrom, os and fpga image @echo + flash-all - Make bootrom and armsrc and flash bootrom, os and fpga image
@echo + clean - Clean in bootrom, armsrc and the OS-specific host directory @echo + clean - Clean in bootrom, armsrc and the OS-specific host directory
@ -37,13 +37,13 @@ flash-bootrom: bootrom/obj/bootrom.elf $(FLASH_TOOL)
flash-os: armsrc/obj/osimage.elf $(FLASH_TOOL) flash-os: armsrc/obj/osimage.elf $(FLASH_TOOL)
$(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$<) $(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$<)
flash-fpga: armsrc/obj/fpgaimage.elf $(FLASH_TOOL) #flash-fpga: armsrc/obj/fpgaimage.elf $(FLASH_TOOL)
$(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$<) # $(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$<)
flash-both: armsrc/obj/osimage.elf armsrc/obj/fpgaimage.elf $(FLASH_TOOL) flash-both: armsrc/obj/osimage.elf $(FLASH_TOOL)
$(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$(filter-out $(FLASH_TOOL),$^)) $(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$(filter-out $(FLASH_TOOL),$^))
flash-all: bootrom/obj/bootrom.elf armsrc/obj/osimage.elf armsrc/obj/fpgaimage.elf $(FLASH_TOOL) flash-all: bootrom/obj/bootrom.elf armsrc/obj/osimage.elf $(FLASH_TOOL)
$(FLASH_TOOL) $(FLASH_PORT) -b $(subst /,$(PATHSEP),$(filter-out $(FLASH_TOOL),$^)) $(FLASH_TOOL) $(FLASH_PORT) -b $(subst /,$(PATHSEP),$(filter-out $(FLASH_TOOL),$^))
newtarbin: newtarbin:

11
armsrc/Makefile
View file

@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
#remove one of the following defines and comment out the relevant line #remove one of the following defines and comment out the relevant line
#in the next section to remove that particular feature from compilation #in the next section to remove that particular feature from compilation
APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE -fno-strict-aliasing -O2 APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE -fno-strict-aliasing -ffunction-sections -fdata-sections
#-DWITH_LCD #-DWITH_LCD
#SRC_LCD = fonts.c LCD.c #SRC_LCD = fonts.c LCD.c
@ -51,7 +51,8 @@ APP_CFLAGS += -I.
# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
include ../common/Makefile.common include ../common/Makefile.common
OBJS = $(OBJDIR)/osimage.s19 $(OBJDIR)/fpgaimage.s19 OBJS = $(OBJDIR)/osimage.s19
#$(OBJDIR)/fpgaimage.s19
all: $(OBJS) all: $(OBJS)
@ -64,11 +65,11 @@ $(OBJDIR)/fpga_hf.o: fpga_hf.bit
$(OBJDIR)/fullimage.elf: $(VERSIONOBJ) $(OBJDIR)/fpga_lf.o $(OBJDIR)/fpga_hf.o $(THUMBOBJ) $(ARMOBJ) $(OBJDIR)/fullimage.elf: $(VERSIONOBJ) $(OBJDIR)/fpga_lf.o $(OBJDIR)/fpga_hf.o $(THUMBOBJ) $(ARMOBJ)
$(CC) $(LDFLAGS) -Wl,-T,ldscript,-Map,$(patsubst %.elf,%.map,$@) -o $@ $^ $(LIBS) $(CC) $(LDFLAGS) -Wl,-T,ldscript,-Map,$(patsubst %.elf,%.map,$@) -o $@ $^ $(LIBS)
$(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf #$(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf
$(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@ # $(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@
$(OBJDIR)/osimage.elf: $(OBJDIR)/fullimage.elf $(OBJDIR)/osimage.elf: $(OBJDIR)/fullimage.elf
$(OBJCOPY) -F elf32-littlearm --remove-section .fpgaimage $^ $@ $(OBJCOPY) -F elf32-littlearm $^ $@
tarbin: $(OBJS) tarbin: $(OBJS)
$(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(OBJS:%=armsrc/%) $(OBJS:%.s19=armsrc/%.elf) $(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(OBJS:%=armsrc/%) $(OBJS:%.s19=armsrc/%.elf)

2
armsrc/appmain.c
View file

@ -648,7 +648,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
setSamplingConfig((sample_config *) c->d.asBytes); setSamplingConfig((sample_config *) c->d.asBytes);
break; break;
case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
cmd_send(CMD_ACK,SampleLF(),0,0,0,0); cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
break; break;
case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);

71
armsrc/iclass.c
View file

@ -1627,7 +1627,10 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
static uint8_t act_all[] = { 0x0a }; static uint8_t act_all[] = { 0x0a };
static uint8_t identify[] = { 0x0c }; static uint8_t identify[] = { 0x0c };
static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
static uint8_t readcheck_cc[]= { 0x88, 0x02 };
static uint8_t readcheck_cc[]= { 0x88, 0x02,};
uint8_t resp[ICLASS_BUFFER_SIZE]; uint8_t resp[ICLASS_BUFFER_SIZE];
uint8_t read_status = 0; uint8_t read_status = 0;
@ -1662,28 +1665,33 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
if(ReaderReceiveIClass(resp) == 8) { if(ReaderReceiveIClass(resp) == 8) {
//Save CC (e-purse) in response data //Save CC (e-purse) in response data
memcpy(card_data+8,resp,8); memcpy(card_data+8,resp,8);
read_status++;
//Got both
read_status = 2;
} }
return read_status; return read_status;
} }
// Reader iClass Anticollission // Reader iClass Anticollission
void ReaderIClass(uint8_t arg0) { void ReaderIClass(uint8_t arg0) {
uint8_t card_data[24]={0}; uint8_t card_data[6 * 8]={0xFF};
uint8_t last_csn[8]={0}; uint8_t last_csn[8]={0};
//Read conf block CRC(0x01) => 0xfa 0x22
uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
//Read conf block CRC(0x05) => 0xde 0x64
uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
int read_status= 0; int read_status= 0;
uint8_t result_status = 0;
bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC;
set_tracing(TRUE); set_tracing(TRUE);
setupIclassReader(); setupIclassReader();
size_t datasize = 0; while(!BUTTON_PRESS())
while(!BUTTON_PRESS())
{ {
if(!tracing) { if(!tracing) {
@ -1695,15 +1703,40 @@ void ReaderIClass(uint8_t arg0) {
read_status = handshakeIclassTag(card_data); read_status = handshakeIclassTag(card_data);
if(read_status == 0) continue; if(read_status == 0) continue;
if(read_status == 1) datasize = 8; if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
if(read_status == 2) datasize = 16; if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC;
//Todo, read the public blocks 1,5 aswell: // handshakeIclass returns CSN|CC, but the actual block
// // layout is CSN|CONFIG|CC, so here we reorder the data,
// 0 : CSN (we already have) // moving CC forward 8 bytes
memcpy(card_data+16,card_data+8, 8);
//Read block 1, config
if(arg0 & FLAG_ICLASS_READER_CONF)
{
if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
{
Dbprintf("Failed to dump config block");
}else
{
result_status |= FLAG_ICLASS_READER_CONF;
}
}
//Read block 5, AA
if(arg0 & FLAG_ICLASS_READER_AA){
if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
{
// Dbprintf("Failed to dump AA block");
}else
{
result_status |= FLAG_ICLASS_READER_AA;
}
}
// 0 : CSN
// 1 : Configuration // 1 : Configuration
// 2 : e-purse (we already have) // 2 : e-purse
// (3,4 write-only) // (3,4 write-only, kc and kd)
// 5 Application issuer area // 5 Application issuer area
// //
//Then we can 'ship' back the 8 * 5 bytes of data, //Then we can 'ship' back the 8 * 5 bytes of data,
@ -1713,10 +1746,10 @@ void ReaderIClass(uint8_t arg0) {
//Send back to client, but don't bother if we already sent this //Send back to client, but don't bother if we already sent this
if(memcmp(last_csn, card_data, 8) != 0) if(memcmp(last_csn, card_data, 8) != 0)
{ {
// If caller requires that we get CC, continue until we got it
if(!get_cc || (get_cc && read_status == 2)) if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
{ {
cmd_send(CMD_ACK,read_status,0,0,card_data,datasize); cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
if(abort_after_read) { if(abort_after_read) {
LED_A_OFF(); LED_A_OFF();
return; return;
@ -1724,7 +1757,7 @@ void ReaderIClass(uint8_t arg0) {
//Save that we already sent this.... //Save that we already sent this....
memcpy(last_csn, card_data, 8); memcpy(last_csn, card_data, 8);
} }
//If 'get_cc' was specified and we didn't get a CC, we'll just keep trying...
} }
LED_B_OFF(); LED_B_OFF();
} }

10
armsrc/ldscript
View file

@ -11,8 +11,7 @@ INCLUDE ../common/ldscript.common
PHDRS PHDRS
{ {
fpgaimage PT_LOAD FLAGS(4); text PT_LOAD FLAGS(5);
text PT_LOAD;
data PT_LOAD; data PT_LOAD;
bss PT_LOAD; bss PT_LOAD;
} }
@ -20,11 +19,6 @@ PHDRS
ENTRY(Vector) ENTRY(Vector)
SECTIONS SECTIONS
{ {
.fpgaimage : {
*(fpga_lf_bit.data)
*(fpga_hf_bit.data)
} >fpgaimage :fpgaimage
.start : { .start : {
*(.startos) *(.startos)
} >osimage :text } >osimage :text
@ -40,6 +34,8 @@ SECTIONS
.rodata : { .rodata : {
*(.rodata) *(.rodata)
*(.rodata.*) *(.rodata.*)
*(fpga_lf_bit.data)
*(fpga_hf_bit.data)
KEEP(*(.version_information)) KEEP(*(.version_information))
} >osimage :text } >osimage :text

2834
armsrc/lfops.c
View file

File diff suppressed because it is too large Load diff

12
armsrc/lfsampling.c
View file

@ -224,21 +224,21 @@ uint32_t DoAcquisition_config( bool silent)
,silent); ,silent);
} }
uint32_t ReadLF(bool activeField) uint32_t ReadLF(bool activeField, bool silent)
{ {
printConfig(); if (!silent) printConfig();
LFSetupFPGAForADC(config.divisor, activeField); LFSetupFPGAForADC(config.divisor, activeField);
// Now call the acquisition routine // Now call the acquisition routine
return DoAcquisition_config(false); return DoAcquisition_config(silent);
} }
/** /**
* Initializes the FPGA for reader-mode (field on), and acquires the samples. * Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled * @return number of bits sampled
**/ **/
uint32_t SampleLF() uint32_t SampleLF(bool printCfg)
{ {
return ReadLF(true); return ReadLF(true, printCfg);
} }
/** /**
* Initializes the FPGA for snoop-mode (field off), and acquires the samples. * Initializes the FPGA for snoop-mode (field off), and acquires the samples.
@ -247,5 +247,5 @@ uint32_t SampleLF()
uint32_t SnoopLF() uint32_t SnoopLF()
{ {
return ReadLF(false); return ReadLF(false, true);
} }

2
armsrc/lfsampling.h
View file

@ -5,7 +5,7 @@
* Initializes the FPGA for reader-mode (field on), and acquires the samples. * Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled * @return number of bits sampled
**/ **/
uint32_t SampleLF(); uint32_t SampleLF(bool silent);
/** /**
* Initializes the FPGA for snoop-mode (field off), and acquires the samples. * Initializes the FPGA for snoop-mode (field off), and acquires the samples.

4
client/Makefile
View file

@ -66,6 +66,7 @@ CMDSRCS = nonce2key/crapto1.c\
loclass/elite_crack.c\ loclass/elite_crack.c\
loclass/fileutils.c\ loclass/fileutils.c\
mifarehost.c\ mifarehost.c\
crc.c \
crc16.c \ crc16.c \
iso14443crc.c \ iso14443crc.c \
iso15693tools.c \ iso15693tools.c \
@ -100,8 +101,7 @@ CMDSRCS = nonce2key/crapto1.c\
cmdscript.c\ cmdscript.c\
pm3_bitlib.c\ pm3_bitlib.c\
aes.c\ aes.c\
protocols.c\ protocols.c
COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o) COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o) CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o)

3755
client/cmddata.c
View file

File diff suppressed because it is too large Load diff

6
client/cmddata.h
View file

@ -23,6 +23,7 @@ int CmdAskEM410xDemod(const char *Cmd);
int CmdG_Prox_II_Demod(const char *Cmd); int CmdG_Prox_II_Demod(const char *Cmd);
int Cmdaskrawdemod(const char *Cmd); int Cmdaskrawdemod(const char *Cmd);
int Cmdaskmandemod(const char *Cmd); int Cmdaskmandemod(const char *Cmd);
int AutoCorrelate(int window, bool SaveGrph, bool verbose);
int CmdAutoCorr(const char *Cmd); int CmdAutoCorr(const char *Cmd);
int CmdBiphaseDecodeRaw(const char *Cmd); int CmdBiphaseDecodeRaw(const char *Cmd);
int CmdBitsamples(const char *Cmd); int CmdBitsamples(const char *Cmd);
@ -62,11 +63,16 @@ int CmdThreshold(const char *Cmd);
int CmdDirectionalThreshold(const char *Cmd); int CmdDirectionalThreshold(const char *Cmd);
int CmdZerocrossings(const char *Cmd); int CmdZerocrossings(const char *Cmd);
int CmdIndalaDecode(const char *Cmd); int CmdIndalaDecode(const char *Cmd);
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo);
int ASKbiphaseDemod(const char *Cmd, bool verbose);
int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch); int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch);
int ASKrawDemod(const char *Cmd, bool verbose); int ASKrawDemod(const char *Cmd, bool verbose);
int FSKrawDemod(const char *Cmd, bool verbose); int FSKrawDemod(const char *Cmd, bool verbose);
int PSKDemod(const char *Cmd, bool verbose); int PSKDemod(const char *Cmd, bool verbose);
int NRZrawDemod(const char *Cmd, bool verbose); int NRZrawDemod(const char *Cmd, bool verbose);
void printEM410x(uint32_t hi, uint64_t id);
int getSamples(const char *Cmd, bool silent);
#define MAX_DEMOD_BUF_LEN (1024*128) #define MAX_DEMOD_BUF_LEN (1024*128)
extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN];

27
client/cmdhficlass.c
View file

@ -30,6 +30,7 @@
#include "loclass/elite_crack.h" #include "loclass/elite_crack.h"
#include "loclass/fileutils.h" #include "loclass/fileutils.h"
#include "protocols.h" #include "protocols.h"
#include "usb_cmd.h"
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
@ -166,29 +167,25 @@ int CmdHFiClassSim(const char *Cmd)
int CmdHFiClassReader(const char *Cmd) int CmdHFiClassReader(const char *Cmd)
{ {
UsbCommand c = {CMD_READER_ICLASS, {0}}; UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
SendCommand(&c); SendCommand(&c);
UsbCommand resp; UsbCommand resp;
while(!ukbhit()){ while(!ukbhit()){
if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
uint8_t isOK = resp.arg[0] & 0xff; uint8_t readStatus = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes; uint8_t * data = resp.d.asBytes;
PrintAndLog("isOk:%02x", isOK); PrintAndLog("Readstatus:%02x", readStatus);
if( isOK == 0){ if( readStatus == 0){
//Aborted //Aborted
PrintAndLog("Quitting..."); PrintAndLog("Quitting...");
return 0; return 0;
} }
if(isOK > 0) if( readStatus & FLAG_ICLASS_READER_CSN) PrintAndLog("CSN: %s",sprint_hex(data,8));
{ if( readStatus & FLAG_ICLASS_READER_CC) PrintAndLog("CC: %s",sprint_hex(data+16,8));
PrintAndLog("CSN: %s",sprint_hex(data,8)); if( readStatus & FLAG_ICLASS_READER_CONF){
} printIclassDumpInfo(data);
if(isOK >= 1)
{
PrintAndLog("CC: %s",sprint_hex(data+8,8));
}else{
PrintAndLog("No CC obtained");
} }
} else { } else {
PrintAndLog("Command execute timeout"); PrintAndLog("Command execute timeout");
@ -269,7 +266,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
uint8_t key_sel_p[8] = { 0 }; uint8_t key_sel_p[8] = { 0 };
UsbCommand c = {CMD_READER_ICLASS, {0}}; UsbCommand c = {CMD_READER_ICLASS, {0}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC; c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
SendCommand(&c); SendCommand(&c);
@ -284,7 +281,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
uint8_t * data = resp.d.asBytes; uint8_t * data = resp.d.asBytes;
memcpy(CSN,data,8); memcpy(CSN,data,8);
memcpy(CCNR,data+8,8); memcpy(CCNR,data+16,8);
PrintAndLog("isOk:%02x", isOK); PrintAndLog("isOk:%02x", isOK);

2
client/cmdhfmf.c
View file

@ -1539,7 +1539,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
char buf[64] = {0x00}; char buf[64] = {0x00};
uint8_t buf8[64] = {0x00}; uint8_t buf8[64] = {0x00};
uint8_t fillFromEmulator = 0; uint8_t fillFromEmulator = 0;
int i, len, blockNum, flags; int i, len, blockNum, flags=0;
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
PrintAndLog("It loads magic Chinese card from the file `filename.eml`"); PrintAndLog("It loads magic Chinese card from the file `filename.eml`");

2
client/cmdhftopaz.c
View file

@ -320,7 +320,7 @@ int CmdHFTopazReader(const char *Cmd)
for (uint16_t j = 0; j < 8; j++) { for (uint16_t j = 0; j < 8; j++) {
sprintf(&line[3*j], "%02x ", topaz_tag.data_blocks[i][j] /*rall_response[2 + 8*i + j]*/); sprintf(&line[3*j], "%02x ", topaz_tag.data_blocks[i][j] /*rall_response[2 + 8*i + j]*/);
} }
PrintAndLog(" 0x%02x | 0x%02x | %s| %-3s", i, i*8, line, topaz_block_is_locked(i, &topaz_tag.data_blocks[0x0d][0]) ? "yes" : "no"); PrintAndLog(" 0x%02x | 0x%02x | %s| %-3s", i, i*8, line, topaz_block_is_locked(i, &topaz_tag.data_blocks[0x0e][0]) ? "yes" : "no");
} }
PrintAndLog(""); PrintAndLog("");

1602
client/cmdlf.c
View file

File diff suppressed because it is too large Load diff

182
client/cmdlfem4x.c
View file

@ -43,163 +43,24 @@ int CmdEMdemodASK(const char *Cmd)
*/ */
int CmdEM410xRead(const char *Cmd) int CmdEM410xRead(const char *Cmd)
{ {
int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low; uint32_t hi=0;
int parity[4]; uint64_t lo=0;
char id[11] = {0x00};
char id2[11] = {0x00};
int retested = 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
high = low = 0;
/* Detect high and lows and clock */ if(!AskEm410xDemod("", &hi, &lo)) return 0;
for (i = 0; i < GraphTraceLen; i++) PrintAndLog("EM410x pattern found: ");
{ printEM410x(hi, lo);
if (GraphBuffer[i] > high) if (hi){
high = GraphBuffer[i]; PrintAndLog ("EM410x XL pattern found");
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
}
/* get clock */
clock = GetAskClock(Cmd, false, false);
/* parity for our 4 columns */
parity[0] = parity[1] = parity[2] = parity[3] = 0;
header = rows = 0;
// manchester demodulate
bit = bit2idx = 0;
for (i = 0; i < (int)(GraphTraceLen / clock); i++)
{
hithigh = 0;
hitlow = 0;
first = 1;
/* Find out if we hit both high and low peaks */
for (j = 0; j < clock; j++)
{
if (GraphBuffer[(i * clock) + j] >= high)
hithigh = 1;
else if (GraphBuffer[(i * clock) + j] <= low)
hitlow = 1;
/* it doesn't count if it's the first part of our read
because it's really just trailing from the last sequence */
if (first && (hithigh || hitlow))
hithigh = hitlow = 0;
else
first = 0;
if (hithigh && hitlow)
break;
}
/* If we didn't hit both high and low peaks, we had a bit transition */
if (!hithigh || !hitlow)
bit ^= 1;
BitStream[bit2idx++] = bit;
}
retest:
/* We go till 5 before the graph ends because we'll get that far below */
for (i = 1; i < bit2idx - 5; i++)
{
/* Step 2: We have our header but need our tag ID */
if (header == 9 && rows < 10)
{
/* Confirm parity is correct */
if ((BitStream[i] ^ BitStream[i+1] ^ BitStream[i+2] ^ BitStream[i+3]) == BitStream[i+4])
{
/* Read another byte! */
sprintf(id+rows, "%x", (8 * BitStream[i]) + (4 * BitStream[i+1]) + (2 * BitStream[i+2]) + (1 * BitStream[i+3]));
sprintf(id2+rows, "%x", (8 * BitStream[i+3]) + (4 * BitStream[i+2]) + (2 * BitStream[i+1]) + (1 * BitStream[i]));
rows++;
/* Keep parity info */
parity[0] ^= BitStream[i];
parity[1] ^= BitStream[i+1];
parity[2] ^= BitStream[i+2];
parity[3] ^= BitStream[i+3];
/* Move 4 bits ahead */
i += 4;
}
/* Damn, something wrong! reset */
else
{
PrintAndLog("Thought we had a valid tag but failed at word %d (i=%d)", rows + 1, i);
/* Start back rows * 5 + 9 header bits, -1 to not start at same place */
i -= 9 + (5 * rows) - 5;
rows = header = 0;
}
}
/* Step 3: Got our 40 bits! confirm column parity */
else if (rows == 10)
{
/* We need to make sure our 4 bits of parity are correct and we have a stop bit */
if (BitStream[i] == parity[0] && BitStream[i+1] == parity[1] &&
BitStream[i+2] == parity[2] && BitStream[i+3] == parity[3] &&
BitStream[i+4] == 0)
{
/* Sweet! */
PrintAndLog("EM410x Tag ID: %s", id);
PrintAndLog("Unique Tag ID: %s", id2);
global_em410xId = id;
/* Stop any loops */
return 1;
}
/* Crap! Incorrect parity or no stop bit, start all over */
else
{
rows = header = 0;
/* Go back 59 bits (9 header bits + 10 rows at 4+1 parity) */
i -= 59;
}
}
/* Step 1: get our header */
else if (header < 9)
{
/* Need 9 consecutive 1's */
if (BitStream[i] == 1)
header++;
/* We don't have a header, not enough consecutive 1 bits */
else
header = 0;
}
}
/* if we've already retested after flipping bits, return */
if (retested++){
PrintAndLog("Failed to decode");
return 0; return 0;
} }
char id[12] = {0x00};
sprintf(id, "%010llx",lo);
/* if this didn't work, try flipping bits */ global_em410xId = id;
for (i = 0; i < bit2idx; i++) return 1;
BitStream[i] ^= 1;
goto retest;
} }
/* emulate an EM410X tag // emulate an EM410X tag
* Format:
* 1111 1111 1 <-- standard non-repeatable header
* XXXX [row parity bit] <-- 10 rows of 5 bits for our 40 bit tag ID
* ....
* CCCC <-- each bit here is parity for the 10 bits above in corresponding column
* 0 <-- stop bit, end of tag
*/
int CmdEM410xSim(const char *Cmd) int CmdEM410xSim(const char *Cmd)
{ {
int i, n, j, binary[4], parity[4]; int i, n, j, binary[4], parity[4];
@ -282,28 +143,25 @@ int CmdEM410xSim(const char *Cmd)
*/ */
int CmdEM410xWatch(const char *Cmd) int CmdEM410xWatch(const char *Cmd)
{ {
char cmdp = param_getchar(Cmd, 0);
int read_h = (cmdp == 'h');
do { do {
if (ukbhit()) { if (ukbhit()) {
printf("\naborted via keyboard!\n"); printf("\naborted via keyboard!\n");
break; break;
} }
CmdLFRead(read_h ? "h" : ""); CmdLFRead("s");
CmdSamples("6000"); getSamples("8192",true); //capture enough to get 2 full messages
} while ( } while (!CmdEM410xRead(""));
!CmdEM410xRead("")
);
return 0; return 0;
} }
int CmdEM410xWatchnSpoof(const char *Cmd) int CmdEM410xWatchnSpoof(const char *Cmd)
{ {
CmdEM410xWatch(Cmd); CmdEM410xWatch(Cmd);
PrintAndLog("# Replaying : %s",global_em410xId); PrintAndLog("# Replaying captured ID: %s",global_em410xId);
CmdEM410xSim(global_em410xId); CmdLFaskSim("");
return 0; return 0;
} }
/* Read the transmitted data of an EM4x50 tag /* Read the transmitted data of an EM4x50 tag

1134
client/cmdlft55xx.c
View file

File diff suppressed because it is too large Load diff

57
client/cmdlft55xx.h
View file

@ -10,12 +10,57 @@
#ifndef CMDLFT55XX_H__ #ifndef CMDLFT55XX_H__
#define CMDLFT55XX_H__ #define CMDLFT55XX_H__
int CmdLFT55XX(const char *Cmd); typedef struct {
enum {
DEMOD_NRZ = 0x00,
DEMOD_PSK1 = 0x01,
DEMOD_PSK2 = 0x02,
DEMOD_PSK3 = 0x03,
DEMOD_FSK1 = 0x04,
DEMOD_FSK1a = 0x05,
DEMOD_FSK2 = 0x06,
DEMOD_FSK2a = 0x07,
DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs)
DEMOD_ASK = 0x08,
DEMOD_BI = 0x10,
DEMOD_BIa = 0x18,
} modulation;
bool inverted;
uint8_t offset;
uint32_t block0;
enum {
RF_8 = 0x00,
RF_16 = 0x01,
RF_32 = 0x02,
RF_40 = 0x03,
RF_50 = 0x04,
RF_64 = 0x05,
RF_100 = 0x06,
RF_128 = 0x07,
} bitrate;
} t55xx_conf_block_t;
int CmdReadBlk(const char *Cmd); int CmdLFT55XX(const char *Cmd);
int CmdReadBlkPWD(const char *Cmd); int CmdT55xxSetConfig(const char *Cmd);
int CmdWriteBlk(const char *Cmd); int CmdT55xxReadBlock(const char *Cmd);
int CmdWriteBLkPWD(const char *Cmd); int CmdT55xxWriteBlock(const char *Cmd);
int CmdReadTrace(const char *Cmd); int CmdT55xxReadTrace(const char *Cmd);
int CmdT55xxInfo(const char *Cmd);
int CmdT55xxDetect(const char *Cmd);
char * GetBitRateStr(uint32_t id);
char * GetSaferStr(uint32_t id);
char * GetModulationStr( uint32_t id);
char * GetModelStrFromCID(uint32_t cid);
char * GetSelectedModulationStr( uint8_t id);
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream);
void printT55xxBlock(const char *demodStr);
void printConfiguration( t55xx_conf_block_t b);
bool DecodeT55xxBlock();
bool tryDetectModulation();
bool test(uint8_t mode, uint8_t *offset);
int special(const char *Cmd);
int AquireData( uint8_t block );
#endif #endif

5
client/graph.c
View file

@ -146,7 +146,7 @@ uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose)
} }
//uint8_t countPSK_FC(uint8_t *BitStream, size_t size) //uint8_t countPSK_FC(uint8_t *BitStream, size_t size)
carrier = countPSK_FC(grph,size); carrier = countFC(grph,size,0);
// Only print this message if we're not looping something // Only print this message if we're not looping something
if (printAns){ if (printAns){
PrintAndLog("Auto-detected PSK carrier rate: %d", carrier); PrintAndLog("Auto-detected PSK carrier rate: %d", carrier);
@ -232,8 +232,7 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose)
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(BitStream); size_t size = getFromGraphBuf(BitStream);
if (size==0) return 0; if (size==0) return 0;
uint8_t dummy = 0; uint16_t ans = countFC(BitStream, size, 1);
uint16_t ans = countFC(BitStream, size, &dummy);
if (ans==0) { if (ans==0) {
if (verbose) PrintAndLog("DEBUG: No data found"); if (verbose) PrintAndLog("DEBUG: No data found");
return 0; return 0;

139
client/scripts/test_t55x7_ask.lua Normal file
View file

@ -0,0 +1,139 @@
local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local format=string.format
local floor=math.floor
example =[[
1. script run test_t55x7_ask
]]
author = "Iceman"
usage = "script run test_t55x7_ask"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following:
--ASK
00 00 80 40
-- max 2
-- manchester
-- bit rate
"lf t55xx write 0 00008040"
"lf t55xx detect"
"lf t55xx info"
Loop:
change the configuretion block 0 with:
-xx 00 xxxx = RF/8
-xx 04 xxxx = RF/16
-xx 08 xxxx = RF/32
-xx 0C xxxx = RF/40
-xx 10 xxxx = RF/50
-xx 14 xxxx = RF/64
-xx 18 xxxx = RF/100
-xx 1C xxxx = RF/128
testsuit for the ASK/MANCHESTER demod
Arguments:
-h : this help
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
--BLOCK 0 = 00008040 ASK / MAN
local config1 = '00'
local config2 = '8040'
local procedurecmds = {
[1] = '%s%02X%s',
[2] = 'lf t55xx detect',
[3] = 'lf t55xx info',
}
---
-- A debug printout-function
function dbg(args)
if not DEBUG then
return
end
if type(args) == "table" then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print("###", args)
end
end
---
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
end
---
-- Usage help
function help()
print(desc)
print("Example usage")
print(example)
end
--
-- Exit message
function ExitMsg(msg)
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
end
function test()
local y
for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
if #pcmd == 0 then
elseif _ == 1 then
local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx write 0 %s'):format(config))
config = tonumber(config,16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
else
dbg(pcmd)
core.console( pcmd )
end
end
core.clearCommandBuffer()
end
print( string.rep('--',20) )
end
local function main(args)
print( string.rep('--',20) )
print( string.rep('--',20) )
-- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end
end
core.clearCommandBuffer()
test()
print( string.rep('--',20) )
end
main(args)

133
client/scripts/test_t55x7_bi.lua Normal file
View file

@ -0,0 +1,133 @@
local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
example =[[
1. script run test_t55x7_bi
]]
author = "Iceman"
usage = "script run test_t55x7_bi"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040
The outlined procedure is as following:
--BIPHASE 00010040
--
"lf t55xx write 0 00010040"
"lf t55xx detect"
"lf t55xx info"
Loop:
change the configuretion block 0 with:
-xx01xxxx = RF/8
-xx05xxxx = RF/16
-xx09xxxx = RF/32
-xx0Dxxxx = RF/40
-xx11xxxx = RF/50
-xx15xxxx = RF/64
-xx19xxxx = RF/100
-xx1Dxxxx = RF/128
testsuit for the BIPHASE demod
Arguments:
-h : this help
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
--BLOCK 0 = 00010040 BIPHASE
local config1 = '00'
local config2 = '0040'
local procedurecmds = {
[1] = '%s%02X%s',
[2] = 'lf t55xx detect',
[3] = 'lf t55xx info',
}
---
-- A debug printout-function
function dbg(args)
if not DEBUG then
return
end
if type(args) == "table" then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print("###", args)
end
end
---
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
end
---
-- Usage help
function help()
print(desc)
print("Example usage")
print(example)
end
--
-- Exit message
function ExitMsg(msg)
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
end
function test()
local y
for y = 1, 0x1D, 4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
if #pcmd == 0 then
elseif _ == 1 then
local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx wr 0 %s'):format(config))
config = tonumber(config,16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
else
dbg(pcmd)
core.console( pcmd )
end
end
core.clearCommandBuffer()
end
print( string.rep('--',20) )
end
local function main(args)
print( string.rep('--',20) )
print( string.rep('--',20) )
-- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end
end
core.clearCommandBuffer()
test()
print( string.rep('--',20) )
end
main(args)

139
client/scripts/test_t55x7_fsk.lua Normal file
View file

@ -0,0 +1,139 @@
local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
example =[[
1. script run test_t55x7_fsk
]]
author = "Iceman"
usage = "script run test_t55x7_fsk"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following:
--ASK
00 00 80 40
-- max 2 blocks
-- FSK1
-- bit rate
"lf t55xx write 0 00007040"
"lf t55xx detect"
"lf t55xx info"
Loop:
change the configuretion block 0 with:
-xx 00 xxxx = RF/8
-xx 04 xxxx = RF/16
-xx 08 xxxx = RF/32
-xx 0C xxxx = RF/40
-xx 10 xxxx = RF/50
-xx 14 xxxx = RF/64
-xx 18 xxxx = RF/100
-xx 1C xxxx = RF/128
testsuit for the ASK/MANCHESTER demod
Arguments:
-h : this help
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
--BLOCK 0 = 00008040 FSK
local config1 = '00'
local config2 = '040'
local procedurecmds = {
[1] = '%s%02X%X%s',
[2] = 'lf t55xx detect',
[3] = 'lf t55xx info',
}
---
-- A debug printout-function
function dbg(args)
if not DEBUG then
return
end
if type(args) == "table" then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print("###", args)
end
end
---
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
end
---
-- Usage help
function help()
print(desc)
print("Example usage")
print(example)
end
--
-- Exit message
function ExitMsg(msg)
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
end
function test(modulation)
local y
for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
if #pcmd == 0 then
elseif _ == 1 then
local config = pcmd:format(config1, y, modulation, config2)
dbg(('lf t55xx write 0 %s'):format(config))
config = tonumber(config,16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
else
dbg(pcmd)
core.console( pcmd )
end
end
core.clearCommandBuffer()
end
print( string.rep('--',20) )
end
local function main(args)
print( string.rep('--',20) )
print( string.rep('--',20) )
-- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end
end
core.clearCommandBuffer()
test(4)
test(5)
test(6)
test(7)
print( string.rep('--',20) )
end
main(args)

98
client/scripts/test_t55x7_psk.lua
View file

@ -2,15 +2,14 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local dumplib = require('html_dumplib')
example =[[ example =[[
1. script run tracetest 1. script run test_t55x7_psk
2. script run tracetest -o 2. script run test_t55x7_psk -o
]] ]]
author = "Iceman" author = "Iceman"
usage = "script run test_t55x7_psk -o <filename>" usage = "script run test_t55x7_psk"
desc =[[ desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
The outlined procedure is as following: The outlined procedure is as following:
@ -39,26 +38,35 @@ In all 12 individual test for the PSK demod
Arguments: Arguments:
-h : this help -h : this help
-o : logfile name
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
--BLOCK 0 = 00088040
local config1 = '0008' -- local procedurecmds = {
local config2 = '40' -- [1] = '%s%s%s%s',
-- [2] = 'lf read',
-- --[3] = '',
-- [3] = 'data samples',
-- [4] = 'data pskdetectclock',
-- [5] = 'data psknrzrawdemod',
-- [6] = 'data pskindalademod',
-- }
-- --BLOCK 0 = 00 08 80 40 PSK
-- -----------
-- 08------- bitrate
-- 8----- modulation PSK1
-- 0---- PSK ClockRate
-- 40 max 2 blocks
local procedurecmds = { local procedurecmds = {
[1] = '%s%s%s%s', [1] = '00%02X%X%X40',
[2] = 'lf read', [2] = 'lf t55xx detect',
--[3] = '', --[3] = '',
[3] = 'data samples', [3] = 'lf t55xx info',
[4] = 'data pskdetectclock',
[5] = 'data psknrzrawdemod',
[6] = 'data pskindalademod',
} }
--- ---
-- A debug printout-function -- A debug printout-function
function dbg(args) function dbg(args)
@ -97,45 +105,39 @@ function ExitMsg(msg)
print() print()
end end
function pskTest(modulation) function test(modulation)
local y local bitrate
for y = 0, 8, 4 do local clockrate
for _ = 1, #procedurecmds do for bitrate = 0x0, 0x1d, 0x4 do
local cmd = procedurecmds[_]
if #cmd == 0 then for clockrate = 0,8,4 do
elseif _ == 1 then for _ = 1, #procedurecmds do
local cmd = procedurecmds[_]
dbg("Writing to T55x7 TAG") if #cmd == 0 then
local configdata = cmd:format( config1, modulation , y, config2) elseif _ == 1 then
dbg( configdata) dbg("Writing to T55x7 TAG")
local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = configdata ,arg2 = 0, arg3 = 0} local config = cmd:format(bitrate, modulation, clockrate)
local err = core.SendCommand(writecommand:getBytes()) dbg(('lf t55xx write 0 %s'):format(config))
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
if response then config = tonumber(config,16)
local count,cmd,arg0 = bin.unpack('LL',response) local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config ,arg2 = 0, arg3 = 0}
if(arg0==1) then local err = core.SendCommand(writecommand:getBytes())
dbg("Writing success") if err then return oops(err) end
else local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
return nil, "Couldn't read block.." else
end dbg(cmd)
core.console( cmd )
end end
else
dbg(cmd)
core.console( cmd )
end end
core.clearCommandBuffer()
end end
core.clearCommandBuffer()
end end
print( string.rep('--',20) ) print( string.rep('--',20) )
end end
local function main(args) local function main(args)
@ -143,20 +145,16 @@ local function main(args)
print( string.rep('--',20) ) print( string.rep('--',20) )
print( string.rep('--',20) ) print( string.rep('--',20) )
local outputTemplate = os.date("testpsk_%Y-%m-%d_%H%M%S")
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'ho:') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == "h" then return help() end
if o == "o" then outputTemplate = arg end
end end
core.clearCommandBuffer() core.clearCommandBuffer()
pskTest(1) test(1) -- PSK1
pskTest(2) --test(2) -- PSK2
pskTest(3) --test(3) -- PSK3
pskTest(8)
print( string.rep('--',20) ) print( string.rep('--',20) )
end end

24
client/scripts/tracetest.lua
View file

@ -6,19 +6,20 @@ local dumplib = require('html_dumplib')
example =[[ example =[[
1. script run tracetest 1. script run tracetest
2. script run tracetest -o
]] ]]
author = "Iceman" author = "Iceman"
usage = "script run tracetest -o <filename>" usage = "script run tracetest"
desc =[[ desc =[[
This script will load several traces files in ../traces/ folder and do This script will load several traces files in ../traces/ folder and do
"data load" "data load"
"lf search" "lf search 1 u"
The following tracefiles will be loaded:
em*.pm3
m*.pm3
Arguments: Arguments:
-h : this help -h : this help
-o : logfile name
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
@ -71,12 +72,12 @@ local function main(args)
local tracesEM = "find '../traces/' -iname 'em*.pm3' -type f" local tracesEM = "find '../traces/' -iname 'em*.pm3' -type f"
local tracesMOD = "find '../traces/' -iname 'm*.pm3' -type f" local tracesMOD = "find '../traces/' -iname 'm*.pm3' -type f"
local write2File = false
local outputTemplate = os.date("testtest_%Y-%m-%d_%H%M%S") local outputTemplate = os.date("testtest_%Y-%m-%d_%H%M%S")
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'ho:') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == "h" then return help() end
if o == "o" then outputTemplate = arg end
end end
core.clearCommandBuffer() core.clearCommandBuffer()
@ -97,7 +98,7 @@ local function main(args)
end end
p.close(); p.close();
local cmdLFSEARCH = "lf search 1" local cmdLFSEARCH = "lf search 1 u"
-- main loop -- main loop
io.write('Starting to test traces > ') io.write('Starting to test traces > ')
@ -119,13 +120,6 @@ local function main(args)
end end
io.write('\n') io.write('\n')
-- Write dump to files
if not DEBUG then
local bar = dumplib.SaveAsText(emldata, outputTemplate..'.txt')
print(("Wrote output to: %s"):format(bar))
end
-- Show info
print( string.rep('--',20) ) print( string.rep('--',20) )
end end

16
common/crc.c
View file

@ -5,8 +5,9 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Generic CRC calculation code. // Generic CRC calculation code.
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
#include "crc.h" #include "crc.h"
#include <stdint.h>
#include <stddef.h>
void crc_init(crc_t *crc, int order, uint32_t polynom, uint32_t initial_value, uint32_t final_xor) void crc_init(crc_t *crc, int order, uint32_t polynom, uint32_t initial_value, uint32_t final_xor)
{ {
@ -40,3 +41,16 @@ uint32_t crc_finish(crc_t *crc)
{ {
return ( crc->state ^ crc->final_xor ) & crc->mask; return ( crc->state ^ crc->final_xor ) & crc->mask;
} }
//credits to iceman
uint32_t CRC8Maxim(uint8_t *buff, size_t size)
{
crc_t crc;
crc_init(&crc, 9, 0x8c, 0x00, 0x00);
crc_clear(&crc);
for (size_t i=0; i < size; ++i){
crc_update(&crc, buff[i], 8);
}
return crc_finish(&crc);
}

3
include/crc.h → common/crc.h
View file

@ -10,6 +10,7 @@
#define __CRC_H #define __CRC_H
#include <stdint.h> #include <stdint.h>
#include <stddef.h>
typedef struct crc { typedef struct crc {
uint32_t state; uint32_t state;
@ -36,6 +37,8 @@ extern void crc_clear(crc_t *crc);
/* Get the result of the crc calculation */ /* Get the result of the crc calculation */
extern uint32_t crc_finish(crc_t *crc); extern uint32_t crc_finish(crc_t *crc);
// Calculate CRC-8/Maxim checksum
uint32_t CRC8Maxim(uint8_t *buff, size_t size );
/* Static initialization of a crc structure */ /* Static initialization of a crc structure */
#define CRC_INITIALIZER(_order, _polynom, _initial_value, _final_xor) { \ #define CRC_INITIALIZER(_order, _polynom, _initial_value, _final_xor) { \
.state = ((_initial_value) & ((1L<<(_order))-1)), \ .state = ((_initial_value) & ((1L<<(_order))-1)), \

6
common/ldscript.common
View file

@ -1,6 +1,7 @@
/* /*
----------------------------------------------------------------------------- -----------------------------------------------------------------------------
This code is licensed to you under the terms of the GNU GPL, version 2 or, This code is licensed to you under the ter
ms of the GNU GPL, version 2 or,
at your option, any later version. See the LICENSE.txt file for the text of at your option, any later version. See the LICENSE.txt file for the text of
the license. the license.
----------------------------------------------------------------------------- -----------------------------------------------------------------------------
@ -13,8 +14,7 @@ MEMORY
{ {
bootphase1 : ORIGIN = 0x00100000, LENGTH = 0x200 /* Phase 1 bootloader: Copies real bootloader to RAM */ bootphase1 : ORIGIN = 0x00100000, LENGTH = 0x200 /* Phase 1 bootloader: Copies real bootloader to RAM */
bootphase2 : ORIGIN = 0x00100200, LENGTH = 0x2000 - 0x200 /* Main bootloader code, stored in Flash, executed from RAM */ bootphase2 : ORIGIN = 0x00100200, LENGTH = 0x2000 - 0x200 /* Main bootloader code, stored in Flash, executed from RAM */
fpgaimage : ORIGIN = 0x00102000, LENGTH = 96k - 0x2000 /* Place where the FPGA image will end up */ osimage : ORIGIN = 0x00102000, LENGTH = 256K - 0x2000 /* Place where the main OS will end up */
osimage : ORIGIN = 0x00118000, LENGTH = 256K - 96k /* Place where the main OS will end up */
ram : ORIGIN = 0x00200000, LENGTH = 64K - 0x20 /* RAM, minus small common area */ ram : ORIGIN = 0x00200000, LENGTH = 64K - 0x20 /* RAM, minus small common area */
commonarea : ORIGIN = 0x00200000 + 64K - 0x20, LENGTH = 0x20 /* Communication between bootloader and main OS */ commonarea : ORIGIN = 0x00200000 + 64K - 0x20, LENGTH = 0x20 /* Communication between bootloader and main OS */
} }

2055
common/lfdemod.c
View file

File diff suppressed because it is too large Load diff

8
common/lfdemod.h
View file

@ -16,8 +16,9 @@
#include <stdint.h> #include <stdint.h>
int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr); int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low);
int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr); int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx); uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
int ManchesterEncode(uint8_t *BitStream, size_t size); int ManchesterEncode(uint8_t *BitStream, size_t size);
int manrawdecode(uint8_t *BitStream, size_t *size); int manrawdecode(uint8_t *BitStream, size_t *size);
int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert); int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert);
@ -32,18 +33,15 @@ void psk1TOpsk2(uint8_t *BitStream, size_t size);
void psk2TOpsk1(uint8_t *BitStream, size_t size); void psk2TOpsk1(uint8_t *BitStream, size_t size);
int DetectNRZClock(uint8_t dest[], size_t size, int clock); int DetectNRZClock(uint8_t dest[], size_t size, int clock);
int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert); int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
void pskCleanWave(uint8_t *bitStream, size_t size);
int PyramiddemodFSK(uint8_t *dest, size_t *size); int PyramiddemodFSK(uint8_t *dest, size_t *size);
int AWIDdemodFSK(uint8_t *dest, size_t *size); int AWIDdemodFSK(uint8_t *dest, size_t *size);
size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen); size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen);
uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t *mostFC); uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t fskAdj);
uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow); uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow);
int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo); int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo); int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx); uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx);
uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType); uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType);
uint8_t justNoise(uint8_t *BitStream, size_t size);
uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert); int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
int DetectPSKClock(uint8_t dest[], size_t size, int clock); int DetectPSKClock(uint8_t dest[], size_t size, int clock);

6
include/usb_cmd.h
View file

@ -199,7 +199,11 @@ typedef struct{
//Iclass reader flags //Iclass reader flags
#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 #define FLAG_ICLASS_READER_ONLY_ONCE 0x01
#define FLAG_ICLASS_READER_GET_CC 0x02 #define FLAG_ICLASS_READER_CC 0x02
#define FLAG_ICLASS_READER_CSN 0x04
#define FLAG_ICLASS_READER_CONF 0x08
#define FLAG_ICLASS_READER_AA 0x10
// CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: