diff --git a/.gitignore b/.gitignore index c551f7a2..852056a7 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ *.map *.bin !client/hardnested/*.bin +!client/sc_upgrade_firmware/*.bin *.dll *.moc.cpp *.z diff --git a/CHANGELOG.md b/CHANGELOG.md index fbc40cda..67b1d537 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,10 +5,47 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] ### Changed +- Changed hf mfp security. Now it works in all the modes. (drHatson) +- `hf fido` - show/check DER certificate and signatures (Merlok) +- Changed `lf hitag reader 0x ... ` - to select first page to read and tagmode (0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED) +- Accept hitagS con0 tags with memory bits set to 11 and handle like 2048 tag ### Fixed - +- AC-Mode decoding for HitagS +- Wrong UID at HitagS simulation +- `hf 15 sim` now works as expected (piwi) +- `hf mf chk t` save to emulator memory now works as expected (mwalker) +- Fix `hf mf sim` - wrong access rights to write key B in trailer (@McEloff) +- allow files > 512Bytes in 'hf iclass eload' (@Sherhannn79) +- `hf mf nested` now works with fixed nonce tags too (uzlonewolf, piwi) + ### Added +- Added to `hf 14a apdu` print apdu and compose apdu (@merlokk) +- Added `hf 15 csetuid` - set UID on ISO-15693 Magic tags (t0m4) +- Added `lf config s xxxx` option to allow skipping x samples before capture (marshmellow) +- Added `lf em 4x05protect` to support changing protection blocks on em4x05 chips (marshmellow) +- Support Standard Communication Mode in HITAG S +- Added `hf emv scan` - commands for scan EMV card and dump data to json file (Merlok) +- `hf mfp` group of commands (Merlok) +- Added `hf fido` - FIDO U2F authenticator commands https://fidoalliance.org/ (Merlok) +- Added `lf hitag reader 03` - read block (instead of pages) +- Added `lf hitag reader 04` - read block (instead of pages) +- Added `hf fido` `assert` and `make` commands from fido2 protocol (authenticatorMakeCredential and authenticatorGetAssertion) (Merlok) +- Added `lf paradox clone` to clone a Paradox card +- Added `emv` commands working for both contactless and smart cards (Merlok) +- Added `hf 15 snoop` (piwi) +- Added support for standard USB Smartcard Readers (piwi) +- Added `hf plot` (piwi) +- Added `hf mfp mad` `hf mf mad` parsing MAD1 and MAD2 (Merlok) +- Added `hf mfp ndef` `hf mf ndef` parsing NDEF records (Merlok) +- Added Mifare Mini, Mifare 2K and 4K support to `hf mf sim` (piwi) +- Added Legic detection to `hf search` (dnet) +- Added Home (Pos1) and End key bindings to the plot GUI (based on @mcd1992) +- Added downlink reference mode option r [ 0 - (or missing) default/fixed bit, 1 - long leading, 2 - leading 0 and 3 - 1 of 4 ] to `lf t55xx detect`, `lf t55xx read`, `lf t55xx write`, and `lf t55xx bruteforce` +- Added special option `r 4` to bruteforce, to try all downlink modes (0,1,2 and 3) for each password +- `hf mfu info` now checks the NXP Originality Signature if availabe (piwi) +- Added `hf mf personalize` to personalize the UID option of Mifare Classic EV1 cards (piwi) + ## [v3.1.0][2018-10-10] diff --git a/CI/.travis.yml b/CI/.travis.yml index f5fed7a6..01dd168a 100644 --- a/CI/.travis.yml +++ b/CI/.travis.yml @@ -1,23 +1,28 @@ # Travis-CI config # variable REPOSITORY_EP must be filled with repository name. as sample: "merlokk/proxmark3" + language: c compiler: gcc # Test on Linux and MacOS -matrix: +jobs: include: - - os: osx - osx_image: xcode7.3 # OS X 10.11 - - os: osx - osx_image: xcode8.3 # OS X 10.12 - os: osx osx_image: xcode9.4 # OS X 10.13 - os: osx osx_image: xcode10 # OS X 10.13 + - os: osx + osx_image: xcode11 # OS X 10.14 - os: linux - dist: trusty - sudo: required + dist: trusty # Ubuntu 14.04 + - os: linux + dist: xenial # Ubuntu 16.04 + - os: linux + dist: bionic # Ubuntu 18.04 + +git: + depth: false before_install: ## Install ARM toolchain on Linux. @@ -26,13 +31,13 @@ before_install: echo $REPOSITORY_EP; if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get update -qq; - sudo apt-get install -y gcc-arm-none-eabi; + sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libpcsclite-dev; elif [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update; if [[ "$REPOSITORY_EP" == "" ]]; then - brew tap proxmark/proxmark3; + brew tap --full proxmark/proxmark3; else - brew tap "$REPOSITORY_EP" --env=std; + brew tap --full "$REPOSITORY_EP" --env=std; fi fi @@ -47,7 +52,7 @@ install: before_script: script: -## for the time being we are satisfied if it can be build and then successfully started +## for the time being we are satisfied if it can be build and hf mf hardnested runs if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then proxmark3 /dev/notexists travis_test_commands.scr ; elif [[ "$TRAVIS_OS_NAME" == "linux" ]]; then diff --git a/CI/appveyor.yml b/CI/appveyor.yml index f5ae2c70..a38ff647 100644 --- a/CI/appveyor.yml +++ b/CI/appveyor.yml @@ -66,9 +66,20 @@ clone_script: Write-Host "[ OK ]" -ForegroundColor Green - Write-Host "Fill msys\etc\fstab file..." -NoNewLine + Write-Host "Fill msys2\etc\fstab file..." -NoNewLine - New-Item c:\ProxSpace\msys\etc\fstab -type file -force -value "#Win32_Path Mount_Point`nc:\ProxSpace\devkitARM /devkitARM`nc:\ProxSpace\Qt\5.6 /qt `nc:\ProxSpace\pm3 /pm3`n" + New-Item c:\ProxSpace\msys2\etc\fstab -type file -force -value "# For a description of the file format, see the Users Guide`n# http://cygwin.com/cygwin-ug-net/using.html#mount-table`nnone / cygdrive binary,posix=0,noacl,user 0 0 `nC:\ProxSpace\pm3 /pm3 ntfs noacl 0 0 `nC:\ProxSpace\gcc-arm-none-eabi /gcc-arm-none-eabi ntfs noacl 0 0 `n" + + Write-Host "[ OK ]" -ForegroundColor Green + + + Write-Host "Update msys2 packages..." -NoNewLine + + $env:Path = "C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path" + + C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null 1> msys1.txt 2>&1 + + C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null 1> msys1.txt 2>&1 Write-Host "[ OK ]" -ForegroundColor Green install: @@ -84,12 +95,25 @@ install: } build_script: - ps: >- - $env:Path = "C:\ProxSpace\msys\bin;$env:Path" + "C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path" + + + $env:MINGW_HOME="C:\ProxSpace\msys2\mingw32" + + $env:MSYS_HOME="C:\ProxSpace\msys2" + + $env:MSYSTEM="MINGW32" + + $env:MINGW_PREFIX="/mingw32" + + $env:SHELL="/bin/bash" + + $env:MSYSTEM_CHOST="i686-w64-mingw32" #make - bash -lc -i "pwd;make all" + bash -c -i 'pwd;make clean;make all' #some checks @@ -233,14 +257,14 @@ test_script: [bool]$res=$false # Wait 120 sec timeout for Job - if(Wait-Job $Job -Timeout 120){ + if(Wait-Job $Job -Timeout 150){ $Results = $Job | Receive-Job if($Results -like "true"){ $res=$true } } else { Write-host "Test [$Name] timeout" -ForegroundColor Red - Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 40000 -ErrorMessage "timeout" + Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 60000 -ErrorMessage "timeout" } Remove-Job -Force $Job @@ -268,19 +292,19 @@ test_script: #proxmark logic tests - ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed'} + ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h | grep -q Execute && echo Passed || echo Failed'} - ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'} + ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'} - ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf'"} "at_enc" + ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf mf'"} "at_enc" - ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:" + ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:" #proxmark crypto tests - ExecTest "hf emv test" "hf emv test" {bash -lc "cd ~/client;proxmark3 comx -c 'hf emv test'"} "Tests ?OK" + ExecTest "hf emv test" "hf emv test" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf emv test'"} "Tests ?OK" if ($global:TestsPassed) { diff --git a/CI/travis_test_commands.scr b/CI/travis_test_commands.scr index 4f5b025c..2f81c885 100644 --- a/CI/travis_test_commands.scr +++ b/CI/travis_test_commands.scr @@ -1,3 +1,3 @@ hf mf hardnested t 1 000000000000 -hf emv test +emv test exit diff --git a/README.md b/README.md index 09f23a6b..1ea871c3 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ do something useful with a proxmark3. * [The Forum](http://www.proxmark.org/forum) * The IRC channel: irc.freenode.org #proxmark3 ([chat in your browser](http://webchat.freenode.net/?channels=#proxmark3)) * [The Homebrew formula repository](https://github.com/Proxmark/homebrew-proxmark3) +* [Proxmark3 community discord server](https://discord.gg/86VcRtS) ## Development @@ -27,12 +28,15 @@ your operating system. Please refer to [the wiki](https://github.com/Proxmark/pr The Proxmark3 is available for purchase (assembled and tested) from the following locations: -* [RyscCorp](https://proxmark3.com/) (US) -* [Hackerwarehouse](https://hackerwarehouse.com/) (US) -* [Elechouse](http://www.elechouse.com/) (HK) -* [Lab401](https://lab401.com/) (FR) -* [RFxSecure](http://www.rfxsecure.com/) (SG) -* [IceSQL](http://proxmark3.tictail.com/) (SE) +| Distributor Name | Warehouse Location | Entity Location | +|------------------|--------------------|-----------------| +| [RyscCorp](https://proxmark3.com/) | USA | USA | +| [Hackerwarehouse](https://hackerwarehouse.com/) | USA | USA | +| [Elechouse](http://www.elechouse.com/) | HK | HK | +| [Lab401](https://lab401.com/) | EU | HK | +| [RFxSecure](http://www.rfxsecure.com/) | CN | SG | +| [Sneaktechnology](https://www.sneaktechnology.com/) | CN | CN | + Most of the ultra-low-volume contract assemblers could put something like this together with a reasonable yield. A run of around diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c index 4fe97b46..ce97e41f 100644 --- a/armsrc/BigBuf.c +++ b/armsrc/BigBuf.c @@ -21,8 +21,8 @@ /* BigBuf memory layout: Pointer to highest available memory: BigBuf_hi - high BIGBUF_SIZE - reserved = BigBuf_malloc() subtracts amount from BigBuf_hi, + high BIGBUF_SIZE + reserved = BigBuf_malloc() subtracts amount from BigBuf_hi, low 0x00 */ @@ -36,8 +36,9 @@ static uint16_t BigBuf_hi = BIGBUF_SIZE; static uint8_t *emulator_memory = NULL; // trace related variables -static uint16_t traceLen = 0; -int tracing = 1; //Last global one.. todo static? +static uint32_t traceLen = 0; +static bool tracing = true; + // get the address of BigBuf uint8_t *BigBuf_get_addr(void) @@ -53,7 +54,7 @@ uint8_t *BigBuf_get_EM_addr(void) if (emulator_memory == NULL) { emulator_memory = BigBuf_malloc(CARD_MEMORY_SIZE); } - + return emulator_memory; } @@ -63,31 +64,36 @@ void BigBuf_Clear(void) { BigBuf_Clear_ext(true); } + + // clear ALL of BigBuf void BigBuf_Clear_ext(bool verbose) { - memset(BigBuf,0,BIGBUF_SIZE); - if (verbose) - Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE); + memset(BigBuf, 0, BIGBUF_SIZE); + if (verbose) + Dbprintf("Buffer cleared (%i bytes)", BIGBUF_SIZE); } + + void BigBuf_Clear_EM(void){ memset(BigBuf_get_EM_addr(), 0, CARD_MEMORY_SIZE); } + void BigBuf_Clear_keep_EM(void) { - memset(BigBuf,0,BigBuf_hi); + memset(BigBuf, 0, BigBuf_hi); } // allocate a chunk of memory from BigBuf. We allocate high memory first. The unallocated memory // at the beginning of BigBuf is always for traces/samples uint8_t *BigBuf_malloc(uint16_t chunksize) { - if (BigBuf_hi - chunksize < 0) { - return NULL; // no memory left + if (BigBuf_hi - chunksize < 0) { + return NULL; // no memory left } else { - chunksize = (chunksize + 3) & 0xfffc; // round to next multiple of 4 - BigBuf_hi -= chunksize; // aligned to 4 Byte boundary + chunksize = (chunksize + 3) & 0xfffc; // round to next multiple of 4 + BigBuf_hi -= chunksize; // aligned to 4 Byte boundary return (uint8_t *)BigBuf + BigBuf_hi; } } @@ -128,18 +134,22 @@ uint16_t BigBuf_max_traceLen(void) return BigBuf_hi; } + void clear_trace() { traceLen = 0; } + void set_tracing(bool enable) { tracing = enable; } + bool get_tracing(void) { return tracing; } + /** * Get the number of bytes traced * @return @@ -149,6 +159,7 @@ uint16_t BigBuf_get_traceLen(void) return traceLen; } + /** This is a function to store traces. All protocols can use this generic tracer-function. The traces produced by calling this function can be fetched on the client-side @@ -162,14 +173,14 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_ uint8_t *trace = BigBuf_get_addr(); - uint16_t num_paritybytes = (iLen-1)/8 + 1; // number of valid paritybytes in *parity - uint16_t duration = timestamp_end - timestamp_start; + uint32_t num_paritybytes = (iLen-1)/8 + 1; // number of valid paritybytes in *parity + uint32_t duration = timestamp_end - timestamp_start; // Return when trace is full uint16_t max_traceLen = BigBuf_max_traceLen(); if (traceLen + sizeof(iLen) + sizeof(timestamp_start) + sizeof(duration) + num_paritybytes + iLen >= max_traceLen) { - tracing = false; // don't trace any more + tracing = false; // don't trace any more return false; } // Traceformat: @@ -200,19 +211,23 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_ // data bytes if (btBytes != NULL && iLen != 0) { - memcpy(trace + traceLen, btBytes, iLen); + for (int i = 0; i < iLen; i++) { + trace[traceLen++] = *btBytes++; + } } - traceLen += iLen; // parity bytes if (num_paritybytes != 0) { if (parity != NULL) { - memcpy(trace + traceLen, parity, num_paritybytes); + for (int i = 0; i < num_paritybytes; i++) { + trace[traceLen++] = *parity++; + } } else { - memset(trace + traceLen, 0x00, num_paritybytes); + for (int i = 0; i < num_paritybytes; i++) { + trace[traceLen++] = 0x00; + } } } - traceLen += num_paritybytes; return true; } @@ -229,8 +244,11 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP uint8_t *trace = BigBuf_get_addr(); uint16_t iLen = nbytes(iBits); + // Return when trace is full - if (traceLen + sizeof(rsamples) + sizeof(dwParity) + sizeof(iBits) + iLen > BigBuf_max_traceLen()) return false; + if (traceLen + sizeof(rsamples) + sizeof(dwParity) + sizeof(iBits) + iLen > BigBuf_max_traceLen()) { + return false; + } //Hitag traces appear to use this traceformat: // 32 bits timestamp (little endian,Highest Bit used as readerToTag flag) @@ -238,6 +256,8 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP // 8 bits size (number of bits in the trace entry, not number of bytes) // y Bytes data + + rsamples += iSamples; trace[traceLen++] = ((rsamples >> 0) & 0xff); trace[traceLen++] = ((rsamples >> 8) & 0xff); @@ -254,8 +274,9 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP trace[traceLen++] = ((dwParity >> 24) & 0xff); trace[traceLen++] = iBits; - memcpy(trace + traceLen, btBytes, iLen); - traceLen += iLen; + for (int i = 0; i < iLen; i++) { + trace[traceLen++] = *btBytes++; + } return true; } diff --git a/armsrc/BigBuf.h b/armsrc/BigBuf.h index 05538044..00d5145f 100644 --- a/armsrc/BigBuf.h +++ b/armsrc/BigBuf.h @@ -20,7 +20,7 @@ #define MAX_PARITY_SIZE ((MAX_FRAME_SIZE + 7) / 8) #define MAX_MIFARE_FRAME_SIZE 18 // biggest Mifare frame is answer to a read (one block = 16 Bytes) + 2 Bytes CRC #define MAX_MIFARE_PARITY_SIZE 3 // need 18 parity bits for the 18 Byte above. 3 Bytes are enough to store these -#define CARD_MEMORY_SIZE 4096 +#define CARD_MEMORY_SIZE 4096 #define DMA_BUFFER_SIZE 128 extern uint8_t *BigBuf_get_addr(void); diff --git a/armsrc/Makefile b/armsrc/Makefile index d230cda1..f4ad2ad6 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -21,11 +21,12 @@ else SRC_LCD = endif SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c protocols.c -SRC_ISO15693 = iso15693.c iso15693tools.c +SRC_ISO15693 = iso15693.c SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c mifaresim.c SRC_ISO14443b = iso14443b.c -SRC_CRAPTO1 = crypto1.c des.c -SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c parity.c +SRC_CRAPTO1 = crypto1.c +SRC_DES = platform_util_arm.c des.c +SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c parity.c iso15693tools.c SRC_SMARTCARD = i2c.c #the FPGA bitstream files. Note: order matters! @@ -42,7 +43,6 @@ APP_CFLAGS += -I../zlib # Compile these in thumb mode (small size) THUMBSRC = start.c \ $(SRC_LCD) \ - $(SRC_ISO15693) \ $(SRC_LF) \ $(SRC_ZLIB) \ $(SRC_SMARTCARD) \ @@ -50,8 +50,10 @@ THUMBSRC = start.c \ printf.c \ util.c \ string.c \ - usb_cdc.c \ - cmd.c + usb_cdc.c + +# Compile these in thumb mode optimized for speed (still smaller than ARM mode) +THUMBOPTSRC = $(SRC_ISO15693) # These are to be compiled in ARM mode ARMSRC = fpgaloader.c \ @@ -61,6 +63,7 @@ ARMSRC = fpgaloader.c \ $(SRC_ISO14443a) \ $(SRC_ISO14443b) \ $(SRC_CRAPTO1) \ + $(SRC_DES) \ $(SRC_CRC) \ iclass.c \ BigBuf.c \ @@ -70,7 +73,7 @@ ARMSRC = fpgaloader.c \ VERSIONSRC = version.c \ fpga_version_info.c -# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC +# Do not move this inclusion before the definition of {THUMB,THUMBOPT,ASM,ARM}SRC include ../common/Makefile.common OBJS = $(OBJDIR)/fullimage.s19 @@ -80,8 +83,9 @@ all: $(OBJS) .DELETE_ON_ERROR: -# version.c should be remade on every compilation -.PHONY: version.c +# version.c and fpga_version_info.c to be remade on every compilation +.PHONY: version.c fpga_version_info.c + version.c: default_version.c perl ../tools/mkversion.pl .. > $@ || $(COPY) $^ $@ @@ -97,7 +101,7 @@ $(OBJDIR)/fpga_all.bit.z: $(FPGA_BITSTREAMS) $(FPGA_COMPRESSOR) $(FPGA_COMPRESSOR): make -C ../client $(notdir $(FPGA_COMPRESSOR)) -$(OBJDIR)/fullimage.stage1.elf: $(VERSIONOBJ) $(OBJDIR)/fpga_all.o $(THUMBOBJ) $(ARMOBJ) +$(OBJDIR)/fullimage.stage1.elf: $(VERSIONOBJ) $(OBJDIR)/fpga_all.o $(THUMBOBJ) $(THUMBOPTOBJ) $(ARMOBJ) $(CC) $(LDFLAGS) -Wl,-T,ldscript,-Map,$(patsubst %.elf,%.map,$@) -o $@ $^ $(LIBS) $(OBJDIR)/fullimage.nodata.bin: $(OBJDIR)/fullimage.stage1.elf @@ -129,7 +133,7 @@ clean: $(DELETE) $(OBJDIR)$(PATHSEP)*.d $(DELETE) $(OBJDIR)$(PATHSEP)*.z $(DELETE) $(OBJDIR)$(PATHSEP)*.bin - $(DELETE) version.c + $(DELETE) version.c fpga_version_info.c .PHONY: all clean help help: diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 573a3a71..56bf67e0 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -13,7 +13,6 @@ #include #include "usb_cdc.h" -#include "cmd.h" #include "proxmark3.h" #include "apps.h" #include "fpga.h" @@ -24,19 +23,27 @@ #include "legicrfsim.h" #include "hitag2.h" #include "hitagS.h" +#include "iclass.h" +#include "iso14443b.h" +#include "iso15693.h" #include "lfsampling.h" #include "BigBuf.h" +#include "mifarecmd.h" #include "mifareutil.h" +#include "mifaresim.h" #include "pcf7931.h" #include "i2c.h" +#include "hfsnoop.h" +#include "fpgaloader.h" #ifdef WITH_LCD - #include "LCD.h" + #include "LCD.h" #endif +static uint32_t hw_capabilities; // Craig Young - 14a stand-alone code #ifdef WITH_ISO14443a - #include "iso14443a.h" + #include "iso14443a.h" #endif //============================================================================= @@ -45,33 +52,31 @@ // is the order in which they go out on the wire. //============================================================================= -#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits +#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits uint8_t ToSend[TOSEND_BUFFER_SIZE]; int ToSendMax; static int ToSendBit; struct common_area common_area __attribute__((section(".commonarea"))); -void ToSendReset(void) -{ +void ToSendReset(void) { ToSendMax = -1; ToSendBit = 8; } -void ToSendStuffBit(int b) -{ - if(ToSendBit >= 8) { +void ToSendStuffBit(int b) { + if (ToSendBit >= 8) { ToSendMax++; ToSend[ToSendMax] = 0; ToSendBit = 0; } - if(b) { + if (b) { ToSend[ToSendMax] |= (1 << (7 - ToSendBit)); } ToSendBit++; - if(ToSendMax >= sizeof(ToSend)) { + if (ToSendMax >= sizeof(ToSend)) { ToSendBit = 0; DbpString("ToSendStuffBit overflowed!"); } @@ -81,19 +86,11 @@ void ToSendStuffBit(int b) // Debug print functions, to go out over USB, to the usual PC-side client. //============================================================================= -void DbpString(char *str) -{ - byte_t len = strlen(str); - cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len); +void DbpString(char *str) { + uint8_t len = strlen(str); + cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(uint8_t*)str,len); } -#if 0 -void DbpIntegers(int x1, int x2, int x3) -{ - cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0); -} -#endif - void Dbprintf(const char *fmt, ...) { // should probably limit size here; oh well, let's just use a big buffer char output_string[128]; @@ -110,26 +107,26 @@ void Dbprintf(const char *fmt, ...) { void Dbhexdump(int len, uint8_t *d, bool bAsci) { int l=0,i; char ascii[9]; - + while (len>0) { if (len>8) l=8; else l=len; - + memcpy(ascii,d,l); ascii[l]=0; - + // filter safe ascii - for (i=0;i126) ascii[i]='.'; - + for (i = 0; i < l; i++) + if (ascii[i]<32 || ascii[i]>126) ascii[i] = '.'; + if (bAsci) { - Dbprintf("%-8s %*D",ascii,l,d," "); + Dbprintf("%-8s %*D",ascii, l, d, " "); } else { - Dbprintf("%*D",l,d," "); + Dbprintf("%*D", l, d, " "); } - - len-=8; - d+=8; + + len -= 8; + d += 8; } } @@ -138,12 +135,11 @@ void Dbhexdump(int len, uint8_t *d, bool bAsci) { // in ADC units (0 to 1023). Also a routine to average 32 samples and // return that. //----------------------------------------------------------------------------- -static int ReadAdc(int ch) -{ - // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value. +static int ReadAdc(int ch) { + // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value. // AMPL_HI is a high impedance (10MOhm || 1MOhm) output, the input capacitance of the ADC is 12pF (typical). This results in a time constant - // of RC = (0.91MOhm) * 12pF = 10.9us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged. - // + // of RC = (0.91MOhm) * 12pF = 10.9us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged. + // // The maths are: // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be // @@ -151,20 +147,19 @@ static int ReadAdc(int ch) AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; AT91C_BASE_ADC->ADC_MR = - ADC_MODE_PRESCALE(63) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz - ADC_MODE_STARTUP_TIME(1) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us - ADC_MODE_SAMPLE_HOLD_TIME(15); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us + ADC_MODE_PRESCALE(63) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz + ADC_MODE_STARTUP_TIME(1) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us + ADC_MODE_SAMPLE_HOLD_TIME(15); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch); AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) {}; - + return AT91C_BASE_ADC->ADC_CDR[ch] & 0x3ff; } -int AvgAdc(int ch) // was static - merlok -{ +int AvgAdc(int ch) { // was static - merlok{ int i; int a = 0; @@ -175,10 +170,9 @@ int AvgAdc(int ch) // was static - merlok return (a + 15) >> 5; } -static int AvgAdc_Voltage_HF(void) -{ +static int AvgAdc_Voltage_HF(void) { int AvgAdc_Voltage_Low, AvgAdc_Voltage_High; - + AvgAdc_Voltage_Low= (MAX_ADC_HF_VOLTAGE_LOW * AvgAdc(ADC_CHAN_HF_LOW)) >> 10; // if voltage range is about to be exceeded, use high voltage ADC channel if available (RDV40 only) if (AvgAdc_Voltage_Low > MAX_ADC_HF_VOLTAGE_LOW - 300) { @@ -190,13 +184,11 @@ static int AvgAdc_Voltage_HF(void) return AvgAdc_Voltage_Low; } -static int AvgAdc_Voltage_LF(void) -{ +static int AvgAdc_Voltage_LF(void) { return (MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10; } -void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv, uint8_t LF_Results[]) -{ +void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv, uint8_t LF_Results[]) { int i, adcval = 0, peak = 0; /* @@ -211,17 +203,17 @@ void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); SpinDelay(50); - - for (i=255; i>=19; i--) { + + for (i = 255; i >= 19; i--) { WDT_HIT(); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i); SpinDelay(20); adcval = AvgAdc_Voltage_LF(); - if (i==95) *vLf125 = adcval; // voltage at 125Khz - if (i==89) *vLf134 = adcval; // voltage at 134Khz + if (i == 95) *vLf125 = adcval; // voltage at 125Khz + if (i == 89) *vLf134 = adcval; // voltage at 134Khz LF_Results[i] = adcval >> 9; // scale int to fit in byte for graphing purposes - if(LF_Results[i] > peak) { + if (LF_Results[i] > peak) { *peakv = adcval; peak = LF_Results[i]; *peakf = i; @@ -229,25 +221,23 @@ void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv } } - for (i=18; i >= 0; i--) LF_Results[i] = 0; + for (i = 18; i >= 0; i--) LF_Results[i] = 0; return; } -void MeasureAntennaTuningHfOnly(int *vHf) -{ +void MeasureAntennaTuningHfOnly(int *vHf) { // Let the FPGA drive the high-frequency antenna around 13.56 MHz. LED_A_ON(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER); SpinDelay(20); *vHf = AvgAdc_Voltage_HF(); LED_A_OFF(); return; } -void MeasureAntennaTuning(int mode) -{ +void MeasureAntennaTuning(int mode) { uint8_t LF_Results[256] = {0}; int peakv = 0, peakf = 0; int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV @@ -273,15 +263,14 @@ void MeasureAntennaTuning(int mode) return; } -void MeasureAntennaTuningHf(void) -{ - int vHf = 0; // in mV +void MeasureAntennaTuningHf(void) { + int vHf = 0; // in mV DbpString("Measuring HF antenna, press button to exit"); // Let the FPGA drive the high-frequency antenna around 13.56 MHz. FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER); for (;;) { SpinDelay(500); @@ -297,8 +286,7 @@ void MeasureAntennaTuningHf(void) } -void ReadMem(int addr) -{ +void ReadMem(int addr) { const uint8_t *data = ((uint8_t *)addr); Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x", @@ -311,8 +299,21 @@ extern struct version_information version_information; extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__; -void SendVersion(void) -{ +void set_hw_capabilities(void) { + if (I2C_is_available()) { + hw_capabilities |= HAS_SMARTCARD_SLOT; + } + + if (false) { // TODO: implement a test + hw_capabilities |= HAS_EXTRA_FLASH_MEM; + } +} + + +void SendVersion(void) { + LED_A_ON(); + set_hw_capabilities(); + char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */ char VersionString[USB_CMD_DATA_SIZE] = { '\0' }; @@ -321,7 +322,7 @@ void SendVersion(void) * pointer, then use it. */ char *bootrom_version = *(char**)&_bootphase1_version_pointer; - if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) { + if (bootrom_version < &_flash_start || bootrom_version >= &_flash_end) { strcat(VersionString, "bootrom version information appears invalid\n"); } else { FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version); @@ -335,54 +336,52 @@ void SendVersion(void) strncat(VersionString, fpga_version_information[i], sizeof(VersionString) - strlen(VersionString) - 1); strncat(VersionString, "\n", sizeof(VersionString) - strlen(VersionString) - 1); } - + // test availability of SmartCard slot if (I2C_is_available()) { strncat(VersionString, "SmartCard Slot: available\n", sizeof(VersionString) - strlen(VersionString) - 1); } else { strncat(VersionString, "SmartCard Slot: not available\n", sizeof(VersionString) - strlen(VersionString) - 1); } - + // Send Chip ID and used flash memory uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start; uint32_t compressed_data_section_size = common_area.arg1; - cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString)); + cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, hw_capabilities, VersionString, strlen(VersionString) + 1); + LED_A_OFF(); } // measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time. // Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included. -void printUSBSpeed(void) -{ +void printUSBSpeed(void) { Dbprintf("USB Speed:"); Dbprintf(" Sending USB packets to client..."); - #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds + #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds uint8_t *test_data = BigBuf_get_addr(); uint32_t end_time; uint32_t start_time = end_time = GetTickCount(); uint32_t bytes_transferred = 0; - - LED_B_ON(); - while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) { + + while (end_time < start_time + USB_SPEED_TEST_MIN_TIME) { cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE); end_time = GetTickCount(); bytes_transferred += USB_CMD_DATA_SIZE; } - LED_B_OFF(); Dbprintf(" Time elapsed: %dms", end_time - start_time); Dbprintf(" Bytes transferred: %d", bytes_transferred); - Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s", + Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s", 1000 * bytes_transferred / (end_time - start_time)); } - + /** * Prints runtime information about the PM3. **/ -void SendStatus(void) -{ +void SendStatus(void) { + LED_A_ON(); BigBuf_print_status(); Fpga_print_status(); #ifdef WITH_SMARTCARD @@ -395,27 +394,26 @@ void SendStatus(void) Dbprintf(" ToSendMax..........%d", ToSendMax); Dbprintf(" ToSendBit..........%d", ToSendBit); - cmd_send(CMD_ACK,1,0,0,0,0); + cmd_send(CMD_ACK, 1, 0, 0, 0, 0); + LED_A_OFF(); } #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF_StandAlone) #define OPTS 2 -void StandAloneMode() -{ +void StandAloneMode() { DbpString("Stand-alone mode! No PC necessary."); // Oooh pretty -- notify user we're in elite samy mode now - LED(LED_RED, 200); + LED(LED_RED, 200); LED(LED_ORANGE, 200); - LED(LED_GREEN, 200); + LED(LED_GREEN, 200); LED(LED_ORANGE, 200); - LED(LED_RED, 200); + LED(LED_RED, 200); LED(LED_ORANGE, 200); - LED(LED_GREEN, 200); + LED(LED_GREEN, 200); LED(LED_ORANGE, 200); - LED(LED_RED, 200); - + LED(LED_RED, 200); } #endif @@ -423,8 +421,7 @@ void StandAloneMode() #ifdef WITH_ISO14443a_StandAlone -void StandAloneMode14a() -{ +void StandAloneMode14a() { StandAloneMode(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); @@ -440,14 +437,12 @@ void StandAloneMode14a() LED(selected + 1, 0); - for (;;) - { + for (;;) { usb_poll(); WDT_HIT(); SpinDelay(300); - if (GotoRecord || !cardRead[selected]) - { + if (GotoRecord || !cardRead[selected]) { GotoRecord = false; LEDsoff(); LED(selected + 1, 0); @@ -462,48 +457,42 @@ void StandAloneMode14a() uint32_t cuid; iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - for ( ; ; ) - { + for ( ; ; ) { WDT_HIT(); if (BUTTON_PRESS()) { if (cardRead[selected]) { Dbprintf("Button press detected -- replaying card in bank[%d]", selected); break; - } - else if (cardRead[(selected+1)%OPTS]) { + } else if (cardRead[(selected+1)%OPTS]) { Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS); selected = (selected+1)%OPTS; break; - } - else { + } else { Dbprintf("Button press detected but no stored tag to play. (Ignoring button)"); SpinDelay(300); } } if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0, true)) continue; - else - { + else { Dbprintf("Read UID:"); Dbhexdump(10,uid,0); memcpy(readUID,uid,10*sizeof(uint8_t)); uint8_t *dst = (uint8_t *)&uid_tmp1; // Set UID byte order - for (int i=0; i<4; i++) + for (int i = 0; i < 4; i++) dst[i] = uid[3-i]; dst = (uint8_t *)&uid_tmp2; - for (int i=0; i<4; i++) + for (int i = 0; i < 4; i++) dst[i] = uid[7-i]; - if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) { + if (uid_1st[(selected+1) % OPTS] == uid_tmp1 && uid_2nd[(selected+1) % OPTS] == uid_tmp2) { Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping."); - } - else { + } else { if (uid_tmp2) { - Dbprintf("Bank[%d] received a 7-byte UID",selected); + Dbprintf("Bank[%d] received a 7-byte UID", selected); uid_1st[selected] = (uid_tmp1)>>8; uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8); - } - else { - Dbprintf("Bank[%d] received a 4-byte UID",selected); + } else { + Dbprintf("Bank[%d] received a 4-byte UID", selected); uid_1st[selected] = uid_tmp1; uid_2nd[selected] = uid_tmp2; } @@ -511,8 +500,8 @@ void StandAloneMode14a() } } } - Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]); - Dbprintf("SAK = %02X",hi14a_card[selected].sak); + Dbprintf("ATQA = %02X%02X", hi14a_card[selected].atqa[0], hi14a_card[selected].atqa[1]); + Dbprintf("SAK = %02X", hi14a_card[selected].sak); LEDsoff(); LED(LED_GREEN, 200); LED(LED_ORANGE, 200); @@ -526,10 +515,7 @@ void StandAloneMode14a() playing = true; cardRead[selected] = true; - } - /* MF Classic UID clone */ - else if (GotoClone) - { + } else if (GotoClone) { /* MF Classic UID clone */ GotoClone=false; LEDsoff(); LED(selected + 1, 0); @@ -540,8 +526,7 @@ void StandAloneMode14a() Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]); // wait for button to be released - while(BUTTON_PRESS()) - { + while(BUTTON_PRESS()) { // Delay cloning until card is in place WDT_HIT(); } @@ -582,29 +567,26 @@ void StandAloneMode14a() if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) { Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected); playing = true; - } - else { - Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]); - memcpy(newBlock0,oldBlock0,16); + } else { + Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0], oldBlock0[1], oldBlock0[2], oldBlock0[3]); + memcpy(newBlock0, oldBlock0, 16); // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic) - newBlock0[0] = uid_1st[selected]>>24; - newBlock0[1] = 0xFF & (uid_1st[selected]>>16); - newBlock0[2] = 0xFF & (uid_1st[selected]>>8); + newBlock0[0] = uid_1st[selected] >> 24; + newBlock0[1] = 0xFF & (uid_1st[selected] >> 16); + newBlock0[2] = 0xFF & (uid_1st[selected] >> 8); newBlock0[3] = 0xFF & (uid_1st[selected]); - newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3]; + newBlock0[4] = newBlock0[0] ^ newBlock0[1] ^ newBlock0[2] ^ newBlock0[3]; // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain - MifareCSetBlock(0, 0xFF,0, newBlock0); + MifareCSetBlock(0, 0xFF, 0, newBlock0); MifareCGetBlock(0x3F, 1, 0, testBlock0); - if (memcmp(testBlock0,newBlock0,16)==0) - { + if (memcmp(testBlock0, newBlock0, 16) == 0) { DbpString("Cloned successfull!"); cardRead[selected] = false; // Only if the card was cloned successfully should we clear it playing = false; GotoRecord = true; selected = (selected+1) % OPTS; - } - else { + } else { Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected); playing = true; } @@ -612,10 +594,9 @@ void StandAloneMode14a() LEDsoff(); LED(selected + 1, 0); - } - // Change where to record (or begin playing) - else if (playing) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected]) - { + } else if (playing) { + // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected]) + // Change where to record (or begin playing) LEDsoff(); LED(selected + 1, 0); @@ -627,31 +608,26 @@ void StandAloneMode14a() int button_action = BUTTON_HELD(1000); if (button_action == 0) { // No button action, proceed with sim uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break - Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected); + Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected], uid_2nd[selected], selected); if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) { DbpString("Mifare Classic"); - SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); // Mifare Classic - } - else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) { + SimulateIso14443aTag(1, uid_1st[selected], uid_2nd[selected], data); // Mifare Classic + } else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) { DbpString("Mifare Ultralight"); - SimulateIso14443aTag(2,uid_1st[selected],uid_2nd[selected],data); // Mifare Ultralight - } - else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) { + SimulateIso14443aTag(2, uid_1st[selected], uid_2nd[selected], data); // Mifare Ultralight + } else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) { DbpString("Mifare DESFire"); - SimulateIso14443aTag(3,uid_1st[selected],uid_2nd[selected],data); // Mifare DESFire - } - else { + SimulateIso14443aTag(3, uid_1st[selected], uid_2nd[selected], data); // Mifare DESFire + } else { Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation"); - SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); + SimulateIso14443aTag(1, uid_1st[selected], uid_2nd[selected], data); } - } - else if (button_action == BUTTON_SINGLE_CLICK) { + } else if (button_action == BUTTON_SINGLE_CLICK) { selected = (selected + 1) % OPTS; Dbprintf("Done playing. Switching to record mode on bank %d",selected); GotoRecord = true; break; - } - else if (button_action == BUTTON_HOLD) { + } else if (button_action == BUTTON_HOLD) { Dbprintf("Playtime over. Begin cloning..."); GotoClone = true; break; @@ -666,10 +642,11 @@ void StandAloneMode14a() } } } + #elif WITH_LF_StandAlone + // samy's sniff and repeat routine -void SamyRun() -{ +void SamyRun() { StandAloneMode(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); @@ -681,8 +658,7 @@ void SamyRun() // Turn on selected LED LED(selected + 1, 0); - for (;;) - { + for (;;) { usb_poll(); WDT_HIT(); @@ -691,8 +667,7 @@ void SamyRun() SpinDelay(300); // Button was held for a second, begin recording - if (button_pressed > 0 && cardRead == 0) - { + if (button_pressed > 0 && cardRead == 0) { LEDsoff(); LED(selected + 1, 0); LED(LED_RED2, 0); @@ -720,51 +695,46 @@ void SamyRun() // If we were previously playing, set playing off // so next button push begins playing what we recorded playing = 0; - + cardRead = 1; - - } - else if (button_pressed > 0 && cardRead == 1) - { - LEDsoff(); - LED(selected + 1, 0); - LED(LED_ORANGE, 0); + } else if (button_pressed > 0 && cardRead == 1) { + LEDsoff(); + LED(selected + 1, 0); + LED(LED_ORANGE, 0); - // record - if (tops[selected] > 0) - Dbprintf("Cloning %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]); - else - Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]); + // record + if (tops[selected] > 0) + Dbprintf("Cloning %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]); + else + Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]); - // wait for button to be released - while(BUTTON_PRESS()) - WDT_HIT(); + // wait for button to be released + while(BUTTON_PRESS()) + WDT_HIT(); - /* need this delay to prevent catching some weird data */ - SpinDelay(500); + /* need this delay to prevent catching some weird data */ + SpinDelay(500); - CopyHIDtoT55x7(tops[selected] & 0x000FFFFF, high[selected], low[selected], (tops[selected] != 0 && ((high[selected]& 0xFFFFFFC0) != 0))); - if (tops[selected] > 0) - Dbprintf("Cloned %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]); - else - Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]); + CopyHIDtoT55x7(tops[selected] & 0x000FFFFF, high[selected], low[selected], (tops[selected] != 0 && ((high[selected]& 0xFFFFFFC0) != 0)), 0x1D); + if (tops[selected] > 0) + Dbprintf("Cloned %x %x%08x%08x", selected, tops[selected], high[selected], low[selected]); + else + Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]); - LEDsoff(); - LED(selected + 1, 0); - // Finished recording + LEDsoff(); + LED(selected + 1, 0); + // Finished recording - // If we were previously playing, set playing off - // so next button push begins playing what we recorded - playing = 0; - - cardRead = 0; - - } + // If we were previously playing, set playing off + // so next button push begins playing what we recorded + playing = 0; - // Change where to record (or begin playing) - else if (button_pressed) - { + cardRead = 0; + + } else if (button_pressed) { + + // Change where to record (or begin playing) // Next option if we were previously playing if (playing) selected = (selected + 1) % OPTS; @@ -774,8 +744,7 @@ void SamyRun() LED(selected + 1, 0); // Begin transmitting - if (playing) - { + if (playing) { LED(LED_GREEN, 0); DbpString("Playing"); // wait for button to be released @@ -785,15 +754,14 @@ void SamyRun() Dbprintf("%x %x%08x%08x", selected, tops[selected], high[selected], low[selected]); else Dbprintf("%x %x%08x", selected, high[selected], low[selected]); - + CmdHIDsimTAG(tops[selected], high[selected], low[selected], 0); DbpString("Done playing"); - if (BUTTON_HELD(1000) > 0) - { + if (BUTTON_HELD(1000) > 0) { DbpString("Exiting"); LEDsoff(); return; - } + } /* We pressed a button so ignore it here with a delay */ SpinDelay(300); @@ -803,8 +771,7 @@ void SamyRun() playing = !playing; LEDsoff(); LED(selected + 1, 0); - } - else + } else while(BUTTON_PRESS()) WDT_HIT(); } @@ -812,6 +779,7 @@ void SamyRun() } #endif + /* OBJECTIVE Listen and detect an external reader. Determine the best location @@ -847,10 +815,10 @@ static const char LIGHT_SCHEME[] = { 0xE, /* -XXX | 86% of maximum current detected */ 0xF, /* XXXX | 100% of maximum current detected */ }; + static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]); -void ListenReaderField(int limit) -{ +void ListenReaderField(int limit) { int lf_av, lf_av_new=0, lf_baseline= 0, lf_max; int hf_av, hf_av_new=0, hf_baseline= 0, hf_max; int mode=1, display_val, display_max, i; @@ -870,13 +838,13 @@ void ListenReaderField(int limit) lf_av = lf_max = AvgAdc_Voltage_LF(); - if(limit != HF_ONLY) { + if (limit != HF_ONLY) { Dbprintf("LF 125/134kHz Baseline: %dmV", lf_av); lf_baseline = lf_av; } hf_av = hf_max = AvgAdc_Voltage_HF(); - + if (limit != LF_ONLY) { Dbprintf("HF 13.56MHz Baseline: %dmV", hf_av); hf_baseline = hf_av; @@ -897,7 +865,8 @@ void ListenReaderField(int limit) return; break; } - while (BUTTON_PRESS()); + while (BUTTON_PRESS()) + /* wait */; } WDT_HIT(); @@ -911,7 +880,7 @@ void ListenReaderField(int limit) lf_av_new = AvgAdc_Voltage_LF(); // see if there's a significant change - if (ABS((lf_av - lf_av_new)*100/(lf_av?lf_av:1)) > REPORT_CHANGE_PERCENT) { + if (ABS((lf_av - lf_av_new) * 100 / (lf_av?lf_av:1)) > REPORT_CHANGE_PERCENT) { Dbprintf("LF 125/134kHz Field Change: %5dmV", lf_av_new); lf_av = lf_av_new; if (lf_av > lf_max) @@ -928,9 +897,9 @@ void ListenReaderField(int limit) } hf_av_new = AvgAdc_Voltage_HF(); - + // see if there's a significant change - if (ABS((hf_av - hf_av_new)*100/(hf_av?hf_av:1)) > REPORT_CHANGE_PERCENT) { + if (ABS((hf_av - hf_av_new) * 100 / (hf_av?hf_av:1)) > REPORT_CHANGE_PERCENT) { Dbprintf("HF 13.56MHz Field Change: %5dmV", hf_av_new); hf_av = hf_av_new; if (hf_av > hf_max) @@ -938,7 +907,7 @@ void ListenReaderField(int limit) } } - if(mode == 2) { + if (mode == 2) { if (limit == LF_ONLY) { display_val = lf_av; display_max = lf_max; @@ -954,8 +923,8 @@ void ListenReaderField(int limit) display_max = lf_max; } } - for (i=0; i= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) { + for (i = 0; i < LIGHT_LEN; i++) { + if (display_val >= (display_max / LIGHT_LEN * i) && display_val <= (display_max / LIGHT_LEN * (i+1))) { if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF(); if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF(); if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF(); @@ -967,16 +936,15 @@ void ListenReaderField(int limit) } } -void UsbPacketReceived(uint8_t *packet, int len) -{ - UsbCommand *c = (UsbCommand *)packet; + +void UsbPacketReceived(UsbCommand *c) { // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]); - + switch(c->cmd) { #ifdef WITH_LF case CMD_SET_LF_SAMPLING_CONFIG: - setSamplingConfig((sample_config *) c->d.asBytes); + setSamplingConfig(c->d.asBytes); break; case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: cmd_send(CMD_ACK,SampleLF(c->arg[0], c->arg[1]),0,0,0,0); @@ -1003,7 +971,11 @@ void UsbPacketReceived(uint8_t *packet, int len) CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; case CMD_HID_CLONE_TAG: - CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); + CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0], 0x1D); + break; + case CMD_PARADOX_CLONE_TAG: + // Paradox cards are the same as HID, with a different preamble, so we can reuse the same function + CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0], 0x0F); break; case CMD_IO_DEMOD_FSK: CmdIOdemodFSK(c->arg[0], 0, 0, 1); @@ -1032,7 +1004,7 @@ void UsbPacketReceived(uint8_t *packet, int len) SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]); break; case CMD_INDALA_CLONE_TAG: - CopyIndala64toT55x7(c->arg[0], c->arg[1]); + CopyIndala64toT55x7(c->arg[0], c->arg[1]); break; case CMD_INDALA_CLONE_TAG_L: CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]); @@ -1055,12 +1027,18 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_PCF7931_WRITE: WritePCF7931(c->d.asBytes[0],c->d.asBytes[1],c->d.asBytes[2],c->d.asBytes[3],c->d.asBytes[4],c->d.asBytes[5],c->d.asBytes[6], c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128, c->arg[0], c->arg[1], c->arg[2]); break; + case CMD_PCF7931_BRUTEFORCE: + BruteForcePCF7931(c->arg[0], (c->arg[1] & 0xFF), c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128); + break; case CMD_EM4X_READ_WORD: EM4xReadWord(c->arg[0], c->arg[1],c->arg[2]); break; case CMD_EM4X_WRITE_WORD: EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2]); break; + case CMD_EM4X_PROTECT: + EM4xProtect(c->arg[0], c->arg[1], c->arg[2]); + break; case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation CmdAWIDdemodFSK(c->arg[0], 0, 0, 1); break; @@ -1077,19 +1055,22 @@ void UsbPacketReceived(uint8_t *packet, int len) SnoopHitag(c->arg[0]); break; case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content - SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes); + SimulateHitagTag((bool)c->arg[0], (uint8_t*)c->d.asBytes); break; case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes); break; case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content - SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes); + SimulateHitagSTag((bool)c->arg[0],(uint8_t*)c->d.asBytes); break; case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file - check_challenges((bool)c->arg[0],(byte_t*)c->d.asBytes); + check_challenges_cmd((bool)c->arg[0], (uint8_t*)c->d.asBytes, (uint8_t)c->arg[1]); break; case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge - ReadHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes); + ReadHitagSCmd((hitag_function)c->arg[0], (hitag_data*)c->d.asBytes, (uint8_t)c->arg[1], (uint8_t)c->arg[2], false); + break; + case CMD_READ_HITAG_S_BLK: + ReadHitagSCmd((hitag_function)c->arg[0], (hitag_data*)c->d.asBytes, (uint8_t)c->arg[1], (uint8_t)c->arg[2], true); break; case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge if ((hitag_function)c->arg[0] < 10) { @@ -1105,18 +1086,19 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693: AcquireRawAdcSamplesIso15693(); break; - case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693: - RecordRawAdcSamplesIso15693(); + + case CMD_SNOOP_ISO_15693: + SnoopIso15693(0, NULL); break; - + case CMD_ISO_15693_COMMAND: DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); break; - + case CMD_ISO_15693_FIND_AFI: BruteforceIso15693Afi(c->arg[0]); - break; - + break; + case CMD_ISO_15693_DEBUG: SetDebugIso15693(c->arg[0]); break; @@ -1124,9 +1106,14 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_READER_ISO_15693: ReaderIso15693(c->arg[0]); break; + case CMD_SIMTAG_ISO_15693: SimTagIso15693(c->arg[0], c->d.asBytes); break; + + case CMD_CSETUID_ISO_15693: + SetTag15693Uid(c->d.asBytes); + break; #endif #ifdef WITH_LEGICRF @@ -1171,14 +1158,14 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_SIMULATE_TAG_ISO_14443a: SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID break; - + case CMD_EPA_PACE_COLLECT_NONCE: EPA_PACE_Collect_Nonce(c); break; case CMD_EPA_PACE_REPLAY: EPA_PACE_Replay(c); break; - + case CMD_READER_MIFARE: ReaderMifare(c->arg[0]); break; @@ -1194,7 +1181,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFAREU_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; - case CMD_MIFAREUC_SETPWD: + case CMD_MIFAREUC_SETPWD: MifareUSetPwd(c->arg[0], c->d.asBytes); break; case CMD_MIFARE_READSC: @@ -1203,6 +1190,9 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFARE_WRITEBL: MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; + case CMD_MIFARE_PERSONALIZE_UID: + MifarePersonalizeUID(c->arg[0], c->arg[1], c->d.asBytes); + break; //case CMD_MIFAREU_WRITEBL_COMPAT: //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes); //break; @@ -1219,9 +1209,9 @@ void UsbPacketReceived(uint8_t *packet, int len) MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; case CMD_SIMULATE_MIFARE_CARD: - Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + MifareSim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; - + // emulator case CMD_MIFARE_SET_DBGMODE: MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); @@ -1238,7 +1228,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFARE_EML_CARDLOAD: MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; - + // Work with "magic Chinese" card case CMD_MIFARE_CWIPE: MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); @@ -1252,7 +1242,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFARE_CIDENT: MifareCIdent(); break; - + // mifare sniffer case CMD_MIFARE_SNIFFER: SniffMifare(c->arg[0]); @@ -1263,7 +1253,7 @@ void UsbPacketReceived(uint8_t *packet, int len) #ifdef WITH_ICLASS // Makes use of ISO14443a FPGA Firmware case CMD_SNOOP_ICLASS: - SnoopIClass(); + SnoopIClass(c->arg[0], c->d.asBytes); break; case CMD_SIMULATE_TAG_ICLASS: SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); @@ -1271,23 +1261,20 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_READER_ICLASS: ReaderIClass(c->arg[0]); break; - case CMD_READER_ICLASS_REPLAY: - ReaderIClass_Replay(c->arg[0], c->d.asBytes); - break; case CMD_ICLASS_EML_MEMSET: emlSet(c->d.asBytes,c->arg[0], c->arg[1]); break; case CMD_ICLASS_WRITEBLOCK: iClass_WriteBlock(c->arg[0], c->d.asBytes); break; - case CMD_ICLASS_READCHECK: // auth step 1 - iClass_ReadCheck(c->arg[0], c->arg[1]); - break; case CMD_ICLASS_READBLOCK: iClass_ReadBlk(c->arg[0]); break; - case CMD_ICLASS_AUTHENTICATION: //check - iClass_Authentication(c->d.asBytes); + case CMD_ICLASS_CHECK: + iClass_Check(c->d.asBytes); + break; + case CMD_ICLASS_READCHECK: + iClass_Readcheck(c->arg[0], c->arg[1]); break; case CMD_ICLASS_DUMP: iClass_Dump(c->arg[0], c->arg[1]); @@ -1296,11 +1283,16 @@ void UsbPacketReceived(uint8_t *packet, int len) iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes); break; #endif + #ifdef WITH_HFSNOOP case CMD_HF_SNIFFER: HfSnoop(c->arg[0], c->arg[1]); break; + case CMD_HF_PLOT: + HfPlot(); + break; #endif + #ifdef WITH_SMARTCARD case CMD_SMART_ATR: { SmartCardAtr(); @@ -1343,14 +1335,15 @@ void UsbPacketReceived(uint8_t *packet, int len) ListenReaderField(c->arg[0]); break; - case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control + case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control + LED_A_ON(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelay(200); LED_D_OFF(); // LED D indicates field ON or OFF + LED_A_OFF(); break; case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: - LED_B_ON(); uint8_t *BigBuf = BigBuf_get_addr(); for(size_t i=0; iarg[1]; i += USB_CMD_DATA_SIZE) { @@ -1364,8 +1357,8 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_DOWNLOADED_SIM_SAMPLES_125K: { // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before. - // to be able to use this one for uploading data to device - // arg1 = 0 upload for LF usage + // to be able to use this one for uploading data to device + // arg1 = 0 upload for LF usage // 1 upload for HF usage if (c->arg[1] == 0) FpgaDownloadAndGo(FPGA_BITSTREAM_LF); @@ -1376,7 +1369,7 @@ void UsbPacketReceived(uint8_t *packet, int len) memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE); cmd_send(CMD_ACK,0,0,0,0,0); break; - } + } case CMD_READ_MEM: ReadMem(c->arg[0]); break; @@ -1436,7 +1429,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_DEVICE_INFO: { uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS; if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT; - cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0); + cmd_send_old(CMD_DEVICE_INFO,dev_info,0,0,0,0); break; } default: @@ -1445,8 +1438,9 @@ void UsbPacketReceived(uint8_t *packet, int len) } } -void __attribute__((noreturn)) AppMain(void) -{ + +void __attribute__((noreturn)) AppMain(void) { + SpinDelay(100); clear_trace(); if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { @@ -1457,10 +1451,7 @@ void __attribute__((noreturn)) AppMain(void) } common_area.flags.osimage_present = 1; - LED_D_OFF(); - LED_C_OFF(); - LED_B_OFF(); - LED_A_OFF(); + LEDsoff(); // Init USB device usb_enable(); @@ -1476,42 +1467,34 @@ void __attribute__((noreturn)) AppMain(void) // Reset SPI AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST; + AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST; // required twice on some AT91SAM Revisions (see Errata in AT91SAM datasheet) // Reset SSC AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - // Load the FPGA image, which we have stored in our flash. - // (the HF version by default) + // Load the FPGA image, which we have stored in our flash (HF version by default) FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - + StartTickCount(); - + #ifdef WITH_LCD LCDInit(); #endif - byte_t rx[sizeof(UsbCommand)]; - size_t rx_len; + UsbCommand rx; for(;;) { - if (usb_poll()) { - rx_len = usb_read(rx,sizeof(UsbCommand)); - if (rx_len) { - UsbPacketReceived(rx,rx_len); - } - } WDT_HIT(); - -#ifdef WITH_LF_StandAlone -#ifndef WITH_ISO14443a_StandAlone - if (BUTTON_HELD(1000) > 0) - SamyRun(); -#endif -#endif -#ifdef WITH_ISO14443a -#ifdef WITH_ISO14443a_StandAlone - if (BUTTON_HELD(1000) > 0) - StandAloneMode14a(); + if (cmd_receive(&rx)) { + UsbPacketReceived(&rx); + } else { +#if defined(WITH_LF_StandAlone) && !defined(WITH_ISO14443a_StandAlone) + if (BUTTON_HELD(1000) > 0) + SamyRun(); #endif +#if defined(WITH_ISO14443a) && defined(WITH_ISO14443a_StandAlone) + if (BUTTON_HELD(1000) > 0) + StandAloneMode14a(); #endif + } } } diff --git a/armsrc/apps.h b/armsrc/apps.h index 6f728c61..0431d2ee 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -16,22 +16,15 @@ #include #include "common.h" #include "usb_cmd.h" -#include "hitag2.h" #include "hitagS.h" #include "mifare.h" #include "../common/crc32.h" #include "BigBuf.h" -#include "fpgaloader.h" extern const uint8_t OddByteParity[256]; extern int rsamples; // = 0; -extern int tracing; // = TRUE; extern uint8_t trigger; -// This may be used (sparingly) to declare a function to be copied to -// and executed from RAM -#define RAMFUNC __attribute((long_call, section(".ramfunc"))) - /// appmain.h void ReadMem(int addr); void __attribute__((noreturn)) AppMain(void); @@ -78,7 +71,7 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol); // Realt void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); void CopyIOtoT55x7(uint32_t hi, uint32_t lo); // Clone an ioProx card to T5557/T5567 -void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567 +void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, uint8_t preamble); // Clone an HID-like card to T5557/T5567 void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5); void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7 @@ -91,6 +84,7 @@ void TurnReadLFOn(); //void T55xxReadTrace(void); void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode); void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd); +void EM4xProtect(uint32_t flag, uint32_t Data, uint32_t Pwd); void Cotag(uint32_t arg0); /// iso14443.h @@ -101,7 +95,6 @@ void RAMFUNC SnoopIso14443b(void); void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]); // Also used in iclass.c -bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity); void RAMFUNC SniffMifare(uint8_t param); @@ -110,87 +103,13 @@ void RAMFUNC SniffMifare(uint8_t param); void EPA_PACE_Collect_Nonce(UsbCommand * c); void EPA_PACE_Replay(UsbCommand *c); -// mifarecmd.h -void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); -void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain); -void MifareUC_Auth(uint8_t arg0, uint8_t *datain); -void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain); -void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); -void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); -//void MifareUWriteBlockCompat(uint8_t arg0,uint8_t *datain); -void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain); -void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain); -void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain); -void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); -void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card -void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareCIdent(); // is "magic chinese" card? -void MifareUSetPwd(uint8_t arg0, uint8_t *datain); - -//desfire -void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain); -void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); - // mifaredesfire.h -bool InitDesfireCard(); -void MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain); -void MifareDesfireGetInformation(); -void MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain); -void ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain); -int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout); -size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout); -void OnSuccess(); -void OnError(uint8_t reason); - - -/// iso15693.h -void RecordRawAdcSamplesIso15693(void); -void AcquireRawAdcSamplesIso15693(void); -void ReaderIso15693(uint32_t parameter); // Simulate an ISO15693 reader - greg -void SimTagIso15693(uint32_t parameter, uint8_t *uid); // simulate an ISO15693 tag - greg -void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox -void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8_t data[]); // send arbitrary commands from CLI - atrox -void SetDebugIso15693(uint32_t flag); - -/// iclass.h -void RAMFUNC SnoopIClass(void); -void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void ReaderIClass(uint8_t arg0); -void ReaderIClass_Replay(uint8_t arg0,uint8_t *MAC); -void IClass_iso14443A_GetPublic(uint8_t arg0); -void iClass_Authentication(uint8_t *MAC); -void iClass_WriteBlock(uint8_t blockNo, uint8_t *data); -void iClass_ReadBlk(uint8_t blockNo); -bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata); -void iClass_Dump(uint8_t blockno, uint8_t numblks); -void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data); -void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType); - -// hitag2.h -void SnoopHitag(uint32_t type); -void SimulateHitagTag(bool tag_mem_supplied, byte_t* data); -void ReaderHitag(hitag_function htf, hitag_data* htd); -void WriterHitag(hitag_function htf, hitag_data* htd, int page); - -//hitagS.h -void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data); -void ReadHitagS(hitag_function htf, hitag_data* htd); -void WritePageHitagS(hitag_function htf, hitag_data* htd,int page); -void check_challenges(bool file_given, byte_t* data); - - -// cmd.h -bool cmd_receive(UsbCommand* cmd); -bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len); - -/// util.h -void HfSnoop(int , int); +bool InitDesfireCard(); +void MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain); +void MifareDesfireGetInformation(); +void MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain); +void ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain); +int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout); +size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout); #endif diff --git a/armsrc/epa.c b/armsrc/epa.c index fd71430b..fe32e497 100644 --- a/armsrc/epa.c +++ b/armsrc/epa.c @@ -15,7 +15,7 @@ #include "iso14443a.h" #include "iso14443b.h" #include "epa.h" -#include "cmd.h" +#include "usb_cdc.h" #include "fpgaloader.h" #include "string.h" #include "util.h" @@ -116,7 +116,7 @@ int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response) switch(iso_type) { case 'a': - return iso14_apdu(apdu, (uint16_t) length, response); + return iso14_apdu(apdu, (uint16_t) length, false, response, NULL); break; case 'b': return iso14443b_apdu(apdu, length, response); @@ -453,20 +453,17 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password) //----------------------------------------------------------------------------- // Perform the PACE protocol by replaying given APDUs //----------------------------------------------------------------------------- -void EPA_PACE_Replay(UsbCommand *c) -{ +void EPA_PACE_Replay(UsbCommand *c) { uint32_t timings[sizeof(apdu_lengths_replay) / sizeof(apdu_lengths_replay[0])] = {0}; - // if an APDU has been passed, save it + // if an APDU has been passed, just save it if (c->arg[0] != 0) { // make sure it's not too big - if(c->arg[2] > apdus_replay[c->arg[0] - 1].len) - { + if(c->arg[2] > apdus_replay[c->arg[0] - 1].len) { cmd_send(CMD_ACK, 1, 0, 0, NULL, 0); + return; } - memcpy(apdus_replay[c->arg[0] - 1].data + c->arg[1], - c->d.asBytes, - c->arg[2]); + memcpy(apdus_replay[c->arg[0] - 1].data + c->arg[1], c->d.asBytes, c->arg[2]); // save/update APDU length if (c->arg[1] == 0) { apdu_lengths_replay[c->arg[0] - 1] = c->arg[2]; diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c index 45294d60..61db66d3 100644 --- a/armsrc/fpgaloader.c +++ b/armsrc/fpgaloader.c @@ -32,7 +32,7 @@ extern uint8_t _binary_obj_fpga_all_bit_z_start, _binary_obj_fpga_all_bit_z_end; static uint8_t *fpga_image_ptr = NULL; static uint32_t uncompressed_bytes_cnt; -#define OUTPUT_BUFFER_LEN 80 +#define OUTPUT_BUFFER_LEN 80 //----------------------------------------------------------------------------- // Set up the Serial Peripheral Interface as master @@ -49,16 +49,16 @@ void SetupSpi(int mode) // Disable PIO control of the following pins, allows use by the SPI peripheral AT91C_BASE_PIOA->PIO_PDR = - GPIO_NCS0 | - GPIO_NCS2 | - GPIO_MISO | - GPIO_MOSI | + GPIO_NCS0 | + GPIO_NCS2 | + GPIO_MISO | + GPIO_MOSI | GPIO_SPCK; AT91C_BASE_PIOA->PIO_ASR = - GPIO_NCS0 | - GPIO_MISO | - GPIO_MOSI | + GPIO_NCS0 | + GPIO_MISO | + GPIO_MOSI | GPIO_SPCK; AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2; @@ -71,41 +71,41 @@ void SetupSpi(int mode) switch (mode) { case SPI_FPGA_MODE: AT91C_BASE_SPI->SPI_MR = - ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) - (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11) - ( 0 << 7) | // Local Loopback Disabled - ( 1 << 4) | // Mode Fault Detection disabled - ( 0 << 2) | // Chip selects connected directly to peripheral - ( 0 << 1) | // Fixed Peripheral Select - ( 1 << 0); // Master Mode + ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) + (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11) + ( 0 << 7) | // Local Loopback Disabled + ( 1 << 4) | // Mode Fault Detection disabled + ( 0 << 2) | // Chip selects connected directly to peripheral + ( 0 << 1) | // Fixed Peripheral Select + ( 1 << 0); // Master Mode AT91C_BASE_SPI->SPI_CSR[0] = - ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) - ( 1 << 16) | // Delay Before SPCK (1 MCK period) - ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud - ( 8 << 4) | // Bits per Transfer (16 bits) - ( 0 << 3) | // Chip Select inactive after transfer - ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge - ( 0 << 0); // Clock Polarity inactive state is logic 0 + ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) + ( 1 << 16) | // Delay Before SPCK (1 MCK period) + ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud + ( 8 << 4) | // Bits per Transfer (16 bits) + ( 0 << 3) | // Chip Select inactive after transfer + ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge + ( 0 << 0); // Clock Polarity inactive state is logic 0 break; case SPI_LCD_MODE: AT91C_BASE_SPI->SPI_MR = - ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) - (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10) - ( 0 << 7) | // Local Loopback Disabled - ( 1 << 4) | // Mode Fault Detection disabled - ( 0 << 2) | // Chip selects connected directly to peripheral - ( 0 << 1) | // Fixed Peripheral Select - ( 1 << 0); // Master Mode + ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) + (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10) + ( 0 << 7) | // Local Loopback Disabled + ( 1 << 4) | // Mode Fault Detection disabled + ( 0 << 2) | // Chip selects connected directly to peripheral + ( 0 << 1) | // Fixed Peripheral Select + ( 1 << 0); // Master Mode AT91C_BASE_SPI->SPI_CSR[2] = - ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) - ( 1 << 16) | // Delay Before SPCK (1 MCK period) - ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud - ( 1 << 4) | // Bits per Transfer (9 bits) - ( 0 << 3) | // Chip Select inactive after transfer - ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge - ( 0 << 0); // Clock Polarity inactive state is logic 0 + ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) + ( 1 << 16) | // Delay Before SPCK (1 MCK period) + ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud + ( 1 << 4) | // Bits per Transfer (9 bits) + ( 0 << 3) | // Chip Select inactive after transfer + ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge + ( 0 << 0); // Clock Polarity inactive state is logic 0 break; - default: // Disable SPI + default: // Disable SPI AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS; break; } @@ -115,13 +115,12 @@ void SetupSpi(int mode) // Set up the synchronous serial port with the set of options that fits // the FPGA mode. Both RX and TX are always enabled. //----------------------------------------------------------------------------- -void FpgaSetupSsc(uint8_t FPGA_mode) -{ +void FpgaSetupSsc(uint16_t FPGA_mode) { // First configure the GPIOs, and get ourselves a clock. AT91C_BASE_PIOA->PIO_ASR = - GPIO_SSC_FRAME | - GPIO_SSC_DIN | - GPIO_SSC_DOUT | + GPIO_SSC_FRAME | + GPIO_SSC_DIN | + GPIO_SSC_DOUT | GPIO_SSC_CLK; AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; @@ -130,21 +129,21 @@ void FpgaSetupSsc(uint8_t FPGA_mode) // Now set up the SSC proper, starting from a known state. AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - // RX clock comes from TX clock, RX starts when TX starts, data changes - // on RX clock rising edge, sampled on falling edge + // RX clock comes from TX clock, RX starts on Transmit Start, + // data and frame signal is sampled on falling edge of RK AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); // 8, 16 or 32 bits per transfer, no loopback, MSB first, 1 transfer per sync // pulse, no output sync - if ((FPGA_mode & 0xe0) == FPGA_MAJOR_MODE_HF_READER_RX_XCORR) { + if ((FPGA_mode & FPGA_MAJOR_MODE_MASK) == FPGA_MAJOR_MODE_HF_READER && FpgaGetCurrent() == FPGA_BITSTREAM_HF) { AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); } else { AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); - } + } - // TX clock comes from TK pin, no clock output, outputs change on falling - // edge of TK, sample on rising edge of TK, start on positive-going edge of sync - AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5); + // TX clock comes from TK pin, no clock output, outputs change on rising edge of TK, + // TF (frame sync) is sampled on falling edge of TK, start TX on rising edge of TF + AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5); // tx framing is the same as the rx framing AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; @@ -158,15 +157,14 @@ void FpgaSetupSsc(uint8_t FPGA_mode) // ourselves, not to another buffer). The stuff to manipulate those buffers // is in apps.h, because it should be inlined, for speed. //----------------------------------------------------------------------------- -bool FpgaSetupSscDma(uint8_t *buf, uint16_t sample_count) -{ +bool FpgaSetupSscDma(uint8_t *buf, uint16_t sample_count) { if (buf == NULL) return false; AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address AT91C_BASE_PDC_SSC->PDC_RCR = sample_count; // transfer this many samples AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address - AT91C_BASE_PDC_SSC->PDC_RNCR = sample_count; // ... with same number of samples AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go! + AT91C_BASE_PDC_SSC->PDC_RNCR = sample_count; // ... with same number of samples AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go! return true; } @@ -174,11 +172,11 @@ bool FpgaSetupSscDma(uint8_t *buf, uint16_t sample_count) //---------------------------------------------------------------------------- // Uncompress (inflate) the FPGA data. Returns one decompressed byte with -// each call. +// each call. //---------------------------------------------------------------------------- static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8_t *output_buffer) { - if (fpga_image_ptr == compressed_fpga_stream->next_out) { // need more data + if (fpga_image_ptr == compressed_fpga_stream->next_out) { // need more data compressed_fpga_stream->next_out = output_buffer; compressed_fpga_stream->avail_out = OUTPUT_BUFFER_LEN; fpga_image_ptr = output_buffer; @@ -191,7 +189,7 @@ static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8 } uncompressed_bytes_cnt++; - + return *fpga_image_ptr++; } @@ -208,7 +206,7 @@ static int get_from_fpga_stream(int bitstream_version, z_streamp compressed_fpga } return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer); - + } @@ -225,14 +223,14 @@ static void fpga_inflate_free(voidpf opaque, voidpf address) //---------------------------------------------------------------------------- -// Initialize decompression of the respective (HF or LF) FPGA stream +// Initialize decompression of the respective (HF or LF) FPGA stream //---------------------------------------------------------------------------- static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer) { uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE]; - + uncompressed_bytes_cnt = 0; - + // initialize z_stream structure for inflate: compressed_fpga_stream->next_in = &_binary_obj_fpga_all_bit_z_start; compressed_fpga_stream->avail_in = &_binary_obj_fpga_all_bit_z_end - &_binary_obj_fpga_all_bit_z_start; @@ -248,7 +246,7 @@ static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_s for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++) { header[i] = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer); } - + // Check for a valid .bit file (starts with bitparse_fixed_header) if(memcmp(bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0) { return true; @@ -276,25 +274,25 @@ static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp comp { //Dbprintf("DownloadFPGA(len: %d)", FpgaImageLen); - + int i=0; AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON; AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON; - HIGH(GPIO_FPGA_ON); // ensure everything is powered on + HIGH(GPIO_FPGA_ON); // ensure everything is powered on SpinDelay(50); LED_D_ON(); // These pins are inputs - AT91C_BASE_PIOA->PIO_ODR = - GPIO_FPGA_NINIT | - GPIO_FPGA_DONE; + AT91C_BASE_PIOA->PIO_ODR = + GPIO_FPGA_NINIT | + GPIO_FPGA_DONE; // PIO controls the following pins - AT91C_BASE_PIOA->PIO_PER = - GPIO_FPGA_NINIT | - GPIO_FPGA_DONE; + AT91C_BASE_PIOA->PIO_PER = + GPIO_FPGA_NINIT | + GPIO_FPGA_DONE; // Enable pull-ups AT91C_BASE_PIOA->PIO_PPUER = GPIO_FPGA_NINIT | @@ -306,8 +304,8 @@ static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp comp LOW(GPIO_FPGA_DIN); // These pins are outputs AT91C_BASE_PIOA->PIO_OER = - GPIO_FPGA_NPROGRAM | - GPIO_FPGA_CCLK | + GPIO_FPGA_NPROGRAM | + GPIO_FPGA_CCLK | GPIO_FPGA_DIN; // enter FPGA configuration mode @@ -336,7 +334,7 @@ static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp comp } DownloadFPGA_byte(b); } - + // continue to clock FPGA until ready signal goes high i=100000; while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) { @@ -408,21 +406,23 @@ static int bitparse_find_section(int bitstream_version, char section_name, unsig //---------------------------------------------------------------------------- -// Check which FPGA image is currently loaded (if any). If necessary +// Check which FPGA image is currently loaded (if any). If necessary // decompress and load the correct (HF or LF) image to the FPGA //---------------------------------------------------------------------------- void FpgaDownloadAndGo(int bitstream_version) { z_stream compressed_fpga_stream; uint8_t output_buffer[OUTPUT_BUFFER_LEN] = {0x00}; - + // check whether or not the bitstream is already loaded - if (downloaded_bitstream == bitstream_version) + if (downloaded_bitstream == bitstream_version) { + FpgaEnableTracing(); return; + } // make sure that we have enough memory to decompress - BigBuf_free(); BigBuf_Clear_ext(false); - + BigBuf_free(); BigBuf_Clear_ext(false); + if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) { return; } @@ -434,13 +434,13 @@ void FpgaDownloadAndGo(int bitstream_version) } inflateEnd(&compressed_fpga_stream); - + // turn off antenna FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - + // free eventually allocated BigBuf memory - BigBuf_free(); BigBuf_Clear_ext(false); -} + BigBuf_free(); BigBuf_Clear_ext(false); +} //----------------------------------------------------------------------------- @@ -448,22 +448,32 @@ void FpgaDownloadAndGo(int bitstream_version) // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0 // where C is the 4 bit command and D is the 12 bit data //----------------------------------------------------------------------------- -void FpgaSendCommand(uint16_t cmd, uint16_t v) -{ +void FpgaSendCommand(uint16_t cmd, uint16_t v) { SetupSpi(SPI_FPGA_MODE); - while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete - AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data + AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // write the data to be sent + while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete } + //----------------------------------------------------------------------------- // Write the FPGA setup word (that determines what mode the logic is in, read // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to // avoid changing this function's occurence everywhere in the source code. //----------------------------------------------------------------------------- -void FpgaWriteConfWord(uint8_t v) -{ +void FpgaWriteConfWord(uint16_t v) { FpgaSendCommand(FPGA_CMD_SET_CONFREG, v); } +//----------------------------------------------------------------------------- +// enable/disable FPGA internal tracing +//----------------------------------------------------------------------------- +void FpgaEnableTracing(void) { + FpgaSendCommand(FPGA_CMD_TRACE_ENABLE, 1); +} + +void FpgaDisableTracing(void) { + FpgaSendCommand(FPGA_CMD_TRACE_ENABLE, 0); +} + //----------------------------------------------------------------------------- // Set up the CMOS switches that mux the ADC: four switches, independently // closable, but should only close one at a time. Not an FPGA thing, but diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h index 5aff6505..57e9c28a 100644 --- a/armsrc/fpgaloader.h +++ b/armsrc/fpgaloader.h @@ -17,14 +17,16 @@ #include void FpgaSendCommand(uint16_t cmd, uint16_t v); -void FpgaWriteConfWord(uint8_t v); +void FpgaWriteConfWord(uint16_t v); void FpgaDownloadAndGo(int bitstream_version); -void FpgaSetupSsc(uint8_t mode); +void FpgaSetupSsc(uint16_t mode); void SetupSpi(int mode); bool FpgaSetupSscDma(uint8_t *buf, uint16_t sample_count); void Fpga_print_status(); int FpgaGetCurrent(); -#define FpgaDisableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; +void FpgaEnableTracing(void); +void FpgaDisableTracing(void); +#define FpgaDisableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; #define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; void SetAdcMuxFor(uint32_t whichGpio); @@ -33,46 +35,65 @@ void SetAdcMuxFor(uint32_t whichGpio); #define FPGA_BITSTREAM_HF 2 // Definitions for the FPGA commands. -#define FPGA_CMD_SET_CONFREG (1<<12) -#define FPGA_CMD_SET_DIVISOR (2<<12) -#define FPGA_CMD_SET_USER_BYTE1 (3<<12) -// Definitions for the FPGA configuration word. -// LF -#define FPGA_MAJOR_MODE_LF_ADC (0<<5) -#define FPGA_MAJOR_MODE_LF_EDGE_DETECT (1<<5) -#define FPGA_MAJOR_MODE_LF_PASSTHRU (2<<5) -// HF -#define FPGA_MAJOR_MODE_HF_READER_TX (0<<5) -#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (1<<5) -#define FPGA_MAJOR_MODE_HF_SIMULATOR (2<<5) -#define FPGA_MAJOR_MODE_HF_ISO14443A (3<<5) -#define FPGA_MAJOR_MODE_HF_SNOOP (4<<5) +#define FPGA_CMD_MASK 0xF000 // BOTH -#define FPGA_MAJOR_MODE_OFF (7<<5) +#define FPGA_CMD_SET_CONFREG (1<<12) +// LF +#define FPGA_CMD_SET_DIVISOR (2<<12) +#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD (3<<12) +// HF +#define FPGA_CMD_TRACE_ENABLE (2<<12) + +// Definitions for the FPGA configuration word. +#define FPGA_MAJOR_MODE_MASK 0x01C0 +// LF +#define FPGA_MAJOR_MODE_LF_ADC (0<<6) +#define FPGA_MAJOR_MODE_LF_EDGE_DETECT (1<<6) +#define FPGA_MAJOR_MODE_LF_PASSTHRU (2<<6) +// HF +#define FPGA_MAJOR_MODE_HF_READER (0<<6) +#define FPGA_MAJOR_MODE_HF_SIMULATOR (1<<6) +#define FPGA_MAJOR_MODE_HF_ISO14443A (2<<6) +#define FPGA_MAJOR_MODE_HF_SNOOP (3<<6) +#define FPGA_MAJOR_MODE_HF_GET_TRACE (4<<6) +// BOTH +#define FPGA_MAJOR_MODE_OFF (7<<6) + +#define FPGA_MINOR_MODE_MASK 0x003F // Options for LF_ADC -#define FPGA_LF_ADC_READER_FIELD (1<<0) +#define FPGA_LF_ADC_READER_FIELD (1<<0) + // Options for LF_EDGE_DETECT -#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD FPGA_CMD_SET_USER_BYTE1 -#define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0) -#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (1<<1) -// Options for the HF reader, tx to tag -#define FPGA_HF_READER_TX_SHALLOW_MOD (1<<0) -// Options for the HF reader, correlating against rx from tag -#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0) -#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) -#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2) +#define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0) +#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (2<<0) + +// Options for the HF reader +#define FPGA_HF_READER_MODE_RECEIVE_IQ (0<<0) +#define FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE (1<<0) +#define FPGA_HF_READER_MODE_RECEIVE_PHASE (2<<0) +#define FPGA_HF_READER_MODE_SEND_FULL_MOD (3<<0) +#define FPGA_HF_READER_MODE_SEND_SHALLOW_MOD (4<<0) +#define FPGA_HF_READER_MODE_SNOOP_IQ (5<<0) +#define FPGA_HF_READER_MODE_SNOOP_AMPLITUDE (6<<0) +#define FPGA_HF_READER_MODE_SNOOP_PHASE (7<<0) +#define FPGA_HF_READER_MODE_SEND_JAM (8<<0) + +#define FPGA_HF_READER_SUBCARRIER_848_KHZ (0<<4) +#define FPGA_HF_READER_SUBCARRIER_424_KHZ (1<<4) +#define FPGA_HF_READER_SUBCARRIER_212_KHZ (2<<4) + // Options for the HF simulated tag, how to modulate -#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) -#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) -#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) -#define FPGA_HF_SIMULATOR_MODULATE_424K (4<<0) -#define FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5//101 +#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) +#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) +#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) +#define FPGA_HF_SIMULATOR_MODULATE_424K (4<<0) +#define FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5//101 // Options for ISO14443A -#define FPGA_HF_ISO14443A_SNIFFER (0<<0) -#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0) -#define FPGA_HF_ISO14443A_TAGSIM_MOD (2<<0) -#define FPGA_HF_ISO14443A_READER_LISTEN (3<<0) -#define FPGA_HF_ISO14443A_READER_MOD (4<<0) +#define FPGA_HF_ISO14443A_SNIFFER (0<<0) +#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0) +#define FPGA_HF_ISO14443A_TAGSIM_MOD (2<<0) +#define FPGA_HF_ISO14443A_READER_LISTEN (3<<0) +#define FPGA_HF_ISO14443A_READER_MOD (4<<0) #endif diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c index e492c474..3a0ac65f 100644 --- a/armsrc/hfsnoop.c +++ b/armsrc/hfsnoop.c @@ -1,10 +1,22 @@ +//----------------------------------------------------------------------------- +// piwi, 2019 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Routines to get sample data from FPGA. +//----------------------------------------------------------------------------- + +#include "hfsnoop.h" + #include "proxmark3.h" -#include "apps.h" #include "BigBuf.h" #include "util.h" -#include "usb_cdc.h" // for usb_poll_validate_length - -static void RAMFUNC optimizedSnoop(void); +#include "apps.h" +#include "usb_cdc.h" +#include "fpga.h" +#include "fpgaloader.h" static void RAMFUNC optimizedSnoop(void) { @@ -74,3 +86,33 @@ void HfSnoop(int samplesToSkip, int triggersToSkip) LED_D_OFF(); } +void HfPlot(void) +{ + uint8_t *buf = ToSend; + uint8_t *this_buf = buf; + + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_GET_TRACE); + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer + AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) this_buf; // start transfer to this memory address + AT91C_BASE_PDC_SSC->PDC_RCR = USB_CMD_DATA_SIZE; // transfer this many samples + buf[0] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; // clear receive register + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // Start DMA transfer + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_GET_TRACE); // let FPGA transfer its internal Block-RAM + + LED_B_ON(); + for(size_t i = 0; i < FPGA_TRACE_SIZE; i += USB_CMD_DATA_SIZE) { + // prepare next DMA transfer: + uint8_t *next_buf = buf + ((i + USB_CMD_DATA_SIZE) % (2 * USB_CMD_DATA_SIZE)); + AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t)next_buf; + AT91C_BASE_PDC_SSC->PDC_RNCR = USB_CMD_DATA_SIZE; + size_t len = MIN(FPGA_TRACE_SIZE - i, USB_CMD_DATA_SIZE); + while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX))) ; // wait for DMA transfer to complete + cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, i, len, FPGA_TRACE_SIZE, this_buf, len); + this_buf = next_buf; + } + // Trigger a finish downloading signal with an ACK frame + cmd_send(CMD_ACK, 1, 0, FPGA_TRACE_SIZE, 0, 0); + LED_B_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); +} diff --git a/armsrc/hfsnoop.h b/armsrc/hfsnoop.h new file mode 100644 index 00000000..8c45e170 --- /dev/null +++ b/armsrc/hfsnoop.h @@ -0,0 +1,17 @@ +//----------------------------------------------------------------------------- +// piwi, 2019 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Routines to get sample data from FPGA. +//----------------------------------------------------------------------------- + +#ifndef HFSNOOP_H__ +#define HFSNOOP_H__ + +void HfSnoop(int samplesToSkip, int triggersToSkip); +void HfPlot(void); + +#endif diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 8e690a7b..688805be 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -16,12 +16,17 @@ // (c) 2012 Roel Verdult //----------------------------------------------------------------------------- +#include "hitag2.h" + #include "proxmark3.h" +#include "usb_cdc.h" #include "apps.h" #include "util.h" -#include "hitag2.h" +#include "hitag.h" #include "string.h" #include "BigBuf.h" +#include "fpgaloader.h" +#include "protocols.h" static bool bQuiet; @@ -41,27 +46,27 @@ struct hitag2_tag { TAG_STATE_WRITING = 0x04, // In write command, awaiting sector contents to be written } state; unsigned int active_sector; - byte_t crypto_active; + uint8_t crypto_active; uint64_t cs; - byte_t sectors[12][4]; + uint8_t sectors[12][4]; }; static struct hitag2_tag tag = { - .state = TAG_STATE_RESET, - .sectors = { // Password mode: | Crypto mode: - [0] = { 0x02, 0x4e, 0x02, 0x20}, // UID | UID - [1] = { 0x4d, 0x49, 0x4b, 0x52}, // Password RWD | 32 bit LSB key - [2] = { 0x20, 0xf0, 0x4f, 0x4e}, // Reserved | 16 bit MSB key, 16 bit reserved - [3] = { 0x0e, 0xaa, 0x48, 0x54}, // Configuration, password TAG | Configuration, password TAG - [4] = { 0x46, 0x5f, 0x4f, 0x4b}, // Data: F_OK - [5] = { 0x55, 0x55, 0x55, 0x55}, // Data: UUUU - [6] = { 0xaa, 0xaa, 0xaa, 0xaa}, // Data: .... - [7] = { 0x55, 0x55, 0x55, 0x55}, // Data: UUUU - [8] = { 0x00, 0x00, 0x00, 0x00}, // RSK Low - [9] = { 0x00, 0x00, 0x00, 0x00}, // RSK High - [10] = { 0x00, 0x00, 0x00, 0x00}, // RCF - [11] = { 0x00, 0x00, 0x00, 0x00}, // SYNC - }, + .state = TAG_STATE_RESET, + .sectors = { // Password mode: | Crypto mode: + [0] = { 0x02, 0x4e, 0x02, 0x20}, // UID | UID + [1] = { 0x4d, 0x49, 0x4b, 0x52}, // Password RWD | 32 bit LSB key + [2] = { 0x20, 0xf0, 0x4f, 0x4e}, // Reserved | 16 bit MSB key, 16 bit reserved + [3] = { 0x0e, 0xaa, 0x48, 0x54}, // Configuration, password TAG | Configuration, password TAG + [4] = { 0x46, 0x5f, 0x4f, 0x4b}, // Data: F_OK + [5] = { 0x55, 0x55, 0x55, 0x55}, // Data: UUUU + [6] = { 0xaa, 0xaa, 0xaa, 0xaa}, // Data: .... + [7] = { 0x55, 0x55, 0x55, 0x55}, // Data: UUUU + [8] = { 0x00, 0x00, 0x00, 0x00}, // RSK Low + [9] = { 0x00, 0x00, 0x00, 0x00}, // RSK High + [10] = { 0x00, 0x00, 0x00, 0x00}, // RCF + [11] = { 0x00, 0x00, 0x00, 0x00}, // SYNC + }, }; static enum { @@ -69,19 +74,19 @@ static enum { WRITE_STATE_PAGENUM_WRITTEN, WRITE_STATE_PROG } writestate; - -// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces. + +// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces. // Historically it used to be FREE_BUFFER_SIZE, which was 2744. #define AUTH_TABLE_LENGTH 2744 -static byte_t* auth_table; +static uint8_t *auth_table; static size_t auth_table_pos = 0; static size_t auth_table_len = AUTH_TABLE_LENGTH; -static byte_t password[4]; -static byte_t NrAr[8]; -static byte_t key[8]; -static byte_t writedata[4]; +static uint8_t password[4]; +static uint8_t NrAr[8]; +static uint8_t key[8]; +static uint8_t writedata[4]; static uint64_t cipher_state; /* Following is a modified version of cryptolib.com/ciphers/hitag2/ */ @@ -90,57 +95,39 @@ static uint64_t cipher_state; // No warranties or guarantees of any kind. // This code is released into the public domain by its author. -// Basic macros: - -#define u8 uint8_t -#define u32 uint32_t -#define u64 uint64_t -#define rev8(x) ((((x)>>7)&1)+((((x)>>6)&1)<<1)+((((x)>>5)&1)<<2)+((((x)>>4)&1)<<3)+((((x)>>3)&1)<<4)+((((x)>>2)&1)<<5)+((((x)>>1)&1)<<6)+(((x)&1)<<7)) -#define rev16(x) (rev8 (x)+(rev8 (x>> 8)<< 8)) -#define rev32(x) (rev16(x)+(rev16(x>>16)<<16)) -#define rev64(x) (rev32(x)+(rev32(x>>32)<<32)) -#define bit(x,n) (((x)>>(n))&1) -#define bit32(x,n) ((((x)[(n)>>5])>>((n)))&1) -#define inv32(x,i,n) ((x)[(i)>>5]^=((u32)(n))<<((i)&31)) -#define rotl64(x, n) ((((u64)(x))<<((n)&63))+(((u64)(x))>>((0-(n))&63))) - // Single bit Hitag2 functions: -#define i4(x,a,b,c,d) ((u32)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8)) +#define i4(x,a,b,c,d) ((uint32_t)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8)) -static const u32 ht2_f4a = 0x2C79; // 0010 1100 0111 1001 -static const u32 ht2_f4b = 0x6671; // 0110 0110 0111 0001 -static const u32 ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 +static const uint32_t ht2_f4a = 0x2C79; // 0010 1100 0111 1001 +static const uint32_t ht2_f4b = 0x6671; // 0110 0110 0111 0001 +static const uint32_t ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 -static u32 _f20 (const u64 x) -{ - u32 i5; - - i5 = ((ht2_f4a >> i4 (x, 1, 2, 4, 5)) & 1)* 1 - + ((ht2_f4b >> i4 (x, 7,11,13,14)) & 1)* 2 - + ((ht2_f4b >> i4 (x,16,20,22,25)) & 1)* 4 - + ((ht2_f4b >> i4 (x,27,28,30,32)) & 1)* 8 - + ((ht2_f4a >> i4 (x,33,42,43,45)) & 1)*16; +static uint32_t _f20(const uint64_t x) { + uint32_t i5; + + i5 = ((ht2_f4a >> i4(x, 1, 2, 4, 5)) & 1) * 1 + + ((ht2_f4b >> i4(x, 7,11,13,14)) & 1) * 2 + + ((ht2_f4b >> i4(x,16,20,22,25)) & 1) * 4 + + ((ht2_f4b >> i4(x,27,28,30,32)) & 1) * 8 + + ((ht2_f4a >> i4(x,33,42,43,45)) & 1) * 16; return (ht2_f5c >> i5) & 1; } -static u64 _hitag2_init (const u64 key, const u32 serial, const u32 IV) -{ - u32 i; - u64 x = ((key & 0xFFFF) << 32) + serial; +static uint64_t _hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV) { + uint32_t i; + uint64_t x = ((key & 0xFFFF) << 32) + serial; - for (i = 0; i < 32; i++) - { + for (i = 0; i < 32; i++) { x >>= 1; - x += (u64) (_f20 (x) ^ (((IV >> i) ^ (key >> (i+16))) & 1)) << 47; + x += (uint64_t)(_f20(x) ^ (((IV >> i) ^ (key >> (i+16))) & 1)) << 47; } return x; } -static u64 _hitag2_round (u64 *state) -{ - u64 x = *state; +static uint64_t _hitag2_round(uint64_t *state) { + uint64_t x = *state; x = (x >> 1) + ((((x >> 0) ^ (x >> 2) ^ (x >> 3) ^ (x >> 6) @@ -149,40 +136,36 @@ static u64 _hitag2_round (u64 *state) ^ (x >> 42) ^ (x >> 43) ^ (x >> 46) ^ (x >> 47)) & 1) << 47); *state = x; - return _f20 (x); + return _f20(x); } -static u32 _hitag2_byte (u64 * x) -{ - u32 i, c; - - for (i = 0, c = 0; i < 8; i++) c += (u32) _hitag2_round (x) << (i^7); +static uint32_t _hitag2_byte(uint64_t *x) { + uint32_t i, c; + for (i = 0, c = 0; i < 8; i++) { + c += (uint32_t) _hitag2_round(x) << (i^7); + } return c; } -static int hitag2_reset(void) -{ +static int hitag2_reset(void) { tag.state = TAG_STATE_RESET; tag.crypto_active = 0; return 0; } -static int hitag2_init(void) -{ -// memcpy(&tag, &resetdata, sizeof(tag)); +static int hitag2_init(void) { hitag2_reset(); return 0; } -static void hitag2_cipher_reset(struct hitag2_tag *tag, const byte_t *iv) -{ - uint64_t key = ((uint64_t)tag->sectors[2][2]) | +static void hitag2_cipher_reset(struct hitag2_tag *tag, const uint8_t *iv) { + uint64_t key = ((uint64_t)tag->sectors[2][2]) | ((uint64_t)tag->sectors[2][3] << 8) | ((uint64_t)tag->sectors[1][0] << 16) | ((uint64_t)tag->sectors[1][1] << 24) | ((uint64_t)tag->sectors[1][2] << 32) | ((uint64_t)tag->sectors[1][3] << 40); - uint32_t uid = ((uint32_t)tag->sectors[0][0]) | + uint32_t uid = ((uint32_t)tag->sectors[0][0]) | ((uint32_t)tag->sectors[0][1] << 8) | ((uint32_t)tag->sectors[0][2] << 16) | ((uint32_t)tag->sectors[0][3] << 24); @@ -190,12 +173,11 @@ static void hitag2_cipher_reset(struct hitag2_tag *tag, const byte_t *iv) (((uint32_t)(iv[1])) << 8) | (((uint32_t)(iv[2])) << 16) | (((uint32_t)(iv[3])) << 24); - tag->cs = _hitag2_init(rev64(key), rev32(uid), rev32(iv_)); + tag->cs = _hitag2_init(REV64(key), REV32(uid), REV32(iv_)); } -static int hitag2_cipher_authenticate(uint64_t* cs, const byte_t *authenticator_is) -{ - byte_t authenticator_should[4]; +static int hitag2_cipher_authenticate(uint64_t *cs, const uint8_t *authenticator_is) { + uint8_t authenticator_should[4]; authenticator_should[0] = ~_hitag2_byte(cs); authenticator_should[1] = ~_hitag2_byte(cs); authenticator_should[2] = ~_hitag2_byte(cs); @@ -203,11 +185,10 @@ static int hitag2_cipher_authenticate(uint64_t* cs, const byte_t *authenticator_ return (memcmp(authenticator_should, authenticator_is, 4) == 0); } -static int hitag2_cipher_transcrypt(uint64_t* cs, byte_t *data, unsigned int bytes, unsigned int bits) -{ +static int hitag2_cipher_transcrypt(uint64_t *cs, uint8_t *data, unsigned int bytes, unsigned int bits) { int i; - for(i=0; i 36 */ -#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */ -#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ -#define HITAG_T_1_MIN 25 /* T[1] should be 26..30 */ -//#define HITAG_T_EOF 40 /* T_EOF should be > 36 */ -#define HITAG_T_EOF 80 /* T_EOF should be > 36 */ -#define HITAG_T_WAIT_1 200 /* T_wresp should be 199..206 */ -#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ +#define HITAG_FRAME_LEN 20 +#define HITAG_T_STOP 36 /* T_EOF should be > 36 */ +#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */ +#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ +#define HITAG_T_1_MIN 25 /* T[1] should be 26..30 */ +//#define HITAG_T_EOF 40 /* T_EOF should be > 36 */ +#define HITAG_T_EOF 80 /* T_EOF should be > 36 */ +#define HITAG_T_WAIT_1 200 /* T_wresp should be 199..206 */ +#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ #define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */ -#define HITAG_T_PROG 614 +#define HITAG_T_PROG 614 -#define HITAG_T_TAG_ONE_HALF_PERIOD 10 -#define HITAG_T_TAG_TWO_HALF_PERIOD 25 -#define HITAG_T_TAG_THREE_HALF_PERIOD 41 -#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 +#define HITAG_T_TAG_ONE_HALF_PERIOD 10 +#define HITAG_T_TAG_TWO_HALF_PERIOD 25 +#define HITAG_T_TAG_THREE_HALF_PERIOD 41 +#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 -#define HITAG_T_TAG_HALF_PERIOD 16 -#define HITAG_T_TAG_FULL_PERIOD 32 - -#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 -#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 -#define HITAG_T_TAG_CAPTURE_THREE_HALF 41 -#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 +#define HITAG_T_TAG_HALF_PERIOD 16 +#define HITAG_T_TAG_FULL_PERIOD 32 +#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 +#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 +#define HITAG_T_TAG_CAPTURE_THREE_HALF 41 +#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 static void hitag_send_bit(int bit) { LED_A_ON(); - // Reset clock for the next bit + // Reset clock for the next bit AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - + // Fixed modulation, earlier proxmark version used inverted signal - if(bit == 0) { + if (bit == 0) { // Manchester: Unloaded, then loaded |__--| LOW(GPIO_SSC_DOUT); - while(AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_HALF_PERIOD); + while (AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_HALF_PERIOD); HIGH(GPIO_SSC_DOUT); - while(AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_FULL_PERIOD); + while (AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_FULL_PERIOD); } else { // Manchester: Loaded, then unloaded |--__| HIGH(GPIO_SSC_DOUT); - while(AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_HALF_PERIOD); + while (AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_HALF_PERIOD); LOW(GPIO_SSC_DOUT); - while(AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_FULL_PERIOD); + while (AT91C_BASE_TC0->TC_CV < T0*HITAG_T_TAG_FULL_PERIOD); } LED_A_OFF(); } -static void hitag_send_frame(const byte_t* frame, size_t frame_len) +static void hitag_send_frame(const uint8_t *frame, size_t frame_len) { // Send start of frame - for(size_t i=0; i<5; i++) { + for(size_t i = 0; i < 5; i++) { hitag_send_bit(1); } // Send the content of the frame - for(size_t i=0; i> (7-(i%8)))&1); + for (size_t i = 0; i < frame_len; i++) { + hitag_send_bit((frame[i/8] >> (7-(i%8))) & 0x01); } // Drop the modulation LOW(GPIO_SSC_DOUT); } +static void hitag2_handle_reader_command(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) { + uint8_t rx_air[HITAG_FRAME_LEN]; -static void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) -{ - byte_t rx_air[HITAG_FRAME_LEN]; - // Copy the (original) received frame how it is send over the air - memcpy(rx_air,rx,nbytes(rxlen)); + memcpy(rx_air, rx, nbytes(rxlen)); - if(tag.crypto_active) { - hitag2_cipher_transcrypt(&(tag.cs),rx,rxlen/8,rxlen%8); + if (tag.crypto_active) { + hitag2_cipher_transcrypt(&(tag.cs), rx, rxlen/8, rxlen%8); } - - // Reset the transmission frame length + + // Reset the transmission frame length *txlen = 0; - + // Try to find out which command was send by selecting on length (in bits) switch (rxlen) { - // Received 11000 from the reader, request for UID, send UID - case 05: { - // Always send over the air in the clear plaintext mode - if(rx_air[0] != 0xC0) { - // Unknown frame ? - return; - } - *txlen = 32; - memcpy(tx,tag.sectors[0],4); - tag.crypto_active = 0; - } - break; - - // Read/Write command: ..xx x..y yy with yyy == ~xxx, xxx is sector number - case 10: { - unsigned int sector = (~( ((rx[0]<<2)&0x04) | ((rx[1]>>6)&0x03) ) & 0x07); - // Verify complement of sector index - if(sector != ((rx[0]>>3)&0x07)) { - //DbpString("Transmission error (read/write)"); - return; - } - - switch (rx[0] & 0xC6) { - // Read command: 11xx x00y - case 0xC0: - memcpy(tx,tag.sectors[sector],4); - *txlen = 32; - break; - - // Inverted Read command: 01xx x10y - case 0x44: - for (size_t i=0; i<4; i++) { - tx[i] = tag.sectors[sector][i] ^ 0xff; - } - *txlen = 32; - break; - - // Write command: 10xx x01y - case 0x82: - // Prepare write, acknowledge by repeating command - memcpy(tx,rx,nbytes(rxlen)); - *txlen = rxlen; - tag.active_sector = sector; - tag.state=TAG_STATE_WRITING; - break; - - // Unknown command - default: - Dbprintf("Unknown command: %02x %02x",rx[0],rx[1]); - return; - break; - } - } - break; - - // Writing data or Reader password - case 32: { - if(tag.state == TAG_STATE_WRITING) { - // These are the sector contents to be written. We don't have to do anything else. - memcpy(tag.sectors[tag.active_sector],rx,nbytes(rxlen)); - tag.state=TAG_STATE_RESET; - return; - } else { - // Received RWD password, respond with configuration and our password - if(memcmp(rx,tag.sectors[1],4) != 0) { - DbpString("Reader password is wrong"); + // Received 11000 from the reader, request for UID, send UID + case 05: { + // Always send over the air in the clear plaintext mode + if (rx_air[0] != HITAG2_START_AUTH) { + // Unknown frame ? return; } *txlen = 32; - memcpy(tx,tag.sectors[3],4); + memcpy(tx, tag.sectors[0], 4); + tag.crypto_active = 0; + } + break; + + // Read/Write command: ..xx x..y yy with yyy == ~xxx, xxx is sector number + case 10: { + unsigned int sector = (~( ((rx[0]<<2) & 0x04) | ((rx[1]>>6) & 0x03) ) & 0x07); + // Verify complement of sector index + if (sector != ((rx[0]>>3) & 0x07)) { + //DbpString("Transmission error (read/write)"); + return; + } + + switch (rx[0] & 0xC6) { + // Read command: 11xx x00y + case HITAG2_READ_PAGE: + memcpy(tx, tag.sectors[sector], 4); + *txlen = 32; + break; + + // Inverted Read command: 01xx x10y + case HITAG2_READ_PAGE_INVERTED: + for (size_t i = 0; i < 4; i++) { + tx[i] = tag.sectors[sector][i] ^ 0xff; + } + *txlen = 32; + break; + + // Write command: 10xx x01y + case HITAG2_WRITE_PAGE: + // Prepare write, acknowledge by repeating command + memcpy(tx, rx, nbytes(rxlen)); + *txlen = rxlen; + tag.active_sector = sector; + tag.state = TAG_STATE_WRITING; + break; + + // Unknown command + default: + Dbprintf("Unknown command: %02x %02x", rx[0], rx[1]); + return; + break; + } + } + break; + + // Writing data or Reader password + case 32: { + if (tag.state == TAG_STATE_WRITING) { + // These are the sector contents to be written. We don't have to do anything else. + memcpy(tag.sectors[tag.active_sector], rx, nbytes(rxlen)); + tag.state = TAG_STATE_RESET; + return; + } else { + // Received RWD password, respond with configuration and our password + if (memcmp(rx, tag.sectors[1], 4) != 0) { + DbpString("Reader password is wrong"); + return; + } + *txlen = 32; + memcpy(tx, tag.sectors[3], 4); + } } - } break; // Received RWD authentication challenge and respnse - case 64: { - // Store the authentication attempt - if (auth_table_len < (AUTH_TABLE_LENGTH-8)) { - memcpy(auth_table+auth_table_len,rx,8); - auth_table_len += 8; + case 64: { + // Store the authentication attempt + if (auth_table_len < (AUTH_TABLE_LENGTH-8)) { + memcpy(auth_table+auth_table_len, rx, 8); + auth_table_len += 8; + } + + // Reset the cipher state + hitag2_cipher_reset(&tag, rx); + // Check if the authentication was correct + if (!hitag2_cipher_authenticate(&(tag.cs), rx+4)) { + // The reader failed to authenticate, do nothing + Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed!", rx[0], rx[1], rx[2], rx[3], rx[4], rx[5], rx[6], rx[7]); + return; + } + // Succesful, but commented out reporting back to the Host, this may delay to much. + // Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x OK!",rx[0],rx[1],rx[2],rx[3],rx[4],rx[5],rx[6],rx[7]); + + // Activate encryption algorithm for all further communication + tag.crypto_active = 1; + + // Use the tag password as response + memcpy(tx, tag.sectors[3], 4); + *txlen = 32; } - - // Reset the cipher state - hitag2_cipher_reset(&tag,rx); - // Check if the authentication was correct - if(!hitag2_cipher_authenticate(&(tag.cs),rx+4)) { - // The reader failed to authenticate, do nothing - Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed!",rx[0],rx[1],rx[2],rx[3],rx[4],rx[5],rx[6],rx[7]); - return; - } - // Succesful, but commented out reporting back to the Host, this may delay to much. - // Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x OK!",rx[0],rx[1],rx[2],rx[3],rx[4],rx[5],rx[6],rx[7]); - - // Activate encryption algorithm for all further communication - tag.crypto_active = 1; - - // Use the tag password as response - memcpy(tx,tag.sectors[3],4); - *txlen = 32; - } break; } -// LogTraceHitag(rx,rxlen,0,0,false); -// LogTraceHitag(tx,*txlen,0,0,true); - - if(tag.crypto_active) { + // LogTraceHitag(rx, rxlen, 0, 0, false); + // LogTraceHitag(tx, *txlen, 0, 0, true); + + if (tag.crypto_active) { hitag2_cipher_transcrypt(&(tag.cs), tx, *txlen/8, *txlen%8); } } static void hitag_reader_send_bit(int bit) { LED_A_ON(); - // Reset clock for the next bit + // Reset clock for the next bit AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - + // Binary puls length modulation (BPLM) is used to encode the data stream // This means that a transmission of a one takes longer than that of a zero - + // Enable modulation, which means, drop the field HIGH(GPIO_SSC_DOUT); - - // Wait for 4-10 times the carrier period - while(AT91C_BASE_TC0->TC_CV < T0*6); - // SpinDelayUs(8*8); - + + // t_low = 4...10 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*6); + // Disable modulation, just activates the field again LOW(GPIO_SSC_DOUT); - - if(bit == 0) { - // Zero bit: |_-| - while(AT91C_BASE_TC0->TC_CV < T0*22); - // SpinDelayUs(16*8); + + if (bit == 0) { + // Zero bit: |_-|, T[0] = 18...22 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*22); } else { - // One bit: |_--| - while(AT91C_BASE_TC0->TC_CV < T0*28); - // SpinDelayUs(22*8); + // One bit: |_--|, T[1] = 26...32 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*28); } LED_A_OFF(); } -static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) +static void hitag_reader_send_frame(const uint8_t *frame, size_t frame_len) { // Send the content of the frame - for(size_t i=0; i> (7-(i%8)))&1); + for(size_t i = 0; i < frame_len; i++) { + hitag_reader_send_bit((frame[i/8] >> (7-(i%8))) & 0x01); } - // Send EOF + // Send EOF AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; // Enable modulation, which means, drop the field HIGH(GPIO_SSC_DOUT); - // Wait for 4-10 times the carrier period - while(AT91C_BASE_TC0->TC_CV < T0*6); + // t_low = 4...10 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*6); // Disable modulation, just activates the field again LOW(GPIO_SSC_DOUT); + // t_stop > 36 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*36); } size_t blocknr; -static bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { - // Reset the transmission frame length - *txlen = 0; - - // Try to find out which command was send by selecting on length (in bits) - switch (rxlen) { - // No answer, try to resurrect - case 0: { - // Stop if there is no answer (after sending password) - if (bPwd) { - DbpString("Password failed!"); - return false; - } - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); - } break; - - // Received UID, tag password - case 32: { - if (!bPwd) { - *txlen = 32; - memcpy(tx,password,4); - bPwd = true; - memcpy(tag.sectors[blocknr],rx,4); - blocknr++; - } else { - - if(blocknr == 1){ - //store password in block1, the TAG answers with Block3, but we need the password in memory - memcpy(tag.sectors[blocknr],tx,4); - }else{ - memcpy(tag.sectors[blocknr],rx,4); - } - - blocknr++; - if (blocknr > 7) { - DbpString("Read succesful!"); - bSuccessful = true; +//----------------------------------------------------------------------------- +// Hitag2 operations +//----------------------------------------------------------------------------- + +static bool hitag2_write_page(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) { + switch (writestate) { + case WRITE_STATE_START: + tx[0] = HITAG2_WRITE_PAGE | (blocknr << 3) | ((blocknr^7) >> 2); + tx[1] = ((blocknr^7) << 6); + *txlen = 10; + writestate = WRITE_STATE_PAGENUM_WRITTEN; + break; + case WRITE_STATE_PAGENUM_WRITTEN: + // Check if page number was received correctly + if ((rxlen == 10) + && (rx[0] == (HITAG2_WRITE_PAGE | (blocknr << 3) | ((blocknr^7) >> 2))) + && (rx[1] == (((blocknr & 0x3) ^ 0x3) << 6))) { + *txlen = 32; + memset(tx, 0, HITAG_FRAME_LEN); + memcpy(tx, writedata, 4); + writestate = WRITE_STATE_PROG; + } else { + Dbprintf("hitag2_write_page: Page number was not received correctly: rxlen=%d rx=%02x%02x%02x%02x", + rxlen, rx[0], rx[1], rx[2], rx[3]); + bSuccessful = false; return false; } - *txlen = 10; - tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); - tx[1] = ((blocknr^7) << 6); - } - } break; - - // Unexpected response - default: { - Dbprintf("Uknown frame length: %d",rxlen); - return false; - } break; - } - return true; -} - -static bool hitag2_write_page(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) -{ - switch (writestate) { - case WRITE_STATE_START: - *txlen = 10; - tx[0] = 0x82 | (blocknr << 3) | ((blocknr^7) >> 2); - tx[1] = ((blocknr^7) << 6); - writestate = WRITE_STATE_PAGENUM_WRITTEN; - break; - case WRITE_STATE_PAGENUM_WRITTEN: - // Check if page number was received correctly - if ((rxlen == 10) && - (rx[0] == (0x82 | (blocknr << 3) | ((blocknr^7) >> 2))) && - (rx[1] == (((blocknr & 0x3) ^ 0x3) << 6))) { - *txlen = 32; - memset(tx, 0, HITAG_FRAME_LEN); - memcpy(tx, writedata, 4); - writestate = WRITE_STATE_PROG; - } else { - Dbprintf("hitag2_write_page: Page number was not received correctly: rxlen=%d rx=%02x%02x%02x%02x", - rxlen, rx[0], rx[1], rx[2], rx[3]); + break; + case WRITE_STATE_PROG: + if (rxlen == 0) { + bSuccessful = true; + } else { + bSuccessful = false; + Dbprintf("hitag2_write_page: unexpected rx data (%d) after page write", rxlen); + } + return false; + default: + DbpString("hitag2_write_page: Unknown state %d"); bSuccessful = false; return false; - } - break; - case WRITE_STATE_PROG: - if (rxlen == 0) { - bSuccessful = true; - } else { - bSuccessful = false; - Dbprintf("hitag2_write_page: unexpected rx data (%d) after page write", rxlen); - } - return false; - default: - DbpString("hitag2_write_page: Unknown state %d"); - bSuccessful = false; - return false; } return true; } -static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen, bool write) { +static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen, bool write) { // Reset the transmission frame length *txlen = 0; - - if(bCrypto) { - hitag2_cipher_transcrypt(&cipher_state,rx,rxlen/8,rxlen%8); + if (bPwd && !bAuthenticating && write) { + if (!hitag2_write_page(rx, rxlen, tx, txlen)) { + return false; + } + } else { + // Try to find out which command was send by selecting on length (in bits) + switch (rxlen) { + // No answer, try to resurrect + case 0: { + // Stop if there is no answer (after sending password) + if (bPwd) { + DbpString("Password failed!"); + return false; + } + tx[0] = HITAG2_START_AUTH; + *txlen = 5; + } + break; + + // Received UID, tag password + case 32: { + if (!bPwd) { + bPwd = true; + bAuthenticating = true; + memcpy(tx, password, 4); + *txlen = 32; + } else { + if (bAuthenticating) { + bAuthenticating = false; + if (write) { + if (!hitag2_write_page(rx, rxlen, tx, txlen)) { + return false; + } + break; + } + } else { + memcpy(tag.sectors[blocknr], rx, 4); + blocknr++; + } + + if (blocknr > 7) { + DbpString("Read successful!"); + bSuccessful = true; + return false; + } + tx[0] = HITAG2_READ_PAGE | (blocknr << 3) | ((blocknr^7) >> 2); + tx[1] = ((blocknr^7) << 6); + *txlen = 10; + } + } + break; + + // Unexpected response + default: { + Dbprintf("Unknown frame length: %d", rxlen); + return false; + } + break; + } + } + + return true; +} + +static bool hitag2_crypto(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen, bool write) { + // Reset the transmission frame length + *txlen = 0; + + if (bCrypto) { + hitag2_cipher_transcrypt(&cipher_state, rx, rxlen/8, rxlen%8); } if (bCrypto && !bAuthenticating && write) { if (!hitag2_write_page(rx, rxlen, tx, txlen)) { return false; } - } - else - { + } else { - // Try to find out which command was send by selecting on length (in bits) - switch (rxlen) { - // No answer, try to resurrect - case 0: - { - // Stop if there is no answer while we are in crypto mode (after sending NrAr) - if (bCrypto) { - // Failed during authentication - if (bAuthenticating) { - DbpString("Authentication failed!"); - return false; - } else { - // Failed reading a block, could be (read/write) locked, skip block and re-authenticate - if (blocknr == 1) { - // Write the low part of the key in memory - memcpy(tag.sectors[1],key+2,4); - } else if (blocknr == 2) { - // Write the high part of the key in memory - tag.sectors[2][0] = 0x00; - tag.sectors[2][1] = 0x00; - tag.sectors[2][2] = key[0]; - tag.sectors[2][3] = key[1]; - } else { - // Just put zero's in the memory (of the unreadable block) - memset(tag.sectors[blocknr],0x00,4); - } - blocknr++; - bCrypto = false; - } - } else { - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); - } - break; - } - // Received UID, crypto tag answer - case 32: { - if (!bCrypto) { - uint64_t ui64key = key[0] | ((uint64_t)key[1]) << 8 | ((uint64_t)key[2]) << 16 | ((uint64_t)key[3]) << 24 | ((uint64_t)key[4]) << 32 | ((uint64_t)key[5]) << 40; - uint32_t ui32uid = rx[0] | ((uint32_t)rx[1]) << 8 | ((uint32_t)rx[2]) << 16 | ((uint32_t)rx[3]) << 24; - Dbprintf("hitag2_crypto: key=0x%x%x uid=0x%x", (uint32_t) ((rev64(ui64key)) >> 32), (uint32_t) ((rev64(ui64key)) & 0xffffffff), rev32(ui32uid)); - cipher_state = _hitag2_init(rev64(ui64key), rev32(ui32uid), 0); - memset(tx,0x00,4); - memset(tx+4,0xff,4); - hitag2_cipher_transcrypt(&cipher_state, tx+4, 4, 0); - *txlen = 64; - bCrypto = true; - bAuthenticating = true; - } else { - // Check if we received answer tag (at) - if (bAuthenticating) { - bAuthenticating = false; - if (write) { - if (!hitag2_write_page(rx, rxlen, tx, txlen)) { + // Try to find out which command was send by selecting on length (in bits) + switch (rxlen) { + // No answer, try to resurrect + case 0: { + // Stop if there is no answer while we are in crypto mode (after sending NrAr) + if (bCrypto) { + // Failed during authentication + if (bAuthenticating) { + DbpString("Authentication failed!"); return false; + } else { + // Failed reading a block, could be (read/write) locked, skip block and re-authenticate + if (blocknr == 1) { + // Write the low part of the key in memory + memcpy(tag.sectors[1], key+2, 4); + } else if (blocknr == 2) { + // Write the high part of the key in memory + tag.sectors[2][0] = 0x00; + tag.sectors[2][1] = 0x00; + tag.sectors[2][2] = key[0]; + tag.sectors[2][3] = key[1]; + } else { + // Just put zero's in the memory (of the unreadable block) + memset(tag.sectors[blocknr], 0x00, 4); + } + blocknr++; + bCrypto = false; } - break; + } else { + tx[0] = HITAG2_START_AUTH; + *txlen = 5; } - } else { - // Store the received block - memcpy(tag.sectors[blocknr],rx,4); - blocknr++; + break; } + // Received UID, crypto tag answer + case 32: { + if (!bCrypto) { + uint64_t ui64key = key[0] | ((uint64_t)key[1]) << 8 | ((uint64_t)key[2]) << 16 | ((uint64_t)key[3]) << 24 | ((uint64_t)key[4]) << 32 | ((uint64_t)key[5]) << 40; + uint32_t ui32uid = rx[0] | ((uint32_t)rx[1]) << 8 | ((uint32_t)rx[2]) << 16 | ((uint32_t)rx[3]) << 24; + Dbprintf("hitag2_crypto: key=0x%x%x uid=0x%x", (uint32_t) ((REV64(ui64key)) >> 32), (uint32_t) ((REV64(ui64key)) & 0xffffffff), REV32(ui32uid)); + cipher_state = _hitag2_init(REV64(ui64key), REV32(ui32uid), 0); + memset(tx, 0x00, 4); + memset(tx+4, 0xff, 4); + hitag2_cipher_transcrypt(&cipher_state, tx+4, 4, 0); + *txlen = 64; + bCrypto = true; + bAuthenticating = true; + } else { + // Check if we received answer tag (at) + if (bAuthenticating) { + bAuthenticating = false; + if (write) { + if (!hitag2_write_page(rx, rxlen, tx, txlen)) { + return false; + } + break; + } + } + // stage 2+, got data block + else { + // Store the received block + memcpy(tag.sectors[blocknr], rx, 4); + blocknr++; + } + if (blocknr > 7) { + DbpString("Read successful!"); + bSuccessful = true; + return false; + } else { + tx[0] = HITAG2_READ_PAGE | (blocknr << 3) | ((blocknr ^ 7) >> 2); + tx[1] = ((blocknr ^ 7) << 6); + *txlen = 10; + } + } + } + break; - if (blocknr > 7) { - DbpString("Read succesful!"); - bSuccessful = true; + // Unexpected response + default: { + Dbprintf("Unknown frame length: %d",rxlen); return false; - } else { - *txlen = 10; - tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); - tx[1] = ((blocknr^7) << 6); } + break; } - } break; - - // Unexpected response - default: { - Dbprintf("Uknown frame length: %d",rxlen); - return false; - } break; } - } - - if(bCrypto) { + + if (bCrypto) { // We have to return now to avoid double encryption if (!bAuthenticating) { - hitag2_cipher_transcrypt(&cipher_state,tx,*txlen/8,*txlen%8); + hitag2_cipher_transcrypt(&cipher_state, tx, *txlen/8, *txlen%8); } } return true; } - -static bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { - // Reset the transmission frame length - *txlen = 0; - - // Try to find out which command was send by selecting on length (in bits) - switch (rxlen) { - // No answer, try to resurrect - case 0: { - // Stop if there is no answer while we are in crypto mode (after sending NrAr) - if (bCrypto) { - DbpString("Authentication failed!"); - return false; - } - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); - } break; - - // Received UID, crypto tag answer - case 32: { - if (!bCrypto) { - *txlen = 64; - memcpy(tx,NrAr,8); - bCrypto = true; - } else { - DbpString("Authentication succesful!"); - // We are done... for now - return false; - } - } break; - - // Unexpected response - default: { - Dbprintf("Uknown frame length: %d",rxlen); - return false; - } break; - } - - return true; -} - - -static bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { - - // Reset the transmission frame length - *txlen = 0; - - // Try to find out which command was send by selecting on length (in bits) - switch (rxlen) { - // No answer, try to resurrect - case 0: { - // Stop if there is no answer while we are in crypto mode (after sending NrAr) - if (bCrypto) { - Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed, removed entry!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]); - - // Removing failed entry from authentiations table - memcpy(auth_table+auth_table_pos,auth_table+auth_table_pos+8,8); - auth_table_len -= 8; - - // Return if we reached the end of the authentications table - bCrypto = false; - if (auth_table_pos == auth_table_len) { - return false; - } - - // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry) - memcpy(NrAr,auth_table+auth_table_pos,8); - } - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); - } break; - - // Received UID, crypto tag answer, or read block response - case 32: { - if (!bCrypto) { - *txlen = 64; - memcpy(tx,NrAr,8); - bCrypto = true; - } else { - Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x OK",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]); - bCrypto = false; - if ((auth_table_pos+8) == auth_table_len) { - return false; - } - auth_table_pos += 8; - memcpy(NrAr,auth_table+auth_table_pos,8); - } - } break; - - default: { - Dbprintf("Uknown frame length: %d",rxlen); - return false; - } break; - } - - return true; -} - -static bool hitag2_read_uid(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { +static bool hitag2_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) { // Reset the transmission frame length *txlen = 0; // Try to find out which command was send by selecting on length (in bits) switch (rxlen) { // No answer, try to resurrect - case 0: { - // Just starting or if there is no answer - *txlen = 5; - memcpy(tx,"\xc0",nbytes(*txlen)); - } break; - // Received UID - case 32: { - // Check if we received answer tag (at) - if (bAuthenticating) { - bAuthenticating = false; - } else { - // Store the received block - memcpy(tag.sectors[blocknr],rx,4); - blocknr++; + case 0: { + // Stop if there is no answer while we are in crypto mode (after sending NrAr) + if (bCrypto) { + DbpString("Authentication failed!"); + return false; + } + tx[0] = HITAG2_START_AUTH; + *txlen = 5; } - if (blocknr > 0) { - //DbpString("Read successful!"); - bSuccessful = true; + break; + + // Received UID, crypto tag answer + case 32: { + if (!bCrypto) { + memcpy(tx, NrAr, 8); + *txlen = 64; + bCrypto = true; + } else { + DbpString("Authentication successful!"); + // We are done... for now + return false; + } + } + break; + + // Unexpected response + default: { + Dbprintf("Unknown frame length: %d",rxlen); return false; } - } break; + break; + } + + return true; +} + +static bool hitag2_test_auth_attempts(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) { + + // Reset the transmission frame length + *txlen = 0; + + // Try to find out which command was send by selecting on length (in bits) + switch (rxlen) { + // No answer, try to resurrect + case 0: { + // Stop if there is no answer while we are in crypto mode (after sending NrAr) + if (bCrypto) { + Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed, removed entry!", NrAr[0], NrAr[1], NrAr[2], NrAr[3], NrAr[4], NrAr[5], NrAr[6], NrAr[7]); + + // Removing failed entry from authentiations table + memcpy(auth_table+auth_table_pos, auth_table+auth_table_pos+8, 8); + auth_table_len -= 8; + + // Return if we reached the end of the authentications table + bCrypto = false; + if (auth_table_pos == auth_table_len) { + return false; + } + + // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry) + memcpy(NrAr, auth_table+auth_table_pos, 8); + } + tx[0] = HITAG2_START_AUTH; + *txlen = 5; + } + break; + + // Received UID, crypto tag answer, or read block response + case 32: { + if (!bCrypto) { + *txlen = 64; + memcpy(tx, NrAr, 8); + bCrypto = true; + } else { + Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x OK", NrAr[0], NrAr[1], NrAr[2], NrAr[3], NrAr[4], NrAr[5], NrAr[6], NrAr[7]); + bCrypto = false; + if ((auth_table_pos+8) == auth_table_len) { + return false; + } + auth_table_pos += 8; + memcpy(NrAr, auth_table+auth_table_pos, 8); + } + } + break; + + default: { + Dbprintf("Unknown frame length: %d",rxlen); + return false; + } + break; + } + + return true; +} + +static bool hitag2_read_uid(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) { + // Reset the transmission frame length + *txlen = 0; + + // Try to find out which command was send by selecting on length (in bits) + switch (rxlen) { + // No answer, try to resurrect + case 0: { + // Just starting or if there is no answer + tx[0] = HITAG2_START_AUTH; + *txlen = 5; + } + break; + // Received UID + case 32: { + // Check if we received answer tag (at) + if (bAuthenticating) { + bAuthenticating = false; + } else { + // Store the received block + memcpy(tag.sectors[blocknr], rx, 4); + blocknr++; + } + if (blocknr > 0) { + //DbpString("Read successful!"); + bSuccessful = true; + return false; + } + } + break; // Unexpected response - default: { - Dbprintf("Uknown frame length: %d",rxlen); - return false; - } break; + default: { + Dbprintf("Unknown frame length: %d",rxlen); + return false; + } + break; } return true; } void SnoopHitag(uint32_t type) { - int frame_count; + // int frame_count; int response; int overflow; bool rising_edge; @@ -813,74 +809,72 @@ void SnoopHitag(uint32_t type) { int lastbit; bool bSkip; int tag_sof; - byte_t rx[HITAG_FRAME_LEN] = {0}; - size_t rxlen=0; - + uint8_t rx[HITAG_FRAME_LEN] = {0}; + size_t rxlen = 0; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); - + auth_table_len = 0; auth_table_pos = 0; BigBuf_free(); - auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); + auth_table = (uint8_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 snoop"); LED_D_ON(); - + // Set up eavesdropping mode, frequency divisor which will drive the FPGA // and analog mux selection. FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - RELAY_OFF(); - + // Configure output pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; // Disable modulation, we are going to eavesdrop, not modulate ;) LOW(GPIO_SSC_DOUT); - + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the reader frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - - // Disable timer during configuration + + // Disable timer during configuration AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - - // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on rising edge of TIOA. - uint32_t t1_channel_mode = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_BOTH | AT91C_TC_ABETRG | AT91C_TC_LDRA_BOTH; - AT91C_BASE_TC1->TC_CMR = t1_channel_mode; - + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_BOTH | AT91C_TC_ABETRG | AT91C_TC_LDRA_BOTH; + // Enable and reset counter AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - + // Reset the received frame, frame count and timing info - frame_count = 0; + // frame_count = 0; response = 0; overflow = 0; reader_frame = false; lastbit = 1; bSkip = true; tag_sof = 4; - - while(!BUTTON_PRESS()) { + + while (!BUTTON_PRESS()) { // Watchdog hit WDT_HIT(); - + // Receive frame, watch for at most T0*EOF periods while (AT91C_BASE_TC1->TC_CV < T0*HITAG_T_EOF) { // Check if rising edge in modulation is detected - if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values int ra = (AT91C_BASE_TC1->TC_RA/T0); - + // Find out if we are dealing with a rising or falling edge rising_edge = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME) > 0; @@ -889,35 +883,35 @@ void SnoopHitag(uint32_t type) { // Switch from tag to reader capture LED_C_OFF(); reader_frame = true; - memset(rx,0x00,sizeof(rx)); + memset(rx, 0x00, sizeof(rx)); rxlen = 0; } - + // Only handle if reader frame and rising edge, or tag frame and falling edge if (reader_frame != rising_edge) { overflow += ra; continue; } - + // Add the buffered timing values of earlier captured edges which were skipped ra += overflow; overflow = 0; - + if (reader_frame) { LED_B_ON(); // Capture reader frame - if(ra >= HITAG_T_STOP) { + if (ra >= HITAG_T_STOP) { if (rxlen != 0) { //DbpString("wierd0?"); } // Capture the T0 periods that have passed since last communication or field drop (reset) response = (ra - HITAG_T_LOW); - } else if(ra >= HITAG_T_1_MIN ) { - // '1' bit + } else if (ra >= HITAG_T_1_MIN) { + // '1' bit rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; - } else if(ra >= HITAG_T_0_MIN) { - // '0' bit + } else if (ra >= HITAG_T_0_MIN) { + // '0' bit rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; } else { @@ -926,31 +920,31 @@ void SnoopHitag(uint32_t type) { } else { LED_C_ON(); // Capture tag frame (manchester decoding using only falling edges) - if(ra >= HITAG_T_EOF) { + if (ra >= HITAG_T_EOF) { if (rxlen != 0) { //DbpString("wierd1?"); } // Capture the T0 periods that have passed since last communication or field drop (reset) // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra-HITAG_T_TAG_HALF_PERIOD; - } else if(ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { + response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { // Manchester coding example |-_|_-|-_| (101) rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; - } else if(ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { // Manchester coding example |_-|...|_-|-_| (0...01) rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; - // We have to skip this half period at start and add the 'one' the second time + // We have to skip this half period at start and add the 'one' the second time if (!bSkip) { rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; } lastbit = !lastbit; bSkip = !bSkip; - } else if(ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { // Manchester coding example |_-|_-| (00) or |-_|-_| (11) if (tag_sof) { // Ignore bits that are transmitted during SOF @@ -966,11 +960,11 @@ void SnoopHitag(uint32_t type) { } } } - + // Check if frame was captured - if(rxlen > 0) { - frame_count++; - if (!LogTraceHitag(rx,rxlen,response,0,reader_frame)) { + if (rxlen > 0) { + // frame_count++; + if (!LogTraceHitag(rx, rxlen, response, 0, reader_frame)) { DbpString("Trace full"); break; } @@ -983,16 +977,16 @@ void SnoopHitag(uint32_t type) { auth_table_len += 8; } } - + // Reset the received frame and response timing info - memset(rx,0x00,sizeof(rx)); + memset(rx, 0x00, sizeof(rx)); response = 0; reader_frame = false; lastbit = 1; bSkip = true; tag_sof = 4; overflow = 0; - + LED_B_OFF(); LED_C_OFF(); } else { @@ -1012,23 +1006,23 @@ void SnoopHitag(uint32_t type) { AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_A_OFF(); - -// Dbprintf("frame received: %d",frame_count); -// Dbprintf("Authentication Attempts: %d",(auth_table_len/8)); -// DbpString("All done"); + +// Dbprintf("frame received: %d",frame_count); +// Dbprintf("Authentication Attempts: %d",(auth_table_len/8)); +// DbpString("All done"); } -void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { - int frame_count; +void SimulateHitagTag(bool tag_mem_supplied, uint8_t *data) { + // int frame_count; int response; int overflow; - byte_t rx[HITAG_FRAME_LEN]; - size_t rxlen=0; - byte_t tx[HITAG_FRAME_LEN]; - size_t txlen=0; + uint8_t rx[HITAG_FRAME_LEN]; + size_t rxlen = 0; + uint8_t tx[HITAG_FRAME_LEN]; + size_t txlen = 0; bool bQuitTraceFull = false; bQuiet = false; - + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // Clean up trace and prepare it for storing frames @@ -1037,35 +1031,34 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { auth_table_len = 0; auth_table_pos = 0; - byte_t* auth_table; + uint8_t *auth_table; BigBuf_free(); - auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); + auth_table = BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 simulation"); LED_D_ON(); hitag2_init(); - + if (tag_mem_supplied) { DbpString("Loading hitag2 memory..."); - memcpy((byte_t*)tag.sectors,data,48); + memcpy((uint8_t*)tag.sectors, data, 48); } uint32_t block = 0; - for (size_t i=0; i<12; i++) { - for (size_t j=0; j<4; j++) { + for (size_t i = 0; i < 12; i++) { + for (size_t j = 0; j < 4; j++) { block <<= 8; block |= tag.sectors[i][j]; } - Dbprintf("| %d | %08x |",i,block); + Dbprintf("| %d | %08x |", i, block); } - + // Set up simulator mode, frequency divisor which will drive the FPGA // and analog mux selection. FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - RELAY_OFF(); // Configure output pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; @@ -1073,60 +1066,64 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { // Disable modulation at default, which means release resistance LOW(GPIO_SSC_DOUT); - + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); - + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the reader frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - - // Disable timer during configuration + + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on rising edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; - + // Reset the received frame, frame count and timing info - memset(rx,0x00,sizeof(rx)); - frame_count = 0; + memset(rx, 0x00, sizeof(rx)); + // frame_count = 0; response = 0; overflow = 0; // Enable and reset counter AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - - while(!BUTTON_PRESS()) { + + while (!BUTTON_PRESS()) { // Watchdog hit WDT_HIT(); - + // Receive frame, watch for at most T0*EOF periods while (AT91C_BASE_TC1->TC_CV < T0*HITAG_T_EOF) { // Check if rising edge in modulation is detected - if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values int ra = (AT91C_BASE_TC1->TC_RA/T0) + overflow; overflow = 0; // Reset timer every frame, we have to capture the last edge for timing AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - + LED_B_ON(); - + // Capture reader frame - if(ra >= HITAG_T_STOP) { + if (ra >= HITAG_T_STOP) { if (rxlen != 0) { //DbpString("wierd0?"); } // Capture the T0 periods that have passed since last communication or field drop (reset) response = (ra - HITAG_T_LOW); - } else if(ra >= HITAG_T_1_MIN ) { - // '1' bit + } else if (ra >= HITAG_T_1_MIN) { + // '1' bit rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; - } else if(ra >= HITAG_T_0_MIN) { - // '0' bit + } else if (ra >= HITAG_T_0_MIN) { + // '0' bit rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; } else { @@ -1134,12 +1131,12 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { } } } - + // Check if frame was captured - if(rxlen > 4) { - frame_count++; + if (rxlen > 4) { + // frame_count++; if (!bQuiet) { - if (!LogTraceHitag(rx,rxlen,response,0,true)) { + if (!LogTraceHitag(rx, rxlen, response, 0, true)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -1148,27 +1145,27 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { } } } - + // Disable timer 1 with external trigger to avoid triggers during our own modulation AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // Process the incoming frame (rx) and prepare the outgoing frame (tx) - hitag2_handle_reader_command(rx,rxlen,tx,&txlen); - + hitag2_handle_reader_command(rx, rxlen, tx, &txlen); + // Wait for HITAG_T_WAIT_1 carrier periods after the last reader bit, // not that since the clock counts since the rising edge, but T_Wait1 is // with respect to the falling edge, we need to wait actually (T_Wait1 - T_Low) - // periods. The gap time T_Low varies (4..10). All timer values are in + // periods. The gap time T_Low varies (4..10). All timer values are in // terms of T0 units - while(AT91C_BASE_TC0->TC_CV < T0*(HITAG_T_WAIT_1-HITAG_T_LOW)); + while (AT91C_BASE_TC0->TC_CV < T0*(HITAG_T_WAIT_1-HITAG_T_LOW)); // Send and store the tag answer (if there is any) if (txlen) { // Transmit the tag frame - hitag_send_frame(tx,txlen); + hitag_send_frame(tx, txlen); // Store the frame in the trace if (!bQuiet) { - if (!LogTraceHitag(tx,txlen,0,0,false)) { + if (!LogTraceHitag(tx, txlen, 0, 0, false)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -1178,11 +1175,11 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { } } } - + // Reset the received frame and response timing info - memset(rx,0x00,sizeof(rx)); + memset(rx, 0x00, sizeof(rx)); response = 0; - + // Enable and reset external trigger in timer for capturing future frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; LED_B_OFF(); @@ -1199,31 +1196,31 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - + DbpString("Sim Stopped"); - + } -void ReaderHitag(hitag_function htf, hitag_data* htd) { - int frame_count; +void ReaderHitag(hitag_function htf, hitag_data *htd) { + // int frame_count; int response; - byte_t rx[HITAG_FRAME_LEN]; - size_t rxlen=0; - byte_t txbuf[HITAG_FRAME_LEN]; - byte_t* tx = txbuf; - size_t txlen=0; + uint8_t rx[HITAG_FRAME_LEN]; + size_t rxlen = 0; + uint8_t txbuf[HITAG_FRAME_LEN]; + uint8_t *tx = txbuf; + size_t txlen = 0; int lastbit; bool bSkip; - int reset_sof; + int reset_sof; int tag_sof; int t_wait = HITAG_T_WAIT_MAX; bool bStop = false; bool bQuitTraceFull = false; - + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // Reset the return status bSuccessful = false; - + // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); @@ -1231,102 +1228,109 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { //DbpString("Starting Hitag reader family"); // Check configuration - switch(htf) { - case RHT2F_PASSWORD: { - Dbprintf("List identifier in password mode"); - memcpy(password,htd->pwd.password,4); - blocknr = 0; - bQuitTraceFull = false; - bQuiet = false; - bPwd = false; - } break; - case RHT2F_AUTHENTICATE: { - DbpString("Authenticating using nr,ar pair:"); - memcpy(NrAr,htd->auth.NrAr,8); - Dbhexdump(8,NrAr,false); - bQuiet = false; - bCrypto = false; - bAuthenticating = false; - bQuitTraceFull = true; - } break; - case RHT2F_CRYPTO: - { - DbpString("Authenticating using key:"); - memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code. - Dbhexdump(6,key,false); - blocknr = 0; - bQuiet = false; - bCrypto = false; - bAuthenticating = false; - bQuitTraceFull = true; - } break; - case RHT2F_TEST_AUTH_ATTEMPTS: { - Dbprintf("Testing %d authentication attempts",(auth_table_len/8)); - auth_table_pos = 0; - memcpy(NrAr, auth_table, 8); - bQuitTraceFull = false; - bQuiet = false; - bCrypto = false; - } break; - case RHT2F_UID_ONLY: { - blocknr = 0; - bQuiet = false; - bCrypto = false; - bAuthenticating = false; - bQuitTraceFull = true; - } break; - default: { - Dbprintf("Error, unknown function: %d",htf); - return; - } break; + switch (htf) { + case RHT2F_PASSWORD: { + Dbprintf("List identifier in password mode"); + memcpy(password, htd->pwd.password, 4); + blocknr = 0; + bQuitTraceFull = false; + bQuiet = false; + bPwd = false; + bAuthenticating = false; + } + break; + case RHT2F_AUTHENTICATE: { + DbpString("Authenticating using nr,ar pair:"); + memcpy(NrAr, htd->auth.NrAr, 8); + Dbhexdump(8, NrAr, false); + bQuiet = false; + bCrypto = false; + bAuthenticating = false; + bQuitTraceFull = true; + } + break; + case RHT2F_CRYPTO: + { + DbpString("Authenticating using key:"); + memcpy(key, htd->crypto.key, 6); //HACK; 4 or 6?? I read both in the code. + Dbhexdump(6, key, false); + blocknr = 0; + bQuiet = false; + bCrypto = false; + bAuthenticating = false; + bQuitTraceFull = true; + } + break; + case RHT2F_TEST_AUTH_ATTEMPTS: { + Dbprintf("Testing %d authentication attempts", (auth_table_len/8)); + auth_table_pos = 0; + memcpy(NrAr, auth_table, 8); + bQuitTraceFull = false; + bQuiet = false; + bCrypto = false; + } + break; + case RHT2F_UID_ONLY: { + blocknr = 0; + bQuiet = false; + bCrypto = false; + bAuthenticating = false; + bQuitTraceFull = true; + } + break; + default: { + Dbprintf("Error, unknown function: %d", htf); + return; + } + break; } - + LED_D_ON(); hitag2_init(); - + // Configure output and enable pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - + // Set fpga in edge detect with reader field, we can modulate as reader now FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); // Set Frequency divisor which will drive the FPGA and analog mux selection FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - RELAY_OFF(); // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(30); - // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - - // Disable timer during configuration + + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - - // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on falling edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; - + // Enable and reset counters AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Reset the received frame, frame count and timing info - frame_count = 0; + // frame_count = 0; response = 0; lastbit = 1; // Tag specific configuration settings (sof, timings, etc.) - if (htf < 10){ + if (htf < 10) { // hitagS settings reset_sof = 1; t_wait = 200; @@ -1342,19 +1346,23 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { t_wait = HITAG_T_WAIT_2; //DbpString("Configured for hitag2 reader"); } else { - Dbprintf("Error, unknown hitag reader type: %d",htf); - return; + Dbprintf("Error, unknown hitag reader type: %d", htf); + goto out; } - uint8_t attempt_count=0; - while(!bStop && !BUTTON_PRESS()) { - // Watchdog hit + + // wait for tag to power up + // t_PowerUp = 312,5 carrier periods + while (AT91C_BASE_TC0->TC_CV < T0*(312-t_wait)); + + uint8_t attempt_count = 0; + while (!bStop && !BUTTON_PRESS()) { WDT_HIT(); - + // Check if frame was captured and store it - if(rxlen > 0) { - frame_count++; + if (rxlen > 0) { + // frame_count++; if (!bQuiet) { - if (!LogTraceHitag(rx,rxlen,response,0,false)) { + if (!LogTraceHitag(rx, rxlen, response, 0, false)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -1364,31 +1372,37 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { } } } - + // By default reset the transmission buffer tx = txbuf; - switch(htf) { + switch (htf) { case RHT2F_PASSWORD: { - bStop = !hitag2_password(rx,rxlen,tx,&txlen); - } break; + bStop = !hitag2_password(rx, rxlen, tx, &txlen, false); + } + break; case RHT2F_AUTHENTICATE: { - bStop = !hitag2_authenticate(rx,rxlen,tx,&txlen); - } break; + bStop = !hitag2_authenticate(rx, rxlen, tx, &txlen); + } + break; case RHT2F_CRYPTO: { - bStop = !hitag2_crypto(rx,rxlen,tx,&txlen, false); - } break; + bStop = !hitag2_crypto(rx, rxlen, tx, &txlen, false); + } + break; case RHT2F_TEST_AUTH_ATTEMPTS: { - bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen); - } break; + bStop = !hitag2_test_auth_attempts(rx, rxlen, tx, &txlen); + } + break; case RHT2F_UID_ONLY: { bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen); attempt_count++; //attempt 3 times to get uid then quit - if (!bStop && attempt_count == 3) bStop = true; - } break; + if (!bStop && attempt_count == 3) + bStop = true; + } + break; default: { - Dbprintf("Error, unknown function: %d",htf); - return; - } break; + Dbprintf("Error, unknown function: %d", htf); + goto out; + } } // Send and store the reader command @@ -1400,22 +1414,22 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { // falling edge occured halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units - while(AT91C_BASE_TC0->TC_CV < T0*(t_wait+(HITAG_T_TAG_HALF_PERIOD*lastbit))); + while (AT91C_BASE_TC0->TC_CV < T0*(t_wait+(HITAG_T_TAG_HALF_PERIOD*lastbit))); //Dbprintf("DEBUG: Sending reader frame"); - + // Transmit the reader frame - hitag_reader_send_frame(tx,txlen); + hitag_reader_send_frame(tx, txlen); // Enable and reset external trigger in timer for capturing future frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Add transmitted frame to total count - if(txlen > 0) { - frame_count++; + if (txlen > 0) { + // frame_count++; if (!bQuiet) { // Store the frame in the trace - if (!LogTraceHitag(tx,txlen,HITAG_T_WAIT_2,0,true)) { + if (!LogTraceHitag(tx, txlen, HITAG_T_WAIT_2, 0, true)) { if (bQuitTraceFull) { break; } else { @@ -1426,7 +1440,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { } // Reset values for receiving frames - memset(rx,0x00,sizeof(rx)); + memset(rx, 0x00, sizeof(rx)); rxlen = 0; lastbit = 1; bSkip = true; @@ -1438,56 +1452,56 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { // Receive frame, watch for at most T0*EOF periods while (AT91C_BASE_TC1->TC_CV < T0*HITAG_T_WAIT_MAX) { // Check if falling edge in tag modulation is detected - if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values int ra = (AT91C_BASE_TC1->TC_RA/T0); - + // Reset timer every frame, we have to capture the last edge for timing AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - + LED_B_ON(); - + // Capture tag frame (manchester decoding using only falling edges) - if(ra >= HITAG_T_EOF) { + if (ra >= HITAG_T_EOF) { if (rxlen != 0) { //Dbprintf("DEBUG: Wierd1"); } // Capture the T0 periods that have passed since last communication or field drop (reset) // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra-HITAG_T_TAG_HALF_PERIOD; - } else if(ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { + response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { // Manchester coding example |-_|_-|-_| (101) //need to test to verify we don't exceed memory... //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; + // break; //} rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; - } else if(ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { // Manchester coding example |_-|...|_-|-_| (0...01) - + //need to test to verify we don't exceed memory... //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; + // break; //} rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; - // We have to skip this half period at start and add the 'one' the second time + // We have to skip this half period at start and add the 'one' the second time if (!bSkip) { rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; } lastbit = !lastbit; bSkip = !bSkip; - } else if(ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { // Manchester coding example |_-|_-| (00) or |-_|-_| (11) //need to test to verify we don't exceed memory... //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; + // break; //} if (tag_sof) { // Ignore bits that are transmitted during SOF @@ -1504,15 +1518,17 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { } } //if we saw over 100 wierd values break it probably isn't hitag... - if (errorCount >100) break; + if (errorCount > 100) break; // We can break this loop if we received the last bit from a frame if (AT91C_BASE_TC1->TC_CV > T0*HITAG_T_EOF) { - if (rxlen>0) break; + if (rxlen > 0) break; } } } + +out: //Dbprintf("DEBUG: Done waiting for frame"); - + LED_B_OFF(); LED_D_OFF(); AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; @@ -1521,32 +1537,31 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { //Dbprintf("frame received: %d",frame_count); //DbpString("All done"); if (bSuccessful) - cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); + cmd_send(CMD_ACK, bSuccessful, 0, 0, (uint8_t*)tag.sectors, 48); else - cmd_send(CMD_ACK,bSuccessful,0,0,0,0); - + cmd_send(CMD_ACK, bSuccessful, 0, 0, 0, 0); } -void WriterHitag(hitag_function htf, hitag_data* htd, int page) { - int frame_count; +void WriterHitag(hitag_function htf, hitag_data *htd, int page) { + // int frame_count; int response; - byte_t rx[HITAG_FRAME_LEN]; - size_t rxlen=0; - byte_t txbuf[HITAG_FRAME_LEN]; - byte_t* tx = txbuf; - size_t txlen=0; + uint8_t rx[HITAG_FRAME_LEN]; + size_t rxlen = 0; + uint8_t txbuf[HITAG_FRAME_LEN]; + uint8_t *tx = txbuf; + size_t txlen = 0; int lastbit; bool bSkip; - int reset_sof; + int reset_sof; int tag_sof; int t_wait = HITAG_T_WAIT_MAX; bool bStop; bool bQuitTraceFull = false; - + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // Reset the return status bSuccessful = false; - + // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); @@ -1554,73 +1569,88 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { //DbpString("Starting Hitag reader family"); // Check configuration - switch(htf) { - case WHT2F_CRYPTO: - { - DbpString("Authenticating using key:"); - memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code. - memcpy(writedata, htd->crypto.data, 4); - Dbhexdump(6,key,false); - blocknr = page; - bQuiet = false; - bCrypto = false; - bAuthenticating = false; - bQuitTraceFull = true; - writestate = WRITE_STATE_START; - } break; - default: { - Dbprintf("Error, unknown function: %d",htf); - return; - } break; + switch (htf) { + case WHT2F_CRYPTO: { + DbpString("Authenticating using key:"); + memcpy(key, htd->crypto.key, 6); //HACK; 4 or 6?? I read both in the code. + memcpy(writedata, htd->crypto.data, 4); + Dbhexdump(6, key, false); + blocknr = page; + bQuiet = false; + bCrypto = false; + bAuthenticating = false; + bQuitTraceFull = true; + writestate = WRITE_STATE_START; + } + break; + case WHT2F_PASSWORD: { + DbpString("Authenticating using password:"); + memcpy(password, htd->pwd.password, 4); + memcpy(writedata, htd->crypto.data, 4); + Dbhexdump(4, password, false); + blocknr = page; + bPwd = false; + bAuthenticating = false; + writestate = WRITE_STATE_START; + } + break; + default: { + Dbprintf("Error, unknown function: %d", htf); + return; + } + break; } - + LED_D_ON(); hitag2_init(); - + // Configure output and enable pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - + // Set fpga in edge detect with reader field, we can modulate as reader now FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); // Set Frequency divisor which will drive the FPGA and analog mux selection FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - RELAY_OFF(); // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); // Give it a bit of time for the resonant antenna to settle. SpinDelay(30); - + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - - // Disable timer during configuration + + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - - // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on falling edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; - + // Enable and reset counters AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Reset the received frame, frame count and timing info - frame_count = 0; + // frame_count = 0; response = 0; lastbit = 1; bStop = false; // Tag specific configuration settings (sof, timings, etc.) - if (htf < 10){ + if (htf < 10) { // hitagS settings reset_sof = 1; t_wait = 200; @@ -1636,18 +1666,18 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { t_wait = HITAG_T_WAIT_2; //DbpString("Configured for hitag2 reader"); } else { - Dbprintf("Error, unknown hitag reader type: %d",htf); + Dbprintf("Error, unknown hitag reader type: %d", htf); return; } - while(!bStop && !BUTTON_PRESS()) { - // Watchdog hit + while (!bStop && !BUTTON_PRESS()) { + WDT_HIT(); - + // Check if frame was captured and store it - if(rxlen > 0) { - frame_count++; + if (rxlen > 0) { + // frame_count++; if (!bQuiet) { - if (!LogTraceHitag(rx,rxlen,response,0,false)) { + if (!LogTraceHitag(rx, rxlen, response, 0, false)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -1657,44 +1687,50 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { } } } - + // By default reset the transmission buffer tx = txbuf; - switch(htf) { - case WHT2F_CRYPTO: { - bStop = !hitag2_crypto(rx,rxlen,tx,&txlen, true); - } break; - default: { - Dbprintf("Error, unknown function: %d",htf); - return; - } break; + switch (htf) { + case WHT2F_CRYPTO: { + bStop = !hitag2_crypto(rx, rxlen, tx, &txlen, true); + } + break; + case WHT2F_PASSWORD: { + bStop = !hitag2_password(rx, rxlen, tx, &txlen, true); + } + break; + default: { + Dbprintf("Error, unknown function: %d", htf); + return; + } + break; } - + // Send and store the reader command // Disable timer 1 with external trigger to avoid triggers during our own modulation AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - + // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the // falling edge occured halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units - while(AT91C_BASE_TC0->TC_CV < T0*(t_wait+(HITAG_T_TAG_HALF_PERIOD*lastbit))); - - //Dbprintf("DEBUG: Sending reader frame"); - - // Transmit the reader frame - hitag_reader_send_frame(tx,txlen); + while (AT91C_BASE_TC0->TC_CV < T0*(t_wait+(HITAG_T_TAG_HALF_PERIOD*lastbit))); - // Enable and reset external trigger in timer for capturing future frames + //Dbprintf("DEBUG: Sending reader frame"); + + // Transmit the reader frame + hitag_reader_send_frame(tx, txlen); + + // Enable and reset external trigger in timer for capturing future frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Add transmitted frame to total count - if(txlen > 0) { - frame_count++; + if (txlen > 0) { + // frame_count++; if (!bQuiet) { // Store the frame in the trace - if (!LogTraceHitag(tx,txlen,HITAG_T_WAIT_2,0,true)) { + if (!LogTraceHitag(tx, txlen, HITAG_T_WAIT_2, 0, true)) { if (bQuitTraceFull) { break; } else { @@ -1705,7 +1741,7 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { } // Reset values for receiving frames - memset(rx,0x00,sizeof(rx)); + memset(rx, 0x00, sizeof(rx)); rxlen = 0; lastbit = 1; bSkip = true; @@ -1717,57 +1753,57 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { // Receive frame, watch for at most T0*EOF periods while (AT91C_BASE_TC1->TC_CV < T0*HITAG_T_WAIT_MAX) { // Check if falling edge in tag modulation is detected - if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values int ra = (AT91C_BASE_TC1->TC_RA/T0); - + // Reset timer every frame, we have to capture the last edge for timing AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - + LED_B_ON(); - + // Capture tag frame (manchester decoding using only falling edges) - if(ra >= HITAG_T_EOF) { + if (ra >= HITAG_T_EOF) { if (rxlen != 0) { //Dbprintf("DEBUG: Wierd1"); } // Capture the T0 periods that have passed since last communication or field drop (reset) // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra-HITAG_T_TAG_HALF_PERIOD; - } else if(ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { + response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { // Manchester coding example |-_|_-|-_| (101) - //need to test to verify we don't exceed memory... - //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; - //} + // need to test to verify we don't exceed memory... + // if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { + // break; + // } rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; - } else if(ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { // Manchester coding example |_-|...|_-|-_| (0...01) - - //need to test to verify we don't exceed memory... - //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; - //} + + // need to test to verify we don't exceed memory... + // if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { + // break; + // } rx[rxlen / 8] |= 0 << (7-(rxlen%8)); rxlen++; - // We have to skip this half period at start and add the 'one' the second time + // We have to skip this half period at start and add the 'one' the second time if (!bSkip) { rx[rxlen / 8] |= 1 << (7-(rxlen%8)); rxlen++; } lastbit = !lastbit; bSkip = !bSkip; - } else if(ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - //need to test to verify we don't exceed memory... - //if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { - // break; - //} + // need to test to verify we don't exceed memory... + // if ( ((rxlen+2) / 8) > HITAG_FRAME_LEN) { + // break; + // } if (tag_sof) { // Ignore bits that are transmitted during SOF tag_sof--; @@ -1777,28 +1813,27 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { rxlen++; } } else { - //Dbprintf("DEBUG: Wierd2"); + // Dbprintf("DEBUG: Wierd2"); errorCount++; - // Ignore wierd value, is to small to mean anything + // Ignore wierd value, it is too small to mean anything } } - //if we saw over 100 wierd values break it probably isn't hitag... - if (errorCount >100) break; + // if we saw over 100 wierd values break it probably isn't hitag... + if (errorCount > 100) break; // We can break this loop if we received the last bit from a frame if (AT91C_BASE_TC1->TC_CV > T0*HITAG_T_EOF) { - if (rxlen>0) break; + if (rxlen > 0) break; } } - + // Wait some extra time for flash to be programmed - if ((rxlen == 0) && (writestate == WRITE_STATE_PROG)) - { + if ((rxlen == 0) && (writestate == WRITE_STATE_PROG)) { AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - while(AT91C_BASE_TC0->TC_CV < T0*(HITAG_T_PROG - HITAG_T_WAIT_MAX)); + while (AT91C_BASE_TC0->TC_CV < T0*(HITAG_T_PROG - HITAG_T_WAIT_MAX)); } } //Dbprintf("DEBUG: Done waiting for frame"); - + LED_B_OFF(); LED_D_OFF(); AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; @@ -1806,5 +1841,5 @@ void WriterHitag(hitag_function htf, hitag_data* htd, int page) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); //Dbprintf("frame received: %d",frame_count); //DbpString("All done"); - cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); + cmd_send(CMD_ACK, bSuccessful, 0, 0, (uint8_t*)tag.sectors, 48); } diff --git a/armsrc/hitag2.h b/armsrc/hitag2.h new file mode 100644 index 00000000..3883c17b --- /dev/null +++ b/armsrc/hitag2.h @@ -0,0 +1,24 @@ +//----------------------------------------------------------------------------- +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Hitag2 emulation +// +// (c) 2009 Henryk Plötz +// (c) 2012 Roel Verdult +//----------------------------------------------------------------------------- + +#ifndef HITAG2_H__ +#define HITAG2_H__ + +#include +#include +#include "hitag.h" + +extern void SnoopHitag(uint32_t type); +extern void SimulateHitagTag(bool tag_mem_supplied, uint8_t* data); +extern void ReaderHitag(hitag_function htf, hitag_data* htd); +extern void WriterHitag(hitag_function htf, hitag_data* htd, int page); + +#endif diff --git a/armsrc/hitagS.c b/armsrc/hitagS.c index f6ba0c6b..2f5d6289 100644 --- a/armsrc/hitagS.c +++ b/armsrc/hitagS.c @@ -12,30 +12,21 @@ //----------------------------------------------------------------------------- +#include "hitagS.h" + #include #include "proxmark3.h" #include "apps.h" +#include "usb_cdc.h" #include "util.h" -#include "hitagS.h" -#include "hitag2.h" +#include "hitag.h" #include "string.h" #include "BigBuf.h" +#include "fpgaloader.h" #define CRC_PRESET 0xFF #define CRC_POLYNOM 0x1D -#define u8 uint8_t -#define u32 uint32_t -#define u64 uint64_t -#define rev8(x) ((((x)>>7)&1)+((((x)>>6)&1)<<1)+((((x)>>5)&1)<<2)+((((x)>>4)&1)<<3)+((((x)>>3)&1)<<4)+((((x)>>2)&1)<<5)+((((x)>>1)&1)<<6)+(((x)&1)<<7)) -#define rev16(x) (rev8 (x)+(rev8 (x>> 8)<< 8)) -#define rev32(x) (rev16(x)+(rev16(x>>16)<<16)) -#define rev64(x) (rev32(x)+(rev32(x>>32)<<32)) -#define bit(x,n) (((x)>>(n))&1) -#define bit32(x,n) ((((x)[(n)>>5])>>((n)))&1) -#define inv32(x,i,n) ((x)[(i)>>5]^=((u32)(n))<<((i)&31)) -#define rotl64(x, n) ((((u64)(x))<<((n)&63))+(((u64)(x))>>((0-(n))&63))) - static bool bQuiet; static bool bSuccessful; static struct hitagS_tag tag; @@ -44,28 +35,27 @@ static int block_data_left = 0; typedef enum modulation { AC2K = 0, AC4K, MC4K, MC8K } MOD; -static MOD m = AC2K; //used modulation +static MOD m = AC2K; //used modulation static uint32_t temp_uid; static int temp2 = 0; -static int sof_bits; //number of start-of-frame bits -static byte_t pwdh0, pwdl0, pwdl1; //password bytes -static uint32_t rnd = 0x74124485; //randomnumber +static int sof_bits; //number of start-of-frame bits +static byte_t pwdh0, pwdl0, pwdl1; //password bytes +static uint32_t rnd = 0x74124485; //randomnumber static int test = 0; -size_t blocknr; bool end=false; // Single bit Hitag2 functions: -#define i4(x,a,b,c,d) ((u32)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8)) -static const u32 ht2_f4a = 0x2C79; // 0010 1100 0111 1001 -static const u32 ht2_f4b = 0x6671; // 0110 0110 0111 0001 -static const u32 ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 -#define ht2bs_4a(a,b,c,d) (~(((a|b)&c)^(a|d)^b)) -#define ht2bs_4b(a,b,c,d) (~(((d|c)&(a^b))^(d|a|b))) -#define ht2bs_5c(a,b,c,d,e) (~((((((c^e)|d)&a)^b)&(c^b))^(((d^e)|a)&((d^b)|c)))) -#define uf20bs u32 +#define i4(x,a,b,c,d) ((uint32_t)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8)) +static const uint32_t ht2_f4a = 0x2C79; // 0010 1100 0111 1001 +static const uint32_t ht2_f4b = 0x6671; // 0110 0110 0111 0001 +static const uint32_t ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 +#define ht2bs_4a(a,b,c,d) (~(((a|b)&c)^(a|d)^b)) +#define ht2bs_4b(a,b,c,d) (~(((d|c)&(a^b))^(d|a|b))) +#define ht2bs_5c(a,b,c,d,e) (~((((((c^e)|d)&a)^b)&(c^b))^(((d^e)|a)&((d^b)|c)))) +#define uf20bs uint32_t -static u32 f20(const u64 x) { - u32 i5; +static uint32_t f20(const uint64_t x) { + uint32_t i5; i5 = ((ht2_f4a >> i4(x, 1, 2, 4, 5)) & 1) * 1 + ((ht2_f4b >> i4(x, 7, 11, 13, 14)) & 1) * 2 @@ -75,8 +65,19 @@ static u32 f20(const u64 x) { return (ht2_f5c >> i5) & 1; } -static u64 hitag2_round(u64 *state) { - u64 x = *state; + +static uint64_t hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV) { + uint32_t i; + uint64_t x = ((key & 0xFFFF) << 32) + serial; + for (i = 0; i < 32; i++) { + x >>= 1; + x += (uint64_t) (f20(x) ^ (((IV >> i) ^ (key >> (i + 16))) & 1)) << 47; + } + return x; +} + +static uint64_t hitag2_round(uint64_t *state) { + uint64_t x = *state; x = (x >> 1) + ((((x >> 0) ^ (x >> 2) ^ (x >> 3) ^ (x >> 6) ^ (x >> 7) ^ (x >> 8) @@ -87,20 +88,12 @@ static u64 hitag2_round(u64 *state) { *state = x; return f20(x); } -static u64 hitag2_init(const u64 key, const u32 serial, const u32 IV) { - u32 i; - u64 x = ((key & 0xFFFF) << 32) + serial; - for (i = 0; i < 32; i++) { - x >>= 1; - x += (u64) (f20(x) ^ (((IV >> i) ^ (key >> (i + 16))) & 1)) << 47; - } - return x; -} -static u32 hitag2_byte(u64 *x) { - u32 i, c; + +static uint32_t hitag2_byte(uint64_t *x) { + uint32_t i, c; for (i = 0, c = 0; i < 8; i++) - c += (u32) hitag2_round(x) << (i ^ 7); + c += (uint32_t) hitag2_round(x) << (i ^ 7); return c; } @@ -108,34 +101,34 @@ static u32 hitag2_byte(u64 *x) { // TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz // Hitag units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier) // T0 = TIMER_CLOCK1 / 125000 = 192 -#define T0 192 +#define T0 192 -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) +#define SHORT_COIL() LOW(GPIO_SSC_DOUT) +#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) -#define HITAG_FRAME_LEN 20 -#define HITAG_T_STOP 36 /* T_EOF should be > 36 */ -#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */ -#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ -#define HITAG_T_1_MIN 25 /* T[1] should be 26..30 */ +#define HITAG_FRAME_LEN 20 +#define HITAG_T_STOP 36 /* T_EOF should be > 36 */ +#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */ +#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ +#define HITAG_T_1_MIN 25 /* T[1] should be 26..30 */ //#define HITAG_T_EOF 40 /* T_EOF should be > 36 */ -#define HITAG_T_EOF 80 /* T_EOF should be > 36 */ -#define HITAG_T_WAIT_1 200 /* T_wresp should be 199..206 */ -#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ -#define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */ +#define HITAG_T_EOF 80 /* T_EOF should be > 36 */ +#define HITAG_T_WAIT_1 200 /* T_wresp should be 199..206 */ +#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ +#define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */ -#define HITAG_T_TAG_ONE_HALF_PERIOD 10 -#define HITAG_T_TAG_TWO_HALF_PERIOD 25 -#define HITAG_T_TAG_THREE_HALF_PERIOD 41 -#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 - -#define HITAG_T_TAG_HALF_PERIOD 16 -#define HITAG_T_TAG_FULL_PERIOD 32 - -#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 -#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 -#define HITAG_T_TAG_CAPTURE_THREE_HALF 41 -#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 +#define HITAG_T_TAG_ONE_HALF_PERIOD 10 +#define HITAG_T_TAG_TWO_HALF_PERIOD 25 +#define HITAG_T_TAG_THREE_HALF_PERIOD 41 +#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 + +#define HITAG_T_TAG_HALF_PERIOD 16 +#define HITAG_T_TAG_FULL_PERIOD 32 + +#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 +#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 +#define HITAG_T_TAG_CAPTURE_THREE_HALF 41 +#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 #define DEBUG 0 @@ -156,112 +149,112 @@ void calc_crc(unsigned char * crc, unsigned char data, unsigned char Bitcount) { } while (--Bitcount); } + static void hitag_send_bit(int bit) { LED_A_ON(); // Reset clock for the next bit AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; switch (m) { - case AC2K: - if (bit == 0) { - // AC Coding --__ - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 32) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 64) - ; - } else { - // AC coding -_-_ - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 32) - ; - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 48) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 64) - ;; - } - LED_A_OFF(); - break; - case AC4K: - if (bit == 0) { - // AC Coding --__ - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD) - ; - } else { - // AC coding -_-_ - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 8) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 24) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 32) - ; - } - LED_A_OFF(); - break; - case MC4K: - if (bit == 0) { - // Manchester: Unloaded, then loaded |__--| - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 32) - ; - } else { - // Manchester: Loaded, then unloaded |--__| - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 32) - ; - } - LED_A_OFF(); - break; - case MC8K: - if (bit == 0) { - // Manchester: Unloaded, then loaded |__--| - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 8) - ; - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - } else { - // Manchester: Loaded, then unloaded |--__| - HIGH(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 8) - ; - LOW(GPIO_SSC_DOUT); - while (AT91C_BASE_TC0->TC_CV < T0 * 16) - ; - } - LED_A_OFF(); - break; - default: - break; + case AC2K: + if (bit == 0) { + // AC Coding --__ + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 32) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 64) + ; + } else { + // AC coding -_-_ + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 32) + ; + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 48) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 64) + ;; + } + LED_A_OFF(); + break; + case AC4K: + if (bit == 0) { + // AC Coding --__ + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD) + ; + } else { + // AC coding -_-_ + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 8) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 24) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 32) + ; + } + LED_A_OFF(); + break; + case MC4K: + if (bit == 0) { + // Manchester: Unloaded, then loaded |__--| + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 32) + ; + } else { + // Manchester: Loaded, then unloaded |--__| + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 32) + ; + } + LED_A_OFF(); + break; + case MC8K: + if (bit == 0) { + // Manchester: Unloaded, then loaded |__--| + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 8) + ; + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + } else { + // Manchester: Loaded, then unloaded |--__| + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 8) + ; + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 16) + ; + } + LED_A_OFF(); + break; + default: + break; } } -static void hitag_send_frame(const byte_t* frame, size_t frame_len) { +static void hitag_tag_send_frame(const byte_t* frame, size_t frame_len) { // Send start of frame - for (size_t i = 0; i < sof_bits; i++) { hitag_send_bit(1); } @@ -289,7 +282,7 @@ static void hitag_reader_send_bit(int bit) { // Wait for 4-10 times the carrier period while (AT91C_BASE_TC0->TC_CV < T0 * 6) ; - // SpinDelayUs(8*8); + // SpinDelayUs(8*8); // Disable modulation, just activates the field again LOW(GPIO_SSC_DOUT); @@ -298,18 +291,18 @@ static void hitag_reader_send_bit(int bit) { // Zero bit: |_-| while (AT91C_BASE_TC0->TC_CV < T0 * 11) ; - // SpinDelayUs(16*8); + // SpinDelayUs(16*8); } else { // One bit: |_--| while (AT91C_BASE_TC0->TC_CV < T0 * 14) ; - // SpinDelayUs(22*8); + // SpinDelayUs(22*8); } } else { // Wait for 4-10 times the carrier period while (AT91C_BASE_TC0->TC_CV < T0 * 6) ; - // SpinDelayUs(8*8); + // SpinDelayUs(8*8); // Disable modulation, just activates the field again LOW(GPIO_SSC_DOUT); @@ -318,12 +311,12 @@ static void hitag_reader_send_bit(int bit) { // Zero bit: |_-| while (AT91C_BASE_TC0->TC_CV < T0 * 22) ; - // SpinDelayUs(16*8); + // SpinDelayUs(16*8); } else { // One bit: |_--| while (AT91C_BASE_TC0->TC_CV < T0 * 28) ; - // SpinDelayUs(22*8); + // SpinDelayUs(22*8); } } @@ -331,12 +324,12 @@ static void hitag_reader_send_bit(int bit) { } static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) { -// Send the content of the frame + // Send the content of the frame for (size_t i = 0; i < frame_len; i++) { if (frame[0] == 0xf8) { //Dbprintf("BIT: %d",(frame[i / 8] >> (7 - (i % 8))) & 1); } - hitag_reader_send_bit((frame[i / 8] >> (7 - (i % 8))) & 1); + hitag_reader_send_bit(((frame[i / 8] >> (7 - (i % 8))) & 1)); } // Send EOF AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; @@ -349,6 +342,485 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) { LOW(GPIO_SSC_DOUT); } +static void hitag_decode_frame_MC(int bitRate, int sofBits, byte_t* rx, size_t* rxlenOrg, int* response, int rawMod[], int rawLen) { + size_t rxlen = 0; + bool bSkip = true; + int lastbit = 1; + int tag_sof = 0; + int timing = 1; + if (bitRate == 8) { + timing = 2; + } + + for (int i=0; i < rawLen; i++) { + int ra = rawMod[i]; + if (ra >= HITAG_T_EOF) { + if (rxlen != 0) { + //DbpString("wierd1?"); + } + tag_sof = sofBits; + + // Capture the T0 periods that have passed since last communication or field drop (reset) + // We always recieve a 'one' first, which has the falling edge after a half period |-_| + *response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF / timing) { + tag_sof=0; + // Manchester coding example |-_|_-|-_| (101) + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); + rxlen++; + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF / timing) { + tag_sof=0; + // Manchester coding example |_-|...|_-|-_| (0...01) + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + // We have to skip this half period at start and add the 'one' the second time + if (!bSkip) { + rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); + rxlen++; + } + lastbit = !lastbit; + bSkip = !bSkip; + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF / timing) { + // Manchester coding example |_-|_-| (00) or |-_|-_| (11) + if (tag_sof) { + // Ignore bits that are transmitted during SOF + tag_sof--; + } else { + // bit is same as last bit + rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); + rxlen++; + } + } else { + // Ignore wierd value, is to small to mean anything + } + } + *rxlenOrg = rxlen; +} + +/* +static void hitag_decode_frame_AC2K_rising(byte_t* rx, size_t* rxlenOrg, int* response, int rawMod[], int rawLen) { + int tag_sof = 1; //skip start of frame + size_t rxlen = 0; + + for (int i=0; i < rawLen; i++) { + int ra = rawMod[i]; + if (ra >= HITAG_T_EOF) { + if (rxlen != 0) { + //DbpString("wierd1?"); + } + // Capture the T0 periods that have passed since last communication or field drop (reset) + // We always recieve a 'one' first, which has the falling edge after a half period |-_| + tag_sof = 1; + *response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { + // AC coding example |--__|--__| means 0 + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + if (rawMod[i+1] == 0) { //TODO: this is weird - may we miss one capture with current configuration + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + i++; //drop next capture + } + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + if (tag_sof) { + // Ignore bits that are transmitted during SOF + tag_sof--; + } else { + // AC coding example |-_-_|-_-_| which means 1 + //check if another high is coming (only -_-_ = 1) except end of the frame (support 0) + if (rawMod[i+1] == 0 || rawMod[i+1] >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); + rxlen++; + i++; //drop next capture + } else { + Dbprintf("got weird high - %d,%d", ra, rawMod[i+1]); + } + } + } else { + // Ignore wierd value, is to small to mean anything + } + } + *rxlenOrg = rxlen; +} +*/ + +static void hitag_decode_frame_AC(int bitRate, int sofBits, byte_t* rx, size_t* rxlenOrg, int* response, int rawMod[], int rawLen) { + int tag_sof = 1; + size_t rxlen = 0; + int timing = 1; + if (bitRate == 4) { + timing = 2; + } + + + for (int i=0; i < rawLen; i++) { + int ra = rawMod[i]; + if (ra >= HITAG_T_EOF) { + if (rxlen != 0) { + //DbpString("wierd1?"); + } + + // Capture the T0 periods that have passed since last communication or field drop (reset) + // We always recieve a 'one' first, which has the falling edge after a half period |-_| + tag_sof = sofBits; + *response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF / timing) { + tag_sof=0; + + // AC coding example |--__|--__| means 0 + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF / timing) { + tag_sof=0; + + if (rawMod[i-1] >= HITAG_T_TAG_CAPTURE_THREE_HALF / timing) { + //treat like HITAG_T_TAG_CAPTURE_TWO_HALF + if (rawMod[i+1] >= HITAG_T_TAG_CAPTURE_TWO_HALF / timing) { + rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); + rxlen++; + i++; //drop next capture + } else { + Dbprintf("got weird value - %d,%d", ra, rawMod[i+1]); + } + } else { + //treat like HITAG_T_TAG_CAPTURE_FOUR_HALF + rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); + rxlen++; + } + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF / timing) { + if (tag_sof) { + // Ignore bits that are transmitted during SOF + tag_sof--; + } else { + // AC coding example |-_-_|-_-_| which means 1 + //check if another high is coming (only -_-_ = 1) except end of the frame (support 0) + if (rawMod[i+1] == 0 || rawMod[i+1] >= HITAG_T_TAG_CAPTURE_TWO_HALF / timing) { + rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); + rxlen++; + i++; //drop next capture + } else { + Dbprintf("got weird value - %d,%d", ra, rawMod[i+1]); + } + } + } else { + // Ignore wierd value, is to small to mean anything + } + } + *rxlenOrg = rxlen; +} + +static void hitag_receive_frame(byte_t* rx, size_t* rxlen, int* response) { + int rawMod[200] = {0}; + int rawLen = 0; + int i = 0; + int sofBits = 0; + + m = MC4K; + if (tag.pstate == READY) { + switch (tag.mode) { + case STANDARD: + m = AC2K; + sofBits = 1; + break; + case ADVANCED: + m = AC2K; + sofBits = 5; //3 sof bits but 5 captures + break; + case FAST_ADVANCED: + m = AC4K; + sofBits = 5; //3 sof bits but 5 captures + break; + default: + break; + } + } else { + switch (tag.mode) { + case STANDARD: + m = MC4K; + sofBits = 0; //in theory 1 + break; + case ADVANCED: + m = MC4K; + sofBits = 5; //in theory 6 + break; + case FAST_ADVANCED: + m = MC8K; + sofBits = 5; //in theory 6 + break; + default: + break; + } + } + + //rising AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; + + + //first capture timing values + while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX ) { + // Check if rising edge in modulation is detected + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values + int ra = (AT91C_BASE_TC1->TC_RA / T0); + + LED_B_ON(); + // Reset timer every frame, we have to capture the last edge for timing + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; + //AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + + if (rawLen >= 200) { //avoid exception + break; + } + rawMod[rawLen] = ra; + rawLen++; + + // We can break this loop if we received the last bit from a frame + if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { + if (rawLen > 2) { + if (DEBUG >= 2) { Dbprintf("AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF breaking (%d)", rawLen); } + break; + } + } + } + } + + if (DEBUG >= 2) { + for (i=0; i < rawLen; i+=20) { + Dbprintf("raw modulation: - %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d", + rawMod[i],rawMod[i+1],rawMod[i+2],rawMod[i+3], rawMod[i+4],rawMod[i+5],rawMod[i+6],rawMod[i+7], + rawMod[i+8],rawMod[i+9],rawMod[i+10],rawMod[i+11], rawMod[i+12],rawMod[i+13],rawMod[i+14],rawMod[i+15], + rawMod[i+16],rawMod[i+17],rawMod[i+18],rawMod[i+19] + ); + } + } + + switch (m) { + // DATA | 1 | 0 | 1 | 1 | 0 | + // Manchester |--__|__--|--__|--__|__--| + // Anti Collision |-_-_|--__|-_-_|-_-_|--__| + // |<-->| + // | T | + case AC2K: + if (DEBUG >= 2) { Dbprintf("decoding frame with modulation AC2K"); } + hitag_decode_frame_AC(2, sofBits, rx, rxlen, response, rawMod, rawLen); + break; + case AC4K: + if (DEBUG >= 2) { Dbprintf("decoding frame with modulation AC4K"); } + hitag_decode_frame_AC(4, sofBits, rx, rxlen, response, rawMod, rawLen); + break; + case MC4K: + if (DEBUG >= 2) { Dbprintf("decoding frame with modulation MC4K"); } + hitag_decode_frame_MC(4, sofBits, rx, rxlen, response, rawMod, rawLen); + break; + case MC8K: + if (DEBUG >= 2) { Dbprintf("decoding frame with modulation MC8K"); } + hitag_decode_frame_MC(8, sofBits, rx, rxlen, response, rawMod, rawLen); + break; + } + + LED_B_OFF(); + if (DEBUG >= 2) { + int rb[200] = {0}; int z = 0; + for (i = 0; i < 16; i++) { for (int j = 0; j < 8; j++) { + rb[z] = 0; + if ((rx[i] & ((1 << 7) >> j)) != 0) { rb[z] = 1; } + z++; + } } + for (i=0; i < z; i+=8) { + Dbprintf("raw bit: - %d%d%d%d%d%d%d%d", rb[i],rb[i+1],rb[i+2],rb[i+3],rb[i+4],rb[i+5],rb[i+6],rb[i+7] ); + } + } +} + +static void hitag_start_auth(byte_t* tx, size_t* txlen) { + *txlen = 5; + switch (tag.mode) { + case STANDARD: + //00110 - 0x30 - STANDARD MODE + memcpy(tx, "\x30", nbytes(*txlen)); + break; + case ADVANCED: + //11000 - 0xc0 - Advance Mode + memcpy(tx, "\xc0", nbytes(*txlen)); + break; + case FAST_ADVANCED: + //TODO! + break; + default: //STANDARD MODE + memcpy(tx, "\x30", nbytes(*txlen)); + break; + } + tag.pstate = READY; + tag.tstate = NO_OP; +} + +static int hitag_read_page(hitag_function htf, uint64_t key, byte_t* rx, size_t* rxlen, byte_t* tx, size_t* txlen, int pageNum) { + int i, j, z; + int response_bit[200]; + unsigned char mask = 1; + unsigned char crc; + unsigned char pageData[32]; + + if (pageNum >= tag.max_page) { + return -1; + } + if (tag.pstate == SELECTED && tag.tstate == NO_OP && *rxlen > 0) { + //send read request + tag.tstate = READING_PAGE; + *txlen = 20; + crc = CRC_PRESET; + tx[0] = 0xc0 + (pageNum / 16); + calc_crc(&crc, tx[0], 8); + calc_crc(&crc, 0x00 + ((pageNum % 16) * 16), 4); + tx[1] = 0x00 + ((pageNum % 16) * 16) + (crc / 16); + tx[2] = 0x00 + (crc % 16) * 16; + } else if (tag.pstate == SELECTED && tag.tstate == READING_PAGE && *rxlen > 0) { + //save received data + z = 0; + for (i = 0; i < 4; i++) { + for (j = 0; j < 8; j++) { + response_bit[z] = 0; + if ((rx[i] & ((mask << 7) >> j)) != 0) { + response_bit[z] = 1; + } + if (z < 32) { + pageData[z] = response_bit[z]; + } + + z++; + } + } + for (i = 0; i < 4; i++) { + tag.pages[pageNum][i] = 0x0; + } + for (i = 0; i < 4; i++) { + tag.pages[pageNum][i] += ((pageData[i * 8] << 7) | (pageData[1 + (i * 8)] << 6) | + (pageData[2 + (i * 8)] << 5) | (pageData[3 + (i * 8)] << 4) | + (pageData[4 + (i * 8)] << 3) | (pageData[5 + (i * 8)] << 2) | + (pageData[6 + (i * 8)] + << 1) | pageData[7 + (i * 8)]); + } + if (tag.auth && tag.LKP && pageNum == 1) { + Dbprintf("Page[%2d]: %02X %02X %02X %02X", pageNum, pwdh0, + tag.pages[pageNum][2], tag.pages[pageNum][1], tag.pages[pageNum][0]); + } else { + Dbprintf("Page[%2d]: %02X %02X %02X %02X", pageNum, + tag.pages[pageNum][3], tag.pages[pageNum][2], + tag.pages[pageNum][1], tag.pages[pageNum][0]); + } + + + //display key and password if possible + if (pageNum == 1 && tag.auth == 1 && tag.LKP) { + if (htf == 02) { //RHTS_KEY + Dbprintf("Page[ 2]: %02X %02X %02X %02X", + (byte_t)(key >> 8) & 0xff, + (byte_t) key & 0xff, pwdl1, pwdl0); + Dbprintf("Page[ 3]: %02X %02X %02X %02X", + (byte_t)(key >> 40) & 0xff, + (byte_t)(key >> 32) & 0xff, + (byte_t)(key >> 24) & 0xff, + (byte_t)(key >> 16) & 0xff); + } else { + //if the authentication is done with a challenge the key and password are unknown + Dbprintf("Page[ 2]: __ __ __ __"); + Dbprintf("Page[ 3]: __ __ __ __"); + } + } + + *txlen = 20; + crc = CRC_PRESET; + tx[0] = 0xc0 + ((pageNum+1) / 16); + calc_crc(&crc, tx[0], 8); + calc_crc(&crc, 0x00 + (((pageNum+1) % 16) * 16), 4); + tx[1] = 0x00 + (((pageNum+1) % 16) * 16) + (crc / 16); + tx[2] = 0x00 + (crc % 16) * 16; + + return 1; + } + return 0; +} + +static int hitag_read_block(hitag_function htf, uint64_t key, byte_t* rx, size_t* rxlen, byte_t* tx, size_t* txlen, int blockNum) { + int i, j, z; + int response_bit[200]; + unsigned char mask = 1; + unsigned char crc; + unsigned char blockData[128]; + + if (blockNum+4 >= tag.max_page) { //block always = 4 pages + return -1; + } + + if (tag.pstate == SELECTED && tag.tstate == NO_OP && *rxlen > 0) { + //send read request + tag.tstate = READING_BLOCK; + *txlen = 20; + crc = CRC_PRESET; + tx[0] = 0xd0 + (blockNum / 16); + calc_crc(&crc, tx[0], 8); + calc_crc(&crc, 0x00 + ((blockNum % 16) * 16), 4); + tx[1] = 0x00 + ((blockNum % 16) * 16) + (crc / 16); + tx[2] = 0x00 + (crc % 16) * 16; + } else if (tag.pstate == SELECTED && tag.tstate == READING_BLOCK && *rxlen > 0) { + //save received data + z = 0; + for (i = 0; i < 16; i++) { + for (j = 0; j < 8; j++) { + response_bit[z] = 0; + if ((rx[i] & ((mask << 7) >> j)) != 0) { + response_bit[z] = 1; + } + if (z < 128) { + blockData[z] = response_bit[z]; + } + z++; + } + } + + for (z = 0; z < 4; z++) { //4 pages + for (i = 0; i < 4; i++) { + tag.pages[blockNum+z][i] = 0x0; + } + } + for (z = 0; z < 4; z++) { //4 pages + for (i = 0; i < 4; i++) { + j = (i * 8) + (z*32); //bit in page + pageStart + tag.pages[blockNum+z][i] = ((blockData[j] << 7) | (blockData[1 + j] << 6) | + (blockData[2 + j] << 5) | (blockData[3 + j] << 4) | + (blockData[4 + j] << 3) | (blockData[5 + j] << 2) | + (blockData[6 + j] << 1) | blockData[7 + j]); + } + } + if (DEBUG) { + for (z = 0; z < 4; z++) { + Dbprintf("Page[%2d]: %02X %02X %02X %02X", blockNum+z, + tag.pages[blockNum+z][3], tag.pages[blockNum+z][2], + tag.pages[blockNum+z][1], tag.pages[blockNum+z][0]); + } + } + Dbprintf("Block[%2d]: %02X %02X %02X %02X - %02X %02X %02X %02X - %02X %02X %02X %02X - %02X %02X %02X %02X", blockNum, + tag.pages[blockNum][3], tag.pages[blockNum][2], tag.pages[blockNum][1], tag.pages[blockNum][0], + tag.pages[blockNum+1][3], tag.pages[blockNum+1][2], tag.pages[blockNum+1][1], tag.pages[blockNum+1][0], + tag.pages[blockNum+2][3], tag.pages[blockNum+2][2], tag.pages[blockNum+2][1], tag.pages[blockNum+2][0], + tag.pages[blockNum+3][3], tag.pages[blockNum+3][2], tag.pages[blockNum+3][1], tag.pages[blockNum+3][0]); + + *txlen = 20; + crc = CRC_PRESET; + tx[0] = 0xd0 + ((blockNum+4) / 16); + calc_crc(&crc, tx[0], 8); + calc_crc(&crc, 0x00 + (((blockNum+4) % 16) * 16), 4); + tx[1] = 0x00 + (((blockNum+4) % 16) * 16) + (crc / 16); + tx[2] = 0x00 + (crc % 16) * 16; + + return 1; + } + return 0; +} + + /* * to check if the right uid was selected */ @@ -377,47 +849,86 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t rx_air[HITAG_FRAME_LEN]; byte_t page; int i; - u64 state; + uint64_t state; unsigned char crc; -// Copy the (original) received frame how it is send over the air + // Copy the (original) received frame how it is send over the air memcpy(rx_air, rx, nbytes(rxlen)); -// Reset the transmission frame length + // Reset the transmission frame length *txlen = 0; -// Try to find out which command was send by selecting on length (in bits) + // Try to find out which command was send by selecting on length (in bits) switch (rxlen) { - case 5: { - //UID request with a selected response protocol mode - tag.pstate = READY; - tag.tstate = NO_OP; - if ((rx[0] & 0xf0) == 0x30) { - tag.mode = STANDARD; - sof_bits = 1; - m = AC2K; - } - if ((rx[0] & 0xf0) == 0xc0) { - tag.mode = ADVANCED; - sof_bits = 3; - m = AC2K; - } - - if ((rx[0] & 0xf0) == 0xd0) { - tag.mode = FAST_ADVANCED; - sof_bits = 3; - m = AC4K; - } - //send uid as a response - *txlen = 32; - for (i = 0; i < 4; i++) - tx[i] = (tag.uid >> (24 - (i * 8))) & 0xff; - } - break; - case 45: { - //select command from reader received - if (check_select(rx, tag.uid) == 1) { - //if the right tag was selected + case 5: { + //UID request with a selected response protocol mode + tag.pstate = READY; + tag.tstate = NO_OP; + if ((rx[0] & 0xf0) == 0x30) { + Dbprintf("recieved uid request in Standard Mode"); + tag.mode = STANDARD; + sof_bits = 1; + m = AC2K; + } + if ((rx[0] & 0xf0) == 0xc0) { + Dbprintf("recieved uid request in ADVANCE Mode"); + tag.mode = ADVANCED; + sof_bits = 3; + m = AC2K; + } + if ((rx[0] & 0xf0) == 0xd0) { + Dbprintf("recieved uid request in FAST_ADVANCE Mode"); + tag.mode = FAST_ADVANCED; + sof_bits = 3; + m = AC4K; + } + //send uid as a response *txlen = 32; - switch (tag.mode) { + for (i = 0; i < 4; i++) { + tx[i] = (tag.uid >> (24 - (i * 8))) & 0xff; + } + } + break; + case 45: { + //select command from reader received + if (check_select(rx, tag.uid) == 1) { + //if the right tag was selected + *txlen = 32; + switch (tag.mode) { + case STANDARD: + Dbprintf("uid selected in Standard Mode"); + sof_bits = 1; + m = MC4K; + break; + case ADVANCED: + Dbprintf("uid selected in ADVANCE Mode"); + sof_bits = 6; + m = MC4K; + break; + case FAST_ADVANCED: + Dbprintf("uid selected in FAST_ADVANCE Mode"); + sof_bits = 6; + m = MC8K; + break; + default: + break; + } + + //send configuration + tx[0] = tag.pages[1][3]; + tx[1] = tag.pages[1][2]; + tx[2] = tag.pages[1][1]; + tx[3] = 0xff; + if (tag.mode != STANDARD) { + *txlen = 40; + crc = CRC_PRESET; + for (i = 0; i < 4; i++) + calc_crc(&crc, tx[i], 8); + tx[4] = crc; + } + } + } + break; + case 64: { + switch (tag.mode) { case STANDARD: sof_bits = 1; m = MC4K; @@ -432,53 +943,23 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, break; default: break; - } - - //send configuration - for (i = 0; i < 4; i++) - tx[i] = (tag.pages[0][1] >> (i * 8)) & 0xff; - tx[3] = 0xff; - if (tag.mode != STANDARD) { - *txlen = 40; - crc = CRC_PRESET; - for (i = 0; i < 4; i++) - calc_crc(&crc, tx[i], 8); - tx[4] = crc; - } } - } - break; - case 64: { //challenge message received Dbprintf("Challenge for UID: %X", temp_uid); temp2++; - *txlen = 32; - state = hitag2_init(rev64(tag.key), rev32(tag.pages[0][0]), - rev32(((rx[3] << 24) + (rx[2] << 16) + (rx[1] << 8) + rx[0]))); + state = hitag2_init(REV64(tag.key), REV32(tag.pages[0][0]), + REV32(((rx[3] << 24) + (rx[2] << 16) + (rx[1] << 8) + rx[0]))); Dbprintf( ",{0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X}", rx[0], rx[1], rx[2], rx[3], rx[4], rx[5], rx[6], rx[7]); - switch (tag.mode) { - case STANDARD: - sof_bits = 1; - m = MC4K; - break; - case ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; + + for (i = 0; i < 4; i++) { + hitag2_byte(&state); } - for (i = 0; i < 4; i++) - hitag2_byte(&state); + *txlen = 32; //send con2,pwdh0,pwdl0,pwdl1 encrypted as a response - tx[0] = hitag2_byte(&state) ^ ((tag.pages[0][1] >> 16) & 0xff); + tx[0] = hitag2_byte(&state) ^ tag.pages[1][1]; tx[1] = hitag2_byte(&state) ^ tag.pwdh0; tx[2] = hitag2_byte(&state) ^ tag.pwdl0; tx[3] = hitag2_byte(&state) ^ tag.pwdl1; @@ -486,33 +967,22 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, //add crc8 *txlen = 40; crc = CRC_PRESET; - calc_crc(&crc, ((tag.pages[0][1] >> 16) & 0xff), 8); + calc_crc(&crc, tag.pages[1][1], 8); calc_crc(&crc, tag.pwdh0, 8); calc_crc(&crc, tag.pwdl0, 8); calc_crc(&crc, tag.pwdl1, 8); tx[4] = (crc ^ hitag2_byte(&state)); } - /* - * some readers do not allow to authenticate multiple times in a row with the same tag. - * use this to change the uid between authentications. - */ - - /* - if (temp2 % 2 == 0) { - tag.uid = 0x11223344; - tag.pages[0][0] = 0x44332211; - } else { - tag.uid = 0x55667788; - tag.pages[0][0] = 0x88776655; - } - */ } case 40: //data received to be written if (tag.tstate == WRITING_PAGE_DATA) { tag.tstate = NO_OP; - tag.pages[page_to_be_written / 4][page_to_be_written % 4] = (rx[0] - << 0) + (rx[1] << 8) + (rx[2] << 16) + (rx[3] << 24); + tag.pages[page_to_be_written][0] = rx[3]; + tag.pages[page_to_be_written][1] = rx[2]; + tag.pages[page_to_be_written][2] = rx[1]; + tag.pages[page_to_be_written][3] = rx[0]; + //send ack *txlen = 2; tx[0] = 0x40; @@ -534,8 +1004,11 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, break; } } else if (tag.tstate == WRITING_BLOCK_DATA) { - tag.pages[page_to_be_written / 4][page_to_be_written % 4] = (rx[0] - << 24) + (rx[1] << 16) + (rx[2] << 8) + rx[3]; + tag.pages[page_to_be_written][0] = rx[0]; + tag.pages[page_to_be_written][1] = rx[1]; + tag.pages[page_to_be_written][2] = rx[2]; + tag.pages[page_to_be_written][3] = rx[3]; + //send ack *txlen = 2; tx[0] = 0x40; @@ -565,15 +1038,16 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, break; case 20: { //write page, write block, read page or read block command received - if ((rx[0] & 0xf0) == 0xc0) //read page - { + if ((rx[0] & 0xf0) == 0xc0) { //read page //send page data page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16); + Dbprintf("reading page %d", page); *txlen = 32; - tx[0] = (tag.pages[page / 4][page % 4]) & 0xff; - tx[1] = (tag.pages[page / 4][page % 4] >> 8) & 0xff; - tx[2] = (tag.pages[page / 4][page % 4] >> 16) & 0xff; - tx[3] = (tag.pages[page / 4][page % 4] >> 24) & 0xff; + tx[0] = tag.pages[page][0]; + tx[1] = tag.pages[page][1]; + tx[2] = tag.pages[page][2]; + tx[3] = tag.pages[page][3]; + if (tag.LKP && page == 1) tx[3] = 0xff; @@ -608,34 +1082,34 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, sof_bits = 0; *txlen = 0; } - } else if ((rx[0] & 0xf0) == 0xd0) //read block - { + } else if ((rx[0] & 0xf0) == 0xd0) { //read block page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16); + Dbprintf("reading block %d", page); *txlen = 32 * 4; //send page,...,page+3 data for (i = 0; i < 4; i++) { - tx[0 + i * 4] = (tag.pages[page / 4][page % 4]) & 0xff; - tx[1 + i * 4] = (tag.pages[page / 4][page % 4] >> 8) & 0xff; - tx[2 + i * 4] = (tag.pages[page / 4][page % 4] >> 16) & 0xff; - tx[3 + i * 4] = (tag.pages[page / 4][page % 4] >> 24) & 0xff; + tx[0 + (i * 4)] = tag.pages[page][0]; + tx[1 + (i * 4)] = tag.pages[page][1]; + tx[2 + (i * 4)] = tag.pages[page][2]; + tx[3 + (i * 4)] = tag.pages[page][3]; page++; } switch (tag.mode) { - case STANDARD: - sof_bits = 1; - m = MC4K; - break; - case ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; + case STANDARD: + sof_bits = 1; + m = MC4K; + break; + case ADVANCED: + sof_bits = 6; + m = MC4K; + break; + case FAST_ADVANCED: + sof_bits = 6; + m = MC8K; + break; + default: + break; } if (tag.mode != STANDARD) { @@ -651,8 +1125,7 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, sof_bits = 0; *txlen = 0; } - } else if ((rx[0] & 0xf0) == 0x80) //write page - { + } else if ((rx[0] & 0xf0) == 0x80) { //write page page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16); switch (tag.mode) { @@ -683,8 +1156,7 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, tag.tstate = WRITING_PAGE_DATA; } - } else if ((rx[0] & 0xf0) == 0x90) //write block - { + } else if ((rx[0] & 0xf0) == 0x90) { //write block page = ((rx[0] & 0x0f) * 6) + ((rx[1] & 0xf0) / 16); switch (tag.mode) { case STANDARD: @@ -722,25 +1194,30 @@ static void hitagS_handle_reader_command(byte_t* rx, const size_t rxlen, } } + /* * to autenticate to a tag with the given key or challenge */ -static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr, byte_t* rx, const size_t rxlen, byte_t* tx, - size_t* txlen) { +static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr, byte_t* rx, + const size_t rxlen, byte_t* tx, size_t* txlen) { byte_t rx_air[HITAG_FRAME_LEN]; - int response_bit[200]; + int response_bit[200] = {0}; int i, j, z, k; unsigned char mask = 1; unsigned char uid[32]; byte_t uid1 = 0x00, uid2 = 0x00, uid3 = 0x00, uid4 = 0x00; unsigned char crc; - u64 state; + uint64_t state; byte_t auth_ks[4]; byte_t conf_pages[3]; memcpy(rx_air, rx, nbytes(rxlen)); *txlen = 0; - if (tag.pstate == READY && rxlen >= 67) { + if (DEBUG) { + Dbprintf("START hitagS_handle_tag_auth - rxlen: %d, tagstate=%d", rxlen, (int)tag.pstate); + } + + if (tag.pstate == READY && rxlen >= 32) { //received uid if(end==true) { Dbprintf("authentication failed!"); @@ -755,13 +1232,10 @@ static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr z++; } } - k = 0; - for (i = 5; i < z; i += 2) { - uid[k] = response_bit[i]; - k++; - if (k > 31) - break; + for (i = 0; i < 32; i++) { + uid[i] = response_bit[i]; } + uid1 = (uid[0] << 7) | (uid[1] << 6) | (uid[2] << 5) | (uid[3] << 4) | (uid[4] << 3) | (uid[5] << 2) | (uid[6] << 1) | uid[7]; uid2 = (uid[8] << 7) | (uid[9] << 6) | (uid[10] << 5) | (uid[11] << 4) @@ -770,33 +1244,35 @@ static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr | (uid[20] << 3) | (uid[21] << 2) | (uid[22] << 1) | uid[23]; uid4 = (uid[24] << 7) | (uid[25] << 6) | (uid[26] << 5) | (uid[27] << 4) | (uid[28] << 3) | (uid[29] << 2) | (uid[30] << 1) | uid[31]; - if (DEBUG) - Dbprintf("UID: %02X %02X %02X %02X", uid1, uid2, uid3, uid4); + Dbprintf("UID: %02X %02X %02X %02X", uid1, uid2, uid3, uid4); tag.uid = (uid4 << 24 | uid3 << 16 | uid2 << 8 | uid1); //select uid - *txlen = 45; crc = CRC_PRESET; calc_crc(&crc, 0x00, 5); calc_crc(&crc, uid1, 8); calc_crc(&crc, uid2, 8); calc_crc(&crc, uid3, 8); calc_crc(&crc, uid4, 8); + Dbprintf("crc: %02X", crc); + + //resetting response bit for (i = 0; i < 100; i++) { response_bit[i] = 0; } - for (i = 0; i < 5; i++) { - response_bit[i] = 0; - } + + //skip the first 5 for (i = 5; i < 37; i++) { response_bit[i] = uid[i - 5]; } + //add crc value for (j = 0; j < 8; j++) { response_bit[i] = 0; if ((crc & ((mask << 7) >> j)) != 0) response_bit[i] = 1; i++; } + k = 0; for (i = 0; i < 6; i++) { tx[i] = (response_bit[k] << 7) | (response_bit[k + 1] << 6) @@ -805,63 +1281,78 @@ static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr | (response_bit[k + 6] << 1) | response_bit[k + 7]; k += 8; } + *txlen = 45; tag.pstate = INIT; - } else if (tag.pstate == INIT && rxlen == 44) { + } else if (tag.pstate == INIT && rxlen > 24) { // received configuration after select command z = 0; - for (i = 0; i < 6; i++) { + for (i = 0; i < 4; i++) { for (j = 0; j < 8; j++) { response_bit[z] = 0; - if ((rx[i] & ((mask << 7) >> j)) != 0) + if ((rx[i] & ((mask << 7) >> j)) != 0) { response_bit[z] = 1; + } z++; } } - conf_pages[0] = ((response_bit[4] << 7) | (response_bit[5] << 6) - | (response_bit[6] << 5) | (response_bit[7] << 4) - | (response_bit[8] << 3) | (response_bit[9] << 2) - | (response_bit[10] << 1) | response_bit[11]); - //check wich memorysize this tag has - if (response_bit[10] == 0 && response_bit[11] == 0) - tag.max_page = 32 / 32; - if (response_bit[10] == 0 && response_bit[11] == 1) - tag.max_page = 256 / 32; - if (response_bit[10] == 1 && response_bit[11] == 0) - tag.max_page = 2048 / 32; - conf_pages[1] = ((response_bit[12] << 7) | (response_bit[13] << 6) - | (response_bit[14] << 5) | (response_bit[15] << 4) - | (response_bit[16] << 3) | (response_bit[17] << 2) - | (response_bit[18] << 1) | response_bit[19]); - tag.auth = response_bit[12]; - tag.TTFC = response_bit[13]; - //tag.TTFDR in response_bit[14] and response_bit[15] - //tag.TTFM in response_bit[16] and response_bit[17] - tag.LCON = response_bit[18]; - tag.LKP = response_bit[19]; - conf_pages[2] = ((response_bit[20] << 7) | (response_bit[21] << 6) - | (response_bit[22] << 5) | (response_bit[23] << 4) - | (response_bit[24] << 3) | (response_bit[25] << 2) - | (response_bit[26] << 1) | response_bit[27]); - tag.LCK7 = response_bit[20]; - tag.LCK6 = response_bit[21]; - tag.LCK5 = response_bit[22]; - tag.LCK4 = response_bit[23]; - tag.LCK3 = response_bit[24]; - tag.LCK2 = response_bit[25]; - tag.LCK1 = response_bit[26]; - tag.LCK0 = response_bit[27]; - if (DEBUG) - Dbprintf("conf0: %02X conf1: %02X conf2: %02X", conf_pages[0], - conf_pages[1], conf_pages[2]); + //check wich memorysize this tag has + //CON0 + if (response_bit[6] == 0 && response_bit[7] == 0) + tag.max_page = 32 / 32; + if (response_bit[6] == 0 && response_bit[7] == 1) + tag.max_page = 256 / 32; + if (response_bit[6] == 1 && response_bit[7] == 0) + tag.max_page = 2048 / 32; + if (response_bit[6] == 1 && response_bit[7] == 1) //reserved but some tags got this setting + tag.max_page = 2048 / 32; + + //CON1 + tag.auth = response_bit[8]; + tag.TTFC = response_bit[9]; + //tag.TTFDR in response_bit[10] and response_bit[11] + //tag.TTFM in response_bit[12] and response_bit[13] + tag.LCON = response_bit[14]; + tag.LKP = response_bit[15]; + + //CON2 + tag.LCK7 = response_bit[16]; + tag.LCK6 = response_bit[17]; + tag.LCK5 = response_bit[18]; + tag.LCK4 = response_bit[19]; + tag.LCK3 = response_bit[20]; + tag.LCK2 = response_bit[21]; + tag.LCK1 = response_bit[22]; + tag.LCK0 = response_bit[23]; + + if (DEBUG) { + conf_pages[0] = ((response_bit[0] << 7) | (response_bit[1] << 6) + | (response_bit[2] << 5) | (response_bit[3] << 4) + | (response_bit[4] << 3) | (response_bit[5] << 2) + | (response_bit[6] << 1) | response_bit[7]); + conf_pages[1] = ((response_bit[8] << 7) | (response_bit[9] << 6) + | (response_bit[10] << 5) | (response_bit[11] << 4) + | (response_bit[12] << 3) | (response_bit[13] << 2) + | (response_bit[14] << 1) | response_bit[15]); + conf_pages[2] = ((response_bit[16] << 7) | (response_bit[17] << 6) + | (response_bit[18] << 5) | (response_bit[19] << 4) + | (response_bit[20] << 3) | (response_bit[21] << 2) + | (response_bit[22] << 1) | response_bit[23]); + Dbprintf("conf0: %02X conf1: %02X conf2: %02X", conf_pages[0], conf_pages[1], conf_pages[2]); + Dbprintf("tag.max_page: %d, tag.auth: %d", tag.max_page, tag.auth); + } + if (tag.auth == 1) { //if the tag is in authentication mode try the key or challenge *txlen = 64; if(end!=true){ if(htf==02||htf==04){ //RHTS_KEY //WHTS_KEY - state = hitag2_init(rev64(key), rev32(tag.uid), - rev32(rnd)); - + state = hitag2_init(REV64(key), REV32(tag.uid), REV32(rnd)); + /* + Dbprintf("key: %02X %02X\n\n", key, REV64(key)); + Dbprintf("tag.uid: %02X %02X\n\n", tag.uid, REV32(tag.uid)); + Dbprintf("rnd: %02X %02X\n\n", rnd, REV32(rnd)); + */ for (i = 0; i < 4; i++) { auth_ks[i] = hitag2_byte(&state) ^ 0xff; } @@ -891,15 +1382,9 @@ static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr } else if (tag.auth == 0) { tag.pstate = SELECTED; } - - } else if (tag.pstate == AUTHENTICATE && rxlen == 44) { + + } else if (tag.pstate == AUTHENTICATE && rxlen >= 32) { //encrypted con2,password received. - crc = CRC_PRESET; - calc_crc(&crc, 0x80, 1); - calc_crc(&crc, ((rx[0] & 0x0f) * 16 + ((rx[1] & 0xf0) / 16)), 8); - calc_crc(&crc, ((rx[1] & 0x0f) * 16 + ((rx[2] & 0xf0) / 16)), 8); - calc_crc(&crc, ((rx[2] & 0x0f) * 16 + ((rx[3] & 0xf0) / 16)), 8); - calc_crc(&crc, ((rx[3] & 0x0f) * 16 + ((rx[4] & 0xf0) / 16)), 8); if (DEBUG) { Dbprintf("UID:::%X", tag.uid); Dbprintf("RND:::%X", rnd); @@ -909,30 +1394,26 @@ static int hitagS_handle_tag_auth(hitag_function htf,uint64_t key, uint64_t NrAr pwdh0=0; pwdl0=0; pwdl1=0; - if(htf==02 || htf==04){ //RHTS_KEY //WHTS_KEY - { - state = hitag2_init(rev64(key), rev32(tag.uid), rev32(rnd)); - for (i = 0; i < 5; i++) + if(htf==02 || htf==04) { //RHTS_KEY //WHTS_KEY + state = hitag2_init(REV64(key), REV32(tag.uid), REV32(rnd)); + for (i = 0; i < 5; i++) { hitag2_byte(&state); - pwdh0 = ((rx[1] & 0x0f) * 16 + ((rx[2] & 0xf0) / 16)) - ^ hitag2_byte(&state); - pwdl0 = ((rx[2] & 0x0f) * 16 + ((rx[3] & 0xf0) / 16)) - ^ hitag2_byte(&state); - pwdl1 = ((rx[3] & 0x0f) * 16 + ((rx[4] & 0xf0) / 16)) - ^ hitag2_byte(&state); + } + pwdh0 = ((rx[1] & 0x0f) * 16 + ((rx[2] & 0xf0) / 16)) ^ hitag2_byte(&state); + pwdl0 = ((rx[2] & 0x0f) * 16 + ((rx[3] & 0xf0) / 16)) ^ hitag2_byte(&state); + pwdl1 = ((rx[3] & 0x0f) * 16 + ((rx[4] & 0xf0) / 16)) ^ hitag2_byte(&state); + if (DEBUG) { + Dbprintf("pwdh0 %02X pwdl0 %02X pwdl1 %02X", pwdh0, pwdl0, pwdl1); + } } - - if (DEBUG) - Dbprintf("pwdh0 %02X pwdl0 %02X pwdl1 %02X", pwdh0, pwdl0, pwdl1); - - - //Dbprintf("%X %02X", rnd, ((rx[4] & 0x0f) * 16) + ((rx[5] & 0xf0) / 16)); - //rnd += 1; - } tag.pstate = SELECTED; //tag is now ready for read/write commands } + + if (DEBUG) { + Dbprintf("END hitagS_handle_tag_auth - tagstate=%d", (int)tag.pstate); + } + return 0; - } /* @@ -949,6 +1430,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { byte_t txbuf[HITAG_FRAME_LEN]; byte_t* tx = txbuf; size_t txlen = 0; + uint8_t con0, con1, con2; BigBuf_free(); // Clean up trace and prepare it for storing frames @@ -960,102 +1442,108 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { tag.pstate = READY; tag.tstate = NO_OP; - for (i = 0; i < 16; i++) - for (j = 0; j < 4; j++) - tag.pages[i][j] = 0x0; //read tag data into memory if (tag_mem_supplied) { DbpString("Loading hitagS memory..."); - memcpy((byte_t*)tag.pages,data,4*64); - } - tag.uid=(uint32_t)tag.pages[0]; - Dbprintf("Hitag S simulation started"); - tag.key=(intptr_t)tag.pages[3]; - tag.key<<=16; - tag.key+=((tag.pages[2][0])<<8)+tag.pages[2][1]; - tag.pwdl0=tag.pages[2][3]; - tag.pwdl1=tag.pages[2][2]; - tag.pwdh0=tag.pages[1][0]; - //con0 - tag.max_page=64; - if((tag.pages[1][3]&0x2)==0 && (tag.pages[1][3]&0x1)==1) - tag.max_page=8; - if((tag.pages[1][3]&0x2)==0 && (tag.pages[1][3]&0x1)==0) - tag.max_page=0; - //con1 - tag.auth=0; - if (tag.pages[1][2]&0x80) - tag.auth=1; - tag.LCON=0; - if (tag.pages[1][2]&0x2) - tag.LCON=1; - tag.LKP=0; - if (tag.pages[1][2]&0x1) - tag.LKP=1; - //con2 - //0=read write 1=read only - tag.LCK7=0; - if (tag.pages[1][1]&0x80) - tag.LCK7=1; - tag.LCK6=0; - if (tag.pages[1][1]&0x40) - tag.LCK6=1; - tag.LCK5=0; - if (tag.pages[1][1]&0x20) - tag.LCK5=1; - tag.LCK4=0; - if (tag.pages[1][1]&0x10) - tag.LCK4=1; - tag.LCK3=0; - if (tag.pages[1][1]&0x8) - tag.LCK3=1; - tag.LCK2=0; - if (tag.pages[1][1]&0x4) - tag.LCK2=1; - tag.LCK1=0; - if (tag.pages[1][1]&0x2) - tag.LCK1=1; - tag.LCK0=0; - if (tag.pages[1][1]&0x1) - tag.LCK0=1; + for (i = 0; i < 64; i++) { + for (j = 0; j < 4; j++) { + tag.pages[i][j] = 0x0; + } + } -// Set up simulator mode, frequency divisor which will drive the FPGA -// and analog mux selection. + for (i = 0; i < 64; i++) { + for (j = 0; j < 4; j++) { + tag.pages[i][j] = data[(i*4)+j]; + } + } + } + tag.uid = (tag.pages[0][3] << 24 | tag.pages[0][2] << 16 | tag.pages[0][1] << 8 | tag.pages[0][0]); + con0 = tag.pages[1][3]; + con1 = tag.pages[1][2]; + con2 = tag.pages[1][1]; + Dbprintf("UID: %X", tag.uid); + Dbprintf("Hitag S simulation started"); + + //0x01 plain mode - Reserved, CON2, CON1, CON0 + //0x01 auth mode - PWDH 0, CON2, CON1, CON0 + //0x02 auth mode - KEYH 1, KEYH 0, PWDL 1, PWDL 0 + //0x03 auth mode - KEYL 3, KEYL 2, KEYL 1, KEYL 0 + + //con0 + tag.max_page = 2048 / 32; + if ((con0 & 0x2) == 0 && (con0 & 0x1) == 1) + tag.max_page = 256 / 32; + if ((con0 & 0x2) == 0 && (con0 & 0x1) == 0) + tag.max_page = 32 / 32; + + //CON1 + tag.auth = ((con1 & 0x80) == 0x80) ? 1 : 0; + tag.TTFC = ((con1 & 0x40) == 0x40) ? 1 : 0; + //tag.TTFDR in response_bit[10] and response_bit[11] + //tag.TTFM in response_bit[12] and response_bit[13] + tag.LCON = ((con1 & 0x2) == 0x2) ? 1 : 0; + tag.LKP = ((con1 & 0x1) == 0x1) ? 1 : 0; + + //CON2 + tag.LCK7 = ((con2 & 0x80) == 0x80) ? 1 : 0; + tag.LCK6 = ((con2 & 0x40) == 0x40) ? 1 : 0; + tag.LCK5 = ((con2 & 0x20) == 0x20) ? 1 : 0; + tag.LCK4 = ((con2 & 0x10) == 0x10) ? 1 : 0; + tag.LCK3 = ((con2 & 0x8) == 0x8) ? 1 : 0; + tag.LCK2 = ((con2 & 0x4) == 0x4) ? 1 : 0; + tag.LCK1 = ((con2 & 0x2) == 0x2) ? 1 : 0; + tag.LCK0 = ((con2 & 0x1) == 0x1) ? 1 : 0; + + if (tag.auth == 1) { + //TODO check if this working :D + tag.key=(intptr_t)tag.pages[3]; + tag.key<<=16; + tag.key+=((tag.pages[2][0])<<8)+tag.pages[2][1]; + tag.pwdl0=tag.pages[2][3]; + tag.pwdl1=tag.pages[2][2]; + tag.pwdh0=tag.pages[1][0]; + } + + // Set up simulator mode, frequency divisor which will drive the FPGA + // and analog mux selection. FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); -// Configure output pin that is connected to the FPGA (for modulating) + // Configure output pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; -// Disable modulation at default, which means release resistance + // Disable modulation at default, which means release resistance LOW(GPIO_SSC_DOUT); -// Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); -// Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the reader frames + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the reader frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; -// Disable timer during configuration + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; -// Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, -// external trigger rising edge, load RA on rising edge of TIOA. - AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK - | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; -// Reset the received frame, frame count and timing info + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // external trigger rising edge, load RA on rising edge of TIOA. + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; + + // Reset the received frame, frame count and timing info memset(rx, 0x00, sizeof(rx)); frame_count = 0; response = 0; overflow = 0; -// Enable and reset counter + // Enable and reset counter AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; while (!BUTTON_PRESS()) { @@ -1063,6 +1551,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { WDT_HIT(); // Receive frame, watch for at most T0*EOF periods + //HITAG_T_WAIT_MAX while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_EOF) { // Check if rising edge in modulation is detected if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { @@ -1117,13 +1606,13 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { // with respect to the falling edge, we need to wait actually (T_Wait1 - T_Low) // periods. The gap time T_Low varies (4..10). All timer values are in // terms of T0 units - while (AT91C_BASE_TC0->TC_CV < T0 * (HITAG_T_WAIT_1 - HITAG_T_LOW)) - ; + while (AT91C_BASE_TC0->TC_CV < T0 * (HITAG_T_WAIT_1 - HITAG_T_LOW)) { } // Send and store the tag answer (if there is any) if (txlen > 0) { // Transmit the tag frame - hitag_send_frame(tx, txlen); + hitag_tag_send_frame(tx, txlen); + // Store the frame in the trace if (!bQuiet) { if (!LogTraceHitag(tx, txlen, 0, 0, false)) { @@ -1133,12 +1622,13 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { } } + // Enable and reset external trigger in timer for capturing future frames + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; + // Reset the received frame and response timing info memset(rx, 0x00, sizeof(rx)); response = 0; - // Enable and reset external trigger in timer for capturing future frames - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; LED_B_OFF(); } // Reset the frame length @@ -1148,6 +1638,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { // Reset the timer to restart while-loop that receives frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; } + Dbprintf("Hitag S simulation stopped"); LED_B_OFF(); LED_D_OFF(); AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; @@ -1160,10 +1651,16 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) { * If the key was given the password will be decrypted. * Reads every page of a hitag S transpoder. */ -void ReadHitagS(hitag_function htf, hitag_data* htd) { - int i, j, z, k; +void ReadHitagSintern(hitag_function htf, hitag_data* htd, stype tagMode, int startPage, bool readBlock) { int frame_count; - int response_bit[200]; + int i; + int sendNum = startPage; + tag.mode = tagMode; + + //int i, j, z; + //int response_bit[200]; + //unsigned char mask = 1; + int response; byte_t rx[HITAG_FRAME_LEN]; size_t rxlen = 0; @@ -1171,34 +1668,30 @@ void ReadHitagS(hitag_function htf, hitag_data* htd) { byte_t* tx = txbuf; size_t txlen = 0; int lastbit; - bool bSkip; - int reset_sof; - int tag_sof; int t_wait = HITAG_T_WAIT_MAX; bool bStop; bool bQuitTraceFull = false; - int sendNum = 0; - unsigned char mask = 1; - unsigned char crc; - unsigned char pageData[32]; + page_to_be_written = 0; - + //read given key/challenge byte_t NrAr_[8]; uint64_t key=0; uint64_t NrAr=0; byte_t key_[6]; switch(htf) { - case 01: { //RHTS_CHALLENGE + case 01: + case 03: { //RHTS_CHALLENGE DbpString("Authenticating using nr,ar pair:"); memcpy(NrAr_,htd->auth.NrAr,8); Dbhexdump(8,NrAr_,false); NrAr=NrAr_[7] | ((uint64_t)NrAr_[6]) << 8 | ((uint64_t)NrAr_[5]) << 16 | ((uint64_t)NrAr_[4]) << 24 | ((uint64_t)NrAr_[3]) << 32 | - ((uint64_t)NrAr_[2]) << 40| ((uint64_t)NrAr_[1]) << 48 | ((uint64_t)NrAr_[0]) << 56; + ((uint64_t)NrAr_[2]) << 40| ((uint64_t)NrAr_[1]) << 48 | ((uint64_t)NrAr_[0]) << 56; } break; - case 02: { //RHTS_KEY + case 02: + case 04: { //RHTS_KEY DbpString("Authenticating using key:"); - memcpy(key_,htd->crypto.key,6); + memcpy(key_,htd->crypto.key,6); Dbhexdump(6,key_,false); key=key_[5] | ((uint64_t)key_[4]) << 8 | ((uint64_t)key_[3]) << 16 | ((uint64_t)key_[2]) << 24 | ((uint64_t)key_[1]) << 32 | ((uint64_t)key_[0]) << 40; } break; @@ -1211,70 +1704,90 @@ void ReadHitagS(hitag_function htf, hitag_data* htd) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); -// Reset the return status + // Reset the return status bSuccessful = false; -// Clean up trace and prepare it for storing frames + // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); bQuiet = false; - bQuitTraceFull = true; LED_D_ON(); -// Configure output and enable pin that is connected to the FPGA (for modulating) + // Configure output and enable pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; -// Set fpga in edge detect with reader field, we can modulate as reader now - FpgaWriteConfWord( - FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); + // Set fpga in edge detect with reader field, we can modulate as reader now + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); -// Set Frequency divisor which will drive the FPGA and analog mux selection - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + // Set Frequency divisor which will drive the FPGA and analog mux selection + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); -// Disable modulation at default, which means enable the field + // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); -// Give it a bit of time for the resonant antenna to settle. + // Give it a bit of time for the resonant antenna to settle. SpinDelay(30); -// Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); -// Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; -// Disable timer during configuration + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; -// Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, -// external trigger rising edge, load RA on falling edge of TIOA. - AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; - | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // external trigger rising edge, load RA on falling edge of TIOA. + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; -// Enable and reset counters + // Enable and reset counters AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; -// Reset the received frame, frame count and timing info + // Reset the received frame, frame count and timing info frame_count = 0; response = 0; lastbit = 1; bStop = false; - - reset_sof = 1; t_wait = 200; while (!bStop && !BUTTON_PRESS()) { // Watchdog hit WDT_HIT(); + + // Add transmitted frame to total count + if (txlen > 0) { + frame_count++; + + if (tag.pstate == READY && rxlen < 1) { + //skip logging starting auths if no response + } else { + if (!bQuiet) { + // Store the frame in the trace + if (!LogTraceHitag(tx, txlen, HITAG_T_WAIT_2, 0, true)) { + if (bQuitTraceFull) { + DbpString("Trace full"); + break; + } else { + bQuiet = true; + } + } + } + } + } + // Check if frame was captured and store it if (rxlen > 0) { frame_count++; @@ -1294,94 +1807,31 @@ void ReadHitagS(hitag_function htf, hitag_data* htd) { tx = txbuf; txlen = 0; + if (DEBUG >= 2) { + Dbprintf("FRO %d rxlen: %d, pstate=%d, tstate=%d", frame_count, rxlen, (int)tag.pstate, (int)tag.tstate); + } + if (rxlen == 0) { //start authentication - txlen = 5; - memcpy(tx, "\xc0", nbytes(txlen)); - tag.pstate = READY; - tag.tstate = NO_OP; + hitag_start_auth(tx, &txlen); } else if (tag.pstate != SELECTED) { - if (hitagS_handle_tag_auth(htf, key,NrAr,rx, rxlen, tx, &txlen) == -1) + if (hitagS_handle_tag_auth(htf, key,NrAr,rx, rxlen, tx, &txlen) == -1) { + Dbprintf("hitagS_handle_tag_auth - bStop = !false"); bStop = !false; + } } - if (tag.pstate == SELECTED && tag.tstate == NO_OP && rxlen > 0) { - //send read request - tag.tstate = READING_PAGE; - txlen = 20; - crc = CRC_PRESET; - tx[0] = 0xc0 + (sendNum / 16); - calc_crc(&crc, tx[0], 8); - calc_crc(&crc, 0x00 + ((sendNum % 16) * 16), 4); - tx[1] = 0x00 + ((sendNum % 16) * 16) + (crc / 16); - tx[2] = 0x00 + (crc % 16) * 16; - } else if (tag.pstate == SELECTED && tag.tstate == READING_PAGE - && rxlen > 0) { - //save received data - z = 0; - for (i = 0; i < 5; i++) { - for (j = 0; j < 8; j++) { - response_bit[z] = 0; - if ((rx[i] & ((mask << 7) >> j)) != 0) - response_bit[z] = 1; - z++; - } - } - k = 0; - for (i = 4; i < 36; i++) { - pageData[k] = response_bit[i]; - k++; - } - for (i = 0; i < 4; i++) - tag.pages[sendNum / 4][sendNum % 4] = 0x0; - for (i = 0; i < 4; i++) { - tag.pages[sendNum / 4][sendNum % 4] += ((pageData[i * 8] << 7) - | (pageData[1 + (i * 8)] << 6) - | (pageData[2 + (i * 8)] << 5) - | (pageData[3 + (i * 8)] << 4) - | (pageData[4 + (i * 8)] << 3) - | (pageData[5 + (i * 8)] << 2) - | (pageData[6 + (i * 8)] << 1) | pageData[7 + (i * 8)]) - << (i * 8); - } - if (tag.auth && tag.LKP && sendNum == 1) { - Dbprintf("Page[%2d]: %02X %02X %02X %02X", sendNum, pwdh0, - (tag.pages[sendNum / 4][sendNum % 4] >> 16) & 0xff, - (tag.pages[sendNum / 4][sendNum % 4] >> 8) & 0xff, - tag.pages[sendNum / 4][sendNum % 4] & 0xff); - } else { - Dbprintf("Page[%2d]: %02X %02X %02X %02X", sendNum, - (tag.pages[sendNum / 4][sendNum % 4] >> 24) & 0xff, - (tag.pages[sendNum / 4][sendNum % 4] >> 16) & 0xff, - (tag.pages[sendNum / 4][sendNum % 4] >> 8) & 0xff, - tag.pages[sendNum / 4][sendNum % 4] & 0xff); - } - sendNum++; - //display key and password if possible - if (sendNum == 2 && tag.auth == 1 && tag.LKP) { - if (htf == 02) { //RHTS_KEY - Dbprintf("Page[ 2]: %02X %02X %02X %02X", - (byte_t)(key >> 8) & 0xff, - (byte_t) key & 0xff, pwdl1, pwdl0); - Dbprintf("Page[ 3]: %02X %02X %02X %02X", - (byte_t)(key >> 40) & 0xff, - (byte_t)(key >> 32) & 0xff, - (byte_t)(key >> 24) & 0xff, - (byte_t)(key >> 16) & 0xff); - } else { - //if the authentication is done with a challenge the key and password are unknown - Dbprintf("Page[ 2]: __ __ __ __"); - Dbprintf("Page[ 3]: __ __ __ __"); - } - } - txlen = 20; - crc = CRC_PRESET; - tx[0] = 0xc0 + (sendNum / 16); - calc_crc(&crc, tx[0], 8); - calc_crc(&crc, 0x00 + ((sendNum % 16) * 16), 4); - tx[1] = 0x00 + ((sendNum % 16) * 16) + (crc / 16); - tx[2] = 0x00 + (crc % 16) * 16; + + if (readBlock && tag.pstate == SELECTED && (tag.tstate == READING_BLOCK || tag.tstate == NO_OP) && rxlen > 0) { + i = hitag_read_block(htf, key, rx, &rxlen, tx, &txlen, sendNum); + if (i > 0) { sendNum+=4; } + if (sendNum+4 >= tag.max_page) { + bStop = !false; + } + } else if (!readBlock && tag.pstate == SELECTED && (tag.tstate == READING_PAGE || tag.tstate == NO_OP) && rxlen > 0) { + i = hitag_read_page(htf, key, rx, &rxlen, tx, &txlen, sendNum); + if (i > 0) { sendNum++; } if (sendNum >= tag.max_page) { bStop = !false; } @@ -1397,98 +1847,24 @@ void ReadHitagS(hitag_function htf, hitag_data* htd) { // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units - while (AT91C_BASE_TC0->TC_CV - < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) - ; + while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) { } // Transmit the reader frame hitag_reader_send_frame(tx, txlen); + // Enable and reset external trigger in timer for capturing future frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - // Add transmitted frame to total count - if (txlen > 0) { - frame_count++; - if (!bQuiet) { - // Store the frame in the trace - if (!LogTraceHitag(tx, txlen, HITAG_T_WAIT_2, 0, true)) { - if (bQuitTraceFull) { - DbpString("Trace full"); - break; - } else { - bQuiet = true; - } - } - } - } // Reset values for receiving frames memset(rx, 0x00, sizeof(rx)); rxlen = 0; lastbit = 1; - bSkip = true; - tag_sof = reset_sof; response = 0; - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - } - } - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } + // get tag id in anti-collision mode (proprietary data format, so switch off manchester and read at double the data rate, for 4 x the data bits) + hitag_receive_frame(rx, &rxlen, &response); } end=false; LED_B_OFF(); @@ -1499,6 +1875,21 @@ void ReadHitagS(hitag_function htf, hitag_data* htd) { cmd_send(CMD_ACK, bSuccessful, 0, 0, 0, 0); } +void ReadHitagSCmd(hitag_function htf, hitag_data* htd, uint64_t startPage, uint64_t tagMode, bool readBlock) { + if (tagMode == 1) { + Dbprintf("ReadHitagS in mode=ADVANCED, blockRead=%d, startPage=%d", readBlock, startPage); + ReadHitagSintern(htf, htd, ADVANCED, (int)startPage, readBlock); + } else if (tagMode == 2) { + Dbprintf("ReadHitagS in mode=FAST_ADVANCED, blockRead=%d, startPage=%d", readBlock, startPage); + ReadHitagSintern(htf, htd, FAST_ADVANCED, (int)startPage, readBlock); + } else { + Dbprintf("ReadHitagS in mode=STANDARD, blockRead=%d, startPage=%d", readBlock, startPage); + ReadHitagSintern(htf, htd, STANDARD, (int)startPage, readBlock); + } +} + + + /* * Authenticates to the Tag with the given Key or Challenge. * Writes the given 32Bit data into page_ @@ -1512,16 +1903,13 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { byte_t* tx = txbuf; size_t txlen = 0; int lastbit; - bool bSkip; - int reset_sof; - int tag_sof; int t_wait = HITAG_T_WAIT_MAX; bool bStop; bool bQuitTraceFull = false; int page = page_; unsigned char crc; byte_t data[4]= {0,0,0,0}; - + //read given key/challenge, the page and the data byte_t NrAr_[8]; uint64_t key=0; @@ -1534,12 +1922,12 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { memcpy(NrAr_,htd->auth.NrAr,8); Dbhexdump(8,NrAr_,false); NrAr=NrAr_[7] | ((uint64_t)NrAr_[6]) << 8 | ((uint64_t)NrAr_[5]) << 16 | ((uint64_t)NrAr_[4]) << 24 | ((uint64_t)NrAr_[3]) << 32 | - ((uint64_t)NrAr_[2]) << 40| ((uint64_t)NrAr_[1]) << 48 | ((uint64_t)NrAr_[0]) << 56; + ((uint64_t)NrAr_[2]) << 40| ((uint64_t)NrAr_[1]) << 48 | ((uint64_t)NrAr_[0]) << 56; } break; case 04: { //WHTS_KEY memcpy(data,htd->crypto.data,4); DbpString("Authenticating using key:"); - memcpy(key_,htd->crypto.key,6); + memcpy(key_,htd->crypto.key,6); Dbhexdump(6,key_,false); key=key_[5] | ((uint64_t)key_[4]) << 8 | ((uint64_t)key_[3]) << 16 | ((uint64_t)key_[2]) << 24 | ((uint64_t)key_[1]) << 32 | ((uint64_t)key_[0]) << 40; } break; @@ -1552,67 +1940,67 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { Dbprintf("Page: %d",page_); Dbprintf("DATA: %02X %02X %02X %02X", data[0], data[1], data[2], data[3]); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); -// Reset the return status + // Reset the return status bSuccessful = false; tag.pstate = READY; tag.tstate = NO_OP; -// Clean up trace and prepare it for storing frames + // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); bQuiet = false; - bQuitTraceFull = true; LED_D_ON(); -// Configure output and enable pin that is connected to the FPGA (for modulating) + // Configure output and enable pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; -// Set fpga in edge detect with reader field, we can modulate as reader now - FpgaWriteConfWord( - FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); + // Set fpga in edge detect with reader field, we can modulate as reader now + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); -// Set Frequency divisor which will drive the FPGA and analog mux selection + // Set Frequency divisor which will drive the FPGA and analog mux selection FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); -// Disable modulation at default, which means enable the field + // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); -// Give it a bit of time for the resonant antenna to settle. + // Give it a bit of time for the resonant antenna to settle. SpinDelay(30); -// Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); -// Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; -// Disable timer during configuration + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; -// Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, -// external trigger rising edge, load RA on falling edge of TIOA. + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // external trigger rising edge, load RA on falling edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; -// Enable and reset counters + // Enable and reset counters AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; -// Reset the received frame, frame count and timing info + // Reset the received frame, frame count and timing info frame_count = 0; response = 0; lastbit = 1; bStop = false; - - reset_sof = 1; t_wait = 200; while (!bStop && !BUTTON_PRESS()) { @@ -1635,11 +2023,12 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { } //check for valid input + /* if (page == 0) { - Dbprintf( - "usage: lf hitag writer [03 | 04] [CHALLENGE | KEY] [page] [byte0] [byte1] [byte2] [byte3]"); + Dbprintf("usage: lf hitag writer [03 | 04] [CHALLENGE | KEY] [page] [byte0] [byte1] [byte2] [byte3]"); bStop = !false; - } + }*/ + // By default reset the transmission buffer tx = txbuf; @@ -1651,15 +2040,18 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { bStop = !false; } else if (rxlen == 0 && tag.tstate != WRITING_PAGE_DATA) { //start the authetication - txlen = 5; - memcpy(tx, "\xc0", nbytes(txlen)); - tag.pstate = READY; - tag.tstate = NO_OP; + //tag.mode = ADVANCED; + tag.mode = STANDARD; + hitag_start_auth(tx, &txlen); + m = AC2K; } else if (tag.pstate != SELECTED) { //try to authenticate with the given key or challenge - if (hitagS_handle_tag_auth(htf,key,NrAr,rx, rxlen, tx, &txlen) == -1) + if (hitagS_handle_tag_auth(htf,key,NrAr,rx, rxlen, tx, &txlen) == -1) { bStop = !false; + } + m = MC4K; } + if (tag.pstate == SELECTED && tag.tstate == NO_OP && rxlen > 0) { //check if the given page exists if (page > tag.max_page) { @@ -1676,7 +2068,7 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { tx[1] = 0x00 + ((page % 16) * 16) + (crc / 16); tx[2] = 0x00 + (crc % 16) * 16; } else if (tag.pstate == SELECTED && tag.tstate == WRITING_PAGE_ACK - && rxlen == 6 && rx[0] == 0xf4) { + && rxlen == 2 && rx[0] == 0x40) { //ACK recieved to write the page. send data tag.tstate = WRITING_PAGE_DATA; txlen = 40; @@ -1691,7 +2083,7 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { tx[3] = data[0]; tx[4] = crc; } else if (tag.pstate == SELECTED && tag.tstate == WRITING_PAGE_DATA - && rxlen == 6 && rx[0] == 0xf4) { + && rxlen == 2 && rx[0] == 0x40) { //received ACK Dbprintf("Successful!"); bStop = !false; @@ -1737,68 +2129,9 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { memset(rx, 0x00, sizeof(rx)); rxlen = 0; lastbit = 1; - bSkip = true; - tag_sof = reset_sof; response = 0; - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - } - } - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } + hitag_receive_frame(rx, &rxlen, &response); } end=false; LED_B_OFF(); @@ -1809,6 +2142,7 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { cmd_send(CMD_ACK, bSuccessful, 0, 0, 0, 0); } + /* * Tries to authenticate to a Hitag S Transponder with the given challenges from a .cc file. * Displays all Challenges that failed. @@ -1816,7 +2150,7 @@ void WritePageHitagS(hitag_function htf, hitag_data* htd,int page_) { * is not received correctly due to Antenna problems. This function * detects these challenges. */ -void check_challenges(bool file_given, byte_t* data) { +void check_challenges_cmd(bool file_given, byte_t* data, uint64_t tagMode) { int i, j, z, k; byte_t uid_byte[4]; int frame_count; @@ -1829,9 +2163,6 @@ void check_challenges(bool file_given, byte_t* data) { byte_t* tx = txbuf; size_t txlen = 0; int lastbit; - bool bSkip; - int reset_sof; - int tag_sof; int t_wait = HITAG_T_WAIT_MAX; int STATE = 0; bool bStop; @@ -1841,65 +2172,77 @@ void check_challenges(bool file_given, byte_t* data) { unsigned char uid[32]; unsigned char crc; + if (tagMode == 1) { + Dbprintf("check_challenges in mode=ADVANCED"); + tag.mode = ADVANCED; + } else if (tagMode == 2) { + Dbprintf("check_challenges in mode=FAST_ADVANCED"); + tag.mode = FAST_ADVANCED; + } else { + Dbprintf("check_challenges in mode=STANDARD"); + tag.mode = STANDARD; + } + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); -// Reset the return status + // Reset the return status bSuccessful = false; -// Clean up trace and prepare it for storing frames + // Clean up trace and prepare it for storing frames set_tracing(true); clear_trace(); bQuiet = false; - bQuitTraceFull = true; LED_D_ON(); -// Configure output and enable pin that is connected to the FPGA (for modulating) + // Configure output and enable pin that is connected to the FPGA (for modulating) AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; -// Set fpga in edge detect with reader field, we can modulate as reader now + // Set fpga in edge detect with reader field, we can modulate as reader now FpgaWriteConfWord( FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); -// Set Frequency divisor which will drive the FPGA and analog mux selection - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + // Set Frequency divisor which will drive the FPGA and analog mux selection + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); -// Disable modulation at default, which means enable the field + // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); -// Give it a bit of time for the resonant antenna to settle. + // Give it a bit of time for the resonant antenna to settle. SpinDelay(30); -// Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering + // Enable Peripheral Clock for TIMER_CLOCK0, used to measure exact timing before answering AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0); -// Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames + // Enable Peripheral Clock for TIMER_CLOCK1, used to capture edges of the tag frames AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; -// Disable timer during configuration + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; -// Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, -// external trigger rising edge, load RA on falling edge of TIOA. - AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; - | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // external trigger rising edge, load RA on falling edge of TIOA. + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING | AT91C_TC_ABETRG | AT91C_TC_LDRA_FALLING; -// Enable and reset counters + // Enable and reset counters AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; -// Reset the received frame, frame count and timing info + // Reset the received frame, frame count and timing info frame_count = 0; response = 0; lastbit = 1; bStop = false; - reset_sof = 1; t_wait = 200; if (file_given) { @@ -1929,18 +2272,17 @@ void check_challenges(bool file_given, byte_t* data) { tx = txbuf; txlen = 0; if (rxlen == 0) { - if (STATE == 2) + if (STATE == 2) { // challenge failed Dbprintf("Challenge failed: %02X %02X %02X %02X %02X %02X %02X %02X", unlocker[u1 - 1][0], unlocker[u1 - 1][1], unlocker[u1 - 1][2], unlocker[u1 - 1][3], unlocker[u1 - 1][4], unlocker[u1 - 1][5], unlocker[u1 - 1][6], unlocker[u1 - 1][7]); + } STATE = 0; - txlen = 5; - //start new authentication - memcpy(tx, "\xc0", nbytes(txlen)); - } else if (rxlen >= 67 && STATE == 0) { + hitag_start_auth(tx, &txlen); + } else if (rxlen >= 32 && STATE == 0) { //received uid z = 0; for (i = 0; i < 10; i++) { @@ -1951,13 +2293,10 @@ void check_challenges(bool file_given, byte_t* data) { z++; } } - k = 0; - for (i = 5; i < z; i += 2) { - uid[k] = response_bit[i]; - k++; - if (k > 31) - break; + for (i = 0; i < 32; i++) { + uid[i] = response_bit[i]; } + uid_byte[0] = (uid[0] << 7) | (uid[1] << 6) | (uid[2] << 5) | (uid[3] << 4) | (uid[4] << 3) | (uid[5] << 2) | (uid[6] << 1) | uid[7]; @@ -2005,7 +2344,9 @@ void check_challenges(bool file_given, byte_t* data) { k += 8; } - } else if (STATE == 1 && rxlen == 44) { + + tag.pstate = INIT; + } else if (STATE == 1 && rxlen > 24) { //received configuration STATE = 2; z = 0; @@ -2025,7 +2366,8 @@ void check_challenges(bool file_given, byte_t* data) { tx[i] = unlocker[u1][i]; u1++; - } else if (STATE == 2 && rxlen >= 44) { + tag.pstate = SELECTED; + } else if (STATE == 2 && rxlen >= 32) { STATE = 0; } @@ -2038,10 +2380,7 @@ void check_challenges(bool file_given, byte_t* data) { // falling edge occured halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units - - while (AT91C_BASE_TC0->TC_CV - < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) - ; + while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) { } // Transmit the reader frame hitag_reader_send_frame(tx, txlen); @@ -2069,68 +2408,9 @@ void check_challenges(bool file_given, byte_t* data) { memset(rx, 0x00, sizeof(rx)); rxlen = 0; lastbit = 1; - bSkip = true; - tag_sof = reset_sof; response = 0; - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - } - } - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } + hitag_receive_frame(rx, &rxlen, &response); } LED_B_OFF(); LED_D_OFF(); @@ -2140,5 +2420,13 @@ void check_challenges(bool file_given, byte_t* data) { cmd_send(CMD_ACK, bSuccessful, 0, 0, 0, 0); } +/** +Backward compatibility +*/ +void check_challenges(bool file_given, byte_t* data) { + check_challenges_cmd(file_given, data, 1); +} - +void ReadHitagS(hitag_function htf, hitag_data* htd) { + ReadHitagSintern(htf, htd, ADVANCED, 0, false); +} diff --git a/armsrc/hitagS.h b/armsrc/hitagS.h new file mode 100644 index 00000000..8451b2cf --- /dev/null +++ b/armsrc/hitagS.h @@ -0,0 +1,26 @@ +//----------------------------------------------------------------------------- +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// HitagS emulation (preliminary test version) +// +// (c) 2016 Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg +// +//----------------------------------------------------------------------------- +// Some code was copied from Hitag2.c +//----------------------------------------------------------------------------- + +#ifndef HITAGS_H__ +#define HITAGS_H__ + +#include +#include +#include "hitag.h" + +void ReadHitagSCmd(hitag_function htf, hitag_data* htd, uint64_t startPage, uint64_t tagMode, bool readBlock); +void SimulateHitagSTag(bool tag_mem_supplied, uint8_t* data); +void WritePageHitagS(hitag_function htf, hitag_data* htd, int page); +void check_challenges_cmd(bool file_given, uint8_t* data, uint64_t tagMode); + +#endif \ No newline at end of file diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 7efb1fd3..a17dd162 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -18,13 +18,15 @@ #include "mifareutil.h" // for MF_DBGLEVEL #include "BigBuf.h" #include "apps.h" +#include "usb_cdc.h" +#include "util.h" + #ifdef WITH_SMARTCARD #include "smartcard.h" #endif -// ¶¨ÒåÁ¬½ÓÒý½Å #define GPIO_RST AT91C_PIO_PA1 #define GPIO_SCL AT91C_PIO_PA5 #define GPIO_SDA AT91C_PIO_PA7 @@ -49,14 +51,41 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) { for (c = delay * 2; c; c--) {}; } -// ͨѶÑÓ³Ùº¯Êý communication delay function +// communication delay functions #define I2C_DELAY_1CLK I2CSpinDelayClk(1) #define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) - #define ISO7618_MAX_FRAME 255 +// try i2c bus recovery at 100kHz = 5uS high, 5uS low +static void I2C_recovery(void) { + + DbpString("Performing i2c bus recovery"); + + // reset I2C + SDA_H; SCL_H; + + //9nth cycle acts as NACK + for (int i = 0; i < 10; i++) { + SCL_H; WaitUS(5); + SCL_L; WaitUS(5); + } + + //a STOP signal (SDA from low to high while CLK is high) + SDA_L; WaitUS(5); + SCL_H; WaitUS(2); + SDA_H; WaitUS(2); + + bool isok = (SCL_read && SDA_read); + if (!SDA_read) + DbpString("I2C bus recovery error: SDA still LOW"); + if (!SCL_read) + DbpString("I2C bus recovery error: SCL still LOW"); + if (isok) + DbpString("I2C bus recovery complete"); +} + static void I2C_init(void) { // Configure reset pin AT91C_BASE_PIOA->PIO_PPUDR = GPIO_RST; // disable pull up resistor @@ -72,10 +101,13 @@ static void I2C_init(void) { // configure all three pins as output, controlled by PIOA AT91C_BASE_PIOA->PIO_OER |= (GPIO_SCL | GPIO_SDA | GPIO_RST); AT91C_BASE_PIOA->PIO_PER |= (GPIO_SCL | GPIO_SDA | GPIO_RST); + + bool isok = (SCL_read && SDA_read); + if ( !isok ) + I2C_recovery(); + } - -// ÉèÖø´Î»×´Ì¬ // set the reset state static void I2C_SetResetStatus(uint8_t LineRST, uint8_t LineSCK, uint8_t LineSDA) { if (LineRST) @@ -94,19 +126,19 @@ static void I2C_SetResetStatus(uint8_t LineRST, uint8_t LineSCK, uint8_t LineSDA LOW(GPIO_SDA); } -// ¸´Î»½øÈëÖ÷³ÌÐò // Reset the SIM_Adapter, then enter the main program // Note: the SIM_Adapter will not enter the main program after power up. Please run this function before use SIM_Adapter. static void I2C_Reset_EnterMainProgram(void) { - I2C_SetResetStatus(0, 0, 0); // À­µÍ¸´Î»Ïß - SpinDelay(30); - I2C_SetResetStatus(1, 0, 0); // ½â³ý¸´Î» - SpinDelay(30); - I2C_SetResetStatus(1, 1, 1); // À­¸ßÊý¾ÝÏß - SpinDelay(10); + StartTicks(); + I2C_init(); + I2C_SetResetStatus(0, 0, 0); + WaitMS(30); + I2C_SetResetStatus(1, 0, 0); + WaitMS(30); + I2C_SetResetStatus(1, 1, 1); + WaitMS(10); } -// µÈ´ýʱÖÓ±ä¸ß // Wait for the clock to go High. static bool WaitSCL_H_delay(uint32_t delay) { while (delay--) { @@ -184,7 +216,8 @@ static void I2C_SendByte(uint8_t data) { uint8_t bits = 8; while (bits--) { - SCL_L; I2C_DELAY_1CLK; + SCL_L; + I2C_DELAY_1CLK; if (data & 0x80) SDA_H; @@ -205,7 +238,6 @@ static void I2C_SendByte(uint8_t data) { } bool I2C_is_available(void) { - I2C_init(); I2C_Reset_EnterMainProgram(); if (!I2C_Start()) // some other device is active on the bus return true; @@ -219,33 +251,33 @@ bool I2C_is_available(void) { } #ifdef WITH_SMARTCARD -// ¸´Î»½øÈëÒýµ¼Ä£Ê½ // Reset the SIM_Adapter, then enter the bootloader program // Reserve£ºFor firmware update. static void I2C_Reset_EnterBootloader(void) { - I2C_SetResetStatus(0, 1, 1); // À­µÍ¸´Î»Ïß - SpinDelay(100); - I2C_SetResetStatus(1, 1, 1); // ½â³ý¸´Î» - SpinDelay(10); + I2C_SetResetStatus(0, 1, 1); + WaitMS(100); + I2C_SetResetStatus(1, 1, 1); + WaitMS(10); } -// Wait max 300ms or until SCL goes LOW. +// Wait max 1800ms or until SCL goes LOW. +// It timeout reading response from card // Which ever comes first -static bool WaitSCL_L_300ms(void) { - volatile uint16_t delay = 310; +bool WaitSCL_L_timeout(void){ + volatile uint16_t delay = 1800; while ( delay-- ) { // exit on SCL LOW if (!SCL_read) return true; - SpinDelay(1); + WaitMS(1); } return (delay == 0); } static bool I2C_WaitForSim() { - // variable delay here. - if (!WaitSCL_L_300ms()) + // wait for data from card + if (!WaitSCL_L_timeout()) return false; // 8051 speaks with smart card. @@ -303,7 +335,7 @@ static bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address) { do { if (!I2C_Start()) return false; - //[C0] + I2C_SendByte(device_address & 0xFE); if (!I2C_WaitAck()) break; @@ -323,7 +355,6 @@ static bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address) { return true; } -// дÈë1×Ö½ÚÊý¾Ý £¨´ýдÈëÊý¾Ý£¬´ýдÈëµØÖ·£¬Æ÷¼þÀàÐÍ£© // Sends 1 byte data (Data to be written, command to be written , SlaveDevice address ). static bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) { bool bBreak = true; @@ -354,7 +385,6 @@ static bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_addre return true; } -// дÈë1´®Êý¾Ý£¨´ýдÈëÊý×éµØÖ·£¬´ýдÈ볤¶È£¬´ýдÈëµØÖ·£¬Æ÷¼þÀàÐÍ£© //Sends a string of data (Array, length, command to be written , SlaveDevice address ). // len = uint8 (max buffer to write 256bytes) static bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { @@ -393,7 +423,6 @@ static bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint return true; } -// ¶Á³ö1´®Êý¾Ý£¨´æ·Å¶Á³öÊý¾Ý£¬´ý¶Á³ö³¤¶È£¬´ø¶Á³öµØÖ·£¬Æ÷¼þÀàÐÍ£© // read 1 strings of data (Data array, Readout length, command to be written , SlaveDevice address ). // len = uint8 (max buffer to read 256bytes) static int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { @@ -403,7 +432,7 @@ static int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, ui // extra wait 500us (514us measured) // 200us (xx measured) - SpinDelayUs(600); + WaitUS(600); bool bBreak = true; uint16_t readcount = 0; @@ -462,6 +491,7 @@ static int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, ui } I2C_Stop(); + // return bytecount - first byte (which is length byte) return --readcount; } @@ -481,12 +511,10 @@ static int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, if (!I2C_WaitAck()) break; - // msb I2C_SendByte(msb); if (!I2C_WaitAck()) break; - // lsb I2C_SendByte(lsb); if (!I2C_WaitAck()) break; @@ -543,12 +571,10 @@ static bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, ui if (!I2C_WaitAck()) break; - // msb I2C_SendByte(msb); if (!I2C_WaitAck()) break; - // lsb I2C_SendByte(lsb); if (!I2C_WaitAck()) break; @@ -577,7 +603,6 @@ static bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, ui void I2C_print_status(void) { DbpString("Smart card module (ISO 7816)"); uint8_t resp[] = {0,0,0,0}; - I2C_init(); I2C_Reset_EnterMainProgram(); uint8_t len = I2C_BufferRead(resp, sizeof(resp), I2C_DEVICE_CMD_GETVERSION, I2C_DEVICE_ADDRESS_MAIN); if ( len > 0 ) @@ -624,8 +649,6 @@ static bool GetATR(smart_card_atr_t *card_ptr) { // Send ATR // start [C0 01] stop start C1 len aa bb cc stop] I2C_WriteCmd(I2C_DEVICE_CMD_GENERATE_ATR, I2C_DEVICE_ADDRESS_MAIN); - uint8_t cmd[1] = {1}; - LogTrace(cmd, 1, 0, 0, NULL, true); // wait for sim card to answer. // 1byte = 1ms, max frame 256bytes. Should wait 256ms at least just in case. @@ -637,41 +660,6 @@ static bool GetATR(smart_card_atr_t *card_ptr) { if ( !sc_rx_bytes(card_ptr->atr, &len) ) return false; - uint8_t pos_td = 1; - if ( (card_ptr->atr[1] & 0x10) == 0x10) pos_td++; - if ( (card_ptr->atr[1] & 0x20) == 0x20) pos_td++; - if ( (card_ptr->atr[1] & 0x40) == 0x40) pos_td++; - - // T0 indicate presence T=0 vs T=1. T=1 has checksum TCK - if ( (card_ptr->atr[1] & 0x80) == 0x80) { - - pos_td++; - - // 1 == T1 , presence of checksum TCK - if ( (card_ptr->atr[pos_td] & 0x01) == 0x01) { - uint8_t chksum = 0; - // xor property. will be zero when xored with chksum. - for (uint8_t i = 1; i < len; ++i) - chksum ^= card_ptr->atr[i]; - if ( chksum ) { - if ( MF_DBGLEVEL > 2) DbpString("Wrong ATR checksum"); - } - } - } - - // for some reason we only get first byte of atr, if that is so, send dummy command to retrieve the rest of the atr - if (len == 1) { - - uint8_t data[1] = {0}; - I2C_BufferWrite(data, len, I2C_DEVICE_CMD_SEND, I2C_DEVICE_ADDRESS_MAIN); - - if ( !I2C_WaitForSim() ) - return false; - - uint8_t len2 = I2C_BufferRead(card_ptr->atr + len, sizeof(card_ptr->atr) - len, I2C_DEVICE_CMD_READ, I2C_DEVICE_ADDRESS_MAIN); - len = len + len2; - } - card_ptr->atr_len = len; LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false); @@ -683,7 +671,6 @@ void SmartCardAtr(void) { LED_D_ON(); clear_trace(); set_tracing(true); - I2C_init(); I2C_Reset_EnterMainProgram(); bool isOK = GetATR( &card ); cmd_send(CMD_ACK, isOK, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t)); @@ -706,10 +693,9 @@ void SmartCardRaw( uint64_t arg0, uint64_t arg1, uint8_t *data ) { if ((flags & SC_CONNECT)) { - I2C_init(); I2C_Reset_EnterMainProgram(); - if ( !(flags & SC_NO_SELECT) ) { + if ((flags & SC_SELECT)) { smart_card_atr_t card; bool gotATR = GetATR( &card ); //cmd_send(CMD_ACK, gotATR, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t)); @@ -718,25 +704,28 @@ void SmartCardRaw( uint64_t arg0, uint64_t arg1, uint8_t *data ) { } } - if ((flags & SC_RAW)) { + if ((flags & SC_RAW) || (flags & SC_RAW_T0)) { LogTrace(data, arg1, 0, 0, NULL, true); // Send raw bytes // asBytes = A0 A4 00 00 02 // arg1 = len 5 - I2C_BufferWrite(data, arg1, I2C_DEVICE_CMD_SEND, I2C_DEVICE_ADDRESS_MAIN); - - if ( !I2C_WaitForSim() ) - goto OUT; + bool res = I2C_BufferWrite(data, arg1, ((flags & SC_RAW_T0) ? I2C_DEVICE_CMD_SEND_T0 : I2C_DEVICE_CMD_SEND), I2C_DEVICE_ADDRESS_MAIN); + if ( !res && MF_DBGLEVEL > 3 ) DbpString(I2C_ERROR); // read bytes from module len = ISO7618_MAX_FRAME; - sc_rx_bytes(resp, &len); - LogTrace(resp, len, 0, 0, NULL, false); + res = sc_rx_bytes(resp, &len); + if ( res ) { + LogTrace(resp, len, 0, 0, NULL, false); + } else { + len = 0; + } } OUT: cmd_send(CMD_ACK, len, 0, 0, resp, len); + BigBuf_free(); set_tracing(false); LEDsoff(); } @@ -749,7 +738,6 @@ void SmartCardUpgrade(uint64_t arg0) { // write. Sector0, with 11,22,33,44 // erase is 128bytes, and takes 50ms to execute - I2C_init(); I2C_Reset_EnterBootloader(); bool isOK = true; @@ -777,7 +765,7 @@ void SmartCardUpgrade(uint64_t arg0) { } // writing takes time. - SpinDelay(50); + WaitMS(50); // read res = I2C_ReadFW(verfiydata, size, msb, lsb, I2C_DEVICE_ADDRESS_BOOT); @@ -799,6 +787,7 @@ void SmartCardUpgrade(uint64_t arg0) { } cmd_send(CMD_ACK, isOK, pos, 0, 0, 0); LED_C_OFF(); + BigBuf_free(); } // unfinished (or not needed?) @@ -808,7 +797,6 @@ void SmartCardUpgrade(uint64_t arg0) { void SmartCardSetClock(uint64_t arg0) { LED_D_ON(); set_tracing(true); - I2C_init(); I2C_Reset_EnterMainProgram(); // Send SIM CLC diff --git a/armsrc/i2c.h b/armsrc/i2c.h index a10ac74f..df66adef 100644 --- a/armsrc/i2c.h +++ b/armsrc/i2c.h @@ -23,6 +23,8 @@ #define I2C_DEVICE_CMD_SETBAUD 0x04 #define I2C_DEVICE_CMD_SIM_CLC 0x05 #define I2C_DEVICE_CMD_GETVERSION 0x06 +#define I2C_DEVICE_CMD_SEND_T0 0x07 + bool I2C_is_available(void); diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 1591a062..3f89ae85 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -3,6 +3,7 @@ // Hagen Fritsch - June 2010 // Gerhard de Koning Gans - May 2011 // Gerhard de Koning Gans - June 2012 - Added iClass card and reader emulation +// piwi - 2019 // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -10,39 +11,22 @@ //----------------------------------------------------------------------------- // Routines to support iClass. //----------------------------------------------------------------------------- -// Based on ISO14443a implementation. Still in experimental phase. // Contribution made during a security research at Radboud University Nijmegen -// +// // Please feel free to contribute and extend iClass support!! //----------------------------------------------------------------------------- -// -// FIX: -// ==== -// We still have sometimes a demodulation error when snooping iClass communication. -// The resulting trace of a read-block-03 command may look something like this: -// -// + 22279: : 0c 03 e8 01 -// -// ...with an incorrect answer... -// -// + 85: 0: TAG ff! ff! ff! ff! ff! ff! ff! ff! bb 33 bb 00 01! 0e! 04! bb !crc -// -// We still left the error signalling bytes in the traces like 0xbb -// -// A correct trace should look like this: -// -// + 21112: : 0c 03 e8 01 -// + 85: 0: TAG ff ff ff ff ff ff ff ff ea f5 -// -//----------------------------------------------------------------------------- + +#include "iclass.h" #include "proxmark3.h" #include "apps.h" #include "util.h" #include "string.h" +#include "printf.h" #include "common.h" -#include "cmd.h" +#include "usb_cdc.h" #include "iso14443a.h" +#include "iso15693.h" // Needed for CRC in emulation mode; // same construction as in ISO 14443; // different initial value (CRC_ICLASS) @@ -50,1047 +34,134 @@ #include "iso15693tools.h" #include "protocols.h" #include "optimized_cipher.h" -#include "usb_cdc.h" // for usb_poll_validate_length +#include "fpgaloader.h" -static int timeout = 4096; +// iCLASS has a slightly different timing compared to ISO15693. According to the picopass data sheet the tag response is expected 330us after +// the reader command. This is measured from end of reader EOF to first modulation of the tag's SOF which starts with a 56,64us unmodulated period. +// 330us = 140 ssp_clk cycles @ 423,75kHz when simulating. +// 56,64us = 24 ssp_clk_cycles +#define DELAY_ICLASS_VCD_TO_VICC_SIM (140 - 24) +// times in ssp_clk_cycles @ 3,3625MHz when acting as reader +#define DELAY_ICLASS_VICC_TO_VCD_READER DELAY_ISO15693_VICC_TO_VCD_READER +// times in samples @ 212kHz when acting as reader +#define ICLASS_READER_TIMEOUT_ACTALL 330 // 1558us, nominal 330us + 7slots*160us = 1450us +#define ICLASS_READER_TIMEOUT_UPDATE 3390 // 16000us, nominal 4-15ms +#define ICLASS_READER_TIMEOUT_OTHERS 80 // 380us, nominal 330us +#define ICLASS_BUFFER_SIZE 34 // we expect max 34 bytes as tag answer (response to READ4) -static int SendIClassAnswer(uint8_t *resp, int respLen, int delay); - -//----------------------------------------------------------------------------- -// The software UART that receives commands from the reader, and its state -// variables. -//----------------------------------------------------------------------------- -static struct { - enum { - STATE_UNSYNCD, - STATE_START_OF_COMMUNICATION, - STATE_RECEIVING - } state; - uint16_t shiftReg; - int bitCnt; - int byteCnt; - int byteCntMax; - int posCnt; - int nOutOfCnt; - int OutOfCnt; - int syncBit; - int samples; - int highCnt; - int swapper; - int counter; - int bitBuffer; - int dropPosition; - uint8_t *output; -} Uart; - -static RAMFUNC int OutOfNDecoding(int bit) -{ - //int error = 0; - int bitright; - - if(!Uart.bitBuffer) { - Uart.bitBuffer = bit ^ 0xFF0; - return false; - } - else { - Uart.bitBuffer <<= 4; - Uart.bitBuffer ^= bit; - } - - /*if(Uart.swapper) { - Uart.output[Uart.byteCnt] = Uart.bitBuffer & 0xFF; - Uart.byteCnt++; - Uart.swapper = 0; - if(Uart.byteCnt > 15) { return true; } - } - else { - Uart.swapper = 1; - }*/ - - if(Uart.state != STATE_UNSYNCD) { - Uart.posCnt++; - - if((Uart.bitBuffer & Uart.syncBit) ^ Uart.syncBit) { - bit = 0x00; - } - else { - bit = 0x01; - } - if(((Uart.bitBuffer << 1) & Uart.syncBit) ^ Uart.syncBit) { - bitright = 0x00; - } - else { - bitright = 0x01; - } - if(bit != bitright) { bit = bitright; } - - - // So, now we only have to deal with *bit*, lets see... - if(Uart.posCnt == 1) { - // measurement first half bitperiod - if(!bit) { - // Drop in first half means that we are either seeing - // an SOF or an EOF. - - if(Uart.nOutOfCnt == 1) { - // End of Communication - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - if(Uart.byteCnt == 0) { - // Its not straightforward to show single EOFs - // So just leave it and do not return true - Uart.output[0] = 0xf0; - Uart.byteCnt++; - } - else { - return true; - } - } - else if(Uart.state != STATE_START_OF_COMMUNICATION) { - // When not part of SOF or EOF, it is an error - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - //error = 4; - } - } - } - else { - // measurement second half bitperiod - // Count the bitslot we are in... (ISO 15693) - Uart.nOutOfCnt++; - - if(!bit) { - if(Uart.dropPosition) { - if(Uart.state == STATE_START_OF_COMMUNICATION) { - //error = 1; - } - else { - //error = 7; - } - // It is an error if we already have seen a drop in current frame - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - } - else { - Uart.dropPosition = Uart.nOutOfCnt; - } - } - - Uart.posCnt = 0; - - - if(Uart.nOutOfCnt == Uart.OutOfCnt && Uart.OutOfCnt == 4) { - Uart.nOutOfCnt = 0; - - if(Uart.state == STATE_START_OF_COMMUNICATION) { - if(Uart.dropPosition == 4) { - Uart.state = STATE_RECEIVING; - Uart.OutOfCnt = 256; - } - else if(Uart.dropPosition == 3) { - Uart.state = STATE_RECEIVING; - Uart.OutOfCnt = 4; - //Uart.output[Uart.byteCnt] = 0xdd; - //Uart.byteCnt++; - } - else { - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - } - Uart.dropPosition = 0; - } - else { - // RECEIVING DATA - // 1 out of 4 - if(!Uart.dropPosition) { - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - //error = 9; - } - else { - Uart.shiftReg >>= 2; - - // Swap bit order - Uart.dropPosition--; - //if(Uart.dropPosition == 1) { Uart.dropPosition = 2; } - //else if(Uart.dropPosition == 2) { Uart.dropPosition = 1; } - - Uart.shiftReg ^= ((Uart.dropPosition & 0x03) << 6); - Uart.bitCnt += 2; - Uart.dropPosition = 0; - - if(Uart.bitCnt == 8) { - Uart.output[Uart.byteCnt] = (Uart.shiftReg & 0xff); - Uart.byteCnt++; - Uart.bitCnt = 0; - Uart.shiftReg = 0; - } - } - } - } - else if(Uart.nOutOfCnt == Uart.OutOfCnt) { - // RECEIVING DATA - // 1 out of 256 - if(!Uart.dropPosition) { - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - //error = 3; - } - else { - Uart.dropPosition--; - Uart.output[Uart.byteCnt] = (Uart.dropPosition & 0xff); - Uart.byteCnt++; - Uart.bitCnt = 0; - Uart.shiftReg = 0; - Uart.nOutOfCnt = 0; - Uart.dropPosition = 0; - } - } - - /*if(error) { - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = error & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = (Uart.bitBuffer >> 8) & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = Uart.bitBuffer & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = (Uart.syncBit >> 3) & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - return true; - }*/ - } - - } - else { - bit = Uart.bitBuffer & 0xf0; - bit >>= 4; - bit ^= 0x0F; // drops become 1s ;-) - if(bit) { - // should have been high or at least (4 * 128) / fc - // according to ISO this should be at least (9 * 128 + 20) / fc - if(Uart.highCnt == 8) { - // we went low, so this could be start of communication - // it turns out to be safer to choose a less significant - // syncbit... so we check whether the neighbour also represents the drop - Uart.posCnt = 1; // apparently we are busy with our first half bit period - Uart.syncBit = bit & 8; - Uart.samples = 3; - if(!Uart.syncBit) { Uart.syncBit = bit & 4; Uart.samples = 2; } - else if(bit & 4) { Uart.syncBit = bit & 4; Uart.samples = 2; bit <<= 2; } - if(!Uart.syncBit) { Uart.syncBit = bit & 2; Uart.samples = 1; } - else if(bit & 2) { Uart.syncBit = bit & 2; Uart.samples = 1; bit <<= 1; } - if(!Uart.syncBit) { Uart.syncBit = bit & 1; Uart.samples = 0; - if(Uart.syncBit && (Uart.bitBuffer & 8)) { - Uart.syncBit = 8; - - // the first half bit period is expected in next sample - Uart.posCnt = 0; - Uart.samples = 3; - } - } - else if(bit & 1) { Uart.syncBit = bit & 1; Uart.samples = 0; } - - Uart.syncBit <<= 4; - Uart.state = STATE_START_OF_COMMUNICATION; - Uart.bitCnt = 0; - Uart.byteCnt = 0; - Uart.nOutOfCnt = 0; - Uart.OutOfCnt = 4; // Start at 1/4, could switch to 1/256 - Uart.dropPosition = 0; - Uart.shiftReg = 0; - //error = 0; - } - else { - Uart.highCnt = 0; - } - } - else { - if(Uart.highCnt < 8) { - Uart.highCnt++; - } - } - } - - return false; -} //============================================================================= -// Manchester -//============================================================================= - -static struct { - enum { - DEMOD_UNSYNCD, - DEMOD_START_OF_COMMUNICATION, - DEMOD_START_OF_COMMUNICATION2, - DEMOD_START_OF_COMMUNICATION3, - DEMOD_SOF_COMPLETE, - DEMOD_MANCHESTER_D, - DEMOD_MANCHESTER_E, - DEMOD_END_OF_COMMUNICATION, - DEMOD_END_OF_COMMUNICATION2, - DEMOD_MANCHESTER_F, - DEMOD_ERROR_WAIT - } state; - int bitCount; - int posCount; - int syncBit; - uint16_t shiftReg; - int buffer; - int buffer2; - int buffer3; - int buff; - int samples; - int len; - enum { - SUB_NONE, - SUB_FIRST_HALF, - SUB_SECOND_HALF, - SUB_BOTH - } sub; - uint8_t *output; -} Demod; - -static RAMFUNC int ManchesterDecoding(int v) -{ - int bit; - int modulation; - int error = 0; - - bit = Demod.buffer; - Demod.buffer = Demod.buffer2; - Demod.buffer2 = Demod.buffer3; - Demod.buffer3 = v; - - if(Demod.buff < 3) { - Demod.buff++; - return false; - } - - if(Demod.state==DEMOD_UNSYNCD) { - Demod.output[Demod.len] = 0xfa; - Demod.syncBit = 0; - //Demod.samples = 0; - Demod.posCount = 1; // This is the first half bit period, so after syncing handle the second part - - if(bit & 0x08) { - Demod.syncBit = 0x08; - } - - if(bit & 0x04) { - if(Demod.syncBit) { - bit <<= 4; - } - Demod.syncBit = 0x04; - } - - if(bit & 0x02) { - if(Demod.syncBit) { - bit <<= 2; - } - Demod.syncBit = 0x02; - } - - if(bit & 0x01 && Demod.syncBit) { - Demod.syncBit = 0x01; - } - - if(Demod.syncBit) { - Demod.len = 0; - Demod.state = DEMOD_START_OF_COMMUNICATION; - Demod.sub = SUB_FIRST_HALF; - Demod.bitCount = 0; - Demod.shiftReg = 0; - Demod.samples = 0; - if(Demod.posCount) { - //if(trigger) LED_A_OFF(); // Not useful in this case... - switch(Demod.syncBit) { - case 0x08: Demod.samples = 3; break; - case 0x04: Demod.samples = 2; break; - case 0x02: Demod.samples = 1; break; - case 0x01: Demod.samples = 0; break; - } - // SOF must be long burst... otherwise stay unsynced!!! - if(!(Demod.buffer & Demod.syncBit) || !(Demod.buffer2 & Demod.syncBit)) { - Demod.state = DEMOD_UNSYNCD; - } - } - else { - // SOF must be long burst... otherwise stay unsynced!!! - if(!(Demod.buffer2 & Demod.syncBit) || !(Demod.buffer3 & Demod.syncBit)) { - Demod.state = DEMOD_UNSYNCD; - error = 0x88; - } - - } - error = 0; - - } - } - else { - modulation = bit & Demod.syncBit; - modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit; - - Demod.samples += 4; - - if(Demod.posCount==0) { - Demod.posCount = 1; - if(modulation) { - Demod.sub = SUB_FIRST_HALF; - } - else { - Demod.sub = SUB_NONE; - } - } - else { - Demod.posCount = 0; - /*(modulation && (Demod.sub == SUB_FIRST_HALF)) { - if(Demod.state!=DEMOD_ERROR_WAIT) { - Demod.state = DEMOD_ERROR_WAIT; - Demod.output[Demod.len] = 0xaa; - error = 0x01; - } - }*/ - //else if(modulation) { - if(modulation) { - if(Demod.sub == SUB_FIRST_HALF) { - Demod.sub = SUB_BOTH; - } - else { - Demod.sub = SUB_SECOND_HALF; - } - } - else if(Demod.sub == SUB_NONE) { - if(Demod.state == DEMOD_SOF_COMPLETE) { - Demod.output[Demod.len] = 0x0f; - Demod.len++; - Demod.state = DEMOD_UNSYNCD; -// error = 0x0f; - return true; - } - else { - Demod.state = DEMOD_ERROR_WAIT; - error = 0x33; - } - /*if(Demod.state!=DEMOD_ERROR_WAIT) { - Demod.state = DEMOD_ERROR_WAIT; - Demod.output[Demod.len] = 0xaa; - error = 0x01; - }*/ - } - - switch(Demod.state) { - case DEMOD_START_OF_COMMUNICATION: - if(Demod.sub == SUB_BOTH) { - //Demod.state = DEMOD_MANCHESTER_D; - Demod.state = DEMOD_START_OF_COMMUNICATION2; - Demod.posCount = 1; - Demod.sub = SUB_NONE; - } - else { - Demod.output[Demod.len] = 0xab; - Demod.state = DEMOD_ERROR_WAIT; - error = 0xd2; - } - break; - case DEMOD_START_OF_COMMUNICATION2: - if(Demod.sub == SUB_SECOND_HALF) { - Demod.state = DEMOD_START_OF_COMMUNICATION3; - } - else { - Demod.output[Demod.len] = 0xab; - Demod.state = DEMOD_ERROR_WAIT; - error = 0xd3; - } - break; - case DEMOD_START_OF_COMMUNICATION3: - if(Demod.sub == SUB_SECOND_HALF) { -// Demod.state = DEMOD_MANCHESTER_D; - Demod.state = DEMOD_SOF_COMPLETE; - //Demod.output[Demod.len] = Demod.syncBit & 0xFF; - //Demod.len++; - } - else { - Demod.output[Demod.len] = 0xab; - Demod.state = DEMOD_ERROR_WAIT; - error = 0xd4; - } - break; - case DEMOD_SOF_COMPLETE: - case DEMOD_MANCHESTER_D: - case DEMOD_MANCHESTER_E: - // OPPOSITE FROM ISO14443 - 11110000 = 0 (1 in 14443) - // 00001111 = 1 (0 in 14443) - if(Demod.sub == SUB_SECOND_HALF) { // SUB_FIRST_HALF - Demod.bitCount++; - Demod.shiftReg = (Demod.shiftReg >> 1) ^ 0x100; - Demod.state = DEMOD_MANCHESTER_D; - } - else if(Demod.sub == SUB_FIRST_HALF) { // SUB_SECOND_HALF - Demod.bitCount++; - Demod.shiftReg >>= 1; - Demod.state = DEMOD_MANCHESTER_E; - } - else if(Demod.sub == SUB_BOTH) { - Demod.state = DEMOD_MANCHESTER_F; - } - else { - Demod.state = DEMOD_ERROR_WAIT; - error = 0x55; - } - break; - - case DEMOD_MANCHESTER_F: - // Tag response does not need to be a complete byte! - if(Demod.len > 0 || Demod.bitCount > 0) { - if(Demod.bitCount > 1) { // was > 0, do not interpret last closing bit, is part of EOF - Demod.shiftReg >>= (9 - Demod.bitCount); // right align data - Demod.output[Demod.len] = Demod.shiftReg & 0xff; - Demod.len++; - } - - Demod.state = DEMOD_UNSYNCD; - return true; - } - else { - Demod.output[Demod.len] = 0xad; - Demod.state = DEMOD_ERROR_WAIT; - error = 0x03; - } - break; - - case DEMOD_ERROR_WAIT: - Demod.state = DEMOD_UNSYNCD; - break; - - default: - Demod.output[Demod.len] = 0xdd; - Demod.state = DEMOD_UNSYNCD; - break; - } - - /*if(Demod.bitCount>=9) { - Demod.output[Demod.len] = Demod.shiftReg & 0xff; - Demod.len++; - - Demod.parityBits <<= 1; - Demod.parityBits ^= ((Demod.shiftReg >> 8) & 0x01); - - Demod.bitCount = 0; - Demod.shiftReg = 0; - }*/ - if(Demod.bitCount>=8) { - Demod.shiftReg >>= 1; - Demod.output[Demod.len] = (Demod.shiftReg & 0xff); - Demod.len++; - Demod.bitCount = 0; - Demod.shiftReg = 0; - } - - if(error) { - Demod.output[Demod.len] = 0xBB; - Demod.len++; - Demod.output[Demod.len] = error & 0xFF; - Demod.len++; - Demod.output[Demod.len] = 0xBB; - Demod.len++; - Demod.output[Demod.len] = bit & 0xFF; - Demod.len++; - Demod.output[Demod.len] = Demod.buffer & 0xFF; - Demod.len++; - // Look harder ;-) - Demod.output[Demod.len] = Demod.buffer2 & 0xFF; - Demod.len++; - Demod.output[Demod.len] = Demod.syncBit & 0xFF; - Demod.len++; - Demod.output[Demod.len] = 0xBB; - Demod.len++; - return true; - } - - } - - } // end (state != UNSYNCED) - - return false; -} - -//============================================================================= -// Finally, a `sniffer' for iClass communication +// A `sniffer' for iClass communication // Both sides of communication! //============================================================================= - -//----------------------------------------------------------------------------- -// Record the sequence of commands sent by the reader to the tag, with -// triggering so that we start recording at the point that the tag is moved -// near the reader. -//----------------------------------------------------------------------------- -void RAMFUNC SnoopIClass(void) -{ - - - // We won't start recording the frames that we acquire until we trigger; - // a good trigger condition to get started is probably when we see a - // response from the tag. - //int triggered = false; // false to wait first for card - - // The command (reader -> tag) that we're receiving. - // The length of a received command will in most cases be no more than 18 bytes. - // So 32 should be enough! - #define ICLASS_BUFFER_SIZE 32 - uint8_t readerToTagCmd[ICLASS_BUFFER_SIZE]; - // The response (tag -> reader) that we're receiving. - uint8_t tagToReaderResponse[ICLASS_BUFFER_SIZE]; - - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - - // free all BigBuf memory - BigBuf_free(); - // The DMA buffer, used to stream samples from the FPGA - uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE); - - set_tracing(true); - clear_trace(); - iso14a_set_trigger(false); - - int lastRxCounter; - uint8_t *upTo; - int smpl; - int maxBehindBy = 0; - - // Count of samples received so far, so that we can include timing - // information in the trace buffer. - int samples = 0; - rsamples = 0; - - // Set up the demodulator for tag -> reader responses. - Demod.output = tagToReaderResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - // Setup for the DMA. - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); - upTo = dmaBuf; - lastRxCounter = DMA_BUFFER_SIZE; - FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); - - // And the reader -> tag commands - memset(&Uart, 0, sizeof(Uart)); - Uart.output = readerToTagCmd; - Uart.byteCntMax = 32; // was 100 (greg)//////////////////////////////////////////////////////////////////////// - Uart.state = STATE_UNSYNCD; - - // And put the FPGA in the appropriate mode - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER); - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - uint32_t time_0 = GetCountSspClk(); - uint32_t time_start = 0; - uint32_t time_stop = 0; - - int div = 0; - //int div2 = 0; - int decbyte = 0; - int decbyter = 0; - - // And now we loop, receiving samples. - for(;;) { - LED_A_ON(); - WDT_HIT(); - int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & - (DMA_BUFFER_SIZE-1); - if(behindBy > maxBehindBy) { - maxBehindBy = behindBy; - if(behindBy > (9 * DMA_BUFFER_SIZE / 10)) { - Dbprintf("blew circular buffer! behindBy=0x%x", behindBy); - goto done; - } - } - if(behindBy < 1) continue; - - LED_A_OFF(); - smpl = upTo[0]; - upTo++; - lastRxCounter -= 1; - if(upTo - dmaBuf > DMA_BUFFER_SIZE) { - upTo -= DMA_BUFFER_SIZE; - lastRxCounter += DMA_BUFFER_SIZE; - AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo; - AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; - } - - //samples += 4; - samples += 1; - - if(smpl & 0xF) { - decbyte ^= (1 << (3 - div)); - } - - // FOR READER SIDE COMMUMICATION... - - decbyter <<= 2; - decbyter ^= (smpl & 0x30); - - div++; - - if((div + 1) % 2 == 0) { - smpl = decbyter; - if(OutOfNDecoding((smpl & 0xF0) >> 4)) { - rsamples = samples - Uart.samples; - time_stop = (GetCountSspClk()-time_0) << 4; - LED_C_ON(); - - //if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,true)) break; - //if(!LogTrace(NULL, 0, Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, 0, true)) break; - if(tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - GetParity(Uart.output, Uart.byteCnt, parity); - LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, true); - } - - - /* And ready to receive another command. */ - Uart.state = STATE_UNSYNCD; - /* And also reset the demod code, which might have been */ - /* false-triggered by the commands from the reader. */ - Demod.state = DEMOD_UNSYNCD; - LED_B_OFF(); - Uart.byteCnt = 0; - }else{ - time_start = (GetCountSspClk()-time_0) << 4; - } - decbyter = 0; - } - - if(div > 3) { - smpl = decbyte; - if(ManchesterDecoding(smpl & 0x0F)) { - time_stop = (GetCountSspClk()-time_0) << 4; - - rsamples = samples - Demod.samples; - LED_B_ON(); - - if(tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - GetParity(Demod.output, Demod.len, parity); - LogTrace(Demod.output, Demod.len, time_start, time_stop, parity, false); - } - - // And ready to receive another response. - memset(&Demod, 0, sizeof(Demod)); - Demod.output = tagToReaderResponse; - Demod.state = DEMOD_UNSYNCD; - LED_C_OFF(); - }else{ - time_start = (GetCountSspClk()-time_0) << 4; - } - - div = 0; - decbyte = 0x00; - } - //} - - if(BUTTON_PRESS()) { - DbpString("cancelled_a"); - goto done; - } - } - - DbpString("COMMAND FINISHED"); - - Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); - Dbprintf("%x %x %x", Uart.byteCntMax, BigBuf_get_traceLen(), (int)Uart.output[0]); - -done: - AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; - Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); - Dbprintf("%x %x %x", Uart.byteCntMax, BigBuf_get_traceLen(), (int)Uart.output[0]); - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); +void SnoopIClass(uint8_t jam_search_len, uint8_t *jam_search_string) { + SnoopIso15693(jam_search_len, jam_search_string); } + void rotateCSN(uint8_t* originalCSN, uint8_t* rotatedCSN) { - int i; - for(i = 0; i < 8; i++) { + int i; + for (i = 0; i < 8; i++) { rotatedCSN[i] = (originalCSN[i] >> 3) | (originalCSN[(i+1)%8] << 5); } } -//----------------------------------------------------------------------------- -// Wait for commands from reader -// Stop when button is pressed -// Or return true when command is captured -//----------------------------------------------------------------------------- -static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen) -{ - // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); - - // Now run a `software UART' on the stream of incoming samples. - Uart.output = received; - Uart.byteCntMax = maxLen; - Uart.state = STATE_UNSYNCD; - - for(;;) { - WDT_HIT(); - - if(BUTTON_PRESS()) return false; - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - - if(OutOfNDecoding(b & 0x0f)) { - *len = Uart.byteCnt; - return true; - } - } - } -} - -static uint8_t encode4Bits(const uint8_t b) -{ - uint8_t c = b & 0xF; - // OTA, the least significant bits first - // The columns are - // 1 - Bit value to send - // 2 - Reversed (big-endian) - // 3 - Encoded - // 4 - Hex values - - switch(c){ - // 1 2 3 4 - case 15: return 0x55; // 1111 -> 1111 -> 01010101 -> 0x55 - case 14: return 0x95; // 1110 -> 0111 -> 10010101 -> 0x95 - case 13: return 0x65; // 1101 -> 1011 -> 01100101 -> 0x65 - case 12: return 0xa5; // 1100 -> 0011 -> 10100101 -> 0xa5 - case 11: return 0x59; // 1011 -> 1101 -> 01011001 -> 0x59 - case 10: return 0x99; // 1010 -> 0101 -> 10011001 -> 0x99 - case 9: return 0x69; // 1001 -> 1001 -> 01101001 -> 0x69 - case 8: return 0xa9; // 1000 -> 0001 -> 10101001 -> 0xa9 - case 7: return 0x56; // 0111 -> 1110 -> 01010110 -> 0x56 - case 6: return 0x96; // 0110 -> 0110 -> 10010110 -> 0x96 - case 5: return 0x66; // 0101 -> 1010 -> 01100110 -> 0x66 - case 4: return 0xa6; // 0100 -> 0010 -> 10100110 -> 0xa6 - case 3: return 0x5a; // 0011 -> 1100 -> 01011010 -> 0x5a - case 2: return 0x9a; // 0010 -> 0100 -> 10011010 -> 0x9a - case 1: return 0x6a; // 0001 -> 1000 -> 01101010 -> 0x6a - default: return 0xaa; // 0000 -> 0000 -> 10101010 -> 0xaa - - } -} - -//----------------------------------------------------------------------------- -// Prepare tag messages -//----------------------------------------------------------------------------- -static void CodeIClassTagAnswer(const uint8_t *cmd, int len) -{ - - /* - * SOF comprises 3 parts; - * * An unmodulated time of 56.64 us - * * 24 pulses of 423.75 KHz (fc/32) - * * A logic 1, which starts with an unmodulated time of 18.88us - * followed by 8 pulses of 423.75kHz (fc/32) - * - * - * EOF comprises 3 parts: - * - A logic 0 (which starts with 8 pulses of fc/32 followed by an unmodulated - * time of 18.88us. - * - 24 pulses of fc/32 - * - An unmodulated time of 56.64 us - * - * - * A logic 0 starts with 8 pulses of fc/32 - * followed by an unmodulated time of 256/fc (~18,88us). - * - * A logic 0 starts with unmodulated time of 256/fc (~18,88us) followed by - * 8 pulses of fc/32 (also 18.88us) - * - * The mode FPGA_HF_SIMULATOR_MODULATE_424K_8BIT which we use to simulate tag, - * works like this. - * - A 1-bit input to the FPGA becomes 8 pulses on 423.5kHz (fc/32) (18.88us). - * - A 0-bit inptu to the FPGA becomes an unmodulated time of 18.88us - * - * In this mode the SOF can be written as 00011101 = 0x1D - * The EOF can be written as 10111000 = 0xb8 - * A logic 1 is 01 - * A logic 0 is 10 - * - * */ - - int i; +// Encode SOF only +static void CodeIClassTagSOF() { ToSendReset(); - - // Send SOF ToSend[++ToSendMax] = 0x1D; - - for(i = 0; i < len; i++) { - uint8_t b = cmd[i]; - ToSend[++ToSendMax] = encode4Bits(b & 0xF); //Least significant half - ToSend[++ToSendMax] = encode4Bits((b >>4) & 0xF);//Most significant half - } - - // Send EOF - ToSend[++ToSendMax] = 0xB8; - //lastProxToAirDuration = 8*ToSendMax - 3*8 - 3*8;//Not counting zeroes in the beginning or end - // Convert from last byte pos to length ToSendMax++; } -// Only SOF -static void CodeIClassTagSOF() -{ - //So far a dummy implementation, not used - //int lastProxToAirDuration =0; - ToSendReset(); - // Send SOF - ToSend[++ToSendMax] = 0x1D; -// lastProxToAirDuration = 8*ToSendMax - 3*8;//Not counting zeroes in the beginning - - // Convert from last byte pos to length - ToSendMax++; +static void AppendCrc(uint8_t *data, int len) { + ComputeCrc14443(CRC_ICLASS, data, len, data+len, data+len+1); } -#define MODE_SIM_CSN 0 -#define MODE_EXIT_AFTER_MAC 1 -#define MODE_FULLSIM 2 -int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf); -/** - * @brief SimulateIClass simulates an iClass card. - * @param arg0 type of simulation - * - 0 uses the first 8 bytes in usb data as CSN - * - 2 "dismantling iclass"-attack. This mode iterates through all CSN's specified - * in the usb data. This mode collects MAC from the reader, in order to do an offline - * attack on the keys. For more info, see "dismantling iclass" and proxclone.com. - * - Other : Uses the default CSN (031fec8af7ff12e0) - * @param arg1 - number of CSN's contained in datain (applicable for mode 2 only) - * @param arg2 - * @param datain - */ -void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) -{ - uint32_t simType = arg0; - uint32_t numberOfCSNS = arg1; - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - - // Enable and clear the trace - set_tracing(true); - clear_trace(); - //Use the emulator memory for SIM - uint8_t *emulator = BigBuf_get_EM_addr(); - - if(simType == 0) { - // Use the CSN from commandline - memcpy(emulator, datain, 8); - doIClassSimulation(MODE_SIM_CSN,NULL); - }else if(simType == 1) - { - //Default CSN - uint8_t csn_crc[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 }; - // Use the CSN from commandline - memcpy(emulator, csn_crc, 8); - doIClassSimulation(MODE_SIM_CSN,NULL); - } - else if(simType == 2) - { - - uint8_t mac_responses[USB_CMD_DATA_SIZE] = { 0 }; - Dbprintf("Going into attack mode, %d CSNS sent", numberOfCSNS); - // In this mode, a number of csns are within datain. We'll simulate each one, one at a time - // in order to collect MAC's from the reader. This can later be used in an offlne-attack - // in order to obtain the keys, as in the "dismantling iclass"-paper. - int i = 0; - for( ; i < numberOfCSNS && i*8+8 < USB_CMD_DATA_SIZE; i++) - { - // The usb data is 512 bytes, fitting 65 8-byte CSNs in there. - - memcpy(emulator, datain+(i*8), 8); - if(doIClassSimulation(MODE_EXIT_AFTER_MAC,mac_responses+i*8)) - { - cmd_send(CMD_ACK,CMD_SIMULATE_TAG_ICLASS,i,0,mac_responses,i*8); - return; // Button pressed - } - } - cmd_send(CMD_ACK,CMD_SIMULATE_TAG_ICLASS,i,0,mac_responses,i*8); - - }else if(simType == 3){ - //This is 'full sim' mode, where we use the emulator storage for data. - doIClassSimulation(MODE_FULLSIM, NULL); - } - else{ - // We may want a mode here where we hardcode the csns to use (from proxclone). - // That will speed things up a little, but not required just yet. - Dbprintf("The mode is not implemented, reserved for future use"); - } - Dbprintf("Done..."); - -} -void AppendCrc(uint8_t* data, int len) -{ - ComputeCrc14443(CRC_ICLASS,data,len,data+len,data+len+1); -} /** * @brief Does the actual simulation - * @param csn - csn to use - * @param breakAfterMacReceived if true, returns after reader MAC has been received. */ -int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) -{ +int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { + // free eventually allocated BigBuf memory BigBuf_free_keep_EM(); - State cipher_state; -// State cipher_state_reserve; - uint8_t *csn = BigBuf_get_EM_addr(); - uint8_t *emulator = csn; - uint8_t sof_data[] = { 0x0F} ; + uint16_t page_size = 32 * 8; + uint8_t current_page = 0; + + // maintain cipher states for both credit and debit key for each page + State cipher_state_KC[8]; + State cipher_state_KD[8]; + State *cipher_state = &cipher_state_KD[0]; + + uint8_t *emulator = BigBuf_get_EM_addr(); + uint8_t *csn = emulator; + // CSN followed by two CRC bytes - uint8_t anticoll_data[10] = { 0 }; - uint8_t csn_data[10] = { 0 }; - memcpy(csn_data,csn,sizeof(csn_data)); - Dbprintf("Simulating CSN %02x%02x%02x%02x%02x%02x%02x%02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]); + uint8_t anticoll_data[10]; + uint8_t csn_data[10]; + memcpy(csn_data, csn, sizeof(csn_data)); + Dbprintf("Simulating CSN %02x%02x%02x%02x%02x%02x%02x%02x", csn[0], csn[1], csn[2], csn[3], csn[4], csn[5], csn[6], csn[7]); // Construct anticollision-CSN - rotateCSN(csn_data,anticoll_data); + rotateCSN(csn_data, anticoll_data); // Compute CRC on both CSNs - ComputeCrc14443(CRC_ICLASS, anticoll_data, 8, &anticoll_data[8], &anticoll_data[9]); - ComputeCrc14443(CRC_ICLASS, csn_data, 8, &csn_data[8], &csn_data[9]); + AppendCrc(anticoll_data, 8); + AppendCrc(csn_data, 8); + + uint8_t diversified_key_d[8] = { 0x00 }; + uint8_t diversified_key_c[8] = { 0x00 }; + uint8_t *diversified_key = diversified_key_d; + + // configuration block + uint8_t conf_block[10] = {0x12, 0xFF, 0xFF, 0xFF, 0x7F, 0x1F, 0xFF, 0x3C, 0x00, 0x00}; - uint8_t diversified_key[8] = { 0 }; // e-Purse - uint8_t card_challenge_data[8] = { 0x00 }; - if(simulationMode == MODE_FULLSIM) - { - //The diversified key should be stored on block 3 - //Get the diversified key from emulator memory - memcpy(diversified_key, emulator+(8*3),8); + uint8_t card_challenge_data[8] = { 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; - //Card challenge, a.k.a e-purse is on block 2 - memcpy(card_challenge_data,emulator + (8 * 2) , 8); - //Precalculate the cipher state, feeding it the CC - cipher_state = opt_doTagMAC_1(card_challenge_data,diversified_key); + if (simulationMode == ICLASS_SIM_MODE_FULL) { + // initialize from page 0 + memcpy(conf_block, emulator + 8 * 1, 8); + memcpy(card_challenge_data, emulator + 8 * 2, 8); // e-purse + memcpy(diversified_key_d, emulator + 8 * 3, 8); // Kd + memcpy(diversified_key_c, emulator + 8 * 4, 8); // Kc + } + AppendCrc(conf_block, 8); + + // save card challenge for sim2,4 attack + if (reader_mac_buf != NULL) { + memcpy(reader_mac_buf, card_challenge_data, 8); + } + + if (conf_block[5] & 0x80) { + page_size = 256 * 8; + } + + // From PicoPass DS: + // When the page is in personalization mode this bit is equal to 1. + // Once the application issuer has personalized and coded its dedicated areas, this bit must be set to 0: + // the page is then "in application mode". + bool personalization_mode = conf_block[7] & 0x80; + + // chip memory may be divided in 8 pages + uint8_t max_page = conf_block[4] & 0x10 ? 0 : 7; + + // Precalculate the cipher states, feeding it the CC + cipher_state_KD[0] = opt_doTagMAC_1(card_challenge_data, diversified_key_d); + cipher_state_KC[0] = opt_doTagMAC_1(card_challenge_data, diversified_key_c); + if (simulationMode == ICLASS_SIM_MODE_FULL) { + for (int i = 1; i < max_page; i++) { + uint8_t *epurse = emulator + i*page_size + 8*2; + uint8_t *Kd = emulator + i*page_size + 8*3; + uint8_t *Kc = emulator + i*page_size + 8*4; + cipher_state_KD[i] = opt_doTagMAC_1(epurse, Kd); + cipher_state_KC[i] = opt_doTagMAC_1(epurse, Kc); + } } int exitLoop = 0; @@ -1103,963 +174,755 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) uint8_t *modulated_response; int modulated_response_size = 0; - uint8_t* trace_data = NULL; + uint8_t *trace_data = NULL; int trace_data_size = 0; - // Respond SOF -- takes 1 bytes - uint8_t *resp_sof = BigBuf_malloc(2); + uint8_t *resp_sof = BigBuf_malloc(1); int resp_sof_Len; // Anticollision CSN (rotated CSN) // 22: Takes 2 bytes for SOF/EOF and 10 * 2 = 20 bytes (2 bytes/byte) - uint8_t *resp_anticoll = BigBuf_malloc(28); + uint8_t *resp_anticoll = BigBuf_malloc(22); int resp_anticoll_len; - // CSN + // CSN (block 0) // 22: Takes 2 bytes for SOF/EOF and 10 * 2 = 20 bytes (2 bytes/byte) - uint8_t *resp_csn = BigBuf_malloc(30); + uint8_t *resp_csn = BigBuf_malloc(22); int resp_csn_len; - // e-Purse + // configuration (block 1) picopass 2ks + uint8_t *resp_conf = BigBuf_malloc(22); + int resp_conf_len; + + // e-Purse (block 2) // 18: Takes 2 bytes for SOF/EOF and 8 * 2 = 16 bytes (2 bytes/bit) - uint8_t *resp_cc = BigBuf_malloc(20); + uint8_t *resp_cc = BigBuf_malloc(18); int resp_cc_len; + // Kd, Kc (blocks 3 and 4). Cannot be read. Always respond with 0xff bytes only + uint8_t *resp_ff = BigBuf_malloc(22); + int resp_ff_len; + uint8_t ff_data[10] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00}; + AppendCrc(ff_data, 8); + + // Application Issuer Area (block 5) + uint8_t *resp_aia = BigBuf_malloc(22); + int resp_aia_len; + uint8_t aia_data[10] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00}; + AppendCrc(aia_data, 8); + uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE); int len; // Prepare card messages - ToSendMax = 0; - // First card answer: SOF + // First card answer: SOF only CodeIClassTagSOF(); - memcpy(resp_sof, ToSend, ToSendMax); resp_sof_Len = ToSendMax; + memcpy(resp_sof, ToSend, ToSendMax); + resp_sof_Len = ToSendMax; // Anticollision CSN - CodeIClassTagAnswer(anticoll_data, sizeof(anticoll_data)); - memcpy(resp_anticoll, ToSend, ToSendMax); resp_anticoll_len = ToSendMax; + CodeIso15693AsTag(anticoll_data, sizeof(anticoll_data)); + memcpy(resp_anticoll, ToSend, ToSendMax); + resp_anticoll_len = ToSendMax; - // CSN - CodeIClassTagAnswer(csn_data, sizeof(csn_data)); - memcpy(resp_csn, ToSend, ToSendMax); resp_csn_len = ToSendMax; + // CSN (block 0) + CodeIso15693AsTag(csn_data, sizeof(csn_data)); + memcpy(resp_csn, ToSend, ToSendMax); + resp_csn_len = ToSendMax; - // e-Purse - CodeIClassTagAnswer(card_challenge_data, sizeof(card_challenge_data)); - memcpy(resp_cc, ToSend, ToSendMax); resp_cc_len = ToSendMax; + // Configuration (block 1) + CodeIso15693AsTag(conf_block, sizeof(conf_block)); + memcpy(resp_conf, ToSend, ToSendMax); + resp_conf_len = ToSendMax; + + // e-Purse (block 2) + CodeIso15693AsTag(card_challenge_data, sizeof(card_challenge_data)); + memcpy(resp_cc, ToSend, ToSendMax); + resp_cc_len = ToSendMax; + + // Kd, Kc (blocks 3 and 4) + CodeIso15693AsTag(ff_data, sizeof(ff_data)); + memcpy(resp_ff, ToSend, ToSendMax); + resp_ff_len = ToSendMax; + + // Application Issuer Area (block 5) + CodeIso15693AsTag(aia_data, sizeof(aia_data)); + memcpy(resp_aia, ToSend, ToSendMax); + resp_aia_len = ToSendMax; //This is used for responding to READ-block commands or other data which is dynamically generated - //First the 'trace'-data, not encoded for FPGA - uint8_t *data_generic_trace = BigBuf_malloc(8 + 2);//8 bytes data + 2byte CRC is max tag answer - //Then storage for the modulated data - //Each bit is doubled when modulated for FPGA, and we also have SOF and EOF (2 bytes) - uint8_t *data_response = BigBuf_malloc( (8+2) * 2 + 2); + uint8_t *data_generic_trace = BigBuf_malloc(32 + 2); // 32 bytes data + 2byte CRC is max tag answer + uint8_t *data_response = BigBuf_malloc( (32 + 2) * 2 + 2); - // Start from off (no field generated) - //FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - //SpinDelay(200); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); - SpinDelay(100); - StartCountSspClk(); - // We need to listen to the high-frequency, peak-detected path. - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); - - // To control where we are in the protocol - int cmdsRecvd = 0; - uint32_t time_0 = GetCountSspClk(); - uint32_t t2r_time =0; - uint32_t r2t_time =0; - - LED_A_ON(); bool buttonPressed = false; - uint8_t response_delay = 1; - while(!exitLoop) { - response_delay = 1; - LED_B_OFF(); - //Signal tracer - // Can be used to get a trigger for an oscilloscope.. - LED_C_OFF(); + enum { IDLE, ACTIVATED, SELECTED, HALTED } chip_state = IDLE; - if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) { + while (!exitLoop) { + WDT_HIT(); + + uint32_t reader_eof_time = 0; + len = GetIso15693CommandFromReader(receivedCmd, MAX_FRAME_SIZE, &reader_eof_time); + if (len < 0) { buttonPressed = true; break; } - r2t_time = GetCountSspClk(); - //Signal tracer - LED_C_ON(); - // Okay, look at the command now. - if(receivedCmd[0] == ICLASS_CMD_ACTALL ) { - // Reader in anticollission phase - modulated_response = resp_sof; modulated_response_size = resp_sof_Len; //order = 1; - trace_data = sof_data; - trace_data_size = sizeof(sof_data); - } else if(receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 1) { - // Reader asks for anticollission CSN - modulated_response = resp_anticoll; modulated_response_size = resp_anticoll_len; //order = 2; - trace_data = anticoll_data; - trace_data_size = sizeof(anticoll_data); - //DbpString("Reader requests anticollission CSN:"); - } else if(receivedCmd[0] == ICLASS_CMD_SELECT) { - // Reader selects anticollission CSN. + // Now look at the reader command and provide appropriate responses + // default is no response: + modulated_response = NULL; + modulated_response_size = 0; + trace_data = NULL; + trace_data_size = 0; + + if (receivedCmd[0] == ICLASS_CMD_ACTALL && len == 1) { + // Reader in anticollision phase + if (chip_state != HALTED) { + modulated_response = resp_sof; + modulated_response_size = resp_sof_Len; + chip_state = ACTIVATED; + } + + } else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 1) { // identify + // Reader asks for anticollision CSN + if (chip_state == SELECTED || chip_state == ACTIVATED) { + modulated_response = resp_anticoll; + modulated_response_size = resp_anticoll_len; + trace_data = anticoll_data; + trace_data_size = sizeof(anticoll_data); + } + + } else if (receivedCmd[0] == ICLASS_CMD_SELECT && len == 9) { + // Reader selects anticollision CSN. // Tag sends the corresponding real CSN - modulated_response = resp_csn; modulated_response_size = resp_csn_len; //order = 3; - trace_data = csn_data; - trace_data_size = sizeof(csn_data); - //DbpString("Reader selects anticollission CSN:"); - } else if(receivedCmd[0] == ICLASS_CMD_READCHECK_KD) { - // Read e-purse (88 02) - modulated_response = resp_cc; modulated_response_size = resp_cc_len; //order = 4; - trace_data = card_challenge_data; - trace_data_size = sizeof(card_challenge_data); - LED_B_ON(); - } else if(receivedCmd[0] == ICLASS_CMD_CHECK) { - // Reader random and reader MAC!!! - if(simulationMode == MODE_FULLSIM) - { - //NR, from reader, is in receivedCmd +1 - opt_doTagMAC_2(cipher_state,receivedCmd+1,data_generic_trace,diversified_key); - - trace_data = data_generic_trace; - trace_data_size = 4; - CodeIClassTagAnswer(trace_data , trace_data_size); - memcpy(data_response, ToSend, ToSendMax); - modulated_response = data_response; - modulated_response_size = ToSendMax; - response_delay = 0;//We need to hurry here... - //exitLoop = true; - }else - { //Not fullsim, we don't respond - // We do not know what to answer, so lets keep quiet - modulated_response = resp_sof; modulated_response_size = 0; - trace_data = NULL; - trace_data_size = 0; - if (simulationMode == MODE_EXIT_AFTER_MAC){ - // dbprintf:ing ... - Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x" - ,csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]); - Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len, - receivedCmd[0], receivedCmd[1], receivedCmd[2], - receivedCmd[3], receivedCmd[4], receivedCmd[5], - receivedCmd[6], receivedCmd[7], receivedCmd[8]); - if (reader_mac_buf != NULL) - { - memcpy(reader_mac_buf,receivedCmd+1,8); - } - exitLoop = true; + if (chip_state == ACTIVATED || chip_state == SELECTED) { + if (!memcmp(receivedCmd+1, anticoll_data, 8)) { + modulated_response = resp_csn; + modulated_response_size = resp_csn_len; + trace_data = csn_data; + trace_data_size = sizeof(csn_data); + chip_state = SELECTED; + } else { + chip_state = IDLE; + } + } else if (chip_state == HALTED) { + // RESELECT with CSN + if (!memcmp(receivedCmd+1, csn_data, 8)) { + modulated_response = resp_csn; + modulated_response_size = resp_csn_len; + trace_data = csn_data; + trace_data_size = sizeof(csn_data); + chip_state = SELECTED; } } - } else if(receivedCmd[0] == ICLASS_CMD_HALT && len == 1) { - // Reader ends the session - modulated_response = resp_sof; modulated_response_size = 0; //order = 0; - trace_data = NULL; - trace_data_size = 0; - } else if(simulationMode == MODE_FULLSIM && receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 4){ - //Read block - uint16_t blk = receivedCmd[1]; - //Take the data... - memcpy(data_generic_trace, emulator+(blk << 3),8); - //Add crc - AppendCrc(data_generic_trace, 8); - trace_data = data_generic_trace; - trace_data_size = 10; - CodeIClassTagAnswer(trace_data , trace_data_size); - memcpy(data_response, ToSend, ToSendMax); - modulated_response = data_response; - modulated_response_size = ToSendMax; - }else if(receivedCmd[0] == ICLASS_CMD_UPDATE && simulationMode == MODE_FULLSIM) - {//Probably the reader wants to update the nonce. Let's just ignore that for now. - // OBS! If this is implemented, don't forget to regenerate the cipher_state - //We're expected to respond with the data+crc, exactly what's already in the receivedcmd - //receivedcmd is now UPDATE 1b | ADDRESS 1b| DATA 8b| Signature 4b or CRC 2b| + } else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 4) { // read block + uint16_t blockNo = receivedCmd[1]; + if (chip_state == SELECTED) { + if (simulationMode == ICLASS_SIM_MODE_EXIT_AFTER_MAC) { + // provide defaults for blocks 0 ... 5 + switch (blockNo) { + case 0: // csn (block 00) + modulated_response = resp_csn; + modulated_response_size = resp_csn_len; + trace_data = csn_data; + trace_data_size = sizeof(csn_data); + break; + case 1: // configuration (block 01) + modulated_response = resp_conf; + modulated_response_size = resp_conf_len; + trace_data = conf_block; + trace_data_size = sizeof(conf_block); + break; + case 2: // e-purse (block 02) + modulated_response = resp_cc; + modulated_response_size = resp_cc_len; + trace_data = card_challenge_data; + trace_data_size = sizeof(card_challenge_data); + // set epurse of sim2,4 attack + if (reader_mac_buf != NULL) { + memcpy(reader_mac_buf, card_challenge_data, 8); + } + break; + case 3: + case 4: // Kd, Kc, always respond with 0xff bytes + modulated_response = resp_ff; + modulated_response_size = resp_ff_len; + trace_data = ff_data; + trace_data_size = sizeof(ff_data); + break; + case 5: // Application Issuer Area (block 05) + modulated_response = resp_aia; + modulated_response_size = resp_aia_len; + trace_data = aia_data; + trace_data_size = sizeof(aia_data); + break; + // default: don't respond + } + } else if (simulationMode == ICLASS_SIM_MODE_FULL) { + if (blockNo == 3 || blockNo == 4) { // Kd, Kc, always respond with 0xff bytes + modulated_response = resp_ff; + modulated_response_size = resp_ff_len; + trace_data = ff_data; + trace_data_size = sizeof(ff_data); + } else { // use data from emulator memory + memcpy(data_generic_trace, emulator + current_page*page_size + 8*blockNo, 8); + AppendCrc(data_generic_trace, 8); + trace_data = data_generic_trace; + trace_data_size = 10; + CodeIso15693AsTag(trace_data, trace_data_size); + memcpy(data_response, ToSend, ToSendMax); + modulated_response = data_response; + modulated_response_size = ToSendMax; + } + } + } - //Take the data... - memcpy(data_generic_trace, receivedCmd+2,8); - //Add crc - AppendCrc(data_generic_trace, 8); - trace_data = data_generic_trace; - trace_data_size = 10; - CodeIClassTagAnswer(trace_data , trace_data_size); - memcpy(data_response, ToSend, ToSendMax); - modulated_response = data_response; - modulated_response_size = ToSendMax; - } - else if(receivedCmd[0] == ICLASS_CMD_PAGESEL) - {//Pagesel - //Pagesel enables to select a page in the selected chip memory and return its configuration block - //Chips with a single page will not answer to this command - // It appears we're fine ignoring this. - //Otherwise, we should answer 8bytes (block) + 2bytes CRC - } - else { - //#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44 - // Never seen this command before - Dbprintf("Unknown command received from reader (len=%d): %x %x %x %x %x %x %x %x %x", - len, - receivedCmd[0], receivedCmd[1], receivedCmd[2], - receivedCmd[3], receivedCmd[4], receivedCmd[5], - receivedCmd[6], receivedCmd[7], receivedCmd[8]); + } else if ((receivedCmd[0] == ICLASS_CMD_READCHECK_KD + || receivedCmd[0] == ICLASS_CMD_READCHECK_KC) && receivedCmd[1] == 0x02 && len == 2) { + // Read e-purse (88 02 || 18 02) + if (chip_state == SELECTED) { + if(receivedCmd[0] == ICLASS_CMD_READCHECK_KD){ + cipher_state = &cipher_state_KD[current_page]; + diversified_key = diversified_key_d; + } else { + cipher_state = &cipher_state_KC[current_page]; + diversified_key = diversified_key_c; + } + modulated_response = resp_cc; + modulated_response_size = resp_cc_len; + trace_data = card_challenge_data; + trace_data_size = sizeof(card_challenge_data); + } + + } else if ((receivedCmd[0] == ICLASS_CMD_CHECK_KC + || receivedCmd[0] == ICLASS_CMD_CHECK_KD) && len == 9) { + // Reader random and reader MAC!!! + if (chip_state == SELECTED) { + if (simulationMode == ICLASS_SIM_MODE_FULL) { + //NR, from reader, is in receivedCmd+1 + opt_doTagMAC_2(*cipher_state, receivedCmd+1, data_generic_trace, diversified_key); + trace_data = data_generic_trace; + trace_data_size = 4; + CodeIso15693AsTag(trace_data, trace_data_size); + memcpy(data_response, ToSend, ToSendMax); + modulated_response = data_response; + modulated_response_size = ToSendMax; + //exitLoop = true; + } else { // Not fullsim, we don't respond + // We do not know what to answer, so lets keep quiet + if (simulationMode == ICLASS_SIM_MODE_EXIT_AFTER_MAC) { + if (reader_mac_buf != NULL) { + // save NR and MAC for sim 2,4 + memcpy(reader_mac_buf + 8, receivedCmd + 1, 8); + } + exitLoop = true; + } + } + } + + } else if (receivedCmd[0] == ICLASS_CMD_HALT && len == 1) { + if (chip_state == SELECTED) { + // Reader ends the session + modulated_response = resp_sof; + modulated_response_size = resp_sof_Len; + chip_state = HALTED; + } + + } else if (simulationMode == ICLASS_SIM_MODE_FULL && receivedCmd[0] == ICLASS_CMD_READ4 && len == 4) { // 0x06 + //Read 4 blocks + if (chip_state == SELECTED) { + uint8_t blockNo = receivedCmd[1]; + memcpy(data_generic_trace, emulator + current_page*page_size + blockNo*8, 8 * 4); + AppendCrc(data_generic_trace, 8 * 4); + trace_data = data_generic_trace; + trace_data_size = 8 * 4 + 2; + CodeIso15693AsTag(trace_data, trace_data_size); + memcpy(data_response, ToSend, ToSendMax); + modulated_response = data_response; + modulated_response_size = ToSendMax; + } + + } else if (receivedCmd[0] == ICLASS_CMD_UPDATE && (len == 12 || len == 14)) { + // We're expected to respond with the data+crc, exactly what's already in the receivedCmd + // receivedCmd is now UPDATE 1b | ADDRESS 1b | DATA 8b | Signature 4b or CRC 2b + if (chip_state == SELECTED) { + uint8_t blockNo = receivedCmd[1]; + if (blockNo == 2) { // update e-purse + memcpy(card_challenge_data, receivedCmd+2, 8); + CodeIso15693AsTag(card_challenge_data, sizeof(card_challenge_data)); + memcpy(resp_cc, ToSend, ToSendMax); + resp_cc_len = ToSendMax; + cipher_state_KD[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_d); + cipher_state_KC[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_c); + if (simulationMode == ICLASS_SIM_MODE_FULL) { + memcpy(emulator + current_page*page_size + 8*2, card_challenge_data, 8); + } + } else if (blockNo == 3) { // update Kd + for (int i = 0; i < 8; i++) { + if (personalization_mode) { + diversified_key_d[i] = receivedCmd[2 + i]; + } else { + diversified_key_d[i] ^= receivedCmd[2 + i]; + } + } + cipher_state_KD[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_d); + if (simulationMode == ICLASS_SIM_MODE_FULL) { + memcpy(emulator + current_page*page_size + 8*3, diversified_key_d, 8); + } + } else if (blockNo == 4) { // update Kc + for (int i = 0; i < 8; i++) { + if (personalization_mode) { + diversified_key_c[i] = receivedCmd[2 + i]; + } else { + diversified_key_c[i] ^= receivedCmd[2 + i]; + } + } + cipher_state_KC[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_c); + if (simulationMode == ICLASS_SIM_MODE_FULL) { + memcpy(emulator + current_page*page_size + 8*4, diversified_key_c, 8); + } + } else if (simulationMode == ICLASS_SIM_MODE_FULL) { // update any other data block + memcpy(emulator + current_page*page_size + 8*blockNo, receivedCmd+2, 8); + } + memcpy(data_generic_trace, receivedCmd + 2, 8); + AppendCrc(data_generic_trace, 8); + trace_data = data_generic_trace; + trace_data_size = 10; + CodeIso15693AsTag(trace_data, trace_data_size); + memcpy(data_response, ToSend, ToSendMax); + modulated_response = data_response; + modulated_response_size = ToSendMax; + } + + } else if (receivedCmd[0] == ICLASS_CMD_PAGESEL && len == 4) { + // Pagesel + // Chips with a single page will not answer to this command + // Otherwise, we should answer 8bytes (conf block 1) + 2bytes CRC + if (chip_state == SELECTED) { + if (simulationMode == ICLASS_SIM_MODE_FULL && max_page > 0) { + current_page = receivedCmd[1]; + memcpy(data_generic_trace, emulator + current_page*page_size + 8*1, 8); + memcpy(diversified_key_d, emulator + current_page*page_size + 8*3, 8); + memcpy(diversified_key_c, emulator + current_page*page_size + 8*4, 8); + cipher_state = &cipher_state_KD[current_page]; + personalization_mode = data_generic_trace[7] & 0x80; + AppendCrc(data_generic_trace, 8); + trace_data = data_generic_trace; + trace_data_size = 10; + CodeIso15693AsTag(trace_data, trace_data_size); + memcpy(data_response, ToSend, ToSendMax); + modulated_response = data_response; + modulated_response_size = ToSendMax; + } + } + + } else if (receivedCmd[0] == 0x26 && len == 5) { + // standard ISO15693 INVENTORY command. Ignore. + + } else { + // don't know how to handle this command + char debug_message[250]; // should be enough + sprintf(debug_message, "Unhandled command (len = %d) received from reader:", len); + for (int i = 0; i < len && strlen(debug_message) < sizeof(debug_message) - 3 - 1; i++) { + sprintf(debug_message + strlen(debug_message), " %02x", receivedCmd[i]); + } + Dbprintf("%s", debug_message); // Do not respond - modulated_response = resp_sof; modulated_response_size = 0; //order = 0; - trace_data = NULL; - trace_data_size = 0; } - if(cmdsRecvd > 100) { - //DbpString("100 commands later..."); - //break; - } - else { - cmdsRecvd++; - } /** - A legit tag has about 380us delay between reader EOT and tag SOF. + A legit tag has about 273,4us delay between reader EOT and tag SOF. **/ - if(modulated_response_size > 0) { - SendIClassAnswer(modulated_response, modulated_response_size, response_delay); - t2r_time = GetCountSspClk(); + if (modulated_response_size > 0) { + uint32_t response_time = reader_eof_time + DELAY_ICLASS_VCD_TO_VICC_SIM; + TransmitTo15693Reader(modulated_response, modulated_response_size, &response_time, 0, false); + LogTrace_ISO15693(trace_data, trace_data_size, response_time*32, response_time*32 + modulated_response_size*32*64, NULL, false); } - if (tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - GetParity(receivedCmd, len, parity); - LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, true); - - if (trace_data != NULL) { - GetParity(trace_data, trace_data_size, parity); - LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, false); - } - if(!tracing) { - DbpString("Trace full"); - //break; - } - - } } - //Dbprintf("%x", cmdsRecvd); - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - - if(buttonPressed) + if (buttonPressed) { DbpString("Button pressed"); } return buttonPressed; } -static int SendIClassAnswer(uint8_t *resp, int respLen, int delay) -{ - int i = 0, d=0;//, u = 0, d = 0; - uint8_t b = 0; +/** + * @brief SimulateIClass simulates an iClass card. + * @param arg0 type of simulation + * - 0 uses the first 8 bytes in usb data as CSN + * - 2 "dismantling iclass"-attack. This mode iterates through all CSN's specified + * in the usb data. This mode collects MAC from the reader, in order to do an offline + * attack on the keys. For more info, see "dismantling iclass" and proxclone.com. + * - Other : Uses the default CSN (031fec8af7ff12e0) + * @param arg1 - number of CSN's contained in datain (applicable for mode 2 only) + * @param arg2 + * @param datain + */ +void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) { - //FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K_8BIT); + LED_A_ON(); - AT91C_BASE_SSC->SSC_THR = 0x00; - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR); - while(!BUTTON_PRESS()) { - if((AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)){ - b = AT91C_BASE_SSC->SSC_RHR; (void) b; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)){ - b = 0x00; - if(d < delay) { - d++; + Iso15693InitTag(); + + uint32_t simType = arg0; + uint32_t numberOfCSNS = arg1; + + // Enable and clear the trace + set_tracing(true); + clear_trace(); + //Use the emulator memory for SIM + uint8_t *emulator = BigBuf_get_EM_addr(); + + if (simType == ICLASS_SIM_MODE_CSN) { + // Use the CSN from commandline + memcpy(emulator, datain, 8); + doIClassSimulation(ICLASS_SIM_MODE_CSN, NULL); + } else if (simType == ICLASS_SIM_MODE_CSN_DEFAULT) { + //Default CSN + uint8_t csn[] = {0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0}; + memcpy(emulator, csn, 8); + doIClassSimulation(ICLASS_SIM_MODE_CSN, NULL); + } else if (simType == ICLASS_SIM_MODE_READER_ATTACK) { + uint8_t mac_responses[USB_CMD_DATA_SIZE] = { 0 }; + Dbprintf("Going into attack mode, %d CSNS sent", numberOfCSNS); + // In this mode, a number of csns are within datain. We'll simulate each one, one at a time + // in order to collect MAC's from the reader. This can later be used in an offline-attack + // in order to obtain the keys, as in the "dismantling iclass"-paper. + int i; + for (i = 0; i < numberOfCSNS && i*16+16 <= USB_CMD_DATA_SIZE; i++) { + // The usb data is 512 bytes, fitting 32 responses (8 byte CC + 4 Byte NR + 4 Byte MAC = 16 Byte response). + memcpy(emulator, datain+(i*8), 8); + if (doIClassSimulation(ICLASS_SIM_MODE_EXIT_AFTER_MAC, mac_responses+i*16)) { + // Button pressed + break; } - else { - if( i < respLen){ - b = resp[i]; - //Hack - //b = 0xAC; - } - i++; - } - AT91C_BASE_SSC->SSC_THR = b; + Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x", + datain[i*8+0], datain[i*8+1], datain[i*8+2], datain[i*8+3], + datain[i*8+4], datain[i*8+5], datain[i*8+6], datain[i*8+7]); + Dbprintf("NR,MAC: %02x %02x %02x %02x %02x %02x %02x %02x", + mac_responses[i*16+ 8], mac_responses[i*16+ 9], mac_responses[i*16+10], mac_responses[i*16+11], + mac_responses[i*16+12], mac_responses[i*16+13], mac_responses[i*16+14], mac_responses[i*16+15]); + SpinDelay(100); // give the reader some time to prepare for next CSN } - -// if (i > respLen +4) break; - if (i > respLen +1) break; + cmd_send(CMD_ACK, CMD_SIMULATE_TAG_ICLASS, i, 0, mac_responses, i*16); + } else if (simType == ICLASS_SIM_MODE_FULL) { + //This is 'full sim' mode, where we use the emulator storage for data. + doIClassSimulation(ICLASS_SIM_MODE_FULL, NULL); + } else { + // We may want a mode here where we hardcode the csns to use (from proxclone). + // That will speed things up a little, but not required just yet. + Dbprintf("The mode is not implemented, reserved for future use"); } - return 0; + Dbprintf("Done..."); + + LED_A_OFF(); } + /// THE READER CODE -//----------------------------------------------------------------------------- -// Transmit the command (to the tag) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int *wait) -{ - int c; - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - AT91C_BASE_SSC->SSC_THR = 0x00; - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); +static void ReaderTransmitIClass(uint8_t *frame, int len, uint32_t *start_time) { - if (wait) - { - if(*wait < 10) *wait = 10; - - for(c = 0; c < *wait;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! - c++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - - } - - - uint8_t sendbyte; - bool firstpart = true; - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - - // DOUBLE THE SAMPLES! - if(firstpart) { - sendbyte = (cmd[c] & 0xf0) | (cmd[c] >> 4); - } - else { - sendbyte = (cmd[c] & 0x0f) | (cmd[c] << 4); - c++; - } - if(sendbyte == 0xff) { - sendbyte = 0xfe; - } - AT91C_BASE_SSC->SSC_THR = sendbyte; - firstpart = !firstpart; - - if(c >= len) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - if (samples && wait) *samples = (c + *wait) << 3; + CodeIso15693AsReader(frame, len); + TransmitTo15693Tag(ToSend, ToSendMax, start_time); + uint32_t end_time = *start_time + 32*(8*ToSendMax-4); // substract the 4 padding bits after EOF + LogTrace_ISO15693(frame, len, *start_time*4, end_time*4, NULL, true); } -//----------------------------------------------------------------------------- -// Prepare iClass reader command to send to FPGA -//----------------------------------------------------------------------------- -void CodeIClassCommand(const uint8_t * cmd, int len) -{ - int i, j, k; - uint8_t b; - - ToSendReset(); - - // Start of Communication: 1 out of 4 - ToSend[++ToSendMax] = 0xf0; - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0x0f; - ToSend[++ToSendMax] = 0x00; - - // Modulate the bytes - for (i = 0; i < len; i++) { - b = cmd[i]; - for(j = 0; j < 4; j++) { - for(k = 0; k < 4; k++) { - if(k == (b & 3)) { - ToSend[++ToSendMax] = 0xf0; - } - else { - ToSend[++ToSendMax] = 0x00; - } - } - b >>= 2; - } - } - - // End of Communication - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0xf0; - ToSend[++ToSendMax] = 0x00; - - // Convert from last character reference to length - ToSendMax++; -} - -void ReaderTransmitIClass(uint8_t* frame, int len) -{ - int wait = 0; - int samples = 0; - - // This is tied to other size changes - CodeIClassCommand(frame,len); - - // Select the card - TransmitIClassCommand(ToSend, ToSendMax, &samples, &wait); - if(trigger) - LED_A_ON(); - - // Store reader command in buffer - if (tracing) { - uint8_t par[MAX_PARITY_SIZE]; - GetParity(frame, len, par); - LogTrace(frame, len, rsamples, rsamples, par, true); - } -} - -//----------------------------------------------------------------------------- -// Wait a certain time for tag response -// If a response is captured return true -// If it takes too long return false -//----------------------------------------------------------------------------- -static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed) //uint8_t *buffer -{ - // buffer needs to be 512 bytes - int c; - - // Set FPGA mode to "reader listen mode", no modulation (listen - // only, since we are receiving, not transmitting). - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); - - // Now get the answer from the card - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - uint8_t b; - if (elapsed) *elapsed = 0; - - bool skip = false; - - c = 0; - for(;;) { - WDT_HIT(); - - if(BUTTON_PRESS()) return false; - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! - if (elapsed) (*elapsed)++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - if(c < timeout) { c++; } else { return false; } - b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - skip = !skip; - if(skip) continue; - - if(ManchesterDecoding(b & 0x0f)) { - *samples = c << 3; - return true; - } - } - } -} - -int ReaderReceiveIClass(uint8_t* receivedAnswer) -{ - int samples = 0; - if (!GetIClassAnswer(receivedAnswer,160,&samples,0)) return false; - rsamples += samples; - if (tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - GetParity(receivedAnswer, Demod.len, parity); - LogTrace(receivedAnswer,Demod.len,rsamples,rsamples,parity,false); - } - if(samples == 0) return false; - return Demod.len; -} - -void setupIclassReader() -{ - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - // Reset trace buffer - set_tracing(true); - clear_trace(); - - // Setup SSC - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); - // Start from off (no field generated) - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - SpinDelay(200); - LED_A_ON(); - -} - -bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, uint8_t expected_size, uint8_t retries) -{ - while(retries-- > 0) - { - ReaderTransmitIClass(command, cmdsize); - if(expected_size == ReaderReceiveIClass(resp)){ +static bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, size_t max_resp_size, + uint8_t expected_size, uint8_t tries, uint32_t start_time, uint32_t timeout, uint32_t *eof_time) { + while (tries-- > 0) { + ReaderTransmitIClass(command, cmdsize, &start_time); + if (expected_size == GetIso15693AnswerFromTag(resp, max_resp_size, timeout, eof_time)) { return true; } } return false;//Error } + /** - * @brief Talks to an iclass tag, sends the commands to get CSN and CC. - * @param card_data where the CSN and CC are stored for return - * @return 0 = fail - * 1 = Got CSN - * 2 = Got CSN and CC + * @brief Selects an iclass tag + * @param card_data where the CSN is stored for return + * @return false = fail + * true = success */ -uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) -{ - static uint8_t act_all[] = { 0x0a }; - //static uint8_t identify[] = { 0x0c }; - static uint8_t identify[] = { 0x0c, 0x00, 0x73, 0x33 }; - static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - static uint8_t readcheck_cc[]= { 0x88, 0x02 }; - if (use_credit_key) - readcheck_cc[0] = 0x18; - else - readcheck_cc[0] = 0x88; +static bool selectIclassTag(uint8_t *card_data, uint32_t *eof_time) { + uint8_t act_all[] = { 0x0a }; + uint8_t identify[] = { 0x0c }; + uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t resp[ICLASS_BUFFER_SIZE]; - uint8_t read_status = 0; + uint32_t start_time = GetCountSspClk(); // Send act_all - ReaderTransmitIClass(act_all, 1); + ReaderTransmitIClass(act_all, 1, &start_time); // Card present? - if(!ReaderReceiveIClass(resp)) return read_status;//Fail + if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_ACTALL, eof_time) < 0) return false; //Fail + //Send Identify - ReaderTransmitIClass(identify, 1); + start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + ReaderTransmitIClass(identify, 1, &start_time); //We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC - uint8_t len = ReaderReceiveIClass(resp); - if(len != 10) return read_status;//Fail + uint8_t len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time); + if (len != 10) return false; //Fail //Copy the Anti-collision CSN to our select-packet - memcpy(&select[1],resp,8); + memcpy(&select[1], resp, 8); //Select the card - ReaderTransmitIClass(select, sizeof(select)); + start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + ReaderTransmitIClass(select, sizeof(select), &start_time); //We expect a 10-byte response here, 8 byte CSN and 2 byte CRC - len = ReaderReceiveIClass(resp); - if(len != 10) return read_status;//Fail + len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time); + if (len != 10) return false; //Fail - //Success - level 1, we got CSN + //Success - we got CSN //Save CSN in response data - memcpy(card_data,resp,8); + memcpy(card_data, resp, 8); - //Flag that we got to at least stage 1, read CSN - read_status = 1; + return true; +} - // Card selected, now read e-purse (cc) (only 8 bytes no CRC) - ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); - if(ReaderReceiveIClass(resp) == 8) { - //Save CC (e-purse) in response data - memcpy(card_data+8,resp,8); - read_status++; + +// Select an iClass tag and read all blocks which are always readable without authentication +void ReaderIClass(uint8_t flags) { + + LED_A_ON(); + + uint8_t card_data[6 * 8] = {0}; + memset(card_data, 0xFF, sizeof(card_data)); + uint8_t resp[ICLASS_BUFFER_SIZE]; + //Read conf block CRC(0x01) => 0xfa 0x22 + uint8_t readConf[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x01, 0xfa, 0x22}; + //Read e-purse block CRC(0x02) => 0x61 0x10 + uint8_t readEpurse[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x02, 0x61, 0x10}; + //Read App Issuer Area block CRC(0x05) => 0xde 0x64 + uint8_t readAA[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64}; + + uint8_t result_status = 0; + + if (flags & FLAG_ICLASS_READER_INIT) { + Iso15693InitReader(); } - return read_status; -} -uint8_t handshakeIclassTag(uint8_t *card_data) { - return handshakeIclassTag_ext(card_data, false); -} + if (flags & FLAG_ICLASS_READER_CLEARTRACE) { + set_tracing(true); + clear_trace(); + StartCountSspClk(); + } + uint32_t start_time = 0; + uint32_t eof_time = 0; -// Reader iClass Anticollission -void ReaderIClass(uint8_t arg0) { + if (selectIclassTag(resp, &eof_time)) { + result_status = FLAG_ICLASS_READER_CSN; + memcpy(card_data, resp, 8); - uint8_t card_data[6 * 8]={0}; - memset(card_data, 0xFF, sizeof(card_data)); - uint8_t last_csn[8]={0,0,0,0,0,0,0,0}; - uint8_t resp[ICLASS_BUFFER_SIZE]; - memset(resp, 0xFF, sizeof(resp)); - //Read conf block CRC(0x01) => 0xfa 0x22 - uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22}; - //Read App Issuer Area block CRC(0x05) => 0xde 0x64 - uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64}; + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; - int read_status= 0; - uint8_t result_status = 0; - // flag to read until one tag is found successfully - bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; - // flag to only try 5 times to find one tag then return - bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY; - // if neither abort_after_read nor try_once then continue reading until button pressed. - - bool use_credit_key = arg0 & FLAG_ICLASS_READER_CEDITKEY; - // test flags for what blocks to be sure to read - uint8_t flagReadConfig = arg0 & FLAG_ICLASS_READER_CONF; - uint8_t flagReadCC = arg0 & FLAG_ICLASS_READER_CC; - uint8_t flagReadAA = arg0 & FLAG_ICLASS_READER_AA; - - set_tracing(true); - setupIclassReader(); - - uint16_t tryCnt=0; - bool userCancelled = BUTTON_PRESS() || usb_poll_validate_length(); - while(!userCancelled) - { - // if only looking for one card try 2 times if we missed it the first time - if (try_once && tryCnt > 2) break; - tryCnt++; - if(!tracing) { - DbpString("Trace full"); - break; - } - WDT_HIT(); - - read_status = handshakeIclassTag_ext(card_data, use_credit_key); - - if(read_status == 0) continue; - if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN; - if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC; - - // handshakeIclass returns CSN|CC, but the actual block - // layout is CSN|CONFIG|CC, so here we reorder the data, - // moving CC forward 8 bytes - memcpy(card_data+16,card_data+8, 8); //Read block 1, config - if(flagReadConfig) { - if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, 10, 10)) - { + if (flags & FLAG_ICLASS_READER_CONF) { + if (sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) { result_status |= FLAG_ICLASS_READER_CONF; memcpy(card_data+8, resp, 8); } else { - Dbprintf("Failed to dump config block"); + Dbprintf("Failed to read config block"); } + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + } + + //Read block 2, e-purse + if (flags & FLAG_ICLASS_READER_CC) { + if (sendCmdGetResponseWithRetries(readEpurse, sizeof(readEpurse), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) { + result_status |= FLAG_ICLASS_READER_CC; + memcpy(card_data + (8*2), resp, 8); + } else { + Dbprintf("Failed to read e-purse"); + } + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; } //Read block 5, AA - if(flagReadAA) { - if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, 10, 10)) - { + if (flags & FLAG_ICLASS_READER_AA) { + if (sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) { result_status |= FLAG_ICLASS_READER_AA; - memcpy(card_data+(8*5), resp, 8); + memcpy(card_data + (8*5), resp, 8); } else { - //Dbprintf("Failed to dump AA block"); + Dbprintf("Failed to read AA block"); } } - - // 0 : CSN - // 1 : Configuration - // 2 : e-purse - // (3,4 write-only, kc and kd) - // 5 Application issuer area - // - //Then we can 'ship' back the 8 * 6 bytes of data, - // with 0xFF:s in block 3 and 4. - - LED_B_ON(); - //Send back to client, but don't bother if we already sent this - - // only useful if looping in arm (not try_once && not abort_after_read) - if(memcmp(last_csn, card_data, 8) != 0) - { - // If caller requires that we get Conf, CC, AA, continue until we got it - if( (result_status ^ FLAG_ICLASS_READER_CSN ^ flagReadConfig ^ flagReadCC ^ flagReadAA) == 0) { - cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data)); - if(abort_after_read) { - LED_A_OFF(); - LED_B_OFF(); - return; - } - //Save that we already sent this.... - memcpy(last_csn, card_data, 8); - } - - } - LED_B_OFF(); - userCancelled = BUTTON_PRESS() || usb_poll_validate_length(); } - if (userCancelled) { - cmd_send(CMD_ACK,0xFF,0,0,card_data, 0); - } else { - cmd_send(CMD_ACK,0,0,0,card_data, 0); - } - LED_A_OFF(); -} - -void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { - - uint8_t card_data[USB_CMD_DATA_SIZE]={0}; - uint16_t block_crc_LUT[255] = {0}; - - {//Generate a lookup table for block crc - for(int block = 0; block < 255; block++){ - char bl = block; - block_crc_LUT[block] = iclass_crc16(&bl ,1); - } - } - //Dbprintf("Lookup table: %02x %02x %02x" ,block_crc_LUT[0],block_crc_LUT[1],block_crc_LUT[2]); - - uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 }; - uint16_t crc = 0; - uint8_t cardsize=0; - uint8_t mem=0; - - static struct memory_t{ - int k16; - int book; - int k2; - int lockauth; - int keyaccess; - } memory; - - uint8_t resp[ICLASS_BUFFER_SIZE]; - - setupIclassReader(); - set_tracing(true); - - while(!BUTTON_PRESS()) { - - WDT_HIT(); - - if(!tracing) { - DbpString("Trace full"); - break; - } - - uint8_t read_status = handshakeIclassTag(card_data); - if(read_status < 2) continue; - - //for now replay captured auth (as cc not updated) - memcpy(check+5,MAC,4); - - if(!sendCmdGetResponseWithRetries(check, sizeof(check),resp, 4, 5)) - { - Dbprintf("Error: Authentication Fail!"); - continue; - } - - //first get configuration block (block 1) - crc = block_crc_LUT[1]; - read[1]=1; - read[2] = crc >> 8; - read[3] = crc & 0xff; - - if(!sendCmdGetResponseWithRetries(read, sizeof(read),resp, 10, 10)) - { - Dbprintf("Dump config (block 1) failed"); - continue; - } - - mem=resp[5]; - memory.k16= (mem & 0x80); - memory.book= (mem & 0x20); - memory.k2= (mem & 0x8); - memory.lockauth= (mem & 0x2); - memory.keyaccess= (mem & 0x1); - - cardsize = memory.k16 ? 255 : 32; - WDT_HIT(); - //Set card_data to all zeroes, we'll fill it with data - memset(card_data,0x0,USB_CMD_DATA_SIZE); - uint8_t failedRead =0; - uint32_t stored_data_length =0; - //then loop around remaining blocks - for(int block=0; block < cardsize; block++){ - - read[1]= block; - crc = block_crc_LUT[block]; - read[2] = crc >> 8; - read[3] = crc & 0xff; - - if(sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 10)) - { - Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x", - block, resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - - //Fill up the buffer - memcpy(card_data+stored_data_length,resp,8); - stored_data_length += 8; - if(stored_data_length +8 > USB_CMD_DATA_SIZE) - {//Time to send this off and start afresh - cmd_send(CMD_ACK, - stored_data_length,//data length - failedRead,//Failed blocks? - 0,//Not used ATM - card_data, stored_data_length); - //reset - stored_data_length = 0; - failedRead = 0; - } - - }else{ - failedRead = 1; - stored_data_length +=8;//Otherwise, data becomes misaligned - Dbprintf("Failed to dump block %d", block); - } - } - - //Send off any remaining data - if(stored_data_length > 0) - { - cmd_send(CMD_ACK, - stored_data_length,//data length - failedRead,//Failed blocks? - 0,//Not used ATM - card_data, stored_data_length); - } - //If we got here, let's break - break; - } - //Signal end of transmission - cmd_send(CMD_ACK, - 0,//data length - 0,//Failed blocks? - 0,//Not used ATM - card_data, 0); + cmd_send(CMD_ACK, result_status, 0, 0, card_data, sizeof(card_data)); LED_A_OFF(); } -void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType) { - uint8_t readcheck[] = { keyType, blockNo }; - uint8_t resp[] = {0,0,0,0,0,0,0,0}; - size_t isOK = 0; - isOK = sendCmdGetResponseWithRetries(readcheck, sizeof(readcheck), resp, sizeof(resp), 6); - cmd_send(CMD_ACK,isOK,0,0,0,0); + +void iClass_Check(uint8_t *NRMAC) { + uint8_t check[9] = {ICLASS_CMD_CHECK_KD, 0x00}; + uint8_t resp[4]; + memcpy(check+1, NRMAC, 8); + uint32_t eof_time; + bool isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, sizeof(resp), 4, 3, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time); + cmd_send(CMD_ACK, isOK, 0, 0, resp, sizeof(resp)); } -void iClass_Authentication(uint8_t *MAC) { - uint8_t check[] = { ICLASS_CMD_CHECK, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t resp[ICLASS_BUFFER_SIZE]; - memcpy(check+5,MAC,4); - bool isOK; - isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6); - cmd_send(CMD_ACK,isOK,0,0,0,0); + +void iClass_Readcheck(uint8_t block, bool use_credit_key) { + uint8_t readcheck[2] = {ICLASS_CMD_READCHECK_KD, block}; + if (use_credit_key) { + readcheck[0] = ICLASS_CMD_READCHECK_KC; + } + uint8_t resp[8]; + uint32_t eof_time; + bool isOK = sendCmdGetResponseWithRetries(readcheck, sizeof(readcheck), resp, sizeof(resp), 8, 3, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time); + cmd_send(CMD_ACK, isOK, 0, 0, resp, sizeof(resp)); } -bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata) { + + +static bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata) { uint8_t readcmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00}; //0x88, 0x00 // can i use 0C? - char bl = blockNo; + uint8_t bl = blockNo; uint16_t rdCrc = iclass_crc16(&bl, 1); readcmd[2] = rdCrc >> 8; readcmd[3] = rdCrc & 0xff; - uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0}; - bool isOK = false; + uint8_t resp[10]; + uint32_t eof_time; - //readcmd[1] = blockNo; - isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, 10, 10); + bool isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, sizeof(resp), 10, 10, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time); memcpy(readdata, resp, sizeof(resp)); return isOK; } + void iClass_ReadBlk(uint8_t blockno) { - uint8_t readblockdata[] = {0,0,0,0,0,0,0,0,0,0}; - bool isOK = false; - isOK = iClass_ReadBlock(blockno, readblockdata); - cmd_send(CMD_ACK, isOK, 0, 0, readblockdata, 8); -} -void iClass_Dump(uint8_t blockno, uint8_t numblks) { - uint8_t readblockdata[] = {0,0,0,0,0,0,0,0,0,0}; - bool isOK = false; - uint8_t blkCnt = 0; + LED_A_ON(); - BigBuf_free(); - uint8_t *dataout = BigBuf_malloc(255*8); - if (dataout == NULL){ - Dbprintf("out of memory"); - OnError(1); - return; - } - memset(dataout,0xFF,255*8); - - for (;blkCnt < numblks; blkCnt++) { - isOK = iClass_ReadBlock(blockno+blkCnt, readblockdata); - if (!isOK || (readblockdata[0] == 0xBB || readblockdata[7] == 0xBB || readblockdata[2] == 0xBB)) { //try again - isOK = iClass_ReadBlock(blockno+blkCnt, readblockdata); - if (!isOK) { - Dbprintf("Block %02X failed to read", blkCnt+blockno); - break; - } - } - memcpy(dataout+(blkCnt*8),readblockdata,8); - } - //return pointer to dump memory in arg3 - cmd_send(CMD_ACK,isOK,blkCnt,BigBuf_max_traceLen(),0,0); + uint8_t readblockdata[10]; + bool isOK = iClass_ReadBlock(blockno, readblockdata); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - BigBuf_free(); + LED_D_OFF(); + cmd_send(CMD_ACK, isOK, 0, 0, readblockdata, 8); + + LED_A_OFF(); } -bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) { - uint8_t write[] = { ICLASS_CMD_UPDATE, blockNo, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - //uint8_t readblockdata[10]; - //write[1] = blockNo; - memcpy(write+2, data, 12); // data + mac - char *wrCmd = (char *)(write+1); - uint16_t wrCrc = iclass_crc16(wrCmd, 13); - write[14] = wrCrc >> 8; - write[15] = wrCrc & 0xff; - uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0}; - bool isOK = false; - isOK = sendCmdGetResponseWithRetries(write,sizeof(write),resp,sizeof(resp),10); - if (isOK) { //if reader responded correctly - //Dbprintf("WriteResp: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",resp[0],resp[1],resp[2],resp[3],resp[4],resp[5],resp[6],resp[7],resp[8],resp[9]); - if (memcmp(write+2,resp,8)) { //if response is not equal to write values - if (blockNo != 3 && blockNo != 4) { //if not programming key areas (note key blocks don't get programmed with actual key data it is xor data) - //error try again - isOK = sendCmdGetResponseWithRetries(write,sizeof(write),resp,sizeof(resp),10); - } - +void iClass_Dump(uint8_t startblock, uint8_t numblks) { + + LED_A_ON(); + + uint8_t readblockdata[USB_CMD_DATA_SIZE+2] = {0}; + bool isOK = false; + uint16_t blkCnt = 0; + + if (numblks > USB_CMD_DATA_SIZE / 8) { + numblks = USB_CMD_DATA_SIZE / 8; + } + + for (blkCnt = 0; blkCnt < numblks; blkCnt++) { + isOK = iClass_ReadBlock(startblock+blkCnt, readblockdata+8*blkCnt); + if (!isOK) { + Dbprintf("Block %02X failed to read", startblock+blkCnt); + break; } } - return isOK; + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + + cmd_send(CMD_ACK, isOK, blkCnt, 0, readblockdata, blkCnt*8); + + LED_A_OFF(); } + +static bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) { + + uint8_t write[16] = {ICLASS_CMD_UPDATE, blockNo}; + memcpy(write+2, data, 12); // data + mac + AppendCrc(write+1, 13); + uint8_t resp[10]; + bool isOK = false; + uint32_t eof_time = 0; + + isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10, 3, 0, ICLASS_READER_TIMEOUT_UPDATE, &eof_time); + if (!isOK) { + return false; + } + + uint8_t all_ff[8] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + if (blockNo == 2) { + if (memcmp(data+4, resp, 4) || memcmp(data, resp+4, 4)) { // check response. e-purse update swaps first and second half + return false; + } + } else if (blockNo == 3 || blockNo == 4) { + if (memcmp(all_ff, resp, 8)) { // check response. Key updates always return 0xffffffffffffffff + return false; + } + } else { + if (memcmp(data, resp, 8)) { // check response. All other updates return unchanged data + return false; + } + } + + return true; +} + + void iClass_WriteBlock(uint8_t blockNo, uint8_t *data) { + + LED_A_ON(); + bool isOK = iClass_WriteBlock_ext(blockNo, data); - if (isOK){ - Dbprintf("Write block [%02x] successful",blockNo); + if (isOK) { + Dbprintf("Write block [%02x] successful", blockNo); } else { - Dbprintf("Write block [%02x] failed",blockNo); + Dbprintf("Write block [%02x] failed", blockNo); } - cmd_send(CMD_ACK,isOK,0,0,0,0); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + + cmd_send(CMD_ACK, isOK, 0, 0, 0, 0); + LED_A_OFF(); } + void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data) { - int i; + + LED_A_ON(); + int written = 0; - int total_block = (endblock - startblock) + 1; - for (i = 0; i < total_block;i++){ + int total_blocks = (endblock - startblock) + 1; + + for (uint8_t block = startblock; block <= endblock; block++) { // block number - if (iClass_WriteBlock_ext(i+startblock, data+(i*12))){ - Dbprintf("Write block [%02x] successful",i + startblock); + if (iClass_WriteBlock_ext(block, data + (block-startblock)*12)) { + Dbprintf("Write block [%02x] successful", block); written++; } else { - if (iClass_WriteBlock_ext(i+startblock, data+(i*12))){ - Dbprintf("Write block [%02x] successful",i + startblock); - written++; - } else { - Dbprintf("Write block [%02x] failed",i + startblock); - } + Dbprintf("Write block [%02x] failed", block); } } - if (written == total_block) + + if (written == total_blocks) Dbprintf("Clone complete"); else - Dbprintf("Clone incomplete"); + Dbprintf("Clone incomplete"); - cmd_send(CMD_ACK,1,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_D_OFF(); + + cmd_send(CMD_ACK, 1, 0, 0, 0, 0); + LED_A_OFF(); } diff --git a/armsrc/iclass.h b/armsrc/iclass.h new file mode 100644 index 00000000..541e1a2c --- /dev/null +++ b/armsrc/iclass.h @@ -0,0 +1,32 @@ +//----------------------------------------------------------------------------- +// Gerhard de Koning Gans - May 2008 +// Hagen Fritsch - June 2010 +// Gerhard de Koning Gans - May 2011 +// Gerhard de Koning Gans - June 2012 - Added iClass card and reader emulation +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Routines to support iClass. +//----------------------------------------------------------------------------- + +#ifndef ICLASS_H__ +#define ICLASS_H__ + +#include +#include + +extern void SnoopIClass(uint8_t jam_search_len, uint8_t *jam_search_string); +extern void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void ReaderIClass(uint8_t arg0); +extern void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC); +extern void IClass_iso14443A_GetPublic(uint8_t arg0); +extern void iClass_Readcheck(uint8_t block, bool use_credit_key); +extern void iClass_Check(uint8_t *MAC); +extern void iClass_WriteBlock(uint8_t blockNo, uint8_t *data); +extern void iClass_ReadBlk(uint8_t blockNo); +extern void iClass_Dump(uint8_t blockno, uint8_t numblks); +extern void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data); + +#endif diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 059db71e..8686cea7 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -14,10 +14,12 @@ #include #include +#include + #include "proxmark3.h" #include "apps.h" #include "util.h" -#include "cmd.h" +#include "usb_cdc.h" #include "iso14443crc.h" #include "crapto1/crapto1.h" #include "mifareutil.h" @@ -25,6 +27,7 @@ #include "BigBuf.h" #include "protocols.h" #include "parity.h" +#include "fpgaloader.h" typedef struct { enum { @@ -67,7 +70,7 @@ typedef struct { // DROP_FIRST_HALF, } state; uint16_t shiftReg; - int16_t bitCount; + int16_t bitCount; uint16_t len; uint16_t byteCntMax; uint16_t posCnt; @@ -76,7 +79,7 @@ typedef struct { uint8_t parityLen; uint32_t fourBits; uint32_t startTime, endTime; - uint8_t *output; + uint8_t *output; uint8_t *parity; } tUart; @@ -93,8 +96,8 @@ static uint8_t iso14_pcb_blocknum = 0; // // minimum time between the start bits of consecutive transfers from reader to tag: 7000 carrier (13.56Mhz) cycles #define REQUEST_GUARD_TIME (7000/16 + 1) -// minimum time between last modulation of tag and next start bit from reader to tag: 1172 carrier cycles -#define FRAME_DELAY_TIME_PICC_TO_PCD (1172/16 + 1) +// minimum time between last modulation of tag and next start bit from reader to tag: 1172 carrier cycles +#define FRAME_DELAY_TIME_PICC_TO_PCD (1172/16 + 1) // bool LastCommandWasRequest = false; // @@ -106,8 +109,8 @@ static uint8_t iso14_pcb_blocknum = 0; // 8 ticks until bit_to_arm is assigned from curbit // 8*16 ticks for the transfer from FPGA to ARM // 4*16 ticks until we measure the time -// - 8*16 ticks because we measure the time of the previous transfer -#define DELAY_AIR2ARM_AS_READER (3 + 16 + 8 + 8*16 + 4*16 - 8*16) +// - 8*16 ticks because we measure the time of the previous transfer +#define DELAY_AIR2ARM_AS_READER (3 + 16 + 8 + 8*16 + 4*16 - 8*16) // When the PM acts as a reader and is sending, it takes // 4*16 ticks until we can write data to the sending hold register @@ -124,10 +127,10 @@ static uint8_t iso14_pcb_blocknum = 0; // 8 ticks until the SSC samples the first data // 7*16 ticks to complete the transfer from FPGA to ARM // 8 ticks until the next ssp_clk rising edge -// 4*16 ticks until we measure the time -// - 8*16 ticks because we measure the time of the previous transfer +// 4*16 ticks until we measure the time +// - 8*16 ticks because we measure the time of the previous transfer #define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16) - + // The FPGA will report its internal sending delay in uint16_t FpgaSendQueueDelay; // the 5 first bits are the number of bits buffered in mod_sig_buf @@ -149,16 +152,16 @@ uint16_t FpgaSendQueueDelay; // 8 ticks (on average) until the result is stored in to_arm // + the delays in transferring data - which is the same for // sniffing reader and tag data and therefore not relevant -#define DELAY_TAG_AIR2ARM_AS_SNIFFER (3 + 14 + 8) - +#define DELAY_TAG_AIR2ARM_AS_SNIFFER (3 + 14 + 8) + // When the PM acts as sniffer and is receiving reader data, it takes -// 2 ticks delay in analogue RF receiver (for the falling edge of the +// 2 ticks delay in analogue RF receiver (for the falling edge of the // start bit, which marks the start of the communication) // 3 ticks A/D conversion // 8 ticks on average until the data is stored in to_arm. // + the delays in transferring data - which is the same for // sniffing reader and tag data and therefore not relevant -#define DELAY_READER_AIR2ARM_AS_SNIFFER (2 + 3 + 8) +#define DELAY_READER_AIR2ARM_AS_SNIFFER (2 + 3 + 8) //variables used for timing purposes: //these are in ssp_clk cycles: @@ -176,12 +179,12 @@ static uint32_t LastProxToAirDuration; // Sequence X: 00001100 drop after half a period // Sequence Y: 00000000 no drop // Sequence Z: 11000000 drop at start -#define SEC_D 0xf0 -#define SEC_E 0x0f -#define SEC_F 0x00 -#define SEC_X 0x0c -#define SEC_Y 0x00 -#define SEC_Z 0xc0 +#define SEC_D 0xf0 +#define SEC_E 0x0f +#define SEC_F 0x00 +#define SEC_X 0x0c +#define SEC_Y 0x00 +#define SEC_Z 0xc0 void iso14a_set_trigger(bool enable) { trigger = enable; @@ -191,7 +194,7 @@ void iso14a_set_trigger(bool enable) { void iso14a_set_timeout(uint32_t timeout) { // adjust timeout by FPGA delays and 2 additional ssp_frames to detect SOF iso14a_timeout = timeout + (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/(16*8) + 2; - if(MF_DBGLEVEL >= 3) Dbprintf("ISO14443A Timeout set to %ld (%dms)", timeout, timeout / 106); + if (MF_DBGLEVEL >= 3) Dbprintf("ISO14443A Timeout set to %" PRIu32 " (%dms)", timeout, timeout / 106); } @@ -213,8 +216,8 @@ void GetParity(const uint8_t *pbtCmd, uint16_t iLen, uint8_t *par) // Generate the parity bits parityBits |= ((oddparity8(pbtCmd[i])) << (7-paritybit_cnt)); if (paritybit_cnt == 7) { - par[paritybyte_cnt] = parityBits; // save 8 Bits parity - parityBits = 0; // and advance to next Parity Byte + par[paritybyte_cnt] = parityBits; // save 8 Bits parity + parityBits = 0; // and advance to next Parity Byte paritybyte_cnt++; paritybit_cnt = 0; } else { @@ -224,7 +227,7 @@ void GetParity(const uint8_t *pbtCmd, uint16_t iLen, uint8_t *par) // save remaining parity bits par[paritybyte_cnt] = parityBits; - + } void AppendCrc14443a(uint8_t* data, int len) @@ -243,14 +246,14 @@ static void AppendCrc14443b(uint8_t* data, int len) //============================================================================= // Basics: // This decoder is used when the PM3 acts as a tag. -// The reader will generate "pauses" by temporarily switching of the field. -// At the PM3 antenna we will therefore measure a modulated antenna voltage. +// The reader will generate "pauses" by temporarily switching of the field. +// At the PM3 antenna we will therefore measure a modulated antenna voltage. // The FPGA does a comparison with a threshold and would deliver e.g.: // ........ 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 ....... // The Miller decoder needs to identify the following sequences: -// 2 (or 3) ticks pause followed by 6 (or 5) ticks unmodulated: pause at beginning - Sequence Z ("start of communication" or a "0") -// 8 ticks without a modulation: no pause - Sequence Y (a "0" or "end of communication" or "no information") -// 4 ticks unmodulated followed by 2 (or 3) ticks pause: pause in second half - Sequence X (a "1") +// 2 (or 3) ticks pause followed by 6 (or 5) ticks unmodulated: pause at beginning - Sequence Z ("start of communication" or a "0") +// 8 ticks without a modulation: no pause - Sequence Y (a "0" or "end of communication" or "no information") +// 4 ticks unmodulated followed by 2 (or 3) ticks pause: pause in second half - Sequence X (a "1") // Note 1: the bitstream may start at any time. We therefore need to sync. // Note 2: the interpretation of Sequence Y and Z depends on the preceding sequence. //----------------------------------------------------------------------------- @@ -269,42 +272,39 @@ const bool Mod_Miller_LUT[] = { #define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x000000F0) >> 4]) #define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x0000000F)]) -static void UartReset() -{ +static void UartReset() { Uart.state = STATE_UNSYNCD; Uart.bitCount = 0; - Uart.len = 0; // number of decoded data bytes - Uart.parityLen = 0; // number of decoded parity bytes - Uart.shiftReg = 0; // shiftreg to hold decoded data bits - Uart.parityBits = 0; // holds 8 parity bits - Uart.startTime = 0; - Uart.endTime = 0; + Uart.len = 0; // number of decoded data bytes + Uart.parityLen = 0; // number of decoded parity bytes + Uart.shiftReg = 0; // shiftreg to hold decoded data bits + Uart.parityBits = 0; // holds 8 parity bits } -static void UartInit(uint8_t *data, uint8_t *parity) -{ +static void UartInit(uint8_t *data, uint8_t *parity) { Uart.output = data; Uart.parity = parity; - Uart.fourBits = 0x00000000; // clear the buffer for 4 Bits + Uart.fourBits = 0x00000000; // clear the buffer for 4 Bits + Uart.startTime = 0; + Uart.endTime = 0; UartReset(); } // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time -static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) -{ +static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) { Uart.fourBits = (Uart.fourBits << 8) | bit; - - if (Uart.state == STATE_UNSYNCD) { // not yet synced - - Uart.syncBit = 9999; // not set + + if (Uart.state == STATE_UNSYNCD) { // not yet synced + + Uart.syncBit = 9999; // not set // The start bit is one ore more Sequence Y followed by a Sequence Z (... 11111111 00x11111). We need to distinguish from // Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111) - // we therefore look for a ...xx11111111111100x11111xxxxxx... pattern + // we therefore look for a ...xx11111111111100x11111xxxxxx... pattern // (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's) - #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000 - #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000 - if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7; + #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000 + #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000 + if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 3)) == ISO14443A_STARTBIT_PATTERN >> 3) Uart.syncBit = 4; @@ -313,102 +313,107 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 6)) == ISO14443A_STARTBIT_PATTERN >> 6) Uart.syncBit = 1; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 7)) == ISO14443A_STARTBIT_PATTERN >> 7) Uart.syncBit = 0; - if (Uart.syncBit != 9999) { // found a sync bit + if (Uart.syncBit != 9999) { // found a sync bit Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8); Uart.startTime -= Uart.syncBit; Uart.endTime = Uart.startTime; Uart.state = STATE_START_OF_COMMUNICATION; + LED_B_ON(); } } else { - if (IsMillerModulationNibble1(Uart.fourBits >> Uart.syncBit)) { - if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation in both halves - error + if (IsMillerModulationNibble1(Uart.fourBits >> Uart.syncBit)) { + if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation in both halves - error + LED_B_OFF(); UartReset(); - } else { // Modulation in first half = Sequence Z = logic "0" - if (Uart.state == STATE_MILLER_X) { // error - must not follow after X + } else { // Modulation in first half = Sequence Z = logic "0" + if (Uart.state == STATE_MILLER_X) { // error - must not follow after X + LED_B_OFF(); UartReset(); } else { Uart.bitCount++; - Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg + Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg Uart.state = STATE_MILLER_Z; Uart.endTime = Uart.startTime + 8*(9*Uart.len + Uart.bitCount + 1) - 6; - if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) + if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); - Uart.parityBits <<= 1; // make room for the parity bit - Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit + Uart.parityBits <<= 1; // make room for the parity bit + Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit Uart.bitCount = 0; Uart.shiftReg = 0; - if((Uart.len&0x0007) == 0) { // every 8 data bytes - Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits + if((Uart.len&0x0007) == 0) { // every 8 data bytes + Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits Uart.parityBits = 0; } } } } } else { - if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1" + if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1" Uart.bitCount++; - Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg + Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg Uart.state = STATE_MILLER_X; Uart.endTime = Uart.startTime + 8*(9*Uart.len + Uart.bitCount + 1) - 2; - if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) + if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); - Uart.parityBits <<= 1; // make room for the new parity bit - Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit + Uart.parityBits <<= 1; // make room for the new parity bit + Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit Uart.bitCount = 0; Uart.shiftReg = 0; - if ((Uart.len&0x0007) == 0) { // every 8 data bytes - Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits + if ((Uart.len&0x0007) == 0) { // every 8 data bytes + Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits Uart.parityBits = 0; } } - } else { // no modulation in both halves - Sequence Y - if (Uart.state == STATE_MILLER_Z || Uart.state == STATE_MILLER_Y) { // Y after logic "0" - End of Communication + } else { // no modulation in both halves - Sequence Y + if (Uart.state == STATE_MILLER_Z || Uart.state == STATE_MILLER_Y) { // Y after logic "0" - End of Communication + LED_B_OFF(); Uart.state = STATE_UNSYNCD; - Uart.bitCount--; // last "0" was part of EOC sequence - Uart.shiftReg <<= 1; // drop it - if(Uart.bitCount > 0) { // if we decoded some bits - Uart.shiftReg >>= (9 - Uart.bitCount); // right align them - Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); // add last byte to the output - Uart.parityBits <<= 1; // add a (void) parity bit - Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align parity bits - Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store it + Uart.bitCount--; // last "0" was part of EOC sequence + Uart.shiftReg <<= 1; // drop it + if(Uart.bitCount > 0) { // if we decoded some bits + Uart.shiftReg >>= (9 - Uart.bitCount); // right align them + Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); // add last byte to the output + Uart.parityBits <<= 1; // add a (void) parity bit + Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align parity bits + Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store it return true; - } else if (Uart.len & 0x0007) { // there are some parity bits to store - Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align remaining parity bits - Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them + } else if (Uart.len & 0x0007) { // there are some parity bits to store + Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align remaining parity bits + Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them } if (Uart.len) { - return true; // we are finished with decoding the raw data sequence + return true; // we are finished with decoding the raw data sequence } else { - UartReset(); // Nothing received - start over + UartReset(); // Nothing received - start over } } - if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC + if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC + LED_B_OFF(); UartReset(); - } else { // a logic "0" + } else { // a logic "0" Uart.bitCount++; - Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg + Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg Uart.state = STATE_MILLER_Y; - if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) + if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity) Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); - Uart.parityBits <<= 1; // make room for the parity bit - Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit + Uart.parityBits <<= 1; // make room for the parity bit + Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit Uart.bitCount = 0; Uart.shiftReg = 0; - if ((Uart.len&0x0007) == 0) { // every 8 data bytes - Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits + if ((Uart.len&0x0007) == 0) { // every 8 data bytes + Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits Uart.parityBits = 0; } } } } } - - } - return false; // not finished yet, need more data + } + + return false; // not finished yet, need more data } @@ -422,10 +427,10 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) // at the reader antenna will be modulated as well. The FPGA detects the modulation for us and would deliver e.g. the following: // ........ 0 0 1 1 1 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ....... // The Manchester decoder needs to identify the following sequences: -// 4 ticks modulated followed by 4 ticks unmodulated: Sequence D = 1 (also used as "start of communication") -// 4 ticks unmodulated followed by 4 ticks modulated: Sequence E = 0 -// 8 ticks unmodulated: Sequence F = end of communication -// 8 ticks modulated: A collision. Save the collision position and treat as Sequence D +// 4 ticks modulated followed by 4 ticks unmodulated: Sequence D = 1 (also used as "start of communication") +// 4 ticks unmodulated followed by 4 ticks modulated: Sequence E = 0 +// 8 ticks unmodulated: Sequence F = end of communication +// 8 ticks modulated: A collision. Save the collision position and treat as Sequence D // Note 1: the bitstream may start at any time. We therefore need to sync. // Note 2: parameter offset is used to determine the position of the parity bits (required for the anticollision command only) static tDemod Demod; @@ -441,44 +446,41 @@ const bool Mod_Manchester_LUT[] = { #define IsManchesterModulationNibble2(b) (Mod_Manchester_LUT[(b & 0x000F)]) -static void DemodReset() -{ +static void DemodReset() { Demod.state = DEMOD_UNSYNCD; - Demod.len = 0; // number of decoded data bytes + Demod.len = 0; // number of decoded data bytes Demod.parityLen = 0; - Demod.shiftReg = 0; // shiftreg to hold decoded data bits - Demod.parityBits = 0; // - Demod.collisionPos = 0; // Position of collision bit - Demod.twoBits = 0xffff; // buffer for 2 Bits + Demod.shiftReg = 0; // shiftreg to hold decoded data bits + Demod.parityBits = 0; // + Demod.collisionPos = 0; // Position of collision bit + Demod.twoBits = 0xffff; // buffer for 2 Bits Demod.highCnt = 0; Demod.startTime = 0; Demod.endTime = 0; } -static void DemodInit(uint8_t *data, uint8_t *parity) -{ +static void DemodInit(uint8_t *data, uint8_t *parity) { Demod.output = data; Demod.parity = parity; DemodReset(); } // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time -static RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time) -{ +static RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time) { Demod.twoBits = (Demod.twoBits << 8) | bit; - + if (Demod.state == DEMOD_UNSYNCD) { - if (Demod.highCnt < 2) { // wait for a stable unmodulated signal + if (Demod.highCnt < 2) { // wait for a stable unmodulated signal if (Demod.twoBits == 0x0000) { Demod.highCnt++; } else { Demod.highCnt = 0; } } else { - Demod.syncBit = 0xFFFF; // not set - if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7; + Demod.syncBit = 0xFFFF; // not set + if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7; else if ((Demod.twoBits & 0x3B80) == 0x3800) Demod.syncBit = 6; else if ((Demod.twoBits & 0x1DC0) == 0x1C00) Demod.syncBit = 5; else if ((Demod.twoBits & 0x0EE0) == 0x0E00) Demod.syncBit = 4; @@ -489,72 +491,74 @@ static RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non if (Demod.syncBit != 0xFFFF) { Demod.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8); Demod.startTime -= Demod.syncBit; - Demod.bitCount = offset; // number of decoded data bits + Demod.bitCount = offset; // number of decoded data bits Demod.state = DEMOD_MANCHESTER_DATA; + LED_C_ON(); } } } else { - if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half - if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision + if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half + if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision if (!Demod.collisionPos) { Demod.collisionPos = (Demod.len << 3) + Demod.bitCount; } - } // modulation in first half only - Sequence D = 1 + } // modulation in first half only - Sequence D = 1 Demod.bitCount++; - Demod.shiftReg = (Demod.shiftReg >> 1) | 0x100; // in both cases, add a 1 to the shiftreg - if(Demod.bitCount == 9) { // if we decoded a full byte (including parity) + Demod.shiftReg = (Demod.shiftReg >> 1) | 0x100; // in both cases, add a 1 to the shiftreg + if(Demod.bitCount == 9) { // if we decoded a full byte (including parity) Demod.output[Demod.len++] = (Demod.shiftReg & 0xff); - Demod.parityBits <<= 1; // make room for the parity bit - Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit + Demod.parityBits <<= 1; // make room for the parity bit + Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit Demod.bitCount = 0; Demod.shiftReg = 0; - if((Demod.len&0x0007) == 0) { // every 8 data bytes - Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits + if((Demod.len&0x0007) == 0) { // every 8 data bytes + Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits Demod.parityBits = 0; } } Demod.endTime = Demod.startTime + 8*(9*Demod.len + Demod.bitCount + 1) - 4; - } else { // no modulation in first half - if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0 + } else { // no modulation in first half + if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0 Demod.bitCount++; - Demod.shiftReg = (Demod.shiftReg >> 1); // add a 0 to the shiftreg - if(Demod.bitCount >= 9) { // if we decoded a full byte (including parity) + Demod.shiftReg = (Demod.shiftReg >> 1); // add a 0 to the shiftreg + if(Demod.bitCount >= 9) { // if we decoded a full byte (including parity) Demod.output[Demod.len++] = (Demod.shiftReg & 0xff); - Demod.parityBits <<= 1; // make room for the new parity bit + Demod.parityBits <<= 1; // make room for the new parity bit Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit Demod.bitCount = 0; Demod.shiftReg = 0; - if ((Demod.len&0x0007) == 0) { // every 8 data bytes - Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits1 + if ((Demod.len&0x0007) == 0) { // every 8 data bytes + Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits1 Demod.parityBits = 0; } } Demod.endTime = Demod.startTime + 8*(9*Demod.len + Demod.bitCount + 1); - } else { // no modulation in both halves - End of communication - if(Demod.bitCount > 0) { // there are some remaining data bits - Demod.shiftReg >>= (9 - Demod.bitCount); // right align the decoded bits - Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output - Demod.parityBits <<= 1; // add a (void) parity bit - Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits - Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them + } else { // no modulation in both halves - End of communication + LED_C_OFF(); + if(Demod.bitCount > 0) { // there are some remaining data bits + Demod.shiftReg >>= (9 - Demod.bitCount); // right align the decoded bits + Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output + Demod.parityBits <<= 1; // add a (void) parity bit + Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits + Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them return true; - } else if (Demod.len & 0x0007) { // there are some parity bits to store - Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits - Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them + } else if (Demod.len & 0x0007) { // there are some parity bits to store + Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits + Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them } if (Demod.len) { - return true; // we are finished with decoding the raw data sequence - } else { // nothing received. Start over + return true; // we are finished with decoding the raw data sequence + } else { // nothing received. Start over DemodReset(); } } } - - } - return false; // not finished yet, need more data + } + + return false; // not finished yet, need more data } //============================================================================= @@ -571,8 +575,9 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { // param: // bit 0 - trigger from first card answer // bit 1 - trigger from first reader 7-bit request - + LEDsoff(); + LED_A_ON(); iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER); @@ -583,11 +588,11 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { // The command (reader -> tag) that we're receiving. uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE); uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE); - + // The response (tag -> reader) that we're receiving. uint8_t *receivedResponse = BigBuf_malloc(MAX_FRAME_SIZE); uint8_t *receivedResponsePar = BigBuf_malloc(MAX_PARITY_SIZE); - + // The DMA buffer, used to stream samples from the FPGA uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE); @@ -601,31 +606,30 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { int dataLen = 0; bool TagIsActive = false; bool ReaderIsActive = false; - + // Set up the demodulator for tag -> reader responses. DemodInit(receivedResponse, receivedResponsePar); - + // Set up the demodulator for the reader -> tag commands UartInit(receivedCmd, receivedCmdPar); - + // Setup and start DMA. FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); - + // We won't start recording the frames that we acquire until we trigger; // a good trigger condition to get started is probably when we see a // response from the tag. // triggered == false -- to wait first for card - bool triggered = !(param & 0x03); - - // And now we loop, receiving samples. - for(uint32_t rsamples = 0; true; ) { + bool triggered = !(param & 0x03); - if(BUTTON_PRESS()) { + // And now we loop, receiving samples. + for (uint32_t rsamples = 0; true; ) { + + if (BUTTON_PRESS()) { DbpString("cancelled by button"); break; } - LED_A_ON(); WDT_HIT(); int register readBufDataP = data - dmaBuf; @@ -657,24 +661,21 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; } - LED_A_OFF(); - - if (rsamples & 0x01) { // Need two samples to feed Miller and Manchester-Decoder + if (rsamples & 0x01) { // Need two samples to feed Miller and Manchester-Decoder - if(!TagIsActive) { // no need to try decoding reader data if the tag is sending + if(!TagIsActive) { // no need to try decoding reader data if the tag is sending uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4); if (MillerDecoding(readerdata, (rsamples-1)*4)) { - LED_C_ON(); - // check - if there is a short 7bit request from reader - if ((!triggered) && (param & 0x02) && (Uart.len == 1) && (Uart.bitCount == 7)) triggered = true; - + if ((!triggered) && (param & 0x02) && (Uart.len == 1) && (Uart.bitCount == 7)) { + triggered = true; + } if(triggered) { - if (!LogTrace(receivedCmd, - Uart.len, + if (!LogTrace(receivedCmd, + Uart.len, Uart.startTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, - Uart.parity, + Uart.parity, true)) break; } /* And ready to receive another command. */ @@ -682,32 +683,25 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { /* And also reset the demod code, which might have been */ /* false-triggered by the commands from the reader. */ DemodReset(); - LED_B_OFF(); } ReaderIsActive = (Uart.state != STATE_UNSYNCD); } - if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time + if (!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time uint8_t tagdata = (previous_data << 4) | (*data & 0x0F); - if(ManchesterDecoding(tagdata, 0, (rsamples-1)*4)) { - LED_B_ON(); - - if (!LogTrace(receivedResponse, - Demod.len, - Demod.startTime*16 - DELAY_TAG_AIR2ARM_AS_SNIFFER, + if (ManchesterDecoding(tagdata, 0, (rsamples-1)*4)) { + if (!LogTrace(receivedResponse, + Demod.len, + Demod.startTime*16 - DELAY_TAG_AIR2ARM_AS_SNIFFER, Demod.endTime*16 - DELAY_TAG_AIR2ARM_AS_SNIFFER, Demod.parity, false)) break; - if ((!triggered) && (param & 0x01)) triggered = true; - // And ready to receive another response. DemodReset(); // And reset the Miller decoder including itS (now outdated) input buffer UartInit(receivedCmd, receivedCmdPar); - - LED_C_OFF(); - } + } TagIsActive = (Demod.state != DEMOD_UNSYNCD); } } @@ -720,19 +714,18 @@ void RAMFUNC SnoopIso14443a(uint8_t param) { } } // main cycle - DbpString("COMMAND FINISHED"); - FpgaDisableSscDma(); + LEDsoff(); + + DbpString("COMMAND FINISHED"); Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len); Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]); - LEDsoff(); } //----------------------------------------------------------------------------- // Prepare tag messages //----------------------------------------------------------------------------- -static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *parity) -{ +static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *parity) { ToSendReset(); // Correction bit, might be removed when not needed @@ -744,16 +737,16 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par ToSendStuffBit(0); ToSendStuffBit(0); ToSendStuffBit(0); - + // Send startbit ToSend[++ToSendMax] = SEC_D; LastProxToAirDuration = 8 * ToSendMax - 4; - for(uint16_t i = 0; i < len; i++) { + for (uint16_t i = 0; i < len; i++) { uint8_t b = cmd[i]; // Data bits - for(uint16_t j = 0; j < 8; j++) { + for (uint16_t j = 0; j < 8; j++) { if(b & 1) { ToSend[++ToSendMax] = SEC_D; } else { @@ -780,8 +773,7 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par } -static void Code4bitAnswerAsTag(uint8_t cmd) -{ +static void Code4bitAnswerAsTag(uint8_t cmd) { int i; ToSendReset(); @@ -800,7 +792,7 @@ static void Code4bitAnswerAsTag(uint8_t cmd) ToSend[++ToSendMax] = SEC_D; uint8_t b = cmd; - for(i = 0; i < 4; i++) { + for (i = 0; i < 4; i++) { if(b & 1) { ToSend[++ToSendMax] = SEC_D; LastProxToAirDuration = 8 * ToSendMax - 4; @@ -841,7 +833,7 @@ static void FixLastReaderTraceTime(uint32_t tag_StartTime) { LastReaderTraceTime[3] = (reader_StartTime >> 24) & 0xff; } - + static void EmLogTraceTag(uint8_t *tag_data, uint16_t tag_len, uint8_t *tag_Parity, uint32_t ProxToAirDuration) { uint32_t tag_StartTime = LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG; uint32_t tag_EndTime = (LastTimeProxToAirStart + ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG; @@ -855,41 +847,39 @@ static void EmLogTraceTag(uint8_t *tag_data, uint16_t tag_len, uint8_t *tag_Pari // Stop when button is pressed // Or return true when command is captured //----------------------------------------------------------------------------- -static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) -{ - // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); +static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) { + // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen + // only, since we are receiving, not transmitting). + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); - // Now run a `software UART' on the stream of incoming samples. + // Now run a `software UART' on the stream of incoming samples. UartInit(received, parity); // clear RXRDY: - uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - for(;;) { - WDT_HIT(); + for (;;) { + WDT_HIT(); - if(BUTTON_PRESS()) return false; - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + if(BUTTON_PRESS()) return false; + + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; if(MillerDecoding(b, 0)) { *len = Uart.len; EmLogTraceReader(); return true; } - } - } + } + } } -static int EmSend4bitEx(uint8_t resp); int EmSend4bit(uint8_t resp); static int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, uint8_t *par); -int EmSendCmdEx(uint8_t *resp, uint16_t respLen); +int EmSendCmd(uint8_t *resp, uint16_t respLen); int EmSendPrecompiledCmd(tag_response_info_t *response_info); @@ -904,32 +894,32 @@ static bool prepare_tag_modulation(tag_response_info_t* response_info, size_t ma // ----------- + // 166 bytes, since every bit that needs to be send costs us a byte // - - + + // Prepare the tag modulation bits from the message GetParity(response_info->response, response_info->response_n, &(response_info->par)); CodeIso14443aAsTagPar(response_info->response,response_info->response_n, &(response_info->par)); - + // Make sure we do not exceed the free buffer space if (ToSendMax > max_buffer_size) { - Dbprintf("Out of memory, when modulating bits for tag answer:"); - Dbhexdump(response_info->response_n, response_info->response, false); - return false; + Dbprintf("Out of memory, when modulating bits for tag answer:"); + Dbhexdump(response_info->response_n, response_info->response, false); + return false; } - + // Copy the byte array, used for this modulation to the buffer position memcpy(response_info->modulation, ToSend, ToSendMax); - + // Store the number of bytes that were used for encoding/modulation and the time needed to transfer them response_info->modulation_n = ToSendMax; response_info->ProxToAirDuration = LastProxToAirDuration; - + return true; } // "precompile" responses. There are 7 predefined responses with a total of 28 bytes data to transmit. -// Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) +// Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) // 28 * 8 data bits, 28 * 1 parity bits, 7 start bits, 7 stop bits, 7 correction bits for the modulation // -> need 273 bytes buffer #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 273 @@ -938,15 +928,15 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info, uint8_ // Retrieve and store the current buffer index response_info->modulation = *buffer; - + // Forward the prepare tag modulation function to the inner function if (prepare_tag_modulation(response_info, *max_buffer_size)) { - // Update the free buffer offset and the remaining buffer size - *buffer += ToSendMax; + // Update the free buffer offset and the remaining buffer size + *buffer += ToSendMax; *max_buffer_size -= ToSendMax; - return true; + return true; } else { - return false; + return false; } } @@ -954,13 +944,13 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info, uint8_ // Main loop of simulated tag: receive commands from reader, decide what // response to send, and send it. //----------------------------------------------------------------------------- -void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) -{ +void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, uint8_t* data) { + uint8_t sak; // The first response contains the ATQA (note: bytes are transmitted in reverse order). uint8_t response1[2]; - + switch (tagType) { case 1: { // MIFARE Classic // Says: I am Mifare 1k - original line @@ -991,19 +981,19 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) response1[0] = 0x01; response1[1] = 0x0f; sak = 0x01; - } break; + } break; default: { Dbprintf("Error: unkown tagtype (%d)",tagType); return; } break; } - + // The second response contains the (mandatory) first 24 bits of the UID uint8_t response2[5] = {0x00}; // Check if the uid uses the (optional) part uint8_t response2a[5] = {0x00}; - + if (uid_2nd) { response2[0] = 0x88; num_to_bytes(uid_1st,3,response2+1); @@ -1034,8 +1024,8 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce - uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS: - // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, + uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS: + // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1 // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us) // TC(1) = 0x02: CID supported, NAD not supported @@ -1064,7 +1054,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) .modulation = dynamic_modulation_buffer, .modulation_n = 0 }; - + // We need to listen to the high-frequency, peak-detected path. iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); @@ -1100,7 +1090,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) tag_response_info_t* p_response; LED_A_ON(); - for(;;) { + for (;;) { // Clean receive command buffer if(!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) { DbpString("Button press"); @@ -1108,32 +1098,32 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) } p_response = NULL; - + // Okay, look at the command now. lastorder = order; if(receivedCmd[0] == 0x26) { // Received a REQUEST p_response = &responses[0]; order = 1; } else if(receivedCmd[0] == 0x52) { // Received a WAKEUP p_response = &responses[0]; order = 6; - } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // Received request for UID (cascade 1) + } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // Received request for UID (cascade 1) p_response = &responses[1]; order = 2; - } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2) + } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2) p_response = &responses[2]; order = 20; - } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) { // Received a SELECT (cascade 1) + } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) { // Received a SELECT (cascade 1) p_response = &responses[3]; order = 3; - } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) { // Received a SELECT (cascade 2) + } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) { // Received a SELECT (cascade 2) p_response = &responses[4]; order = 30; - } else if(receivedCmd[0] == 0x30) { // Received a (plain) READ - EmSendCmdEx(data+(4*receivedCmd[1]),16); + } else if(receivedCmd[0] == 0x30) { // Received a (plain) READ + EmSendCmd(data+(4*receivedCmd[1]),16); // Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]); // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below p_response = NULL; - } else if(receivedCmd[0] == 0x50) { // Received a HALT + } else if(receivedCmd[0] == 0x50) { // Received a HALT p_response = NULL; - } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request + } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request p_response = &responses[5]; order = 7; - } else if(receivedCmd[0] == 0xE0) { // Received a RATS request - if (tagType == 1 || tagType == 2) { // RATS not supported + } else if(receivedCmd[0] == 0xE0) { // Received a RATS request + if (tagType == 1 || tagType == 2) { // RATS not supported EmSend4bit(CARD_NACK_NA); p_response = NULL; } else { @@ -1167,7 +1157,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11; dynamic_response_info.response_n = 2; } break; - + case 0xBA: { // memcpy(dynamic_response_info.response,"\xAB\x00",2); dynamic_response_info.response_n = 2; @@ -1187,7 +1177,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) dynamic_response_info.response_n = 0; } break; } - + if (dynamic_response_info.response_n > 0) { // Copy the CID from the reader query dynamic_response_info.response[1] = receivedCmd[1]; @@ -1195,7 +1185,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) // Add CRC bytes, always used in ISO 14443A-4 compliant cards AppendCrc14443a(dynamic_response_info.response,dynamic_response_info.response_n); dynamic_response_info.response_n += 2; - + if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) { Dbprintf("Error preparing tag response"); break; @@ -1219,8 +1209,8 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) if (p_response != NULL) { EmSendPrecompiledCmd(p_response); } - - if (!tracing) { + + if (!get_tracing()) { Dbprintf("Trace Full. Simulation stopped."); break; } @@ -1234,12 +1224,11 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) // prepare a delayed transfer. This simply shifts ToSend[] by a number // of bits specified in the delay parameter. -static void PrepareDelayedTransfer(uint16_t delay) -{ +static void PrepareDelayedTransfer(uint16_t delay) { uint8_t bitmask = 0; uint8_t bits_to_shift = 0; uint8_t bits_shifted = 0; - + delay &= 0x07; if (delay) { for (uint16_t i = 0; i < delay; i++) { @@ -1260,38 +1249,35 @@ static void PrepareDelayedTransfer(uint16_t delay) // Transmit the command (to the tag) that was placed in ToSend[]. // Parameter timing: // if NULL: transfer at next possible time, taking into account -// request guard time, startup frame guard time and frame delay time -// if == 0: transfer immediately and return time of transfer +// request guard time, startup frame guard time and frame delay time +// if == 0: transfer immediately and return time of transfer // if != 0: delay transfer until time specified //------------------------------------------------------------------------------------- -static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) -{ - +static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) { + LED_B_ON(); + LED_D_ON(); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); uint32_t ThisTransferTime = 0; if (timing) { - if(*timing == 0) { // Measure time + if (*timing == 0) { // Measure time *timing = (GetCountSspClk() + 8) & 0xfffffff8; } else { - PrepareDelayedTransfer(*timing & 0x00000007); // Delay transfer (fine tuning - up to 7 MF clock ticks) + PrepareDelayedTransfer(*timing & 0x00000007); // Delay transfer (fine tuning - up to 7 MF clock ticks) } - if(MF_DBGLEVEL >= 4 && GetCountSspClk() >= (*timing & 0xfffffff8)) Dbprintf("TransmitFor14443a: Missed timing"); - while(GetCountSspClk() < (*timing & 0xfffffff8)); // Delay transfer (multiple of 8 MF clock ticks) + if (MF_DBGLEVEL >= 4 && GetCountSspClk() >= (*timing & 0xfffffff8)) Dbprintf("TransmitFor14443a: Missed timing"); + while (GetCountSspClk() < (*timing & 0xfffffff8)); // Delay transfer (multiple of 8 MF clock ticks) LastTimeProxToAirStart = *timing; } else { ThisTransferTime = ((MAX(NextTransferTime, GetCountSspClk()) & 0xfffffff8) + 8); - while(GetCountSspClk() < ThisTransferTime); + while (GetCountSspClk() < ThisTransferTime); LastTimeProxToAirStart = ThisTransferTime; } - - // clear TXRDY - AT91C_BASE_SSC->SSC_THR = SEC_Y; uint16_t c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + for (;;) { + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { AT91C_BASE_SSC->SSC_THR = cmd[c]; c++; if(c >= len) { @@ -1299,16 +1285,16 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing } } } - + NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME); + LED_B_OFF(); } //----------------------------------------------------------------------------- // Prepare reader command (in bits, support short frames) to send to FPGA //----------------------------------------------------------------------------- -static void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity) -{ +static void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity) { int i, j; int last; uint8_t b; @@ -1391,80 +1377,93 @@ static void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, cons // Stop when button is pressed (return 1) or field was gone (return 2) // Or return 0 when command is captured //----------------------------------------------------------------------------- -int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) -{ +int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) { + uint32_t field_off_time = -1; + uint32_t samples = 0; + int ret = 0; + uint8_t b = 0;; + uint8_t dmaBuf[DMA_BUFFER_SIZE]; + uint8_t *upTo = dmaBuf; + *len = 0; - uint32_t timer = 0, vtime = 0; - int analogCnt = 0; - int analogAVG = 0; - - // Set ADC to read field strength - AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; - AT91C_BASE_ADC->ADC_MR = - ADC_MODE_PRESCALE(63) | - ADC_MODE_STARTUP_TIME(1) | - ADC_MODE_SAMPLE_HOLD_TIME(15); - AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF_LOW); - // start ADC - AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; - // Run a 'software UART' on the stream of incoming samples. UartInit(received, parity); + // start ADC + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; + // Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN - do { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = SEC_F; - uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; (void) b; - } - } while (GetCountSspClk() < LastTimeProxToAirStart + LastProxToAirDuration + (FpgaSendQueueDelay>>3)); + while (GetCountSspClk() < LastTimeProxToAirStart + LastProxToAirDuration + (FpgaSendQueueDelay>>3) - 8 - 3) /* wait */ ; // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen // only, since we are receiving, not transmitting). - // Signal field is off with the appropriate LED - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); + // clear receive register, measure time of next transfer + uint32_t temp = AT91C_BASE_SSC->SSC_RHR; (void) temp; + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)) ; + uint32_t start_time = GetCountSspClk() & 0xfffffff8; + + // Setup and start DMA. + FpgaSetupSscDma(dmaBuf, DMA_BUFFER_SIZE); + for(;;) { - WDT_HIT(); + uint16_t behindBy = ((uint8_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (DMA_BUFFER_SIZE-1); - if (BUTTON_PRESS()) return 1; + if (behindBy == 0) continue; - // test if the field exists - if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF_LOW)) { - analogCnt++; - analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF_LOW]; - AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; - if (analogCnt >= 32) { - if ((MAX_ADC_HF_VOLTAGE_LOW * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) { - vtime = GetTickCount(); - if (!timer) timer = vtime; - // 50ms no field --> card to idle state - if (vtime - timer > 50) return 2; - } else - if (timer) timer = 0; - analogCnt = 0; - analogAVG = 0; + b = *upTo++; + + if(upTo >= dmaBuf + DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content. + upTo = dmaBuf; // start reading the circular buffer from the beginning + if(behindBy > (9*DMA_BUFFER_SIZE/10)) { + Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy); + ret = 1; + break; } } + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated. + AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; // DMA Next Counter registers + } - // receive and test the miller decoding - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - if(MillerDecoding(b, 0)) { - *len = Uart.len; - EmLogTraceReader(); - return 0; + if (BUTTON_PRESS()) { + ret = 1; + break; + } + + // check reader's HF field + if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF_LOW)) { + if ((MAX_ADC_HF_VOLTAGE_LOW * AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF_LOW]) >> 10 < MF_MINFIELDV) { + if (GetTickCount() - field_off_time > 50) { + ret = 2; // reader has switched off HF field for more than 50ms. Timeout + break; + } + } else { + field_off_time = GetTickCount(); // HF field is still there. Reset timer } - } + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; // restart ADC + } + if (MillerDecoding(b, start_time + samples*8)) { + *len = Uart.len; + EmLogTraceReader(); + ret = 0; + break; + } + + samples++; } + + FpgaDisableSscDma(); + return ret; } -static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) -{ +static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) { + LED_C_ON(); + uint8_t b; uint16_t i = 0; bool correctionNeeded; @@ -1484,73 +1483,61 @@ static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) correctionNeeded = Uart.parity[(Uart.len-1)/8] & (0x80 >> ((Uart.len-1) & 7)); } - if(correctionNeeded) { + if (correctionNeeded) { // 1236, so correction bit needed i = 0; } else { i = 1; } - // clear receiving shift register and holding register - while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); + // clear receiving shift register and holding register b = AT91C_BASE_SSC->SSC_RHR; (void) b; - while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); b = AT91C_BASE_SSC->SSC_RHR; (void) b; - + // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line) - for (uint16_t j = 0; j < 5; j++) { // allow timeout - better late than never - while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); + for (uint16_t j = 0; j < 5; j++) { // allow timeout - better late than never + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); if (AT91C_BASE_SSC->SSC_RHR) break; } LastTimeProxToAirStart = (GetCountSspClk() & 0xfffffff8) + (correctionNeeded?8:0); // send cycle - for(; i < respLen; ) { + for (; i < respLen; ) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { AT91C_BASE_SSC->SSC_THR = resp[i++]; FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR; } - + if(BUTTON_PRESS()) { break; } } + LED_C_OFF(); return 0; } -static int EmSend4bitEx(uint8_t resp){ +int EmSend4bit(uint8_t resp){ Code4bitAnswerAsTag(resp); int res = EmSendCmd14443aRaw(ToSend, ToSendMax); - // do the tracing for the previous reader request and this tag answer: + // Log this tag answer and fix timing of previous reader command: EmLogTraceTag(&resp, 1, NULL, LastProxToAirDuration); return res; } -int EmSend4bit(uint8_t resp){ - return EmSend4bitEx(resp); -} - - static int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, uint8_t *par){ CodeIso14443aAsTagPar(resp, respLen, par); int res = EmSendCmd14443aRaw(ToSend, ToSendMax); - // do the tracing for the previous reader request and this tag answer: + // Log this tag answer and fix timing of previous reader command: EmLogTraceTag(resp, respLen, par, LastProxToAirDuration); return res; } -int EmSendCmdEx(uint8_t *resp, uint16_t respLen){ - uint8_t par[MAX_PARITY_SIZE]; - GetParity(resp, respLen, par); - return EmSendCmdExPar(resp, respLen, par); -} - - int EmSendCmd(uint8_t *resp, uint16_t respLen){ uint8_t par[MAX_PARITY_SIZE]; GetParity(resp, respLen, par); @@ -1565,7 +1552,7 @@ int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){ int EmSendPrecompiledCmd(tag_response_info_t *response_info) { int ret = EmSendCmd14443aRaw(response_info->modulation, response_info->modulation_n); - // do the tracing for the previous reader request and this tag answer: + // Log this tag answer and fix timing of previous reader command: EmLogTraceTag(response_info->response, response_info->response_n, &(response_info->par), response_info->ProxToAirDuration); return ret; } @@ -1576,63 +1563,58 @@ int EmSendPrecompiledCmd(tag_response_info_t *response_info) { // If a response is captured return true // If it takes too long return false //----------------------------------------------------------------------------- -static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset) -{ +static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset) { uint32_t c; - + // Set FPGA mode to "reader listen mode", no modulation (listen // only, since we are receiving, not transmitting). // Signal field is on with the appropriate LED LED_D_ON(); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); - + // Now get the answer from the card DemodInit(receivedResponse, receivedResponsePar); // clear RXRDY: - uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; c = 0; - for(;;) { + for (;;) { WDT_HIT(); - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - if(ManchesterDecoding(b, offset, 0)) { + if (ManchesterDecoding(b, offset, 0)) { NextTransferTime = MAX(NextTransferTime, Demod.endTime - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/16 + FRAME_DELAY_TIME_PICC_TO_PCD); return true; } else if (c++ > iso14a_timeout && Demod.state == DEMOD_UNSYNCD) { - return false; + return false; } } } } -void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing) -{ +void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing) { + CodeIso14443aBitsAsReaderPar(frame, bits, par); - + // Send command to tag TransmitFor14443a(ToSend, ToSendMax, timing); - if(trigger) + if (trigger) LED_A_ON(); - + // Log reader command in trace buffer - if (tracing) { - LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, true); - } + LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, true); } -void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing) -{ - ReaderTransmitBitsPar(frame, len*8, par, timing); +void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing) { + ReaderTransmitBitsPar(frame, len*8, par, timing); } -static void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing) -{ +static void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing) { // Generate parity and redirect uint8_t par[MAX_PARITY_SIZE]; GetParity(frame, len/8, par); @@ -1640,8 +1622,7 @@ static void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing) } -void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing) -{ +void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing) { // Generate parity and redirect uint8_t par[MAX_PARITY_SIZE]; GetParity(frame, len, par); @@ -1649,22 +1630,17 @@ void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing) } -static int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity) -{ +static int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity) { if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) return false; - if (tracing) { - LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, false); - } + LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, false); return Demod.len; } -int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) -{ +int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) { if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return false; - if (tracing) { - LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, false); - } + + LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, false); return Demod.len; } @@ -1672,24 +1648,24 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) static void iso14a_set_ATS_times(uint8_t *ats) { uint8_t tb1; - uint8_t fwi, sfgi; + uint8_t fwi, sfgi; uint32_t fwt, sfgt; - - if (ats[0] > 1) { // there is a format byte T0 - if ((ats[1] & 0x20) == 0x20) { // there is an interface byte TB(1) - if ((ats[1] & 0x10) == 0x10) { // there is an interface byte TA(1) preceding TB(1) + + if (ats[0] > 1) { // there is a format byte T0 + if ((ats[1] & 0x20) == 0x20) { // there is an interface byte TB(1) + if ((ats[1] & 0x10) == 0x10) { // there is an interface byte TA(1) preceding TB(1) tb1 = ats[3]; } else { tb1 = ats[2]; } - fwi = (tb1 & 0xf0) >> 4; // frame waiting time integer (FWI) + fwi = (tb1 & 0xf0) >> 4; // frame waiting time integer (FWI) if (fwi != 15) { - fwt = 256 * 16 * (1 << fwi); // frame waiting time (FWT) in 1/fc + fwt = 256 * 16 * (1 << fwi); // frame waiting time (FWT) in 1/fc iso14a_set_timeout(fwt/(8*16)); } - sfgi = tb1 & 0x0f; // startup frame guard time integer (SFGI) + sfgi = tb1 & 0x0f; // startup frame guard time integer (SFGI) if (sfgi != 0 && sfgi != 15) { - sfgt = 256 * 16 * (1 << sfgi); // startup frame guard time (SFGT) in 1/fc + sfgt = 256 * 16 * (1 << sfgi); // startup frame guard time (SFGT) in 1/fc NextTransferTime = MAX(NextTransferTime, Demod.endTime + (sfgt - DELAY_AIR2ARM_AS_READER - DELAY_ARM2AIR_AS_READER)/16); } } @@ -1699,15 +1675,15 @@ static void iso14a_set_ATS_times(uint8_t *ats) { static int GetATQA(uint8_t *resp, uint8_t *resp_par) { -#define WUPA_RETRY_TIMEOUT 10 // 10ms - uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP +#define WUPA_RETRY_TIMEOUT 10 // 10ms + uint8_t wupa[] = {ISO14443A_CMD_WUPA}; // 0x26 - REQA 0x52 - WAKE-UP uint32_t save_iso14a_timeout = iso14a_get_timeout(); - iso14a_set_timeout(1236/(16*8)+1); // response to WUPA is expected at exactly 1236/fc. No need to wait longer. - + iso14a_set_timeout(1236/(16*8)+1); // response to WUPA is expected at exactly 1236/fc. No need to wait longer. + uint32_t start_time = GetTickCount(); int len; - + // we may need several tries if we did send an unknown command or a wrong authentication before... do { // Broadcast for a card, WUPA (0x52) will force response from all cards in the field @@ -1715,7 +1691,7 @@ static int GetATQA(uint8_t *resp, uint8_t *resp_par) { // Receive the ATQA len = ReaderReceive(resp, resp_par); } while (len == 0 && GetTickCount() <= start_time + WUPA_RETRY_TIMEOUT); - + iso14a_set_timeout(save_iso14a_timeout); return len; } @@ -1724,16 +1700,16 @@ static int GetATQA(uint8_t *resp, uint8_t *resp_par) { // performs iso14443a anticollision (optional) and card select procedure // fills the uid and cuid pointer unless NULL // fills the card info record unless NULL -// if anticollision is false, then the UID must be provided in uid_ptr[] +// if anticollision is false, then the UID must be provided in uid_ptr[] // and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID) // requests ATS unless no_rats is true -int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) { +int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) { uint8_t sel_all[] = { 0x93,0x20 }; uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 uint8_t resp[MAX_FRAME_SIZE]; // theoretically. A usual RATS will be much smaller uint8_t resp_par[MAX_PARITY_SIZE]; - byte_t uid_resp[4]; + uint8_t uid_resp[4]; size_t uid_resp_len; uint8_t sak = 0x04; // cascade uid @@ -1741,7 +1717,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u int len; // init card struct - if(p_hi14a_card) { + if (p_hi14a_card) { p_hi14a_card->uidlen = 0; memset(p_hi14a_card->uid, 0, 10); p_hi14a_card->ats_len = 0; @@ -1751,7 +1727,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u return 0; } - if(p_hi14a_card) { + if (p_hi14a_card) { memcpy(p_hi14a_card->atqa, resp, 2); } @@ -1766,40 +1742,44 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u if ((resp[0] & 0x1F) == 0) { return 3; } - + // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in // which case we need to make a cascade 2 request and select - this is a long UID - // While the UID is not complete, the 3nd bit (from the right) is set in the SAK. - for(; sak & 0x04; cascade_level++) { + // While the UID is not complete, the 3rd bit (from the right) is set in the SAK. + for (; sak & 0x04; cascade_level++) { // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97) sel_uid[0] = sel_all[0] = 0x93 + cascade_level * 2; if (anticollision) { // SELECT_ALL ReaderTransmit(sel_all, sizeof(sel_all), NULL); - if (!ReaderReceive(resp, resp_par)) return 0; + if (!ReaderReceive(resp, resp_par)) { + return 0; + } - if (Demod.collisionPos) { // we had a collision and need to construct the UID bit by bit + if (Demod.collisionPos) { // we had a collision and need to construct the UID bit by bit memset(uid_resp, 0, 4); uint16_t uid_resp_bits = 0; uint16_t collision_answer_offset = 0; // anti-collision-loop: while (Demod.collisionPos) { Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos); - for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point + for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01; uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8); } - uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position + uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position uid_resp_bits++; // construct anticollosion command: - sel_uid[1] = ((2 + uid_resp_bits/8) << 4) | (uid_resp_bits & 0x07); // length of data in bytes and bits + sel_uid[1] = ((2 + uid_resp_bits/8) << 4) | (uid_resp_bits & 0x07); // length of data in bytes and bits for (uint16_t i = 0; i <= uid_resp_bits/8; i++) { sel_uid[2+i] = uid_resp[i]; } collision_answer_offset = uid_resp_bits%8; ReaderTransmitBits(sel_uid, 16 + uid_resp_bits, NULL); - if (!ReaderReceiveOffset(resp, collision_answer_offset, resp_par)) return 0; + if (!ReaderReceiveOffset(resp, collision_answer_offset, resp_par)) { + return 0; + } } // finally, add the last bits and BCC of the UID for (uint16_t i = collision_answer_offset; i < (Demod.len-1)*8; i++, uid_resp_bits++) { @@ -1807,7 +1787,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u uid_resp[uid_resp_bits/8] |= UIDbit << (uid_resp_bits % 8); } - } else { // no collision, use the response to SELECT_ALL as current uid + } else { // no collision, use the response to SELECT_ALL as current uid memcpy(uid_resp, resp, 4); } } else { @@ -1826,23 +1806,25 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u } // Construct SELECT UID command - sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC) - memcpy(sel_uid+2, uid_resp, 4); // the UID received during anticollision, or the provided UID - sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC - AppendCrc14443a(sel_uid, 7); // calculate and add CRC + sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC) + memcpy(sel_uid+2, uid_resp, 4); // the UID received during anticollision, or the provided UID + sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC + AppendCrc14443a(sel_uid, 7); // calculate and add CRC ReaderTransmit(sel_uid, sizeof(sel_uid), NULL); // Receive the SAK - if (!ReaderReceive(resp, resp_par)) return 0; + if (!ReaderReceive(resp, resp_par)) { + return 0; + } sak = resp[0]; - + // Test if more parts of the uid are coming if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) { // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of: // http://www.nxp.com/documents/application_note/AN10927.pdf uid_resp[0] = uid_resp[1]; uid_resp[1] = uid_resp[2]; - uid_resp[2] = uid_resp[3]; + uid_resp[2] = uid_resp[3]; uid_resp_len = 3; } @@ -1861,14 +1843,16 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u } // PICC compilant with iso14443a-4 ---> (SAK & 0x20 != 0) - if( (sak & 0x20) == 0) return 2; + if( (sak & 0x20) == 0) return 2; if (!no_rats) { // Request for answer to select AppendCrc14443a(rats, 2); ReaderTransmit(rats, sizeof(rats), NULL); - if (!(len = ReaderReceive(resp, resp_par))) return 0; + if (!(len = ReaderReceive(resp, resp_par))) { + return 0; + } if(p_hi14a_card) { memcpy(p_hi14a_card->ats, resp, len); @@ -1880,9 +1864,9 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u // set default timeout and delay next transfer based on ATS iso14a_set_ATS_times(resp); - + } - return 1; + return 1; } @@ -1902,11 +1886,22 @@ void iso14443a_setup(uint8_t fpga_minor_mode) { } FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | fpga_minor_mode); + // Set ADC to read field strength + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; + AT91C_BASE_ADC->ADC_MR = + ADC_MODE_PRESCALE(63) | + ADC_MODE_STARTUP_TIME(1) | + ADC_MODE_SAMPLE_HOLD_TIME(15); + AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF_LOW); + // Start the timer StartCountSspClk(); - + DemodReset(); UartReset(); + LastTimeProxToAirStart = 0; + FpgaSendQueueDelay = 0; + LastProxToAirDuration = 20; // arbitrary small value. Avoid lock in EmGetCmd() NextTransferTime = 2*DELAY_ARM2AIR_AS_READER; iso14a_set_timeout(1060); // 10ms default } @@ -1931,21 +1926,30 @@ b8 b7 b6 b5 b4 b3 b2 b1 b5 = ACK/NACK Coding of S-block: b8 b7 b6 b5 b4 b3 b2 b1 -1 1 x x x 0 1 0 +1 1 x x x 0 1 0 b5,b6 = 00 - DESELECT - 11 - WTX -*/ -int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { + 11 - WTX +*/ +int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res) { uint8_t parity[MAX_PARITY_SIZE]; uint8_t real_cmd[cmd_len + 4]; - - // ISO 14443 APDU frame: PCB [CID] [NAD] APDU CRC PCB=0x02 - real_cmd[0] = 0x02; // bnr,nad,cid,chn=0; i-block(0x00) - // put block number into the PCB - real_cmd[0] |= iso14_pcb_blocknum; - memcpy(real_cmd + 1, cmd, cmd_len); + + if (cmd_len) { + // ISO 14443 APDU frame: PCB [CID] [NAD] APDU CRC PCB=0x02 + real_cmd[0] = 0x02; // bnr,nad,cid,chn=0; i-block(0x00) + if (send_chaining) { + real_cmd[0] |= 0x10; + } + // put block number into the PCB + real_cmd[0] |= iso14_pcb_blocknum; + memcpy(real_cmd + 1, cmd, cmd_len); + } else { + // R-block. ACK + real_cmd[0] = 0xA2; // r-block + ACK + real_cmd[0] |= iso14_pcb_blocknum; + } AppendCrc14443a(real_cmd, cmd_len + 1); - + ReaderTransmit(real_cmd, cmd_len + 3, NULL); size_t len = ReaderReceive(data, parity); @@ -1953,20 +1957,20 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { if (!len) { return 0; //DATA LINK ERROR - } else{ - // S-Block WTX - while((data_bytes[0] & 0xF2) == 0xF2) { + } else { + // S-Block WTX + while (len && ((data_bytes[0] & 0xF2) == 0xF2)) { uint32_t save_iso14a_timeout = iso14a_get_timeout(); // temporarily increase timeout iso14a_set_timeout(MAX((data_bytes[1] & 0x3f) * save_iso14a_timeout, MAX_ISO14A_TIMEOUT)); - // Transmit WTX back + // Transmit WTX back // byte1 - WTXM [1..59]. command FWT=FWT*WTXM data_bytes[1] = data_bytes[1] & 0x3f; // 2 high bits mandatory set to 0b // now need to fix CRC. AppendCrc14443a(data_bytes, len - 2); // transmit S-Block ReaderTransmit(data_bytes, len, NULL); - // retrieve the result again (with increased timeout) + // retrieve the result again (with increased timeout) len = ReaderReceive(data, parity); data_bytes = data; // restore timeout @@ -1976,26 +1980,32 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { // if we received an I- or R(ACK)-Block with a block number equal to the // current block number, toggle the current block number if (len >= 3 // PCB+CRC = 3 bytes - && ((data_bytes[0] & 0xC0) == 0 // I-Block - || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0 - && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) // equal block numbers + && ((data_bytes[0] & 0xC0) == 0 // I-Block + || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0 + && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) // equal block numbers { iso14_pcb_blocknum ^= 1; } + // if we received I-block with chaining we need to send ACK and receive another block of data + if (res) + *res = data_bytes[0]; + // crc check - if (len >=3 && !CheckCrc14443(CRC_14443_A, data_bytes, len)) { + if (len >= 3 && !CheckCrc14443(CRC_14443_A, data_bytes, len)) { return -1; } - + } - - // cut frame byte - len -= 1; - // memmove(data_bytes, data_bytes + 1, len); - for (int i = 0; i < len; i++) - data_bytes[i] = data_bytes[i + 1]; - + + if (len) { + // cut frame byte + len -= 1; + // memmove(data_bytes, data_bytes + 1, len); + for (int i = 0; i < len; i++) + data_bytes[i] = data_bytes[i + 1]; + } + return len; } @@ -2004,29 +2014,29 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { // Read an ISO 14443a tag. Send out commands and store answers. // //----------------------------------------------------------------------------- -void ReaderIso14443a(UsbCommand *c) -{ +void ReaderIso14443a(UsbCommand *c) { + iso14a_command_t param = c->arg[0]; uint8_t *cmd = c->d.asBytes; size_t len = c->arg[1] & 0xffff; size_t lenbits = c->arg[1] >> 16; uint32_t timeout = c->arg[2]; uint32_t arg0 = 0; - byte_t buf[USB_CMD_DATA_SIZE] = {0}; + uint8_t buf[USB_CMD_DATA_SIZE] = {0}; uint8_t par[MAX_PARITY_SIZE]; bool cantSELECT = false; - + set_tracing(true); - - if(param & ISO14A_CLEAR_TRACE) { + + if (param & ISO14A_CLEAR_TRACE) { clear_trace(); } - if(param & ISO14A_REQUEST_TRIGGER) { + if (param & ISO14A_REQUEST_TRIGGER) { iso14a_set_trigger(true); } - if(param & ISO14A_CONNECT) { + if (param & ISO14A_CONNECT) { LED_A_ON(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); if(!(param & ISO14A_NO_SELECT)) { @@ -2038,26 +2048,28 @@ void ReaderIso14443a(UsbCommand *c) // 1 - all is OK with ATS, 2 - without ATS cantSELECT = true; } - + FpgaDisableTracing(); LED_B_ON(); - cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t)); + cmd_send(CMD_NACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t)); LED_B_OFF(); } } - if(param & ISO14A_SET_TIMEOUT) { + if (param & ISO14A_SET_TIMEOUT) { iso14a_set_timeout(timeout); } - if(param & ISO14A_APDU && !cantSELECT) { - arg0 = iso14_apdu(cmd, len, buf); + if (param & ISO14A_APDU && !cantSELECT) { + uint8_t res; + arg0 = iso14_apdu(cmd, len, (param & ISO14A_SEND_CHAINING), buf, &res); + FpgaDisableTracing(); LED_B_ON(); - cmd_send(CMD_ACK, arg0, 0, 0, buf, sizeof(buf)); + cmd_send(CMD_ACK, arg0, res, 0, buf, sizeof(buf)); LED_B_OFF(); } - if(param & ISO14A_RAW && !cantSELECT) { - if(param & ISO14A_APPEND_CRC) { + if (param & ISO14A_RAW && !cantSELECT) { + if (param & ISO14A_APPEND_CRC) { if(param & ISO14A_TOPAZMODE) { AppendCrc14443b(cmd,len); } else { @@ -2066,43 +2078,44 @@ void ReaderIso14443a(UsbCommand *c) len += 2; if (lenbits) lenbits += 16; } - if(lenbits>0) { // want to send a specific number of bits (e.g. short commands) - if(param & ISO14A_TOPAZMODE) { + if (lenbits > 0) { // want to send a specific number of bits (e.g. short commands) + if (param & ISO14A_TOPAZMODE) { int bits_to_send = lenbits; uint16_t i = 0; - ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity + ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity bits_to_send -= 7; while (bits_to_send > 0) { - ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity + ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity bits_to_send -= 8; } } else { GetParity(cmd, lenbits/8, par); - ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity + ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity } - } else { // want to send complete bytes only - if(param & ISO14A_TOPAZMODE) { + } else { // want to send complete bytes only + if (param & ISO14A_TOPAZMODE) { uint16_t i = 0; - ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy + ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy while (i < len) { - ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy + ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy } } else { - ReaderTransmit(cmd,len, NULL); // 8 bits, odd parity + ReaderTransmit(cmd,len, NULL); // 8 bits, odd parity } } arg0 = ReaderReceive(buf, par); + FpgaDisableTracing(); LED_B_ON(); - cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf)); + cmd_send(CMD_ACK, arg0, 0, 0, buf, sizeof(buf)); LED_B_OFF(); } - if(param & ISO14A_REQUEST_TRIGGER) { + if (param & ISO14A_REQUEST_TRIGGER) { iso14a_set_trigger(false); } - if(param & ISO14A_NO_DISCONNECT) { + if (param & ISO14A_NO_DISCONNECT) { return; } @@ -2123,14 +2136,14 @@ static int32_t dist_nt(uint32_t nt1, uint32_t nt2) { nttmp1 = nt1; nttmp2 = nt2; - + for (i = 1; i < 32768; i++) { nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i; nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; } - + return(-99999); // either nt1 or nt2 are invalid nonces } @@ -2152,15 +2165,15 @@ void ReaderMifare(bool first_try) uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - + // free eventually allocated BigBuf memory. We want all for tracing. BigBuf_free(); - + clear_trace(); set_tracing(true); uint8_t nt_diff = 0; - uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough + uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough static uint8_t par_low = 0; bool led_on = true; uint8_t uid[10] ={0}; @@ -2181,10 +2194,10 @@ void ReaderMifare(bool first_try) uint16_t consecutive_resyncs = 0; int isOK = 0; - if (first_try) { + if (first_try) { mf_nr_ar3 = 0; par[0] = par_low = 0; - sync_cycles = PRNG_SEQUENCE_LENGTH; // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the tag nonces). + sync_cycles = PRNG_SEQUENCE_LENGTH; // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the tag nonces). nt_attacked = 0; } else { @@ -2197,13 +2210,13 @@ void ReaderMifare(bool first_try) LED_A_ON(); LED_B_OFF(); LED_C_OFF(); - - #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. - #define MAX_SYNC_TRIES 32 - #define SYNC_TIME_BUFFER 16 // if there is only SYNC_TIME_BUFFER left before next planned sync, wait for next PRNG cycle - #define NUM_DEBUG_INFOS 8 // per strategy - #define MAX_STRATEGY 3 + + #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. + #define MAX_SYNC_TRIES 32 + #define SYNC_TIME_BUFFER 16 // if there is only SYNC_TIME_BUFFER left before next planned sync, wait for next PRNG cycle + #define NUM_DEBUG_INFOS 8 // per strategy + #define MAX_STRATEGY 3 uint16_t unexpected_random = 0; uint16_t sync_tries = 0; int16_t debug_info_nr = -1; @@ -2211,9 +2224,9 @@ void ReaderMifare(bool first_try) int32_t debug_info[MAX_STRATEGY][NUM_DEBUG_INFOS]; uint32_t select_time; uint32_t halt_time; - - for(uint16_t i = 0; true; i++) { - + + for (uint16_t i = 0; true; i++) { + LED_C_ON(); WDT_HIT(); @@ -2222,7 +2235,7 @@ void ReaderMifare(bool first_try) isOK = -1; break; } - + if (strategy == 2) { // test with additional hlt command halt_time = 0; @@ -2239,9 +2252,9 @@ void ReaderMifare(bool first_try) iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); SpinDelay(100); } - + if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card"); continue; } select_time = GetCountSspClk(); @@ -2257,11 +2270,11 @@ void ReaderMifare(bool first_try) sync_time = (sync_time & 0xfffffff8) + sync_cycles; } - // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) + // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); } else { // collect some information on tag nonces for debugging: - #define DEBUG_FIXED_SYNC_CYCLES PRNG_SEQUENCE_LENGTH + #define DEBUG_FIXED_SYNC_CYCLES PRNG_SEQUENCE_LENGTH if (strategy == 0) { // nonce distances at fixed time after card select: sync_time = select_time + DEBUG_FIXED_SYNC_CYCLES; @@ -2276,11 +2289,11 @@ void ReaderMifare(bool first_try) sync_time = DEBUG_FIXED_SYNC_CYCLES; } ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); - } + } // Receive the (4 Byte) "random" nonce if (!ReaderReceive(receivedAnswer, receivedAnswerPar)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Couldn't receive tag nonce"); + if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Couldn't receive tag nonce"); continue; } @@ -2298,17 +2311,17 @@ void ReaderMifare(bool first_try) if (nt_distance == -99999) { // invalid nonce received unexpected_random++; if (unexpected_random > MAX_UNEXPECTED_RANDOM) { - isOK = -3; // Card has an unpredictable PRNG. Give up + isOK = -3; // Card has an unpredictable PRNG. Give up break; } else { - continue; // continue trying... + continue; // continue trying... } } if (++sync_tries > MAX_SYNC_TRIES) { if (strategy > MAX_STRATEGY || MF_DBGLEVEL < 3) { - isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly + isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly break; - } else { // continue for a while, just to collect some debug info + } else { // continue for a while, just to collect some debug info debug_info[strategy][debug_info_nr] = nt_distance; debug_info_nr++; if (debug_info_nr == NUM_DEBUG_INFOS) { @@ -2329,9 +2342,9 @@ void ReaderMifare(bool first_try) } } - if ((nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again... + if ((nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again... catch_up_cycles = -dist_nt(nt_attacked, nt); - if (catch_up_cycles == 99999) { // invalid nonce received. Don't resync on that one. + if (catch_up_cycles == 99999) { // invalid nonce received. Don't resync on that one. catch_up_cycles = 0; continue; } @@ -2341,12 +2354,12 @@ void ReaderMifare(bool first_try) } else { last_catch_up = catch_up_cycles; - consecutive_resyncs = 0; + consecutive_resyncs = 0; } if (consecutive_resyncs < 3) { if (MF_DBGLEVEL >= 3) Dbprintf("Lost sync in cycle %d. nt_distance=%d. Consecutive Resyncs = %d. Trying one time catch up...\n", i, -catch_up_cycles, consecutive_resyncs); } - else { + else { sync_cycles = sync_cycles + catch_up_cycles; if (MF_DBGLEVEL >= 3) Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d.\n", i, -catch_up_cycles, sync_cycles); last_catch_up = 0; @@ -2355,13 +2368,13 @@ void ReaderMifare(bool first_try) } continue; } - + consecutive_resyncs = 0; - + // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding if (ReaderReceive(receivedAnswer, receivedAnswerPar)) { - catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer - + catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer + if (nt_diff == 0) { par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change } @@ -2385,7 +2398,7 @@ void ReaderMifare(bool first_try) if (nt_diff == 0 && first_try) { par[0]++; - if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK. + if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK. isOK = -2; break; } @@ -2401,20 +2414,22 @@ void ReaderMifare(bool first_try) if (isOK == -4) { if (MF_DBGLEVEL >= 3) { for (uint16_t i = 0; i <= MAX_STRATEGY; i++) { - for(uint16_t j = 0; j < NUM_DEBUG_INFOS; j++) { + for (uint16_t j = 0; j < NUM_DEBUG_INFOS; j++) { Dbprintf("collected debug info[%d][%d] = %d", i, j, debug_info[i][j]); } } } } - + + FpgaDisableTracing(); + uint8_t buf[32]; memcpy(buf + 0, uid, 4); num_to_bytes(nt, 4, buf + 4); memcpy(buf + 8, par_list, 8); memcpy(buf + 16, ks_list, 8); memcpy(buf + 24, mf_nr_ar, 8); - + cmd_send(CMD_ACK, isOK, 0, 0, buf, 32); // Thats it... @@ -2426,8 +2441,8 @@ void ReaderMifare(bool first_try) //----------------------------------------------------------------------------- -// MIFARE sniffer. -// +// MIFARE sniffer. +// //----------------------------------------------------------------------------- void RAMFUNC SniffMifare(uint8_t param) { // param: @@ -2436,6 +2451,8 @@ void RAMFUNC SniffMifare(uint8_t param) { // C(red) A(yellow) B(green) LEDsoff(); + LED_A_ON(); + // init trace buffer clear_trace(); set_tracing(true); @@ -2471,26 +2488,23 @@ void RAMFUNC SniffMifare(uint8_t param) { // Setup for the DMA. FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); // set transfer address and number of bytes. Start transfer. - LED_D_OFF(); - // init sniffer MfSniffInit(); // And now we loop, receiving samples. - for(uint32_t sniffCounter = 0; true; ) { - + for (uint32_t sniffCounter = 0; true; ) { + if(BUTTON_PRESS()) { DbpString("Canceled by button."); break; } - LED_A_ON(); WDT_HIT(); - - if ((sniffCounter & 0x0000FFFF) == 0) { // from time to time + + if ((sniffCounter & 0x0000FFFF) == 0) { // from time to time // check if a transaction is completed (timeout after 2000ms). // if yes, stop the DMA transfer and send what we have so far to the client - if (MfSniffSend(2000)) { + if (MfSniffSend(2000)) { // Reset everything - we missed some sniffed data anyway while the DMA was stopped sniffCounter = 0; data = dmaBuf; @@ -2500,17 +2514,17 @@ void RAMFUNC SniffMifare(uint8_t param) { FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); // set transfer address and number of bytes. Start transfer. } } - - int register readBufDataP = data - dmaBuf; // number of bytes we have processed so far + + int register readBufDataP = data - dmaBuf; // number of bytes we have processed so far int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR; // number of bytes already transferred - if (readBufDataP <= dmaBufDataP){ // we are processing the same block of data which is currently being transferred - dataLen = dmaBufDataP - readBufDataP; // number of bytes still to be processed - } else { + if (readBufDataP <= dmaBufDataP){ // we are processing the same block of data which is currently being transferred + dataLen = dmaBufDataP - readBufDataP; // number of bytes still to be processed + } else { dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP; // number of bytes still to be processed } // test for length of buffer - if(dataLen > maxDataLen) { // we are more behind than ever... - maxDataLen = dataLen; + if(dataLen > maxDataLen) { // we are more behind than ever... + maxDataLen = dataLen; if(dataLen > (9 * DMA_BUFFER_SIZE / 10)) { Dbprintf("blew circular buffer! dataLen=0x%x", dataLen); break; @@ -2530,32 +2544,26 @@ void RAMFUNC SniffMifare(uint8_t param) { AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; } - LED_A_OFF(); - if (sniffCounter & 0x01) { - if(!TagIsActive) { // no need to try decoding tag data if the reader is sending + if(!TagIsActive) { // no need to try decoding tag data if the reader is sending uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4); if(MillerDecoding(readerdata, (sniffCounter-1)*4)) { - LED_B_ON(); - LED_C_OFF(); if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, true)) break; /* And ready to receive another command. */ UartInit(receivedCmd, receivedCmdPar); - + /* And also reset the demod code */ DemodReset(); } ReaderIsActive = (Uart.state != STATE_UNSYNCD); } - - if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending + + if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending uint8_t tagdata = (previous_data << 4) | (*data & 0x0F); if(ManchesterDecoding(tagdata, 0, (sniffCounter-1)*4)) { - LED_B_OFF(); - LED_C_ON(); if (MfSniffLogic(receivedResponse, Demod.len, Demod.parity, Demod.bitCount, false)) break; @@ -2577,11 +2585,13 @@ void RAMFUNC SniffMifare(uint8_t param) { } // main cycle + FpgaDisableTracing(); + FpgaDisableSscDma(); + LEDsoff(); + DbpString("COMMAND FINISHED."); - FpgaDisableSscDma(); MfSniffEnd(); - + Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len); - LEDsoff(); } diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index 8796edf5..32bf3971 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -13,6 +13,7 @@ #ifndef __ISO14443A_H #define __ISO14443A_H +#include #include #include #include "usb_cmd.h" @@ -31,7 +32,7 @@ extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par); extern void AppendCrc14443a(uint8_t *data, int len); extern void RAMFUNC SnoopIso14443a(uint8_t param); -extern void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t *data); +extern void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, uint8_t *data); extern void ReaderIso14443a(UsbCommand *c); extern void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing); extern void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing); @@ -41,7 +42,6 @@ extern void ReaderMifare(bool first_try); extern int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity); extern int EmSendCmd(uint8_t *resp, uint16_t respLen); -extern int EmSendCmdEx(uint8_t *resp, uint16_t respLen); extern int EmSend4bit(uint8_t resp); extern int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par); extern int EmSendPrecompiledCmd(tag_response_info_t *response_info); @@ -49,8 +49,9 @@ extern int EmSendPrecompiledCmd(tag_response_info_t *response_info); extern bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *buffer_size); extern void iso14443a_setup(uint8_t fpga_minor_mode); -extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data); +extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res); extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats); extern void iso14a_set_trigger(bool enable); extern void iso14a_set_timeout(uint32_t timeout); +extern uint32_t iso14a_get_timeout(void); #endif /* __ISO14443A_H */ diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index cb8567fa..0f36c7c7 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -10,14 +10,18 @@ // the `fake tag' modes. //----------------------------------------------------------------------------- +#include "iso14443b.h" + #include "proxmark3.h" #include "apps.h" +#include "usb_cdc.h" #include "util.h" #include "string.h" - #include "iso14443crc.h" +#include "fpgaloader.h" +#include "BigBuf.h" -#define RECEIVE_SAMPLES_TIMEOUT 1000 // TR0 max is 256/fs = 256/(848kHz) = 302us or 64 samples from FPGA. 1000 seems to be much too high? +#define RECEIVE_SAMPLES_TIMEOUT 64 // TR0 max is 256/fs = 256/(848kHz) = 302us or 64 samples from FPGA #define ISO14443B_DMA_BUFFER_SIZE 128 // PCB Block number for APDUs @@ -325,6 +329,7 @@ static int GetIso14443bCommandFromReader(uint8_t *received, uint16_t *len) //----------------------------------------------------------------------------- void SimulateIso14443bTag(void) { + LED_A_ON(); // the only commands we understand is WUPB, AFI=0, Select All, N=1: static const uint8_t cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 }; // WUPB // ... and REQB, AFI=0, Normal Request, N=1: @@ -386,10 +391,7 @@ void SimulateIso14443bTag(void) break; } - if (tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(receivedCmd, len, 0, 0, parity, true); - } + LogTrace(receivedCmd, len, 0, 0, NULL, true); // Good, look at the command now. if ( (len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len) == 0) @@ -463,12 +465,12 @@ void SimulateIso14443bTag(void) } // trace the response: - if (tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(resp, respLen, 0, 0, parity, false); - } + LogTrace(resp, respLen, 0, 0, NULL, false); } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_A_OFF(); } //============================================================================= @@ -585,9 +587,10 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq) Demod.state = DEMOD_UNSYNCD; } else { LED_C_ON(); // Got SOF - Demod.state = DEMOD_AWAITING_START_BIT; Demod.posCount = 0; + Demod.bitCount = 0; Demod.len = 0; + Demod.state = DEMOD_AWAITING_START_BIT; /* this had been used to add RSSI (Received Signal Strength Indication) to traces. Currently not implemented. Demod.metricN = 0; Demod.metric = 0; @@ -604,13 +607,16 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq) case DEMOD_AWAITING_START_BIT: Demod.posCount++; MAKE_SOFT_DECISION(); - if(v > 0) { - if(Demod.posCount > 3*2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs - Demod.state = DEMOD_UNSYNCD; + if (v > 0) { + if (Demod.posCount > 3*2) { // max 19us between characters = 16 1/fs, max 3 etu after low phase of SOF = 24 1/fs LED_C_OFF(); + if (Demod.bitCount == 0 && Demod.len == 0) { // received SOF only, this is valid for iClass/Picopass + return true; + } else { + Demod.state = DEMOD_UNSYNCD; + } } } else { // start bit detected - Demod.bitCount = 0; Demod.posCount = 1; // this was the first half Demod.thisBit = v; Demod.shiftReg = 0; @@ -620,7 +626,7 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq) case DEMOD_RECEIVING_DATA: MAKE_SOFT_DECISION(); - if(Demod.posCount == 0) { // first half of bit + if (Demod.posCount == 0) { // first half of bit Demod.thisBit = v; Demod.posCount = 1; } else { // second half of bit @@ -636,22 +642,23 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq) */ Demod.shiftReg >>= 1; - if(Demod.thisBit > 0) { // logic '1' + if (Demod.thisBit > 0) { // logic '1' Demod.shiftReg |= 0x200; } Demod.bitCount++; - if(Demod.bitCount == 10) { + if (Demod.bitCount == 10) { uint16_t s = Demod.shiftReg; - if((s & 0x200) && !(s & 0x001)) { // stop bit == '1', start bit == '0' + if ((s & 0x200) && !(s & 0x001)) { // stop bit == '1', start bit == '0' uint8_t b = (s >> 1); Demod.output[Demod.len] = b; Demod.len++; + Demod.bitCount = 0; Demod.state = DEMOD_AWAITING_START_BIT; } else { Demod.state = DEMOD_UNSYNCD; LED_C_OFF(); - if(s == 0x000) { + if (s == 0x000) { // This is EOF (start, stop and all data bits == '0' return true; } @@ -692,8 +699,8 @@ static void DemodInit(uint8_t *data) * Demodulate the samples we received from the tag, also log to tracebuffer * quiet: set to 'true' to disable debug output */ -static void GetSamplesFor14443bDemod(int n, bool quiet) -{ +static int GetSamplesFor14443bDemod(int timeout, bool quiet) { + int ret = 0; int maxBehindBy = 0; bool gotFrame = false; int lastRxCounter, samples = 0; @@ -716,7 +723,7 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)) // Setup and start DMA. - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); FpgaSetupSscDma((uint8_t*) dmaBuf, ISO14443B_DMA_BUFFER_SIZE); uint16_t *upTo = dmaBuf; @@ -725,7 +732,7 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) // Signal field is ON with the appropriate LED: LED_D_ON(); // And put the FPGA in the appropriate mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_848_KHZ | FPGA_HF_READER_MODE_RECEIVE_IQ); for(;;) { int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & (ISO14443B_DMA_BUFFER_SIZE-1); @@ -749,12 +756,15 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) } samples++; - if(Handle14443bSamplesDemod(ci, cq)) { + if (Handle14443bSamplesDemod(ci, cq)) { + ret = Demod.len; gotFrame = true; break; } - if(samples > n) { + if(samples > timeout && Demod.state < DEMOD_PHASE_REF_TRAINING) { + ret = -1; + LED_C_OFF(); break; } } @@ -762,11 +772,14 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) FpgaDisableSscDma(); if (!quiet) Dbprintf("max behindby = %d, samples = %d, gotFrame = %d, Demod.len = %d, Demod.sumI = %d, Demod.sumQ = %d", maxBehindBy, samples, gotFrame, Demod.len, Demod.sumI, Demod.sumQ); - //Tracing - if (tracing && Demod.len > 0) { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(Demod.output, Demod.len, 0, 0, parity, false); + + if (ret < 0) { + return ret; } + //Tracing + LogTrace(Demod.output, Demod.len, 0, 0, NULL, false); + + return ret; } @@ -775,28 +788,21 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) //----------------------------------------------------------------------------- static void TransmitFor14443b(void) { - int c; - - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_TX); - - // Signal field is ON with the appropriate Red LED - LED_D_ON(); - // Signal we are transmitting with the Green LED + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_SHALLOW_MOD); LED_B_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD); - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = ~ToSend[c]; - c++; - if(c >= ToSendMax) { - break; - } + for(int c = 0; c < ToSendMax; c++) { + uint8_t data = ToSend[c]; + for (int i = 0; i < 8; i++) { + uint16_t send_word = (data & 0x80) ? 0x0000 : 0xffff; + while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; + AT91C_BASE_SSC->SSC_THR = send_word; + while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; + AT91C_BASE_SSC->SSC_THR = send_word; + data <<= 1; } WDT_HIT(); } - LED_B_OFF(); // Finished sending + LED_B_OFF(); } @@ -858,17 +864,14 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len) { CodeIso14443bAsReader(cmd, len); TransmitFor14443b(); - if (tracing) { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(cmd,len, 0, 0, parity, true); - } + LogTrace(cmd,len, 0, 0, NULL, true); } /* Sends an APDU to the tag * TODO: check CRC and preamble */ -int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response) -{ +int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response) { + LED_A_ON(); uint8_t message_frame[message_length + 4]; // PCB message_frame[0] = 0x0A | pcb_blocknum; @@ -882,18 +885,19 @@ int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *respo // send CodeAndTransmit14443bAsReader(message_frame, message_length + 4); // get response - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); - if(Demod.len < 3) - { + int ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + FpgaDisableTracing(); + if (ret < 3) { + LED_A_OFF(); return 0; } // TODO: Check CRC // copy response contents - if(response != NULL) - { + if (response != NULL) { memcpy(response, Demod.output, Demod.len); } - return Demod.len; + LED_A_OFF(); + return ret; } /* Perform the ISO 14443 B Card Selection procedure @@ -912,10 +916,9 @@ int iso14443b_select_card() // first, wake up the tag CodeAndTransmit14443bAsReader(wupb, sizeof(wupb)); - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + int ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); // ATQB too short? - if (Demod.len < 14) - { + if (ret < 14) { return 2; } @@ -927,10 +930,9 @@ int iso14443b_select_card() attrib[7] = Demod.output[10] & 0x0F; ComputeCrc14443(CRC_14443_B, attrib, 9, attrib + 9, attrib + 10); CodeAndTransmit14443bAsReader(attrib, sizeof(attrib)); - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); // Answer to ATTRIB too short? - if(Demod.len < 3) - { + if (ret < 3) { return 2; } // reset PCB block number @@ -942,13 +944,13 @@ int iso14443b_select_card() void iso14443b_setup() { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); // Set up the synchronous serial port - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_TX); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); // connect Demodulated Signal to ADC: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); // Signal field is on with the appropriate LED LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_SHALLOW_MOD); DemodReset(); UartReset(); @@ -965,6 +967,7 @@ void iso14443b_setup() { //----------------------------------------------------------------------------- void ReadSTMemoryIso14443b(uint32_t dwLast) { + LED_A_ON(); uint8_t i = 0x00; FpgaDownloadAndGo(FPGA_BITSTREAM_HF); @@ -975,12 +978,12 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) SpinDelay(200); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); // Now give it time to spin up. // Signal field is on with the appropriate LED LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_SHALLOW_MOD); SpinDelay(200); clear_trace(); @@ -989,12 +992,12 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) // First command: wake up the tag using the INITIATE command uint8_t cmd1[] = {0x06, 0x00, 0x97, 0x5b}; CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1)); - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + int ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); - if (Demod.len == 0) { - DbpString("No response from tag"); - LED_D_OFF(); + if (ret < 0) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("No response from tag"); + LEDsoff(); return; } else { Dbprintf("Randomly generated Chip ID (+ 2 byte CRC): %02x %02x %02x", @@ -1007,26 +1010,26 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) cmd1[1] = Demod.output[0]; ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1)); - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); if (Demod.len != 3) { - Dbprintf("Expected 3 bytes from tag, got %d", Demod.len); - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + Dbprintf("Expected 3 bytes from tag, got %d", Demod.len); + LEDsoff(); return; } // Check the CRC of the answer: ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]); if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) { - DbpString("CRC Error reading select response."); - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("CRC Error reading select response."); + LEDsoff(); return; } // Check response from the tag: should be the same UID as the command we just sent: if (cmd1[1] != Demod.output[0]) { - Dbprintf("Bad response to SELECT from Tag, aborting: %02x %02x", cmd1[1], Demod.output[0]); - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + Dbprintf("Bad response to SELECT from Tag, aborting: %02x %02x", cmd1[1], Demod.output[0]); + LEDsoff(); return; } @@ -1035,11 +1038,11 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) cmd1[0] = 0x0B; ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]); CodeAndTransmit14443bAsReader(cmd1, 3); // Only first three bytes for this one - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); - if (Demod.len != 10) { - Dbprintf("Expected 10 bytes from tag, got %d", Demod.len); - LED_D_OFF(); + ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + if (ret != 10) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + Dbprintf("Expected 10 bytes from tag, got %d", Demod.len); + LEDsoff(); return; } // The check the CRC of the answer (use cmd1 as temporary variable): @@ -1066,16 +1069,16 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) cmd1[1] = i; ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1)); - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); - if (Demod.len != 6) { // Check if we got an answer from the tag - DbpString("Expected 6 bytes from tag, got less..."); - LED_D_OFF(); + ret = GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + if (ret != 6) { // Check if we got an answer from the tag FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("Expected 6 bytes from tag, got less..."); + LEDsoff(); return; } // The check the CRC of the answer (use cmd1 as temporary variable): ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]); - if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) { + if (cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) { Dbprintf("CRC Error reading block! Expected: %04x got: %04x", (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]); // Do not return;, let's go on... (we should retry, maybe ?) @@ -1090,8 +1093,8 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) i++; } - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); } @@ -1114,6 +1117,7 @@ void ReadSTMemoryIso14443b(uint32_t dwLast) */ void RAMFUNC SnoopIso14443b(void) { + LED_A_ON(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); BigBuf_free(); @@ -1141,19 +1145,18 @@ void RAMFUNC SnoopIso14443b(void) Dbprintf(" tag -> Reader: %i bytes", MAX_FRAME_SIZE); Dbprintf(" DMA: %i bytes", ISO14443B_DMA_BUFFER_SIZE); - // Signal field is off, no reader signal, no tag signal - LEDsoff(); + // Signal field is off + LED_D_OFF(); // And put the FPGA in the appropriate mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_848_KHZ | FPGA_HF_READER_MODE_SNOOP_IQ); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); // Setup for the DMA. - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); upTo = dmaBuf; lastRxCounter = ISO14443B_DMA_BUFFER_SIZE; FpgaSetupSscDma((uint8_t*) dmaBuf, ISO14443B_DMA_BUFFER_SIZE); - uint8_t parity[MAX_PARITY_SIZE]; bool TagIsActive = false; bool ReaderIsActive = false; @@ -1198,9 +1201,7 @@ void RAMFUNC SnoopIso14443b(void) if (!TagIsActive) { // no need to try decoding reader data if the tag is sending if(Handle14443bUartBit(ci & 0x01)) { triggered = true; - if(tracing) { - LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, true); - } + LogTrace(Uart.output, Uart.byteCnt, samples, samples, NULL, true); /* And ready to receive another command. */ UartReset(); /* And also reset the demod code, which might have been */ @@ -1209,9 +1210,7 @@ void RAMFUNC SnoopIso14443b(void) } if(Handle14443bUartBit(cq & 0x01)) { triggered = true; - if(tracing) { - LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, true); - } + LogTrace(Uart.output, Uart.byteCnt, samples, samples, NULL, true); /* And ready to receive another command. */ UartReset(); /* And also reset the demod code, which might have been */ @@ -1221,15 +1220,10 @@ void RAMFUNC SnoopIso14443b(void) ReaderIsActive = (Uart.state > STATE_GOT_FALLING_EDGE_OF_SOF); } - if(!ReaderIsActive && triggered) { // no need to try decoding tag data if the reader is sending or not yet triggered - if(Handle14443bSamplesDemod(ci/2, cq/2)) { - + if (!ReaderIsActive && triggered) { // no need to try decoding tag data if the reader is sending or not yet triggered + if (Handle14443bSamplesDemod(ci/2, cq/2) >= 0) { //Use samples as a time measurement - if(tracing) - { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(Demod.output, Demod.len, samples, samples, parity, false); - } + LogTrace(Demod.output, Demod.len, samples, samples, NULL, false); // And ready to receive another response. DemodReset(); } @@ -1239,13 +1233,13 @@ void RAMFUNC SnoopIso14443b(void) } FpgaDisableSscDma(); - LEDsoff(); DbpString("Snoop statistics:"); Dbprintf(" Max behind by: %i", maxBehindBy); Dbprintf(" Uart State: %x", Uart.state); Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt); Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax); Dbprintf(" Trace length: %i", BigBuf_get_traceLen()); + LEDsoff(); } @@ -1263,12 +1257,14 @@ void RAMFUNC SnoopIso14443b(void) */ void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, uint8_t data[]) { + LED_A_ON(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); // switch field on and give tag some time to power up LED_D_ON(); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_TX); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_SHALLOW_MOD); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); SpinDelay(10); if (datalen){ @@ -1276,16 +1272,21 @@ void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, u CodeAndTransmit14443bAsReader(data, datalen); - if(recv) { - GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, true); + if (recv) { + int ret = GetSamplesFor14443bDemod(5*RECEIVE_SAMPLES_TIMEOUT, true); + FpgaDisableTracing(); uint16_t iLen = MIN(Demod.len, USB_CMD_DATA_SIZE); - cmd_send(CMD_ACK, iLen, 0, 0, Demod.output, iLen); + cmd_send(CMD_ACK, ret, 0, 0, Demod.output, iLen); } + + FpgaDisableTracing(); } - if(!powerfield) { + if (!powerfield) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); } + + LED_A_OFF(); } diff --git a/armsrc/iso14443b.h b/armsrc/iso14443b.h index de6faa92..3326ab12 100644 --- a/armsrc/iso14443b.h +++ b/armsrc/iso14443b.h @@ -10,12 +10,18 @@ // Routines to support ISO 14443 type B. //----------------------------------------------------------------------------- -#ifndef __ISO14443B_H -#define __ISO14443B_H -#include "common.h" +#ifndef ISO14443B_H__ +#define ISO14443B_H__ -int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response); -void iso14443b_setup(); -int iso14443b_select_card(); +#include +#include + +extern int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response); +extern void iso14443b_setup(); +extern int iso14443b_select_card(); +extern void SimulateIso14443bTag(void); +extern void ReadSTMemoryIso14443b(uint32_t); +extern void SnoopIso14443b(void); +extern void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]); #endif /* __ISO14443B_H */ diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index 9b0ab29e..f16698bb 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -2,271 +2,363 @@ // Jonathan Westhues, split Nov 2006 // Modified by Greg Jones, Jan 2009 // Modified by Adrian Dabrowski "atrox", Mar-Sept 2010,Oct 2011 +// Modified by piwi, Oct 2018 // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of // the license. //----------------------------------------------------------------------------- // Routines to support ISO 15693. This includes both the reader software and -// the `fake tag' modes, but at the moment I've implemented only the reader -// stuff, and that barely. -// Modified to perform modulation onboard in arm rather than on PC -// Also added additional reader commands (SELECT, READ etc.) +// the `fake tag' modes. //----------------------------------------------------------------------------- -// The ISO 15693 describes two transmission modes from reader to tag, and 4 -// transmission modes from tag to reader. As of Mar 2010 this code only -// supports one of each: "1of4" mode from reader to tag, and the highspeed -// variant with one subcarrier from card to reader. -// As long, as the card fully support ISO 15693 this is no problem, since the -// reader chooses both data rates, but some non-standard tags do not. Further for -// the simulation to work, we will need to support all data rates. + +// The ISO 15693 describes two transmission modes from reader to tag, and four +// transmission modes from tag to reader. As of Oct 2018 this code supports +// both reader modes and the high speed variant with one subcarrier from card to reader. +// As long as the card fully support ISO 15693 this is no problem, since the +// reader chooses both data rates, but some non-standard tags do not. +// For card simulation, the code supports both high and low speed modes with one subcarrier. // // VCD (reader) -> VICC (tag) // 1 out of 256: -// data rate: 1,66 kbit/s (fc/8192) -// used for long range +// data rate: 1,66 kbit/s (fc/8192) +// used for long range // 1 out of 4: -// data rate: 26,48 kbit/s (fc/512) -// used for short range, high speed -// +// data rate: 26,48 kbit/s (fc/512) +// used for short range, high speed +// // VICC (tag) -> VCD (reader) // Modulation: -// ASK / one subcarrier (423,75 khz) -// FSK / two subcarriers (423,75 khz && 484,28 khz) +// ASK / one subcarrier (423,75 khz) +// FSK / two subcarriers (423,75 khz && 484,28 khz) // Data Rates / Modes: -// low ASK: 6,62 kbit/s -// low FSK: 6.67 kbit/s -// high ASK: 26,48 kbit/s -// high FSK: 26,69 kbit/s +// low ASK: 6,62 kbit/s +// low FSK: 6.67 kbit/s +// high ASK: 26,48 kbit/s +// high FSK: 26,69 kbit/s //----------------------------------------------------------------------------- -// added "1 out of 256" mode (for VCD->PICC) - atrox 20100911 // Random Remarks: // *) UID is always used "transmission order" (LSB), which is reverse to display order // TODO / BUGS / ISSUES: -// *) writing to tags takes longer: we miss the answer from the tag in most cases -// -> tweak the read-timeout times -// *) signal decoding from the card is still a bit shaky. -// *) signal decoding is unable to detect collissions. -// *) add anti-collission support for inventory-commands +// *) signal decoding is unable to detect collisions. +// *) add anti-collision support for inventory-commands // *) read security status of a block -// *) sniffing and simulation do only support one transmission mode. need to support -// all 8 transmission combinations -// *) remove or refactor code under "depricated" +// *) sniffing and simulation do not support two subcarrier modes. +// *) remove or refactor code under "deprecated" // *) document all the functions +#include "iso15693.h" #include "proxmark3.h" #include "util.h" #include "apps.h" #include "string.h" #include "iso15693tools.h" -#include "cmd.h" +#include "protocols.h" +#include "usb_cdc.h" +#include "BigBuf.h" +#include "fpgaloader.h" #define arraylen(x) (sizeof(x)/sizeof((x)[0])) +// Delays in SSP_CLK ticks. +// SSP_CLK runs at 13,56MHz / 32 = 423.75kHz when simulating a tag +#define DELAY_READER_TO_ARM 8 +#define DELAY_ARM_TO_READER 0 +//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when acting as reader. All values should be multiples of 16 +#define DELAY_ARM_TO_TAG 16 +#define DELAY_TAG_TO_ARM 32 +//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when snooping. All values should be multiples of 16 +#define DELAY_TAG_TO_ARM_SNOOP 32 +#define DELAY_READER_TO_ARM_SNOOP 32 + +// times in samples @ 212kHz when acting as reader +//#define ISO15693_READER_TIMEOUT 80 // 80/212kHz = 378us, nominal t1_max=313,9us +#define ISO15693_READER_TIMEOUT 330 // 330/212kHz = 1558us, should be even enough for iClass tags responding to ACTALL +#define ISO15693_READER_TIMEOUT_WRITE 4700 // 4700/212kHz = 22ms, nominal 20ms + + static int DEBUG = 0; + /////////////////////////////////////////////////////////////////////// // ISO 15693 Part 2 - Air Interface -// This section basicly contains transmission and receiving of bits +// This section basically contains transmission and receiving of bits /////////////////////////////////////////////////////////////////////// -#define FrameSOF Iso15693FrameSOF -#define Logic0 Iso15693Logic0 -#define Logic1 Iso15693Logic1 -#define FrameEOF Iso15693FrameEOF +// buffers +#define ISO15693_DMA_BUFFER_SIZE 256 // must be a power of 2 +#define ISO15693_MAX_RESPONSE_LENGTH 36 // allows read single block with the maximum block size of 256bits. Read multiple blocks not supported yet +#define ISO15693_MAX_COMMAND_LENGTH 45 // allows write single block with the maximum block size of 256bits. Write multiple blocks not supported yet -#define Crc(data,datalen) Iso15693Crc(data,datalen) -#define AddCrc(data,datalen) Iso15693AddCrc(data,datalen) -#define sprintUID(target,uid) Iso15693sprintUID(target,uid) -// approximate amplitude=sqrt(ci^2+cq^2) -#define AMPLITUDE(ci, cq) (MAX(ABS(ci), ABS(cq)) + MIN(ABS(ci), ABS(cq))/2) +// specific LogTrace function for ISO15693: the duration needs to be scaled because otherwise it won't fit into a uint16_t +bool LogTrace_ISO15693(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag) { + uint32_t duration = timestamp_end - timestamp_start; + duration /= 32; + timestamp_end = timestamp_start + duration; + return LogTrace(btBytes, iLen, timestamp_start, timestamp_end, parity, readerToTag); +} -// DMA buffer -#define ISO15693_DMA_BUFFER_SIZE 128 // --------------------------- -// Signal Processing +// Signal Processing // --------------------------- // prepare data using "1 out of 4" code for later transmission -// resulting data rate is 26,48 kbit/s (fc/512) +// resulting data rate is 26.48 kbit/s (fc/512) // cmd ... data // n ... length of data -static void CodeIso15693AsReader(uint8_t *cmd, int n) -{ - int i, j; +void CodeIso15693AsReader(uint8_t *cmd, int n) { ToSendReset(); - // Give it a bit of slack at the beginning - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } - // SOF for 1of4 - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - for(i = 0; i < n; i++) { - for(j = 0; j < 8; j += 2) { - int these = (cmd[i] >> j) & 3; + ToSend[++ToSendMax] = 0x84; //10000100 + + // data + for (int i = 0; i < n; i++) { + for (int j = 0; j < 8; j += 2) { + int these = (cmd[i] >> j) & 0x03; switch(these) { case 0: - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x40; //01000000 break; case 1: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x10; //00010000 break; case 2: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x04; //00000100 break; case 3: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); + ToSend[++ToSendMax] = 0x01; //00000001 break; } } } - // EOF - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - // Fill remainder of last byte with 1 - for(i = 0; i < 4; i++) { - ToSendStuffBit(1); - } - + // EOF + ToSend[++ToSendMax] = 0x20; //0010 + 0000 padding + ToSendMax++; } + +// Encode EOF only +static void CodeIso15693AsReaderEOF() { + ToSendReset(); + ToSend[++ToSendMax] = 0x20; + ToSendMax++; +} + + // encode data using "1 out of 256" scheme -// data rate is 1,66 kbit/s (fc/8192) +// data rate is 1,66 kbit/s (fc/8192) // is designed for more robust communication over longer distances static void CodeIso15693AsReader256(uint8_t *cmd, int n) { - int i, j; + ToSendReset(); + + // SOF for 1of256 + ToSend[++ToSendMax] = 0x81; //10000001 + + // data + for(int i = 0; i < n; i++) { + for (int j = 0; j <= 255; j++) { + if (cmd[i] == j) { + ToSendStuffBit(0); + ToSendStuffBit(1); + } else { + ToSendStuffBit(0); + ToSendStuffBit(0); + } + } + } + + // EOF + ToSend[++ToSendMax] = 0x20; //0010 + 0000 padding + + ToSendMax++; +} + + +// static uint8_t encode4Bits(const uint8_t b) { + // uint8_t c = b & 0xF; + // // OTA, the least significant bits first + // // The columns are + // // 1 - Bit value to send + // // 2 - Reversed (big-endian) + // // 3 - Manchester Encoded + // // 4 - Hex values + + // switch(c){ + // // 1 2 3 4 + // case 15: return 0x55; // 1111 -> 1111 -> 01010101 -> 0x55 + // case 14: return 0x95; // 1110 -> 0111 -> 10010101 -> 0x95 + // case 13: return 0x65; // 1101 -> 1011 -> 01100101 -> 0x65 + // case 12: return 0xa5; // 1100 -> 0011 -> 10100101 -> 0xa5 + // case 11: return 0x59; // 1011 -> 1101 -> 01011001 -> 0x59 + // case 10: return 0x99; // 1010 -> 0101 -> 10011001 -> 0x99 + // case 9: return 0x69; // 1001 -> 1001 -> 01101001 -> 0x69 + // case 8: return 0xa9; // 1000 -> 0001 -> 10101001 -> 0xa9 + // case 7: return 0x56; // 0111 -> 1110 -> 01010110 -> 0x56 + // case 6: return 0x96; // 0110 -> 0110 -> 10010110 -> 0x96 + // case 5: return 0x66; // 0101 -> 1010 -> 01100110 -> 0x66 + // case 4: return 0xa6; // 0100 -> 0010 -> 10100110 -> 0xa6 + // case 3: return 0x5a; // 0011 -> 1100 -> 01011010 -> 0x5a + // case 2: return 0x9a; // 0010 -> 0100 -> 10011010 -> 0x9a + // case 1: return 0x6a; // 0001 -> 1000 -> 01101010 -> 0x6a + // default: return 0xaa; // 0000 -> 0000 -> 10101010 -> 0xaa + + // } +// } + +static const uint8_t encode_4bits[16] = { 0xaa, 0x6a, 0x9a, 0x5a, 0xa6, 0x66, 0x96, 0x56, 0xa9, 0x69, 0x99, 0x59, 0xa5, 0x65, 0x95, 0x55 }; + +void CodeIso15693AsTag(uint8_t *cmd, size_t len) { + /* + * SOF comprises 3 parts; + * * An unmodulated time of 56.64 us + * * 24 pulses of 423.75 kHz (fc/32) + * * A logic 1, which starts with an unmodulated time of 18.88us + * followed by 8 pulses of 423.75kHz (fc/32) + * + * EOF comprises 3 parts: + * - A logic 0 (which starts with 8 pulses of fc/32 followed by an unmodulated + * time of 18.88us. + * - 24 pulses of fc/32 + * - An unmodulated time of 56.64 us + * + * A logic 0 starts with 8 pulses of fc/32 + * followed by an unmodulated time of 256/fc (~18,88us). + * + * A logic 0 starts with unmodulated time of 256/fc (~18,88us) followed by + * 8 pulses of fc/32 (also 18.88us) + * + * A bit here becomes 8 pulses of fc/32. Therefore: + * The SOF can be written as 00011101 = 0x1D + * The EOF can be written as 10111000 = 0xb8 + * A logic 1 is 01 + * A logic 0 is 10 + * + * */ ToSendReset(); - // Give it a bit of slack at the beginning - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); + // SOF + ToSend[++ToSendMax] = 0x1D; // 00011101 + + // data + for (int i = 0; i < len; i++) { + ToSend[++ToSendMax] = encode_4bits[cmd[i] & 0xF]; + ToSend[++ToSendMax] = encode_4bits[cmd[i] >> 4]; } - // SOF for 1of256 - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - - for(i = 0; i < n; i++) { - for (j = 0; j<=255; j++) { - if (cmd[i]==j) { - ToSendStuffBit(1); - ToSendStuffBit(0); - } else { - ToSendStuffBit(1); - ToSendStuffBit(1); - } - } - } // EOF - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0xB8; // 10111000 - // And slack at the end, too. - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } + ToSendMax++; } // Transmit the command (to the tag) that was placed in cmd[]. -static void TransmitTo15693Tag(const uint8_t *cmd, int len) -{ - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_TX); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); +void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time) { + + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_FULL_MOD); + + if (*start_time < DELAY_ARM_TO_TAG) { + *start_time = DELAY_ARM_TO_TAG; + } + + *start_time = (*start_time - DELAY_ARM_TO_TAG) & 0xfffffff0; + + if (GetCountSspClk() > *start_time) { // we may miss the intended time + *start_time = (GetCountSspClk() + 16) & 0xfffffff0; // next possible time + } + + while (GetCountSspClk() < *start_time) + /* wait */ ; LED_B_ON(); - for(int c = 0; c < len; ) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = ~cmd[c]; - c++; - } - WDT_HIT(); - } + for (int c = 0; c < len; c++) { + uint8_t data = cmd[c]; + for (int i = 0; i < 8; i++) { + uint16_t send_word = (data & 0x80) ? 0xffff : 0x0000; + while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; + AT91C_BASE_SSC->SSC_THR = send_word; + while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; + AT91C_BASE_SSC->SSC_THR = send_word; + data <<= 1; + } + WDT_HIT(); + } LED_B_OFF(); + + *start_time = *start_time + DELAY_ARM_TO_TAG; } + //----------------------------------------------------------------------------- -// Transmit the command (to the reader) that was placed in cmd[]. +// Transmit the tag response (to the reader) that was placed in cmd[]. //----------------------------------------------------------------------------- -static void TransmitTo15693Reader(const uint8_t *cmd, int len) -{ +void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow) { + // don't use the FPGA_HF_SIMULATOR_MODULATE_424K_8BIT minor mode. It would spoil GetCountSspClk() FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K); + uint32_t modulation_start_time = *start_time - DELAY_ARM_TO_READER + 3 * 8; // no need to transfer the unmodulated start of SOF + + while (GetCountSspClk() > (modulation_start_time & 0xfffffff8) + 3) { // we will miss the intended time + if (slot_time) { + modulation_start_time += slot_time; // use next available slot + } else { + modulation_start_time = (modulation_start_time & 0xfffffff8) + 8; // next possible time + } + } + + while (GetCountSspClk() < (modulation_start_time & 0xfffffff8)) + /* wait */ ; + + uint8_t shift_delay = modulation_start_time & 0x00000007; + + *start_time = modulation_start_time + DELAY_ARM_TO_READER - 3 * 8; + LED_C_ON(); - for(int c = 0; c < len; ) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = cmd[c]; - c++; - } - WDT_HIT(); - } + uint8_t bits_to_shift = 0x00; + uint8_t bits_to_send = 0x00; + for (size_t c = 0; c < len; c++) { + for (int i = (c==0?4:7); i >= 0; i--) { + uint8_t cmd_bits = ((cmd[c] >> i) & 0x01) ? 0xff : 0x00; + for (int j = 0; j < (slow?4:1); ) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + bits_to_send = bits_to_shift << (8 - shift_delay) | cmd_bits >> shift_delay; + AT91C_BASE_SSC->SSC_THR = bits_to_send; + bits_to_shift = cmd_bits; + j++; + } + } + } + WDT_HIT(); + } + // send the remaining bits, padded with 0: + bits_to_send = bits_to_shift << (8 - shift_delay); + for ( ; ; ) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = bits_to_send; + break; + } + } LED_C_OFF(); } //============================================================================= -// An ISO 15693 demodulator (one subcarrier only). Uses cross correlation to -// identify the SOF, each bit, and EOF. +// An ISO 15693 decoder for tag responses (one subcarrier only). +// Uses cross correlation to identify each bit and EOF. // This function is called 8 times per bit (every 2 subcarrier cycles). -// Subcarrier frequency fs is 424kHz, 1/fs = 2,36us, +// Subcarrier frequency fs is 424kHz, 1/fs = 2,36us, // i.e. function is called every 4,72us // LED handling: // LED C -> ON once we have received the SOF and are expecting the rest. @@ -276,16 +368,18 @@ static void TransmitTo15693Reader(const uint8_t *cmd, int len) // false if we are still waiting for some more //============================================================================= -#define SUBCARRIER_DETECT_THRESHOLD 2 -#define SOF_CORRELATOR_LEN (1<<5) +#define NOISE_THRESHOLD 80 // don't try to correlate noise +#define MAX_PREVIOUS_AMPLITUDE (-1 - NOISE_THRESHOLD) -typedef struct Demod { +typedef struct DecodeTag { enum { - DEMOD_UNSYNCD, - DEMOD_AWAIT_SOF_1, - DEMOD_AWAIT_SOF_2, - DEMOD_RECEIVING_DATA, - DEMOD_AWAIT_EOF + STATE_TAG_SOF_LOW, + STATE_TAG_SOF_RISING_EDGE, + STATE_TAG_SOF_HIGH, + STATE_TAG_SOF_HIGH_END, + STATE_TAG_RECEIVING_DATA, + STATE_TAG_EOF, + STATE_TAG_EOF_TAIL } state; int bitCount; int posCount; @@ -296,155 +390,232 @@ typedef struct Demod { SOF_PART2 } lastBit; uint16_t shiftReg; + uint16_t max_len; uint8_t *output; int len; int sum1, sum2; - uint8_t SOF_low; - uint8_t SOF_high; - uint8_t SOF_last; - int32_t SOF_corr; - int32_t SOF_corr_prev; - uint8_t SOF_correlator[SOF_CORRELATOR_LEN]; -} Demod_t; + int threshold_sof; + int threshold_half; + uint16_t previous_amplitude; +} DecodeTag_t; -static RAMFUNC int Handle15693SamplesDemod(int8_t ci, int8_t cq, Demod_t *Demod) -{ - switch(Demod->state) { - case DEMOD_UNSYNCD: - // initialize SOF correlator. We are looking for 12 samples low and 12 samples high. - Demod->SOF_low = 0; - Demod->SOF_high = 12; - Demod->SOF_last = 23; - memset(Demod->SOF_correlator, 0x00, Demod->SOF_last + 1); - Demod->SOF_correlator[Demod->SOF_last] = AMPLITUDE(ci,cq); - Demod->SOF_corr = Demod->SOF_correlator[Demod->SOF_last]; - Demod->SOF_corr_prev = Demod->SOF_corr; - // initialize Demodulator - Demod->posCount = 0; - Demod->bitCount = 0; - Demod->len = 0; - Demod->state = DEMOD_AWAIT_SOF_1; - break; - - case DEMOD_AWAIT_SOF_1: - // calculate the correlation in real time. Look at differences only. - Demod->SOF_corr += Demod->SOF_correlator[Demod->SOF_low++]; - Demod->SOF_corr -= 2*Demod->SOF_correlator[Demod->SOF_high++]; - Demod->SOF_last++; - Demod->SOF_low &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_high &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_last &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_correlator[Demod->SOF_last] = AMPLITUDE(ci,cq); - Demod->SOF_corr += Demod->SOF_correlator[Demod->SOF_last]; - // if correlation increases for 10 consecutive samples, we are close to maximum correlation - if (Demod->SOF_corr > Demod->SOF_corr_prev + SUBCARRIER_DETECT_THRESHOLD) { - Demod->posCount++; +static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint16_t amplitude, DecodeTag_t *DecodeTag) { + switch (DecodeTag->state) { + case STATE_TAG_SOF_LOW: + // waiting for a rising edge + if (amplitude > NOISE_THRESHOLD + DecodeTag->previous_amplitude) { + if (DecodeTag->posCount > 10) { + DecodeTag->threshold_sof = amplitude - DecodeTag->previous_amplitude; // to be divided by 2 + DecodeTag->threshold_half = 0; + DecodeTag->state = STATE_TAG_SOF_RISING_EDGE; + } else { + DecodeTag->posCount = 0; + } } else { - Demod->posCount = 0; + DecodeTag->posCount++; + DecodeTag->previous_amplitude = amplitude; } - - if (Demod->posCount == 10) { // correlation increased 10 times - Demod->state = DEMOD_AWAIT_SOF_2; - } - - Demod->SOF_corr_prev = Demod->SOF_corr; - break; - case DEMOD_AWAIT_SOF_2: - // calculate the correlation in real time. Look at differences only. - Demod->SOF_corr += Demod->SOF_correlator[Demod->SOF_low++]; - Demod->SOF_corr -= 2*Demod->SOF_correlator[Demod->SOF_high++]; - Demod->SOF_last++; - Demod->SOF_low &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_high &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_last &= (SOF_CORRELATOR_LEN-1); - Demod->SOF_correlator[Demod->SOF_last] = AMPLITUDE(ci,cq); - Demod->SOF_corr += Demod->SOF_correlator[Demod->SOF_last]; - - if (Demod->SOF_corr >= Demod->SOF_corr_prev) { // we are looking for the maximum correlation - Demod->SOF_corr_prev = Demod->SOF_corr; + case STATE_TAG_SOF_RISING_EDGE: + if (amplitude > DecodeTag->threshold_sof + DecodeTag->previous_amplitude) { // edge still rising + if (amplitude > DecodeTag->threshold_sof + DecodeTag->threshold_sof) { // steeper edge, take this as time reference + DecodeTag->posCount = 1; + } else { + DecodeTag->posCount = 2; + } + DecodeTag->threshold_sof = (amplitude - DecodeTag->previous_amplitude) / 2; } else { - Demod->lastBit = SOF_PART1; // detected 1st part of SOF - Demod->sum1 = Demod->SOF_correlator[Demod->SOF_last]; - Demod->sum2 = 0; - Demod->posCount = 2; - Demod->state = DEMOD_RECEIVING_DATA; + DecodeTag->posCount = 2; + DecodeTag->threshold_sof = DecodeTag->threshold_sof/2; + } + // DecodeTag->posCount = 2; + DecodeTag->state = STATE_TAG_SOF_HIGH; + break; + + case STATE_TAG_SOF_HIGH: + // waiting for 10 times high. Take average over the last 8 + if (amplitude > DecodeTag->threshold_sof) { + DecodeTag->posCount++; + if (DecodeTag->posCount > 2) { + DecodeTag->threshold_half += amplitude; // keep track of average high value + } + if (DecodeTag->posCount == 10) { + DecodeTag->threshold_half >>= 2; // (4 times 1/2 average) + DecodeTag->state = STATE_TAG_SOF_HIGH_END; + } + } else { // high phase was too short + DecodeTag->posCount = 1; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + } + break; + + case STATE_TAG_SOF_HIGH_END: + // check for falling edge + if (DecodeTag->posCount == 13 && amplitude < DecodeTag->threshold_sof) { + DecodeTag->lastBit = SOF_PART1; // detected 1st part of SOF (12 samples low and 12 samples high) + DecodeTag->shiftReg = 0; + DecodeTag->bitCount = 0; + DecodeTag->len = 0; + DecodeTag->sum1 = amplitude; + DecodeTag->sum2 = 0; + DecodeTag->posCount = 2; + DecodeTag->state = STATE_TAG_RECEIVING_DATA; + // FpgaDisableTracing(); // DEBUGGING + // Dbprintf("amplitude = %d, threshold_sof = %d, threshold_half/4 = %d, previous_amplitude = %d", + // amplitude, + // DecodeTag->threshold_sof, + // DecodeTag->threshold_half/4, + // DecodeTag->previous_amplitude); // DEBUGGING LED_C_ON(); + } else { + DecodeTag->posCount++; + if (DecodeTag->posCount > 13) { // high phase too long + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } } - break; - case DEMOD_RECEIVING_DATA: - if (Demod->posCount == 1) { - Demod->sum1 = 0; - Demod->sum2 = 0; + case STATE_TAG_RECEIVING_DATA: + // FpgaDisableTracing(); // DEBUGGING + // Dbprintf("amplitude = %d, threshold_sof = %d, threshold_half/4 = %d, previous_amplitude = %d", + // amplitude, + // DecodeTag->threshold_sof, + // DecodeTag->threshold_half/4, + // DecodeTag->previous_amplitude); // DEBUGGING + if (DecodeTag->posCount == 1) { + DecodeTag->sum1 = 0; + DecodeTag->sum2 = 0; } - - if (Demod->posCount <= 4) { - Demod->sum1 += AMPLITUDE(ci, cq); + if (DecodeTag->posCount <= 4) { + DecodeTag->sum1 += amplitude; } else { - Demod->sum2 += AMPLITUDE(ci, cq); + DecodeTag->sum2 += amplitude; } - - if (Demod->posCount == 8) { - int16_t corr_1 = (Demod->sum2 - Demod->sum1) / 4; - int16_t corr_0 = (Demod->sum1 - Demod->sum2) / 4; - int16_t corr_EOF = (Demod->sum1 + Demod->sum2) / 8; - if (corr_EOF > corr_0 && corr_EOF > corr_1) { - Demod->state = DEMOD_AWAIT_EOF; - } else if (corr_1 > corr_0) { - // logic 1 - if (Demod->lastBit == SOF_PART1) { // still part of SOF - Demod->lastBit = SOF_PART2; + if (DecodeTag->posCount == 8) { + if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 > DecodeTag->threshold_half) { // modulation in both halves + if (DecodeTag->lastBit == LOGIC0) { // this was already part of EOF + DecodeTag->state = STATE_TAG_EOF; } else { - Demod->lastBit = LOGIC1; - Demod->shiftReg >>= 1; - Demod->shiftReg |= 0x80; - Demod->bitCount++; - if (Demod->bitCount == 8) { - Demod->output[Demod->len] = Demod->shiftReg; - Demod->len++; - Demod->bitCount = 0; - Demod->shiftReg = 0; + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } + } else if (DecodeTag->sum1 < DecodeTag->threshold_half && DecodeTag->sum2 > DecodeTag->threshold_half) { // modulation in second half + // logic 1 + if (DecodeTag->lastBit == SOF_PART1) { // still part of SOF + DecodeTag->lastBit = SOF_PART2; // SOF completed + } else { + DecodeTag->lastBit = LOGIC1; + DecodeTag->shiftReg >>= 1; + DecodeTag->shiftReg |= 0x80; + DecodeTag->bitCount++; + if (DecodeTag->bitCount == 8) { + DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg; + DecodeTag->len++; + // if (DecodeTag->shiftReg == 0x12 && DecodeTag->len == 1) FpgaDisableTracing(); // DEBUGGING + if (DecodeTag->len > DecodeTag->max_len) { + // buffer overflow, give up + LED_C_OFF(); + return true; + } + DecodeTag->bitCount = 0; + DecodeTag->shiftReg = 0; } } - } else { + } else if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // modulation in first half // logic 0 - if (Demod->lastBit == SOF_PART1) { // incomplete SOF - Demod->state = DEMOD_UNSYNCD; + if (DecodeTag->lastBit == SOF_PART1) { // incomplete SOF + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); } else { - Demod->lastBit = LOGIC0; - Demod->shiftReg >>= 1; - Demod->bitCount++; - if (Demod->bitCount == 8) { - Demod->output[Demod->len] = Demod->shiftReg; - Demod->len++; - Demod->bitCount = 0; - Demod->shiftReg = 0; + DecodeTag->lastBit = LOGIC0; + DecodeTag->shiftReg >>= 1; + DecodeTag->bitCount++; + if (DecodeTag->bitCount == 8) { + DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg; + DecodeTag->len++; + // if (DecodeTag->shiftReg == 0x12 && DecodeTag->len == 1) FpgaDisableTracing(); // DEBUGGING + if (DecodeTag->len > DecodeTag->max_len) { + // buffer overflow, give up + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } + DecodeTag->bitCount = 0; + DecodeTag->shiftReg = 0; } } + } else { // no modulation + if (DecodeTag->lastBit == SOF_PART2) { // only SOF (this is OK for iClass) + LED_C_OFF(); + return true; + } else { + DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } } - Demod->posCount = 0; - } - Demod->posCount++; - break; - - case DEMOD_AWAIT_EOF: - if (Demod->lastBit == LOGIC0) { // this was already part of EOF - LED_C_OFF(); - return true; - } else { - Demod->state = DEMOD_UNSYNCD; - LED_C_OFF(); + DecodeTag->posCount = 0; } + DecodeTag->posCount++; break; - default: - Demod->state = DEMOD_UNSYNCD; - LED_C_OFF(); + case STATE_TAG_EOF: + if (DecodeTag->posCount == 1) { + DecodeTag->sum1 = 0; + DecodeTag->sum2 = 0; + } + if (DecodeTag->posCount <= 4) { + DecodeTag->sum1 += amplitude; + } else { + DecodeTag->sum2 += amplitude; + } + if (DecodeTag->posCount == 8) { + if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // modulation in first half + DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_EOF_TAIL; + } else { + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } + } + DecodeTag->posCount++; + break; + + case STATE_TAG_EOF_TAIL: + if (DecodeTag->posCount == 1) { + DecodeTag->sum1 = 0; + DecodeTag->sum2 = 0; + } + if (DecodeTag->posCount <= 4) { + DecodeTag->sum1 += amplitude; + } else { + DecodeTag->sum2 += amplitude; + } + if (DecodeTag->posCount == 8) { + if (DecodeTag->sum1 < DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // no modulation in both halves + LED_C_OFF(); + return true; + } else { + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = amplitude; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } + } + DecodeTag->posCount++; break; } @@ -452,278 +623,554 @@ static RAMFUNC int Handle15693SamplesDemod(int8_t ci, int8_t cq, Demod_t *Demod) } -static void DemodInit(Demod_t* Demod, uint8_t* data) -{ - Demod->output = data; - Demod->state = DEMOD_UNSYNCD; +static void DecodeTagInit(DecodeTag_t *DecodeTag, uint8_t *data, uint16_t max_len) { + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; + DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_SOF_LOW; + DecodeTag->output = data; + DecodeTag->max_len = max_len; +} + + +static void DecodeTagReset(DecodeTag_t *DecodeTag) { + DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_SOF_LOW; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; } /* - * Demodulate the samples we received from the tag, also log to tracebuffer + * Receive and decode the tag response, also log to tracebuffer */ -static int GetIso15693AnswerFromTag(uint8_t* response, int timeout) -{ - int maxBehindBy = 0; - int lastRxCounter, samples = 0; - int8_t ci, cq; - bool gotFrame = false; - - // Allocate memory from BigBuf for some buffers - // free all previous allocations first - BigBuf_free(); +int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time) { - // The DMA buffer, used to stream samples from the FPGA - uint16_t* dmaBuf = (uint16_t*) BigBuf_malloc(ISO15693_DMA_BUFFER_SIZE * sizeof(uint16_t)); + int samples = 0; + int ret = 0; - // the Demodulatur data structure - Demod_t* Demod = (Demod_t*) BigBuf_malloc(sizeof(Demod_t)); - - // Set up the demodulator for tag -> reader responses. - DemodInit(Demod, response); + uint16_t dmaBuf[ISO15693_DMA_BUFFER_SIZE]; + + // the Decoder data structure + DecodeTag_t DecodeTag = { 0 }; + DecodeTagInit(&DecodeTag, response, max_len); // wait for last transfer to complete while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)); // And put the FPGA in the appropriate mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_424_KHZ | FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE); // Setup and start DMA. - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); - + uint32_t dma_start_time = 0; uint16_t *upTo = dmaBuf; - lastRxCounter = ISO15693_DMA_BUFFER_SIZE; for(;;) { - int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & (ISO15693_DMA_BUFFER_SIZE-1); - if(behindBy > maxBehindBy) { - maxBehindBy = behindBy; + uint16_t behindBy = ((uint16_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1); + + if (behindBy == 0) continue; + + samples++; + if (samples == 1) { + // DMA has transferred the very first data + dma_start_time = GetCountSspClk() & 0xfffffff0; } - if (behindBy < 1) continue; - - ci = (int8_t)(*upTo >> 8); - cq = (int8_t)(*upTo & 0xff); + uint16_t tagdata = *upTo++; - upTo++; - lastRxCounter--; if(upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content. upTo = dmaBuf; // start reading the circular buffer from the beginning - lastRxCounter += ISO15693_DMA_BUFFER_SIZE; + if (behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) { + Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy); + ret = -1; + break; + } } if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated. AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers } - samples++; - if (Handle15693SamplesDemod(ci, cq, Demod)) { - gotFrame = true; + if (Handle15693SamplesFromTag(tagdata, &DecodeTag)) { + *eof_time = dma_start_time + samples*16 - DELAY_TAG_TO_ARM; // end of EOF + if (DecodeTag.lastBit == SOF_PART2) { + *eof_time -= 8*16; // needed 8 additional samples to confirm single SOF (iCLASS) + } + if (DecodeTag.len > DecodeTag.max_len) { + ret = -2; // buffer overflow + } break; } - if(samples > timeout && Demod->state < DEMOD_RECEIVING_DATA) { - Demod->len = 0; + if (samples > timeout && DecodeTag.state < STATE_TAG_RECEIVING_DATA) { + ret = -1; // timeout break; } + } FpgaDisableSscDma(); - if (DEBUG) Dbprintf("max behindby = %d, samples = %d, gotFrame = %d, Demod.state = %d, Demod.len = %d, Demod.bitCount = %d, Demod.posCount = %d", - maxBehindBy, samples, gotFrame, Demod->state, Demod->len, Demod->bitCount, Demod->posCount); + if (DEBUG) Dbprintf("samples = %d, ret = %d, Decoder: state = %d, lastBit = %d, len = %d, bitCount = %d, posCount = %d", + samples, ret, DecodeTag.state, DecodeTag.lastBit, DecodeTag.len, DecodeTag.bitCount, DecodeTag.posCount); - if (tracing && Demod->len > 0) { - uint8_t parity[MAX_PARITY_SIZE]; - LogTrace(Demod->output, Demod->len, 0, 0, parity, false); + if (ret < 0) { + return ret; } - return Demod->len; + uint32_t sof_time = *eof_time + - DecodeTag.len * 8 * 8 * 16 // time for byte transfers + - 32 * 16 // time for SOF transfer + - (DecodeTag.lastBit != SOF_PART2?32*16:0); // time for EOF transfer + + if (DEBUG) Dbprintf("timing: sof_time = %d, eof_time = %d", sof_time, *eof_time); + + LogTrace_ISO15693(DecodeTag.output, DecodeTag.len, sof_time*4, *eof_time*4, NULL, false); + + return DecodeTag.len; } -// Now the GetISO15693 message from sniffing command -// TODO: fix it. This cannot work for several reasons: -// 1. Carrier is switched on during sniffing? -// 2. We most probable miss the next reader command when demodulating -static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed) -{ - uint8_t *dest = BigBuf_get_addr(); +//============================================================================= +// An ISO15693 decoder for reader commands. +// +// This function is called 4 times per bit (every 2 subcarrier cycles). +// Subcarrier frequency fs is 848kHz, 1/fs = 1,18us, i.e. function is called every 2,36us +// LED handling: +// LED B -> ON once we have received the SOF and are expecting the rest. +// LED B -> OFF once we have received EOF or are in error state or unsynced +// +// Returns: true if we received a EOF +// false if we are still waiting for some more +//============================================================================= -// NOW READ RESPONSE - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads - for(int c = 0; c < BIGBUF_SIZE; ) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - uint16_t iq = AT91C_BASE_SSC->SSC_RHR; - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates. We just want power, - // so abs(I) + abs(Q) is close to what we want. - int8_t i = (int8_t)(iq >> 8); - int8_t q = (int8_t)(iq & 0xff); - uint8_t r = AMPLITUDE(i, q); - dest[c++] = r; - } - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); +typedef struct DecodeReader { + enum { + STATE_READER_UNSYNCD, + STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF, + STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF, + STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF, + STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF, + STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4, + STATE_READER_RECEIVE_DATA_1_OUT_OF_4, + STATE_READER_RECEIVE_DATA_1_OUT_OF_256, + STATE_READER_RECEIVE_JAMMING + } state; + enum { + CODING_1_OUT_OF_4, + CODING_1_OUT_OF_256 + } Coding; + uint8_t shiftReg; + uint8_t bitCount; + int byteCount; + int byteCountMax; + int posCount; + int sum1, sum2; + uint8_t *output; + uint8_t jam_search_len; + uint8_t *jam_search_string; +} DecodeReader_t; - ////////////////////////////////////////// - /////////// DEMODULATE /////////////////// - ////////////////////////////////////////// - int i, j; - int max = 0, maxPos=0; +static void DecodeReaderInit(DecodeReader_t* DecodeReader, uint8_t *data, uint16_t max_len, uint8_t jam_search_len, uint8_t *jam_search_string) { + DecodeReader->output = data; + DecodeReader->byteCountMax = max_len; + DecodeReader->state = STATE_READER_UNSYNCD; + DecodeReader->byteCount = 0; + DecodeReader->bitCount = 0; + DecodeReader->posCount = 1; + DecodeReader->shiftReg = 0; + DecodeReader->jam_search_len = jam_search_len; + DecodeReader->jam_search_string = jam_search_string; +} - int skip = 2; - // First, correlate for SOF - for(i = 0; i < 38000; i++) { - int corr = 0; - for(j = 0; j < arraylen(FrameSOF); j += skip) { - corr += FrameSOF[j]*dest[i+(j/skip)]; - } - if(corr > max) { - max = corr; - maxPos = i; - } - } +static void DecodeReaderReset(DecodeReader_t* DecodeReader) { + DecodeReader->state = STATE_READER_UNSYNCD; +} - if (DEBUG) Dbprintf("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip)); - int k = 0; // this will be our return value - - // greg - If correlation is less than 1 then there's little point in continuing - if ((max/(arraylen(FrameSOF)/skip)) >= 1) // THIS SHOULD BE 1 - { - - i = maxPos + arraylen(FrameSOF)/skip; - - uint8_t outBuf[20]; - memset(outBuf, 0, sizeof(outBuf)); - uint8_t mask = 0x01; - for(;;) { - int corr0 = 0, corr00 = 0, corr01 = 0, corr1 = 0, corrEOF = 0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr0 += Logic0[j]*dest[i+(j/skip)]; +static int inline __attribute__((always_inline)) Handle15693SampleFromReader(bool bit, DecodeReader_t *DecodeReader) { + switch (DecodeReader->state) { + case STATE_READER_UNSYNCD: + // wait for unmodulated carrier + if (bit) { + DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF; } - corr01 = corr00 = corr0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr00 += Logic0[j]*dest[i+arraylen(Logic0)/skip+(j/skip)]; - corr01 += Logic1[j]*dest[i+arraylen(Logic0)/skip+(j/skip)]; + break; + + case STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF: + if (!bit) { + // we went low, so this could be the beginning of a SOF + DecodeReader->posCount = 1; + DecodeReader->state = STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF; } - for(j = 0; j < arraylen(Logic1); j += skip) { - corr1 += Logic1[j]*dest[i+(j/skip)]; - } - for(j = 0; j < arraylen(FrameEOF); j += skip) { - corrEOF += FrameEOF[j]*dest[i+(j/skip)]; - } - // Even things out by the length of the target waveform. - corr00 *= 2; - corr01 *= 2; - corr0 *= 4; - corr1 *= 4; - - if(corrEOF > corr1 && corrEOF > corr00 && corrEOF > corr01) { - if (DEBUG) Dbprintf("EOF at %d, correlation %d (corr01: %d, corr00: %d, corr1: %d, corr0: %d)", - i, corrEOF, corr01, corr00, corr1, corr0); - break; - } else if(corr1 > corr0) { - i += arraylen(Logic1)/skip; - outBuf[k] |= mask; + break; + + case STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF: + DecodeReader->posCount++; + if (bit) { // detected rising edge + if (DecodeReader->posCount < 4) { // rising edge too early (nominally expected at 5) + DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF; + } else { // SOF + DecodeReader->state = STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF; + } } else { - i += arraylen(Logic0)/skip; + if (DecodeReader->posCount > 5) { // stayed low for too long + DecodeReaderReset(DecodeReader); + } else { + // do nothing, keep waiting + } } - mask <<= 1; - if(mask == 0) { - k++; - mask = 0x01; - } - if((i+(int)arraylen(FrameEOF)/skip) >= BIGBUF_SIZE) { - DbpString("ran off end!"); - break; - } - } - if(mask != 0x01) { - DbpString("sniff: error, uneven octet! (discard extra bits!)"); - /// DbpString(" mask=%02x", mask); - } - // uint8_t str1 [8]; - // itoa(k,str1); - // strncat(str1," octets read",8); - - // DbpString( str1); // DbpString("%d octets", k); - - // for(i = 0; i < k; i+=3) { - // //DbpString("# %2d: %02x ", i, outBuf[i]); - // DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]); - // } - - for(i = 0; i < k; i++) { - receivedResponse[i] = outBuf[i]; - } - } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip)) - return k; // return the number of bytes demodulated + break; -/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2)); + case STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF: + DecodeReader->posCount++; + if (!bit) { // detected a falling edge + if (DecodeReader->posCount < 20) { // falling edge too early (nominally expected at 21 earliest) + DecodeReaderReset(DecodeReader); + } else if (DecodeReader->posCount < 23) { // SOF for 1 out of 4 coding + DecodeReader->Coding = CODING_1_OUT_OF_4; + DecodeReader->state = STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF; + } else if (DecodeReader->posCount < 28) { // falling edge too early (nominally expected at 29 latest) + DecodeReaderReset(DecodeReader); + } else { // SOF for 1 out of 256 coding + DecodeReader->Coding = CODING_1_OUT_OF_256; + DecodeReader->state = STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF; + } + } else { + if (DecodeReader->posCount > 29) { // stayed high for too long + DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF; + } else { + // do nothing, keep waiting + } + } + break; + + case STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF: + DecodeReader->posCount++; + if (bit) { // detected rising edge + if (DecodeReader->Coding == CODING_1_OUT_OF_256) { + if (DecodeReader->posCount < 32) { // rising edge too early (nominally expected at 33) + DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF; + } else { + DecodeReader->posCount = 1; + DecodeReader->bitCount = 0; + DecodeReader->byteCount = 0; + DecodeReader->sum1 = 1; + DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_256; + LED_B_ON(); + } + } else { // CODING_1_OUT_OF_4 + if (DecodeReader->posCount < 24) { // rising edge too early (nominally expected at 25) + DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF; + } else { + DecodeReader->posCount = 1; + DecodeReader->state = STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4; + } + } + } else { + if (DecodeReader->Coding == CODING_1_OUT_OF_256) { + if (DecodeReader->posCount > 34) { // signal stayed low for too long + DecodeReaderReset(DecodeReader); + } else { + // do nothing, keep waiting + } + } else { // CODING_1_OUT_OF_4 + if (DecodeReader->posCount > 26) { // signal stayed low for too long + DecodeReaderReset(DecodeReader); + } else { + // do nothing, keep waiting + } + } + } + break; + + case STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4: + DecodeReader->posCount++; + if (bit) { + if (DecodeReader->posCount == 9) { + DecodeReader->posCount = 1; + DecodeReader->bitCount = 0; + DecodeReader->byteCount = 0; + DecodeReader->sum1 = 1; + DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_4; + LED_B_ON(); + } else { + // do nothing, keep waiting + } + } else { // unexpected falling edge + DecodeReaderReset(DecodeReader); + } + break; + + case STATE_READER_RECEIVE_DATA_1_OUT_OF_4: + DecodeReader->posCount++; + if (DecodeReader->posCount == 1) { + DecodeReader->sum1 = bit?1:0; + } else if (DecodeReader->posCount <= 4) { + if (bit) DecodeReader->sum1++; + } else if (DecodeReader->posCount == 5) { + DecodeReader->sum2 = bit?1:0; + } else { + if (bit) DecodeReader->sum2++; + } + if (DecodeReader->posCount == 8) { + DecodeReader->posCount = 0; + if (DecodeReader->sum1 <= 1 && DecodeReader->sum2 >= 3) { // EOF + LED_B_OFF(); // Finished receiving + DecodeReaderReset(DecodeReader); + if (DecodeReader->byteCount != 0) { + return true; + } + } else if (DecodeReader->sum1 >= 3 && DecodeReader->sum2 <= 1) { // detected a 2bit position + DecodeReader->shiftReg >>= 2; + DecodeReader->shiftReg |= (DecodeReader->bitCount << 6); + } + if (DecodeReader->bitCount == 15) { // we have a full byte + DecodeReader->output[DecodeReader->byteCount++] = DecodeReader->shiftReg; + if (DecodeReader->byteCount > DecodeReader->byteCountMax) { + // buffer overflow, give up + LED_B_OFF(); + DecodeReaderReset(DecodeReader); + } + DecodeReader->bitCount = 0; + DecodeReader->shiftReg = 0; + if (DecodeReader->byteCount == DecodeReader->jam_search_len) { + if (!memcmp(DecodeReader->output, DecodeReader->jam_search_string, DecodeReader->jam_search_len)) { + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_JAM); + DecodeReader->state = STATE_READER_RECEIVE_JAMMING; + } + } + } else { + DecodeReader->bitCount++; + } + } + break; + + case STATE_READER_RECEIVE_DATA_1_OUT_OF_256: + DecodeReader->posCount++; + if (DecodeReader->posCount == 1) { + DecodeReader->sum1 = bit?1:0; + } else if (DecodeReader->posCount <= 4) { + if (bit) DecodeReader->sum1++; + } else if (DecodeReader->posCount == 5) { + DecodeReader->sum2 = bit?1:0; + } else if (bit) { + DecodeReader->sum2++; + } + if (DecodeReader->posCount == 8) { + DecodeReader->posCount = 0; + if (DecodeReader->sum1 <= 1 && DecodeReader->sum2 >= 3) { // EOF + LED_B_OFF(); // Finished receiving + DecodeReaderReset(DecodeReader); + if (DecodeReader->byteCount != 0) { + return true; + } + } else if (DecodeReader->sum1 >= 3 && DecodeReader->sum2 <= 1) { // detected the bit position + DecodeReader->shiftReg = DecodeReader->bitCount; + } + if (DecodeReader->bitCount == 255) { // we have a full byte + DecodeReader->output[DecodeReader->byteCount++] = DecodeReader->shiftReg; + if (DecodeReader->byteCount > DecodeReader->byteCountMax) { + // buffer overflow, give up + LED_B_OFF(); + DecodeReaderReset(DecodeReader); + } + if (DecodeReader->byteCount == DecodeReader->jam_search_len) { + if (!memcmp(DecodeReader->output, DecodeReader->jam_search_string, DecodeReader->jam_search_len)) { + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_JAM); + DecodeReader->state = STATE_READER_RECEIVE_JAMMING; + } + } + } + DecodeReader->bitCount++; + } + break; + + case STATE_READER_RECEIVE_JAMMING: + DecodeReader->posCount++; + if (DecodeReader->Coding == CODING_1_OUT_OF_4) { + if (DecodeReader->posCount == 7*16) { // 7 bits jammed + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE); // stop jamming + // FpgaDisableTracing(); + LED_D_OFF(); + } else if (DecodeReader->posCount == 8*16) { + DecodeReader->posCount = 0; + DecodeReader->output[DecodeReader->byteCount++] = 0x00; + DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_4; + } + } else { + if (DecodeReader->posCount == 7*256) { // 7 bits jammend + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE); // stop jamming + LED_D_OFF(); + } else if (DecodeReader->posCount == 8*256) { + DecodeReader->posCount = 0; + DecodeReader->output[DecodeReader->byteCount++] = 0x00; + DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_256; + } + } + break; + + default: + LED_B_OFF(); + DecodeReaderReset(DecodeReader); + break; + } + + return false; +} + + +//----------------------------------------------------------------------------- +// Receive a command (from the reader to us, where we are the simulated tag), +// and store it in the given buffer, up to the given maximum length. Keeps +// spinning, waiting for a well-framed command, until either we get one +// (returns len) or someone presses the pushbutton on the board (returns -1). +// +// Assume that we're called with the SSC (to the FPGA) and ADC path set +// correctly. +//----------------------------------------------------------------------------- + +int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time) { + int samples = 0; + bool gotFrame = false; + uint8_t b; + + uint8_t dmaBuf[ISO15693_DMA_BUFFER_SIZE]; + + // the decoder data structure + DecodeReader_t DecodeReader = {0}; + DecodeReaderInit(&DecodeReader, received, max_len, 0, NULL); + + // wait for last transfer to complete + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)); + + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); + + // clear receive register and wait for next transfer + uint32_t temp = AT91C_BASE_SSC->SSC_RHR; + (void) temp; + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)) ; + + uint32_t dma_start_time = GetCountSspClk() & 0xfffffff8; + + // Setup and start DMA. + FpgaSetupSscDma(dmaBuf, ISO15693_DMA_BUFFER_SIZE); + uint8_t *upTo = dmaBuf; + + for (;;) { + uint16_t behindBy = ((uint8_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1); + + if (behindBy == 0) continue; + + b = *upTo++; + if (upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content. + upTo = dmaBuf; // start reading the circular buffer from the beginning + if (behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) { + Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy); + break; + } + } + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated. + AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and + AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers + } + + for (int i = 7; i >= 0; i--) { + if (Handle15693SampleFromReader((b >> i) & 0x01, &DecodeReader)) { + *eof_time = dma_start_time + samples - DELAY_READER_TO_ARM; // end of EOF + gotFrame = true; + break; + } + samples++; + } + + if (gotFrame) { + break; + } + + if (BUTTON_PRESS()) { + DecodeReader.byteCount = -1; + break; + } + + WDT_HIT(); + } + + FpgaDisableSscDma(); + + if (DEBUG) Dbprintf("samples = %d, gotFrame = %d, Decoder: state = %d, len = %d, bitCount = %d, posCount = %d", + samples, gotFrame, DecodeReader.state, DecodeReader.byteCount, DecodeReader.bitCount, DecodeReader.posCount); + + if (DecodeReader.byteCount > 0) { + uint32_t sof_time = *eof_time + - DecodeReader.byteCount * (DecodeReader.Coding==CODING_1_OUT_OF_4?128:2048) // time for byte transfers + - 32 // time for SOF transfer + - 16; // time for EOF transfer + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, sof_time*32, *eof_time*32, NULL, true); + } + + return DecodeReader.byteCount; +} + + +// Construct an identify (Inventory) request, which is the first +// thing that you must send to a tag to get a response. +static void BuildIdentifyRequest(uint8_t *cmd) { + uint16_t crc; + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1 | ISO15693_REQ_DATARATE_HIGH; + // inventory command code + cmd[1] = 0x01; + // no mask + cmd[2] = 0x00; + //Now the CRC + crc = Iso15693Crc(cmd, 3); + cmd[3] = crc & 0xff; + cmd[4] = crc >> 8; } -static void BuildIdentifyRequest(void); //----------------------------------------------------------------------------- // Start to read an ISO 15693 tag. We send an identify request, then wait // for the response. The response is not demodulated, just left in the buffer // so that it can be downloaded to a PC and processed there. //----------------------------------------------------------------------------- -void AcquireRawAdcSamplesIso15693(void) -{ - LEDsoff(); +void AcquireRawAdcSamplesIso15693(void) { LED_A_ON(); - + uint8_t *dest = BigBuf_get_addr(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - BuildIdentifyRequest(); - + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER); + LED_D_ON(); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + uint8_t cmd[5]; + BuildIdentifyRequest(cmd); + CodeIso15693AsReader(cmd, sizeof(cmd)); + // Give the tags time to energize - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); SpinDelay(100); // Now send the command - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_TX); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); - - LED_B_ON(); - for(int c = 0; c < ToSendMax; ) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = ~ToSend[c]; - c++; - } - WDT_HIT(); - } - LED_B_OFF(); + uint32_t start_time = 0; + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); // wait for last transfer to complete - while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)); + while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)) ; - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_424_KHZ | FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE); for(int c = 0; c < 4000; ) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - uint16_t iq = AT91C_BASE_SSC->SSC_RHR; - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates. We just want power, - // so abs(I) + abs(Q) is close to what we want. - int8_t i = (int8_t)(iq >> 8); - int8_t q = (int8_t)(iq & 0xff); - uint8_t r = AMPLITUDE(i, q); - dest[c++] = r; + uint16_t r = AT91C_BASE_SSC->SSC_RHR; + dest[c++] = r >> 5; } } @@ -732,70 +1179,199 @@ void AcquireRawAdcSamplesIso15693(void) } -// TODO: there is no trigger condition. The 14000 samples represent a time frame of 66ms. -// It is unlikely that we get something meaningful. -// TODO: Currently we only record tag answers. Add tracing of reader commands. -// TODO: would we get something at all? The carrier is switched on... -void RecordRawAdcSamplesIso15693(void) -{ - LEDsoff(); +void SnoopIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) { + LED_A_ON(); - - uint8_t *dest = BigBuf_get_addr(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - // Setup SSC - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - // Start from off (no field generated) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); + clear_trace(); + set_tracing(true); + // The DMA buffer, used to stream samples from the FPGA + uint16_t dmaBuf[ISO15693_DMA_BUFFER_SIZE]; + + // Count of samples received so far, so that we can include timing + // information in the trace buffer. + int samples = 0; + + DecodeTag_t DecodeTag = {0}; + uint8_t response[ISO15693_MAX_RESPONSE_LENGTH]; + DecodeTagInit(&DecodeTag, response, sizeof(response)); + + DecodeReader_t DecodeReader = {0}; + uint8_t cmd[ISO15693_MAX_COMMAND_LENGTH]; + DecodeReaderInit(&DecodeReader, cmd, sizeof(cmd), jam_search_len, jam_search_string); + + // Print some debug information about the buffer sizes + if (DEBUG) { + Dbprintf("Snooping buffers initialized:"); + Dbprintf(" Trace: %i bytes", BigBuf_max_traceLen()); + Dbprintf(" Reader -> tag: %i bytes", ISO15693_MAX_COMMAND_LENGTH); + Dbprintf(" tag -> Reader: %i bytes", ISO15693_MAX_RESPONSE_LENGTH); + Dbprintf(" DMA: %i bytes", ISO15693_DMA_BUFFER_SIZE * sizeof(uint16_t)); + } + Dbprintf("Snoop started. Press PM3 Button to stop."); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE); + LED_D_OFF(); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); + StartCountSspClk(); + FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); - SpinDelay(100); + bool TagIsActive = false; + bool ReaderIsActive = false; + bool ExpectTagAnswer = false; + uint32_t dma_start_time = 0; + uint16_t *upTo = dmaBuf; - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - - for(int c = 0; c < 14000;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - uint16_t iq = AT91C_BASE_SSC->SSC_RHR; - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates. We just want power, - // so abs(I) + abs(Q) is close to what we want. - int8_t i = (int8_t)(iq >> 8); - int8_t q = (int8_t)(iq & 0xff); - uint8_t r = AMPLITUDE(i, q); - dest[c++] = r; + uint16_t max_behindBy = 0; + + // And now we loop, receiving samples. + for(;;) { + uint16_t behindBy = ((uint16_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1); + if (behindBy > max_behindBy) { + max_behindBy = behindBy; } + + if (behindBy == 0) continue; + + samples++; + if (samples == 1) { + // DMA has transferred the very first data + dma_start_time = GetCountSspClk() & 0xfffffff0; + } + + uint16_t snoopdata = *upTo++; + + if (upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content. + upTo = dmaBuf; // start reading the circular buffer from the beginning + if (behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) { + // FpgaDisableTracing(); + Dbprintf("About to blow circular buffer - aborted! behindBy=%d, samples=%d", behindBy, samples); + break; + } + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated. + AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and + AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers + WDT_HIT(); + if (BUTTON_PRESS()) { + DbpString("Snoop stopped."); + break; + } + } + } + + if (!TagIsActive) { // no need to try decoding reader data if the tag is sending + if (Handle15693SampleFromReader(snoopdata & 0x02, &DecodeReader)) { + // FpgaDisableSscDma(); + uint32_t eof_time = dma_start_time + samples*16 + 8 - DELAY_READER_TO_ARM_SNOOP; // end of EOF + if (DecodeReader.byteCount > 0) { + uint32_t sof_time = eof_time + - DecodeReader.byteCount * (DecodeReader.Coding==CODING_1_OUT_OF_4?128*16:2048*16) // time for byte transfers + - 32*16 // time for SOF transfer + - 16*16; // time for EOF transfer + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, sof_time*4, eof_time*4, NULL, true); + } + /* And ready to receive another command. */ + DecodeReaderReset(&DecodeReader); + /* And also reset the demod code, which might have been */ + /* false-triggered by the commands from the reader. */ + DecodeTagReset(&DecodeTag); + ReaderIsActive = false; + ExpectTagAnswer = true; + // upTo = dmaBuf; + // samples = 0; + // FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); + // continue; + } else if (Handle15693SampleFromReader(snoopdata & 0x01, &DecodeReader)) { + // FpgaDisableSscDma(); + uint32_t eof_time = dma_start_time + samples*16 + 16 - DELAY_READER_TO_ARM_SNOOP; // end of EOF + if (DecodeReader.byteCount > 0) { + uint32_t sof_time = eof_time + - DecodeReader.byteCount * (DecodeReader.Coding==CODING_1_OUT_OF_4?128*16:2048*16) // time for byte transfers + - 32*16 // time for SOF transfer + - 16*16; // time for EOF transfer + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, sof_time*4, eof_time*4, NULL, true); + } + /* And ready to receive another command. */ + DecodeReaderReset(&DecodeReader); + /* And also reset the demod code, which might have been */ + /* false-triggered by the commands from the reader. */ + DecodeTagReset(&DecodeTag); + ReaderIsActive = false; + ExpectTagAnswer = true; + // upTo = dmaBuf; + // samples = 0; + // FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); + // continue; + } else { + ReaderIsActive = (DecodeReader.state >= STATE_READER_RECEIVE_DATA_1_OUT_OF_4); + } + } + + if (!ReaderIsActive && ExpectTagAnswer) { // no need to try decoding tag data if the reader is currently sending or no answer expected yet + if (Handle15693SamplesFromTag(snoopdata >> 2, &DecodeTag)) { + // FpgaDisableSscDma(); + uint32_t eof_time = dma_start_time + samples*16 - DELAY_TAG_TO_ARM_SNOOP; // end of EOF + if (DecodeTag.lastBit == SOF_PART2) { + eof_time -= 8*16; // needed 8 additional samples to confirm single SOF (iCLASS) + } + uint32_t sof_time = eof_time + - DecodeTag.len * 8 * 8 * 16 // time for byte transfers + - 32 * 16 // time for SOF transfer + - (DecodeTag.lastBit != SOF_PART2?32*16:0); // time for EOF transfer + LogTrace_ISO15693(DecodeTag.output, DecodeTag.len, sof_time*4, eof_time*4, NULL, false); + // And ready to receive another response. + DecodeTagReset(&DecodeTag); + DecodeReaderReset(&DecodeReader); + ExpectTagAnswer = false; + TagIsActive = false; + // upTo = dmaBuf; + // samples = 0; + // FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); + // continue; + } else { + TagIsActive = (DecodeTag.state >= STATE_TAG_RECEIVING_DATA); + } + } + } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - Dbprintf("finished recording"); - LED_A_OFF(); + FpgaDisableSscDma(); + + DbpString("Snoop statistics:"); + Dbprintf(" ExpectTagAnswer: %d, TagIsActive: %d, ReaderIsActive: %d", ExpectTagAnswer, TagIsActive, ReaderIsActive); + Dbprintf(" DecodeTag State: %d", DecodeTag.state); + Dbprintf(" DecodeTag byteCnt: %d", DecodeTag.len); + Dbprintf(" DecodeTag posCount: %d", DecodeTag.posCount); + Dbprintf(" DecodeReader State: %d", DecodeReader.state); + Dbprintf(" DecodeReader byteCnt: %d", DecodeReader.byteCount); + Dbprintf(" DecodeReader posCount: %d", DecodeReader.posCount); + Dbprintf(" Trace length: %d", BigBuf_get_traceLen()); + Dbprintf(" Max behindBy: %d", max_behindBy); } -// Initialize the proxmark as iso15k reader -// (this might produces glitches that confuse some tags -static void Iso15693InitReader() { +// Initialize the proxmark as iso15k reader +void Iso15693InitReader(void) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - // Setup SSC - // FpgaSetupSsc(); - // Start from off (no field generated) - LED_D_OFF(); + // switch field off and wait until tag resets FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); SpinDelay(10); - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - - // Give the tags time to energize + // switch field on + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER); LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + + // initialize SSC and select proper AD input + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + // give tags some time to energize SpinDelay(250); } @@ -804,40 +1380,15 @@ static void Iso15693InitReader() { // This section basically contains transmission and receiving of bits /////////////////////////////////////////////////////////////////////// -// Encode (into the ToSend buffers) an identify request, which is the first -// thing that you must send to a tag to get a response. -static void BuildIdentifyRequest(void) -{ - uint8_t cmd[5]; - - uint16_t crc; - // one sub-carrier, inventory, 1 slot, fast rate - // AFI is at bit 5 (1<<4) when doing an INVENTORY - cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); - // inventory command code - cmd[1] = 0x01; - // no mask - cmd[2] = 0x00; - //Now the CRC - crc = Crc(cmd, 3); - cmd[3] = crc & 0xff; - cmd[4] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} // uid is in transmission order (which is reverse of display order) -static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber ) -{ - uint8_t cmd[13]; - +static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber, uint8_t *cmd) { uint16_t crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 6)| (1 << 5) | (1 << 1); // no SELECT bit, ADDR bit, OPTION bit + // If we set the Option_Flag in this request, the VICC will respond with the security status of the block + // followed by the block data + cmd[0] = ISO15693_REQ_OPTION | ISO15693_REQ_ADDRESS | ISO15693_REQ_DATARATE_HIGH; // READ BLOCK command code - cmd[1] = 0x20; + cmd[1] = ISO15693_READBLOCK; // UID may be optionally specified here // 64-bit UID cmd[2] = uid[0]; @@ -849,26 +1400,22 @@ static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber ) cmd[8] = uid[6]; cmd[9] = uid[7]; // 0xe0; // always e0 (not exactly unique) // Block number to read - cmd[10] = blockNumber;//0x00; + cmd[10] = blockNumber; //Now the CRC - crc = Crc(cmd, 11); // the crc needs to be calculated over 12 bytes + crc = Iso15693Crc(cmd, 11); // the crc needs to be calculated over 11 bytes cmd[11] = crc & 0xff; cmd[12] = crc >> 8; - CodeIso15693AsReader(cmd, sizeof(cmd)); } // Now the VICC>VCD responses when we are simulating a tag -static void BuildInventoryResponse( uint8_t *uid) -{ +static void BuildInventoryResponse(uint8_t *uid) { uint8_t cmd[12]; uint16_t crc; - // one sub-carrier, inventory, 1 slot, fast rate - // AFI is at bit 5 (1<<4) when doing an INVENTORY - //(1 << 2) | (1 << 5) | (1 << 1); - cmd[0] = 0; // + + cmd[0] = 0; // No error, no protocol format extension cmd[1] = 0; // DSFID (data storage format identifier). 0x00 = not supported // 64-bit UID cmd[2] = uid[7]; //0x32; @@ -880,54 +1427,69 @@ static void BuildInventoryResponse( uint8_t *uid) cmd[8] = uid[1]; //0x05; cmd[9] = uid[0]; //0xe0; //Now the CRC - crc = Crc(cmd, 10); + crc = Iso15693Crc(cmd, 10); cmd[10] = crc & 0xff; cmd[11] = crc >> 8; - CodeIso15693AsReader(cmd, sizeof(cmd)); + CodeIso15693AsTag(cmd, sizeof(cmd)); } // Universal Method for sending to and recv bytes from a tag -// init ... should we initialize the reader? -// speed ... 0 low speed, 1 hi speed -// **recv will return you a pointer to the received data -// If you do not need the answer use NULL for *recv[] -// return: lenght of received data -int SendDataTag(uint8_t *send, int sendlen, bool init, int speed, uint8_t **recv) { +// init ... should we initialize the reader? +// speed ... 0 low speed, 1 hi speed +// *recv will contain the tag's answer +// return: length of received data, or -1 for timeout +int SendDataTag(uint8_t *send, int sendlen, bool init, bool speed_fast, uint8_t *recv, uint16_t max_recv_len, uint32_t start_time, uint16_t timeout, uint32_t *eof_time) { - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - - if (init) Iso15693InitReader(); + if (init) { + Iso15693InitReader(); + StartCountSspClk(); + } - int answerLen=0; - uint8_t *answer = BigBuf_get_addr() + 4000; - if (recv != NULL) memset(answer, 0, 100); + int answerLen = 0; - if (!speed) { - // low speed (1 out of 256) - CodeIso15693AsReader256(send, sendlen); - } else { + if (speed_fast) { // high speed (1 out of 4) CodeIso15693AsReader(send, sendlen); - } - - TransmitTo15693Tag(ToSend,ToSendMax); - // Now wait for a response - if (recv!=NULL) { - answerLen = GetIso15693AnswerFromTag(answer, 100); - *recv=answer; + } else { + // low speed (1 out of 256) + CodeIso15693AsReader256(send, sendlen); + } + + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); + uint32_t end_time = start_time + 32*(8*ToSendMax-4); // substract the 4 padding bits after EOF + LogTrace_ISO15693(send, sendlen, start_time*4, end_time*4, NULL, true); + + // Now wait for a response + if (recv != NULL) { + answerLen = GetIso15693AnswerFromTag(recv, max_recv_len, timeout, eof_time); + } + + return answerLen; +} + + +int SendDataTagEOF(uint8_t *recv, uint16_t max_recv_len, uint32_t start_time, uint16_t timeout, uint32_t *eof_time) { + + int answerLen = 0; + + CodeIso15693AsReaderEOF(); + + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); + uint32_t end_time = start_time + 32*(8*ToSendMax-4); // substract the 4 padding bits after EOF + LogTrace_ISO15693(NULL, 0, start_time*4, end_time*4, NULL, true); + + // Now wait for a response + if (recv != NULL) { + answerLen = GetIso15693AnswerFromTag(recv, max_recv_len, timeout, eof_time); } - LED_A_OFF(); - return answerLen; } // -------------------------------------------------------------------- -// Debug Functions +// Debug Functions // -------------------------------------------------------------------- // Decodes a message from a tag and displays its metadata and content @@ -936,53 +1498,53 @@ void DbdecodeIso15693Answer(int len, uint8_t *d) { char status[DBD15STATLEN+1]={0}; uint16_t crc; - if (len>3) { - if (d[0]&(1<<3)) - strncat(status,"ProtExt ",DBD15STATLEN); - if (d[0]&1) { + if (len > 3) { + if (d[0] & ISO15693_RES_EXT) + strncat(status,"ProtExt ", DBD15STATLEN); + if (d[0] & ISO15693_RES_ERROR) { // error - strncat(status,"Error ",DBD15STATLEN); + strncat(status,"Error ", DBD15STATLEN); switch (d[1]) { - case 0x01: - strncat(status,"01:notSupp",DBD15STATLEN); + case 0x01: + strncat(status,"01:notSupp", DBD15STATLEN); break; - case 0x02: - strncat(status,"02:notRecog",DBD15STATLEN); + case 0x02: + strncat(status,"02:notRecog", DBD15STATLEN); break; - case 0x03: - strncat(status,"03:optNotSupp",DBD15STATLEN); + case 0x03: + strncat(status,"03:optNotSupp", DBD15STATLEN); break; - case 0x0f: - strncat(status,"0f:noInfo",DBD15STATLEN); + case 0x0f: + strncat(status,"0f:noInfo", DBD15STATLEN); break; - case 0x10: - strncat(status,"10:dontExist",DBD15STATLEN); + case 0x10: + strncat(status,"10:doesn'tExist", DBD15STATLEN); break; - case 0x11: - strncat(status,"11:lockAgain",DBD15STATLEN); + case 0x11: + strncat(status,"11:lockAgain", DBD15STATLEN); break; - case 0x12: - strncat(status,"12:locked",DBD15STATLEN); + case 0x12: + strncat(status,"12:locked", DBD15STATLEN); break; - case 0x13: - strncat(status,"13:progErr",DBD15STATLEN); + case 0x13: + strncat(status,"13:progErr", DBD15STATLEN); break; - case 0x14: - strncat(status,"14:lockErr",DBD15STATLEN); + case 0x14: + strncat(status,"14:lockErr", DBD15STATLEN); break; default: - strncat(status,"unknownErr",DBD15STATLEN); + strncat(status,"unknownErr", DBD15STATLEN); } - strncat(status," ",DBD15STATLEN); + strncat(status," ", DBD15STATLEN); } else { - strncat(status,"NoErr ",DBD15STATLEN); + strncat(status,"NoErr ", DBD15STATLEN); } - - crc=Crc(d,len-2); - if ( (( crc & 0xff ) == d[len-2]) && (( crc >> 8 ) == d[len-1]) ) + + crc=Iso15693Crc(d,len-2); + if ( (( crc & 0xff ) == d[len-2]) && (( crc >> 8 ) == d[len-1]) ) strncat(status,"CrcOK",DBD15STATLEN); else - strncat(status,"CrcFail!",DBD15STATLEN); + strncat(status,"CrcFail!",DBD15STATLEN); Dbprintf("%s",status); } @@ -1000,236 +1562,298 @@ void SetDebugIso15693(uint32_t debug) { return; } -//----------------------------------------------------------------------------- -// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector + +//--------------------------------------------------------------------------------------- +// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector. // all demodulation performed in arm rather than host. - greg -//----------------------------------------------------------------------------- -void ReaderIso15693(uint32_t parameter) -{ - LEDsoff(); +//--------------------------------------------------------------------------------------- +void ReaderIso15693(uint32_t parameter) { + LED_A_ON(); - int answerLen1 = 0; + set_tracing(true); + uint8_t TagUID[8] = {0x00}; - - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - - uint8_t *answer1 = BigBuf_get_addr() + 4000; - memset(answer1, 0x00, 200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - // Setup SSC - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - - // Start from off (no field generated) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - // Give the tags time to energize - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - SpinDelay(200); + uint8_t answer[ISO15693_MAX_RESPONSE_LENGTH]; // FIRST WE RUN AN INVENTORY TO GET THE TAG UID // THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME // Now send the IDENTIFY command - BuildIdentifyRequest(); - - TransmitTo15693Tag(ToSend,ToSendMax); - - // Now wait for a response - answerLen1 = GetIso15693AnswerFromTag(answer1, 100) ; - - if (answerLen1 >=12) // we should do a better check than this - { - TagUID[0] = answer1[2]; - TagUID[1] = answer1[3]; - TagUID[2] = answer1[4]; - TagUID[3] = answer1[5]; - TagUID[4] = answer1[6]; - TagUID[5] = answer1[7]; - TagUID[6] = answer1[8]; // IC Manufacturer code - TagUID[7] = answer1[9]; // always E0 + uint8_t cmd[5]; + BuildIdentifyRequest(cmd); + uint32_t start_time = 0; + uint32_t eof_time; + int answerLen = SendDataTag(cmd, sizeof(cmd), true, true, answer, sizeof(answer), start_time, ISO15693_READER_TIMEOUT, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; + if (answerLen >= 12) { // we should do a better check than this + TagUID[0] = answer[2]; + TagUID[1] = answer[3]; + TagUID[2] = answer[4]; + TagUID[3] = answer[5]; + TagUID[4] = answer[6]; + TagUID[5] = answer[7]; + TagUID[6] = answer[8]; // IC Manufacturer code + TagUID[7] = answer[9]; // always E0 } - Dbprintf("%d octets read from IDENTIFY request:", answerLen1); - DbdecodeIso15693Answer(answerLen1,answer1); - Dbhexdump(answerLen1,answer1,true); + Dbprintf("%d octets read from IDENTIFY request:", answerLen); + DbdecodeIso15693Answer(answerLen, answer); + Dbhexdump(answerLen, answer, false); // UID is reverse - if (answerLen1 >= 12) + if (answerLen >= 12) Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX", TagUID[7],TagUID[6],TagUID[5],TagUID[4], TagUID[3],TagUID[2],TagUID[1],TagUID[0]); - - // Dbprintf("%d octets read from SELECT request:", answerLen2); - // DbdecodeIso15693Answer(answerLen2,answer2); - // Dbhexdump(answerLen2,answer2,true); - - // Dbprintf("%d octets read from XXX request:", answerLen3); - // DbdecodeIso15693Answer(answerLen3,answer3); - // Dbhexdump(answerLen3,answer3,true); - // read all pages - if (answerLen1 >= 12 && DEBUG) { - uint8_t *answer2 = BigBuf_get_addr() + 4100; - int i=0; - while (i<32) { // sanity check, assume max 32 pages - BuildReadBlockRequest(TagUID,i); - TransmitTo15693Tag(ToSend,ToSendMax); - int answerLen2 = GetIso15693AnswerFromTag(answer2, 100); - if (answerLen2>0) { - Dbprintf("READ SINGLE BLOCK %d returned %d octets:",i,answerLen2); - DbdecodeIso15693Answer(answerLen2,answer2); - Dbhexdump(answerLen2,answer2,true); - if ( *((uint32_t*) answer2) == 0x07160101 ) break; // exit on NoPageErr - } - i++; - } + if (answerLen >= 12 && DEBUG) { + for (int i = 0; i < 32; i++) { // sanity check, assume max 32 pages + uint8_t cmd[13]; + BuildReadBlockRequest(TagUID, i, cmd); + answerLen = SendDataTag(cmd, sizeof(cmd), false, true, answer, sizeof(answer), start_time, ISO15693_READER_TIMEOUT, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; + if (answerLen > 0) { + Dbprintf("READ SINGLE BLOCK %d returned %d octets:", i, answerLen); + DbdecodeIso15693Answer(answerLen, answer); + Dbhexdump(answerLen, answer, false); + if ( *((uint32_t*) answer) == 0x07160101 ) break; // exit on NoPageErr + } + } } - // for the time being, switch field off to protect rdv4.0 + // for the time being, switch field off to protect RDV4 // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); - + LED_A_OFF(); } -// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands -// all demodulation performed in arm rather than host. - greg -void SimTagIso15693(uint32_t parameter, uint8_t *uid) -{ - LEDsoff(); + +// Initialize the proxmark as iso15k tag +void Iso15693InitTag(void) { + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); + LED_D_OFF(); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR); + StartCountSspClk(); +} + + +// Simulate an ISO15693 TAG. +// For Inventory command: print command and send Inventory Response with given UID +// TODO: interpret other reader commands and send appropriate response +void SimTagIso15693(uint32_t parameter, uint8_t *uid) { + LED_A_ON(); - int answerLen1 = 0; - int samples = 0; - int elapsed = 0; + Iso15693InitTag(); - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - - uint8_t *buf = BigBuf_get_addr() + 4000; - memset(buf, 0x00, 100); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - - // Start from off (no field generated) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); + // Build a suitable response to the reader INVENTORY command + BuildInventoryResponse(uid); // Listen to reader - answerLen1 = GetIso15693AnswerFromSniff(buf, 100, &samples, &elapsed) ; + while (!BUTTON_PRESS()) { + uint8_t cmd[ISO15693_MAX_COMMAND_LENGTH]; + uint32_t eof_time = 0, start_time = 0; + int cmd_len = GetIso15693CommandFromReader(cmd, sizeof(cmd), &eof_time); - if (answerLen1 >=1) // we should do a better check than this - { - // Build a suitable reponse to the reader INVENTORY cocmmand - // not so obsvious, but in the call to BuildInventoryResponse, the command is copied to the global ToSend buffer used below. - - BuildInventoryResponse(uid); - - TransmitTo15693Reader(ToSend,ToSendMax); + if ((cmd_len >= 5) && (cmd[0] & ISO15693_REQ_INVENTORY) && (cmd[1] == ISO15693_INVENTORY)) { // TODO: check more flags + bool slow = !(cmd[0] & ISO15693_REQ_DATARATE_HIGH); + start_time = eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM; + TransmitTo15693Reader(ToSend, ToSendMax, &start_time, 0, slow); + } + + Dbprintf("%d bytes read from reader:", cmd_len); + Dbhexdump(cmd_len, cmd, false); } - Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1, - buf[0], buf[1], buf[2], buf[3], - buf[4], buf[5], buf[6], buf[7], buf[8]); - - Dbprintf("Simulationg uid: %x %x %x %x %x %x %x %x", - uid[0], uid[1], uid[2], uid[3], - uid[4], uid[5], uid[6], uid[7]); - - LEDsoff(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + LED_A_OFF(); } // Since there is no standardized way of reading the AFI out of a tag, we will brute force it // (some manufactures offer a way to read the AFI, though) -void BruteforceIso15693Afi(uint32_t speed) -{ - LEDsoff(); +void BruteforceIso15693Afi(uint32_t speed) { LED_A_ON(); - - uint8_t data[20]; - uint8_t *recv=data; - int datalen=0, recvlen=0; - - Iso15693InitReader(); - + + uint8_t data[6]; + uint8_t recv[ISO15693_MAX_RESPONSE_LENGTH]; + int datalen = 0, recvlen = 0; + uint32_t eof_time; + // first without AFI - // Tags should respond wihtout AFI and with AFI=0 even when AFI is active - - data[0]=ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1; - data[1]=ISO15_CMD_INVENTORY; - data[2]=0; // mask length - datalen=AddCrc(data,3); - recvlen=SendDataTag(data, datalen, false, speed, &recv); + // Tags should respond without AFI and with AFI=0 even when AFI is active + + data[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1; + data[1] = ISO15693_INVENTORY; + data[2] = 0; // mask length + datalen = Iso15693AddCrc(data,3); + uint32_t start_time = GetCountSspClk(); + recvlen = SendDataTag(data, datalen, true, speed, recv, sizeof(recv), 0, ISO15693_READER_TIMEOUT, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; WDT_HIT(); if (recvlen>=12) { - Dbprintf("NoAFI UID=%s",sprintUID(NULL,&recv[2])); + Dbprintf("NoAFI UID=%s", Iso15693sprintUID(NULL, &recv[2])); } - + // now with AFI - - data[0]=ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_INVENTORY | ISO15_REQINV_AFI | ISO15_REQINV_SLOT1; - data[1]=ISO15_CMD_INVENTORY; - data[2]=0; // AFI - data[3]=0; // mask length - - for (int i=0;i<256;i++) { - data[2]=i & 0xFF; - datalen=AddCrc(data,4); - recvlen=SendDataTag(data, datalen, false, speed, &recv); + + data[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_AFI | ISO15693_REQINV_SLOT1; + data[1] = ISO15693_INVENTORY; + data[2] = 0; // AFI + data[3] = 0; // mask length + + for (int i = 0; i < 256; i++) { + data[2] = i & 0xFF; + datalen = Iso15693AddCrc(data,4); + recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), start_time, ISO15693_READER_TIMEOUT, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; WDT_HIT(); - if (recvlen>=12) { - Dbprintf("AFI=%i UID=%s",i,sprintUID(NULL,&recv[2])); + if (recvlen >= 12) { + Dbprintf("AFI=%i UID=%s", i, Iso15693sprintUID(NULL, &recv[2])); } - } + } Dbprintf("AFI Bruteforcing done."); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + LED_A_OFF(); + } // Allows to directly send commands to the tag via the client void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint8_t data[]) { - int recvlen=0; - uint8_t *recvbuf = BigBuf_get_addr(); - LED_A_ON(); + + int recvlen = 0; + uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; + uint32_t eof_time; + + uint16_t timeout; + bool request_answer = false; + switch (data[1]) { + case ISO15693_WRITEBLOCK: + case ISO15693_LOCKBLOCK: + case ISO15693_WRITE_MULTI_BLOCK: + case ISO15693_WRITE_AFI: + case ISO15693_LOCK_AFI: + case ISO15693_WRITE_DSFID: + case ISO15693_LOCK_DSFID: + timeout = ISO15693_READER_TIMEOUT_WRITE; + request_answer = data[0] & ISO15693_REQ_OPTION; + break; + default: + timeout = ISO15693_READER_TIMEOUT; + } + if (DEBUG) { - Dbprintf("SEND"); - Dbhexdump(datalen,data,true); + Dbprintf("SEND:"); + Dbhexdump(datalen, data, false); + } + + recvlen = SendDataTag(data, datalen, true, speed, (recv?recvbuf:NULL), sizeof(recvbuf), 0, timeout, &eof_time); + + if (request_answer) { // send a single EOF to get the tag response + recvlen = SendDataTagEOF((recv?recvbuf:NULL), sizeof(recvbuf), 0, ISO15693_READER_TIMEOUT, &eof_time); } - recvlen = SendDataTag(data, datalen, true, speed, (recv?&recvbuf:NULL)); - - if (recv) { - cmd_send(CMD_ACK, recvlen>48?48:recvlen, 0, 0, recvbuf, 48); - - if (DEBUG) { - Dbprintf("RECV"); - DbdecodeIso15693Answer(recvlen,recvbuf); - Dbhexdump(recvlen,recvbuf,true); - } - } - - // for the time being, switch field off to protect rdv4.0 + // for the time being, switch field off to protect rdv4.0 // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); - + + if (recv) { + if (DEBUG) { + Dbprintf("RECV:"); + if (recvlen > 0) { + Dbhexdump(recvlen, recvbuf, false); + DbdecodeIso15693Answer(recvlen, recvbuf); + } + } + if (recvlen > ISO15693_MAX_RESPONSE_LENGTH) { + recvlen = ISO15693_MAX_RESPONSE_LENGTH; + } + cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH); + } + LED_A_OFF(); } +//----------------------------------------------------------------------------- +// Work with "magic Chinese" card. +// +//----------------------------------------------------------------------------- + +// Set the UID on Magic ISO15693 tag (based on Iceman's LUA-script). +void SetTag15693Uid(uint8_t *uid) { + + LED_A_ON(); + + uint8_t cmd[4][9] = { + {ISO15693_REQ_DATARATE_HIGH, ISO15693_WRITEBLOCK, 0x3e, 0x00, 0x00, 0x00, 0x00}, + {ISO15693_REQ_DATARATE_HIGH, ISO15693_WRITEBLOCK, 0x3f, 0x69, 0x96, 0x00, 0x00}, + {ISO15693_REQ_DATARATE_HIGH, ISO15693_WRITEBLOCK, 0x38}, + {ISO15693_REQ_DATARATE_HIGH, ISO15693_WRITEBLOCK, 0x39} + }; + + uint16_t crc; + + int recvlen = 0; + uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; + uint32_t eof_time; + + // Command 3 : 022138u8u7u6u5 (where uX = uid byte X) + cmd[2][3] = uid[7]; + cmd[2][4] = uid[6]; + cmd[2][5] = uid[5]; + cmd[2][6] = uid[4]; + + // Command 4 : 022139u4u3u2u1 (where uX = uid byte X) + cmd[3][3] = uid[3]; + cmd[3][4] = uid[2]; + cmd[3][5] = uid[1]; + cmd[3][6] = uid[0]; + + uint32_t start_time = 0; + + for (int i = 0; i < 4; i++) { + // Add the CRC + crc = Iso15693Crc(cmd[i], 7); + cmd[i][7] = crc & 0xff; + cmd[i][8] = crc >> 8; + + recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), i==0?true:false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; + if (DEBUG) { + Dbprintf("SEND:"); + Dbhexdump(sizeof(cmd[i]), cmd[i], false); + Dbprintf("RECV:"); + if (recvlen > 0) { + Dbhexdump(recvlen, recvbuf, false); + DbdecodeIso15693Answer(recvlen, recvbuf); + } + } + // Note: need to know if we expect an answer from one of the magic commands + // if (recvlen < 0) { + // break; + // } + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + + cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen); + LED_A_OFF(); +} @@ -1245,8 +1869,8 @@ static void __attribute__((unused)) BuildSysInfoRequest(uint8_t *uid) uint8_t cmd[12]; uint16_t crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data + // If we set the Option_Flag in this request, the VICC will respond with the security status of the block + // followed by the block data // one sub-carrier, inventory, 1 slot, fast rate cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit // System Information command code @@ -1262,7 +1886,7 @@ static void __attribute__((unused)) BuildSysInfoRequest(uint8_t *uid) cmd[8] = 0x05; cmd[9]= 0xe0; // always e0 (not exactly unique) //Now the CRC - crc = Crc(cmd, 10); // the crc needs to be calculated over 2 bytes + crc = Iso15693Crc(cmd, 10); // the crc needs to be calculated over 2 bytes cmd[10] = crc & 0xff; cmd[11] = crc >> 8; @@ -1276,8 +1900,8 @@ static void __attribute__((unused)) BuildReadMultiBlockRequest(uint8_t *uid) uint8_t cmd[14]; uint16_t crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data + // If we set the Option_Flag in this request, the VICC will respond with the security status of the block + // followed by the block data // one sub-carrier, inventory, 1 slot, fast rate cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit // READ Multi BLOCK command code @@ -1297,7 +1921,7 @@ static void __attribute__((unused)) BuildReadMultiBlockRequest(uint8_t *uid) // Number of Blocks to read cmd[11] = 0x2f; // read quite a few //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes + crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes cmd[12] = crc & 0xff; cmd[13] = crc >> 8; @@ -1310,8 +1934,8 @@ static void __attribute__((unused)) BuildArbitraryRequest(uint8_t *uid,uint8_t C uint8_t cmd[14]; uint16_t crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data + // If we set the Option_Flag in this request, the VICC will respond with the security status of the block + // followed by the block data // one sub-carrier, inventory, 1 slot, fast rate cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit // READ BLOCK command code @@ -1330,9 +1954,9 @@ static void __attribute__((unused)) BuildArbitraryRequest(uint8_t *uid,uint8_t C cmd[10] = 0x00; cmd[11] = 0x0a; -// cmd[12] = 0x00; -// cmd[13] = 0x00; //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes +// cmd[12] = 0x00; +// cmd[13] = 0x00; //Now the CRC + crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes cmd[12] = crc & 0xff; cmd[13] = crc >> 8; @@ -1345,8 +1969,8 @@ static void __attribute__((unused)) BuildArbitraryCustomRequest(uint8_t uid[], u uint8_t cmd[14]; uint16_t crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data + // If we set the Option_Flag in this request, the VICC will respond with the security status of the block + // followed by the block data // one sub-carrier, inventory, 1 slot, fast rate cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit // READ BLOCK command code @@ -1362,12 +1986,12 @@ static void __attribute__((unused)) BuildArbitraryCustomRequest(uint8_t uid[], u cmd[8] = 0x05; cmd[9]= 0xe0; // always e0 (not exactly unique) // Parameter - cmd[10] = 0x05; // for custom codes this must be manufcturer code + cmd[10] = 0x05; // for custom codes this must be manufacturer code cmd[11] = 0x00; -// cmd[12] = 0x00; -// cmd[13] = 0x00; //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes +// cmd[12] = 0x00; +// cmd[13] = 0x00; //Now the CRC + crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes cmd[12] = crc & 0xff; cmd[13] = crc >> 8; diff --git a/armsrc/iso15693.h b/armsrc/iso15693.h new file mode 100644 index 00000000..15dfe763 --- /dev/null +++ b/armsrc/iso15693.h @@ -0,0 +1,43 @@ +//----------------------------------------------------------------------------- +// Piwi - October 2018 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Routines to support ISO 15693. +//----------------------------------------------------------------------------- + +#ifndef ISO15693_H__ +#define ISO15693_H__ + +#include +#include +#include + +// Delays in SSP_CLK ticks. +// SSP_CLK runs at 13,56MHz / 32 = 423.75kHz when simulating a tag +#define DELAY_ISO15693_VCD_TO_VICC_SIM 132 // 132/423.75kHz = 311.5us from end of command EOF to start of tag response +//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when acting as reader. All values should be multiples of 16 +#define DELAY_ISO15693_VCD_TO_VICC_READER 1056 // 1056/3,39MHz = 311.5us from end of command EOF to start of tag response +#define DELAY_ISO15693_VICC_TO_VCD_READER 1024 // 1024/3.39MHz = 302.1us between end of tag response and next reader command + +extern void Iso15693InitReader(void); +extern void Iso15693InitTag(void); +extern void CodeIso15693AsReader(uint8_t *cmd, int n); +extern void CodeIso15693AsTag(uint8_t *cmd, size_t len); +extern void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow); +extern int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time); +extern void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time); +extern int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time); +extern void SnoopIso15693(uint8_t jam_search_len, uint8_t *jam_search_string); +extern void AcquireRawAdcSamplesIso15693(void); +extern void ReaderIso15693(uint32_t parameter); +extern void SimTagIso15693(uint32_t parameter, uint8_t *uid); +extern void BruteforceIso15693Afi(uint32_t speed); +extern void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint8_t data[]); +extern void SetTag15693Uid(uint8_t *uid); +extern void SetDebugIso15693(uint32_t flag); +extern bool LogTrace_ISO15693(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); + +#endif diff --git a/armsrc/legicrf.c b/armsrc/legicrf.c index d3fd35d1..71ff0321 100644 --- a/armsrc/legicrf.c +++ b/armsrc/legicrf.c @@ -10,15 +10,17 @@ // LEGIC RF simulation code //----------------------------------------------------------------------------- +#include "legicrf.h" + #include "proxmark3.h" #include "apps.h" +#include "usb_cdc.h" #include "util.h" #include "string.h" - -#include "legicrf.h" #include "legic_prng.h" #include "legic.h" #include "crc.h" +#include "fpgaloader.h" static legic_card_select_t card;/* metadata of currently selected card */ static crc_t legic_crc; @@ -151,7 +153,7 @@ static inline void tx_bit(bool bit) { //----------------------------------------------------------------------------- static void tx_frame(uint32_t frame, uint8_t len) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_FULL_MOD); // wait for next tx timeslot last_frame_end += RWD_FRAME_WAIT; @@ -172,9 +174,7 @@ static void tx_frame(uint32_t frame, uint8_t len) { } static uint32_t rx_frame(uint8_t len) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR - | FPGA_HF_READER_RX_XCORR_848_KHZ - | FPGA_HF_READER_RX_XCORR_QUARTER_FREQ); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_212_KHZ | FPGA_HF_READER_MODE_RECEIVE_IQ); // hold sampling until card is expected to respond last_frame_end += TAG_FRAME_WAIT; @@ -195,9 +195,7 @@ static uint32_t rx_frame(uint8_t len) { static bool rx_ack() { // change fpga into rx mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR - | FPGA_HF_READER_RX_XCORR_848_KHZ - | FPGA_HF_READER_RX_XCORR_QUARTER_FREQ); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_212_KHZ | FPGA_HF_READER_MODE_RECEIVE_IQ); // hold sampling until card is expected to respond last_frame_end += TAG_FRAME_WAIT; @@ -257,14 +255,12 @@ static int init_card(uint8_t cardtype, legic_card_select_t *p_card) { static void init_reader(bool clear_mem) { // configure FPGA FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR - | FPGA_HF_READER_RX_XCORR_848_KHZ - | FPGA_HF_READER_RX_XCORR_QUARTER_FREQ); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_212_KHZ | FPGA_HF_READER_MODE_RECEIVE_IQ); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); LED_D_ON(); // configure SSC with defaults - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); // re-claim GPIO_SSC_DOUT as GPIO and enable output AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; @@ -384,8 +380,9 @@ void LegicRfReader(int offset, int bytes) { // establish shared secret and detect card type DbpString("Reading card ..."); uint8_t card_type = setup_phase(SESSION_IV); + uint8_t result = 0; if(init_card(card_type, &card) != 0) { - Dbprintf("No or unknown card found, aborting"); + result = 1; goto OUT; } @@ -402,17 +399,14 @@ void LegicRfReader(int offset, int bytes) { for(uint16_t i = 0; i < bytes; ++i) { int16_t byte = read_byte(offset + i, card.cmdsize); if(byte == -1) { - Dbprintf("operation failed @ 0x%03.3x", bytes); + result = 2; goto OUT; } BigBuf[i] = byte; } - // OK - Dbprintf("Card (MIM %i) read, use 'hf legic decode' or", card.cardsize); - Dbprintf("'data hexsamples %d' to view results", (bytes+7) & ~7); - OUT: + cmd_send(CMD_ACK, result, bytes, 0, &card, sizeof(card)); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_B_OFF(); LED_C_OFF(); diff --git a/armsrc/legicrfsim.c b/armsrc/legicrfsim.c index a149e0f9..409235af 100644 --- a/armsrc/legicrfsim.c +++ b/armsrc/legicrfsim.c @@ -10,16 +10,17 @@ // LEGIC RF simulation code //----------------------------------------------------------------------------- +#include "legicrfsim.h" + #include "proxmark3.h" #include "apps.h" #include "util.h" #include "string.h" - -#include "legicrfsim.h" #include "legic_prng.h" #include "legic.h" #include "crc.h" #include "usb_cdc.h" // for usb_poll_validate_length +#include "fpgaloader.h" static uint8_t* legic_mem; /* card memory, used for sim */ static legic_card_select_t card;/* metadata of currently selected card */ @@ -51,7 +52,7 @@ static uint32_t last_frame_end; /* ts of last bit of previews rx or tx frame */ #define RWD_TIME_PAUSE 4 /* 18.9us */ #define RWD_TIME_1 21 /* RWD_TIME_PAUSE 18.9us off + 80.2us on = 99.1us */ #define RWD_TIME_0 13 /* RWD_TIME_PAUSE 18.9us off + 42.4us on = 61.3us */ -#define RWD_CMD_TIMEOUT 40 /* 40 * 99.1us (arbitrary value) */ +#define RWD_CMD_TIMEOUT 120 /* 120 * 99.1us (arbitrary value) */ #define RWD_MIN_FRAME_LEN 6 /* Shortest frame is 6 bits */ #define RWD_MAX_FRAME_LEN 23 /* Longest frame is 23 bits */ diff --git a/armsrc/lfops.c b/armsrc/lfops.c index b56c3f51..995a8810 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -17,7 +17,8 @@ #include "lfdemod.h" #include "lfsampling.h" #include "protocols.h" -#include "usb_cdc.h" // for usb_poll_validate_length +#include "usb_cdc.h" +#include "fpgaloader.h" /** * Function to do a modulation and then get samples. @@ -1197,12 +1198,79 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) * and enlarge the gap ones. * Q5 tags seems to have issues when these values changes. */ + + /* + // Original Timings for reference +//note startgap must be sent after tag has been powered up for more than 3ms (per T5557 ds) + #define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc) #define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc) #define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc) #define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550 #define READ_GAP 15*8 +*/ +/* Q5 timing datasheet: + * Type | MIN | Typical | Max | + * Start_Gap | 10*8 | ? | 50*8 | + * Write_Gap Normal mode | 8*8 | 14*8 | 20*8 | + * Write_Gap Fast Mode | 8*8 | ? | 20*8 | + * Write_0 Normal mode | 16*8 | 24*8 | 32*8 | + * Write_1 Normal mode | 48*8 | 56*8 | 64*8 | + * Write_0 Fast Mode | 8*8 | 12*8 | 16*8 | + * Write_1 Fast Mode | 24*8 | 28*8 | 32*8 | +*/ + +/* T5557 timing datasheet: + * Type | MIN | Typical | Max | + * Start_Gap | 10*8 | ? | 50*8 | + * Write_Gap Normal mode | 8*8 |50-150us | 30*8 | + * Write_Gap Fast Mode | 8*8 | ? | 20*8 | + * Write_0 Normal mode | 16*8 | 24*8 | 31*8 | + * Write_1 Normal mode | 48*8 | 54*8 | 63*8 | + * Write_0 Fast Mode | 8*8 | 12*8 | 15*8 | + * Write_1 Fast Mode | 24*8 | 28*8 | 31*8 | +*/ + +/* T5577C timing datasheet for Fixed-Bit-Length protocol (defualt): + * Type | MIN | Typical | Max | + * Start_Gap | 8*8 | 15*8 | 50*8 | + * Write_Gap Normal mode | 8*8 | 10*8 | 20*8 | + * Write_Gap Fast Mode | 8*8 | 10*8 | 20*8 | + * Write_0 Normal mode | 16*8 | 24*8 | 32*8 | + * Write_1 Normal mode | 48*8 | 56*8 | 64*8 | + * Write_0 Fast Mode | 8*8 | 12*8 | 16*8 | + * Write_1 Fast Mode | 24*8 | 28*8 | 32*8 | +*/ + +// Structure to hold Timing values. In future will be simplier to add user changable timings. +typedef struct { + uint16_t START_GAP; + uint16_t WRITE_GAP; + uint16_t WRITE_0; + uint16_t WRITE_1; + uint16_t WRITE_2; + uint16_t WRITE_3; + uint16_t READ_GAP; +} T55xx_Timing; + +// Set Initial/Default Values. Note: *8 can occure when used. This should keep things simplier here. +T55xx_Timing T55xx_Timing_FixedBit = { 31 * 8 , 20 * 8 , 18 * 8 , 50 * 8 , 0 , 0 , 15 * 8 }; +T55xx_Timing T55xx_Timing_LLR = { 31 * 8 , 20 * 8 , 18 * 8 , 50 * 8 , 0 , 0 , 15 * 8 }; +T55xx_Timing T55xx_Timing_Leading0 = { 31 * 8 , 20 * 8 , 18 * 8 , 40 * 8 , 0 , 0 , 15 * 8 }; +T55xx_Timing T55xx_Timing_1of4 = { 31 * 8 , 20 * 8 , 18 * 8 , 34 * 8 , 50 * 8 , 66 * 8 , 15 * 8 }; + +// Some defines for readability +#define T55xx_DLMode_Fixed 0 // Default Mode +#define T55xx_DLMode_LLR 1 // Long Leading Reference +#define T55xx_DLMode_Leading0 2 // Leading Zero +#define T55xx_DLMode_1of4 3 // 1 of 4 +#define T55xx_LongLeadingReference 4 // Value to tell Write Bit to send long reference +// Macro for code readability +#define BitStream_Byte(X) ((X) >> 3) +#define BitStream_Bit(X) ((X) & 7) + + void TurnReadLFOn(int delay) { FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); // Give it a bit of time for the resonant antenna to settle. @@ -1210,36 +1278,179 @@ void TurnReadLFOn(int delay) { } // Write one bit to card -void T55xxWriteBit(int bit) { - if (!bit) - TurnReadLFOn(WRITE_0); - else - TurnReadLFOn(WRITE_1); +void T55xxWriteBit(int bit, T55xx_Timing *Timings) { + + // If bit = 4 Send Long Leading Reference which is 138 + WRITE_0 + // Dbprintf ("Bits : %d",bit); + switch (bit){ + case 0 : TurnReadLFOn(Timings->WRITE_0); break; // Send bit 0/00 + case 1 : TurnReadLFOn(Timings->WRITE_1); break; // Send bit 1/01 + case 2 : TurnReadLFOn(Timings->WRITE_2); break; // Send bits 10 + case 3 : TurnReadLFOn(Timings->WRITE_3); break; // Send bits 11 + case 4 : TurnReadLFOn(Timings->WRITE_0 + (136 * 8)); break; // Send Long Leading Reference + } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(WRITE_GAP); + WaitUS(Timings->WRITE_GAP); } -// Send T5577 reset command then read stream (see if we can identify the start of the stream) -void T55xxResetRead(void) { - LED_A_ON(); - //clear buffer now so it does not interfere with timing later - BigBuf_Clear_keep_EM(); +// Function to abstract an Arbitrary length byte array to store bit pattern. +// bit_array - Array to hold data/bit pattern +// start_offset - bit location to start storing new bits. +// data - upto 32 bits of data to store +// num_bits - how many bits (low x bits of data) Max 32 bits at a time +// max_len - how many bytes can the bit_array hold (ensure no buffer overflow) +// returns "Next" bit offset / bits stored (for next store) +//int T55xx_SetBits (uint8_t *bit_array, int start_offset, uint32_t data , int num_bits, int max_len) +int T55xx_SetBits (uint8_t *BitStream, uint8_t start_offset, uint32_t data , uint8_t num_bits, uint8_t max_len) +{ + int8_t offset; + int8_t NextOffset = start_offset; + // Check if data will fit. + if ((start_offset + num_bits) <= (max_len*8)) { + // Loop through the data and store + for (offset = (num_bits-1); offset >= 0; offset--) { + + if ((data >> offset) & 1) BitStream[BitStream_Byte(NextOffset)] |= (1 << BitStream_Bit(NextOffset)); // Set the bit to 1 + else BitStream[BitStream_Byte(NextOffset)] &= (0xff ^ (1 << BitStream_Bit(NextOffset))); // Set the bit to 0 + + NextOffset++; + } + } + else { + // Note: This should never happen unless some code changes cause it. + // So short message for coders when testing. + Dbprintf ("T55 too many bits"); + } + return NextOffset; +} + +// Send one downlink command to the card +void T55xx_SendCMD (uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { + + /* + arg bits + xxxxxxx1 0x01 PwdMode + xxxxxx1x 0x02 Page + xxxxx1xx 0x04 testMode + xxx11xxx 0x18 downlink mode + xx1xxxxx 0x20 !reg_readmode + x1xxxxxx 0x40 called for a read, so no data packet + 1xxxxxxx 0x80 reset + + */ + bool PwdMode = ((arg & 0x01) == 0x01); + bool Page = (arg & 0x02); + bool testMode = ((arg & 0x04) == 0x04); + uint8_t downlink_mode = (arg >> 3) & 0x03; + bool reg_readmode = ((arg & 0x20) == 0x20); + bool read_cmd = ((arg & 0x40) == 0x40); + bool reset = (arg & 0x80); + + uint8_t i = 0; + uint8_t BitStream[10]; // Max Downlink Command size ~74 bits, so 10 bytes (80 bits) + uint8_t BitStreamLen; + T55xx_Timing *Timing; + uint8_t SendBits; + + // Assigning Downlink Timeing for write + switch (downlink_mode) + { + case T55xx_DLMode_Fixed : Timing = &T55xx_Timing_FixedBit; break; + case T55xx_DLMode_LLR : Timing = &T55xx_Timing_LLR; break; + case T55xx_DLMode_Leading0 : Timing = &T55xx_Timing_Leading0; break; + case T55xx_DLMode_1of4 : Timing = &T55xx_Timing_1of4; break; + default: + Timing = &T55xx_Timing_FixedBit; + } + + // Build Bit Stream to send. + memset (BitStream,0x00,sizeof(BitStream)); + + BitStreamLen = 0; // Ensure 0 bit index to start. + + // Add Leading 0 and 1 of 4 reference bit + if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); + + // Add extra reference 0 for 1 of 4 + if (downlink_mode == T55xx_DLMode_1of4) + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); + + // Add Opcode + if (reset) { + // Reset : r*) 00 + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 2,sizeof(BitStream)); + } + else + { + if (testMode) Dbprintf("TestMODE"); + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,testMode ? 0 : 1 , 1,sizeof(BitStream)); + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,testMode ? 1 : Page , 1,sizeof(BitStream)); + + if (PwdMode) { + // Leading 0 and 1 of 4 00 fixed bits if passsword used + if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) { + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 2,sizeof(BitStream)); + } + BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Pwd, 32,sizeof(BitStream)); + } + + // Add Lock bit 0 + if (!reg_readmode) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); + + // Add Data if a write command + if (!read_cmd) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Data, 32,sizeof(BitStream)); + + // Add Address + if (!reg_readmode) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Block, 3,sizeof(BitStream)); + } + + // Send Bits to T55xx // Set up FPGA, 125kHz LFSetupFPGAForADC(95, true); StartTicks(); // make sure tag is fully powered up... WaitMS(5); - // Trigger T55x7 in mode. FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(START_GAP); + WaitUS(Timing->START_GAP); - // reset tag - op code 00 - T55xxWriteBit(0); - T55xxWriteBit(0); + // If long leading 0 send long reference pulse + if (downlink_mode == T55xx_DLMode_LLR) + T55xxWriteBit (T55xx_LongLeadingReference,Timing); // Send Long Leading Start Reference - TurnReadLFOn(READ_GAP); + if ((downlink_mode == T55xx_DLMode_1of4) && (BitStreamLen > 0)) { // 1 of 4 need to send 2 bits at a time + for ( i = 0; i < BitStreamLen-1; i+=2 ) { + SendBits = (BitStream[BitStream_Byte(i )] >> (BitStream_Bit(i )) & 1) << 1; // Bit i + SendBits += (BitStream[BitStream_Byte(i+1)] >> (BitStream_Bit(i+1)) & 1); // Bit i+1; + T55xxWriteBit (SendBits & 3,Timing); + } + } + else { + for (i = 0; i < BitStreamLen; i++) { + SendBits = (BitStream[BitStream_Byte(i)] >> BitStream_Bit(i)); + T55xxWriteBit (SendBits & 1,Timing); + } + } +} + +// Send T5577 reset command then read stream (see if we can identify the start of the stream) +void T55xxResetRead(void) { + LED_A_ON(); + + // send r* 00 + uint8_t arg = 0x80; // SendCMD will add correct reference mode based on flags (when added). + + // Add in downlink_mode when ready + // arg |= 0x00; // dlmode << 3 (00 default - 08 leading 0 - 10 Fixed - 18 1 of 4 ) + + //clear buffer now so it does not interfere with timing later + BigBuf_Clear_keep_EM(); + + T55xx_SendCMD (0, 0, 0, arg); //, true); + + TurnReadLFOn(T55xx_Timing_FixedBit.READ_GAP); // Acquisition DoPartialAcquisition(0, true, BigBuf_max_traceLen(), 0); @@ -1251,42 +1462,23 @@ void T55xxResetRead(void) { } // Write one card block in page 0, no lock -void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { - LED_A_ON(); - bool PwdMode = arg & 0x1; - uint8_t Page = (arg & 0x2)>>1; - bool testMode = arg & 0x4; - uint32_t i = 0; - - // Set up FPGA, 125kHz - LFSetupFPGAForADC(95, true); - StartTicks(); - // make sure tag is fully powered up... - WaitMS(5); - // Trigger T55x7 in mode. - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(START_GAP); - - if (testMode) Dbprintf("TestMODE"); - // Std Opcode 10 - T55xxWriteBit(testMode ? 0 : 1); - T55xxWriteBit(testMode ? 1 : Page); //Page 0 - - if (PwdMode) { - // Send Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Send Lock bit - T55xxWriteBit(0); - - // Send Data - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Data & i); - - // Send Block number - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); +void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { + /* + arg bits + xxxxxxx1 0x01 PwdMode + xxxxxx1x 0x02 Page + xxxxx1xx 0x04 testMode + xxx11xxx 0x18 downlink mode + xx1xxxxx 0x20 !reg_readmode + x1xxxxxx 0x40 called for a read, so no data packet + 1xxxxxxx 0x80 reset + */ + + bool testMode = ((arg & 0x04) == 0x04); + arg &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0 + + LED_A_ON (); + T55xx_SendCMD (Data, Block, Pwd, arg) ;//, false); // Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, // so wait a little more) @@ -1315,57 +1507,43 @@ void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg //DoPartialAcquisition(20, true, 12000); } - // turn field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_A_OFF(); -} -// Write one card block in page 0, no lock -void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { - T55xxWriteBlockExt(Data, Block, Pwd, arg); cmd_send(CMD_ACK,0,0,0,0,0); + + LED_A_OFF (); } // Read one card block in page [page] -void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { +void T55xxReadBlock (uint16_t arg0, uint8_t Block, uint32_t Pwd) {//, struct T55xx_Timing *Timing) { + LED_A_ON(); - bool PwdMode = arg0 & 0x1; - uint8_t Page = (arg0 & 0x2) >> 1; - uint32_t i = 0; - bool RegReadMode = (Block == 0xFF);//regular read mode + + /* + arg bits + xxxxxxx1 0x01 PwdMode + xxxxxx1x 0x02 Page + xxxxx1xx 0x04 testMode + xxx11xxx 0x18 downlink mode + xx1xxxxx 0x20 !reg_readmode + x1xxxxxx 0x40 called for a read, so no data packet + 1xxxxxxx 0x80 reset + */ + + // Set Read Flag to ensure SendCMD does not add "data" to the packet + arg0 |= 0x40; + + // RegRead Mode true of block 0xff + if (Block == 0xff) arg0 |= 0x20; + + //make sure block is at max 7 + Block &= 0x7; //clear buffer now so it does not interfere with timing later BigBuf_Clear_ext(false); - //make sure block is at max 7 - Block &= 0x7; - - // Set up FPGA, 125kHz to power up the tag - LFSetupFPGAForADC(95, true); - StartTicks(); - // make sure tag is fully powered up... - WaitMS(5); - // Trigger T55x7 Direct Access Mode with start gap - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(START_GAP); - - // Opcode 1[page] - T55xxWriteBit(1); - T55xxWriteBit(Page); //Page 0 - - if (PwdMode){ - // Send Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); - } - // Send a zero bit separation - T55xxWriteBit(0); - - // Send Block number (if direct access mode) - if (!RegReadMode) - for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); + T55xx_SendCMD (0, Block, Pwd, arg0); //, true); // Turn field on to read the response // 137*8 seems to get to the start of data pretty well... @@ -1379,30 +1557,31 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { // Turn the field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off cmd_send(CMD_ACK,0,0,0,0,0); + LED_A_OFF(); } void T55xxWakeUp(uint32_t Pwd){ LED_B_ON(); - uint32_t i = 0; - - // Set up FPGA, 125kHz - LFSetupFPGAForADC(95, true); - StartTicks(); - // make sure tag is fully powered up... - WaitMS(5); - - // Trigger T55x7 Direct Access Mode - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(START_GAP); - - // Opcode 10 - T55xxWriteBit(1); - T55xxWriteBit(0); //Page 0 + /* + arg bits + xxxxxxx1 0x01 PwdMode + xxxxxx1x 0x02 Page + xxxxx1xx 0x04 testMode + xxx11xxx 0x18 downlink mode + xx1xxxxx 0x20 !reg_readmode + x1xxxxxx 0x40 called for a read, so no data packet + 1xxxxxxx 0x80 reset + */ - // Send Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); + // r* 10 (00) r* for llr , L0 and 1/4 - (00) for L0 and 1/4 - All handled in SendCMD + // So, default Opcode 10 and pwd. + uint8_t arg = 0x01 | 0x40 | 0x20; //Password Read Call no data | reg_read no block + + // Add in downlink_mode when ready + // arg |= 0x00; // dlmode << 3 (00 default - 08 leading 0 - 10 Fixed - 18 1 of 4 ) + + T55xx_SendCMD (0, 0, Pwd, arg); //, true); // Turn and leave field on to let the begin repeating transmission TurnReadLFOn(20*1000); @@ -1413,12 +1592,13 @@ void T55xxWakeUp(uint32_t Pwd){ void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) { // write last block first and config block last (if included) for (uint8_t i = numblocks+startblock; i > startblock; i--) { - T55xxWriteBlockExt(blockdata[i-1],i-1,0,0); + T55xxWriteBlock(blockdata[i-1],i-1,0,0);//,false); //,&T55xx_Timing_FixedBit); + //T55xx_SendCMD (blockdata[i-1],i-1,0,0);//,false); //,&T55xx_Timing_FixedBit); } } -// Copy HID id to card and setup block 0 config -void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { +// Copy a HID-like card (e.g. HID Proximity, Paradox) to a T55x7 compatible card +void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, uint8_t preamble) { uint32_t data[] = {0,0,0,0,0,0,0}; uint8_t last_block = 0; @@ -1430,15 +1610,15 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { } // Build the 6 data blocks for supplied 84bit ID last_block = 6; - // load preamble (1D) & long format identifier (9E manchester encoded) - data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF); + // load preamble & long format identifier (9E manchester encoded) + data[1] = (preamble << 24) | 0x96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF); // load raw id from hi2, hi, lo to data blocks (manchester encoded) data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF); data[3] = manchesterEncode2Bytes(hi >> 16); data[4] = manchesterEncode2Bytes(hi & 0xFFFF); data[5] = manchesterEncode2Bytes(lo >> 16); data[6] = manchesterEncode2Bytes(lo & 0xFFFF); - } else { + } else { // Ensure no more than 44 bits supplied if (hi>0xFFF) { DbpString("Tags can only have 44 bits."); @@ -1447,7 +1627,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { // Build the 3 data blocks for supplied 44bit ID last_block = 3; // load preamble - data[1] = 0x1D000000 | (manchesterEncode2Bytes(hi) & 0xFFFFFF); + data[1] = (preamble << 24) | (manchesterEncode2Bytes(hi) & 0xFFFFFF); data[2] = manchesterEncode2Bytes(lo >> 16); data[3] = manchesterEncode2Bytes(lo & 0xFFFF); } @@ -1613,6 +1793,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { #define FWD_CMD_WRITE 0xA #define FWD_CMD_READ 0x9 #define FWD_CMD_DISABLE 0x5 +#define FWD_CMD_PROTECT 0x3 uint8_t forwardLink_data[64]; //array of forwarded bits uint8_t * forward_ptr; //ptr for forward message preparation @@ -1726,7 +1907,7 @@ void SendForward(uint8_t fwd_bit_count) { FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on WaitUS(18*8); //18 cycles on (8us each) - // now start writting + // now start writting - each bit should be 32*8 total length while(fwd_bit_sz-- > 0) { //prepare next bit modulation if(((*fwd_write_ptr++) & 1) == 1) WaitUS(32*8); //32 cycles at 125Khz (8us each) @@ -1735,7 +1916,7 @@ void SendForward(uint8_t fwd_bit_count) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off WaitUS(23*8); //23 cycles off (8us each) FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on - WaitUS(18*8); //18 cycles on (8us each) + WaitUS((32-23)*8); //remaining cycles on (8us each) } } } @@ -1782,7 +1963,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) { - bool PwdMode = (flag & 0xF); + bool PwdMode = (flag & 0x1); uint8_t Address = (flag >> 8) & 0xFF; uint8_t fwd_bit_count; @@ -1812,6 +1993,39 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) { LED_A_OFF(); cmd_send(CMD_ACK,0,0,0,0,0); } + +void EM4xProtect(uint32_t flag, uint32_t Data, uint32_t Pwd) { + + bool PwdMode = (flag & 0x1); + uint8_t fwd_bit_count; + + //clear buffer now so it does not interfere with timing later + BigBuf_Clear_ext(false); + + LED_A_ON(); + StartTicks(); + //If password mode do login + if (PwdMode) EM4xLogin(Pwd); + + forward_ptr = forwardLink_data; + fwd_bit_count = Prepare_Cmd( FWD_CMD_PROTECT ); + + //unsure if this needs the full packet config... + fwd_bit_count += Prepare_Data( Data&0xFFFF, Data>>16 ); + + SendForward(fwd_bit_count); + + //Wait for write to complete + //SpinDelay(10); + + WaitUS(6500); + //Capture response if one exists + DoPartialAcquisition(20, true, 6000, 1000); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + LED_A_OFF(); + cmd_send(CMD_ACK,0,0,0,0,0); +} /* Reading a COTAG. diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index ffbc0da8..e0764063 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -12,9 +12,9 @@ #include "string.h" #include "lfsampling.h" #include "usb_cdc.h" // for usb_poll_validate_length -//#include "ticks.h" // for StartTicks +#include "fpgaloader.h" -sample_config config = { 1, 8, 1, 95, 0 } ; +sample_config config = { 1, 8, 1, 95, 0, 0 } ; void printConfig() { @@ -24,6 +24,7 @@ void printConfig() Dbprintf(" [d] decimation: %d ", config.decimation); Dbprintf(" [a] averaging: %d ", config.averaging); Dbprintf(" [t] trigger threshold: %d ", config.trigger_threshold); + Dbprintf(" [s] samples to skip: %d ", config.samples_to_skip); } @@ -34,20 +35,21 @@ void printConfig() * Other functions may read samples and ignore the sampling config, * such as functions to read the UID from a prox tag or similar. * - * Values set to '0' implies no change (except for averaging) + * Values set to '0' implies no change (except for averaging, threshold, samples_to_skip) * @brief setSamplingConfig * @param sc */ -void setSamplingConfig(sample_config *sc) -{ - if(sc->divisor != 0) config.divisor = sc->divisor; - if(sc->bits_per_sample!= 0) config.bits_per_sample= sc->bits_per_sample; - if(sc->decimation!= 0) config.decimation= sc->decimation; - if(sc->trigger_threshold != -1) config.trigger_threshold= sc->trigger_threshold; +void setSamplingConfig(uint8_t *config_data) { + sample_config *sc = (sample_config *)config_data; + if (sc->divisor != 0) config.divisor = sc->divisor; + if (sc->bits_per_sample != 0) config.bits_per_sample = sc->bits_per_sample; + if (sc->decimation != 0) config.decimation = sc->decimation; + if (sc->trigger_threshold != -1) config.trigger_threshold = sc->trigger_threshold; + if (sc->samples_to_skip != -1) config.samples_to_skip = sc->samples_to_skip; config.averaging= sc->averaging; - if(config.bits_per_sample > 8) config.bits_per_sample = 8; - if(config.decimation < 1) config.decimation = 1; + if (config.bits_per_sample > 8) config.bits_per_sample = 8; + if (config.decimation < 1) config.decimation = 1; printConfig(); } @@ -119,7 +121,7 @@ void LFSetupFPGAForADC(int divisor, bool lf_field) * @param silent - is true, now outputs are made. If false, dbprints the status * @return the number of bits occupied by the samples. */ -uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold, bool silent, int bufsize, int cancel_after) +uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold, bool silent, int bufsize, int cancel_after, int samples_to_skip) { //. uint8_t *dest = BigBuf_get_addr(); @@ -141,6 +143,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag uint32_t sample_total_numbers =0 ; uint32_t sample_total_saved =0 ; uint32_t cancel_counter = 0; + uint32_t samples_skipped = 0; while(!BUTTON_PRESS() && !usb_poll_validate_length() ) { WDT_HIT(); @@ -160,6 +163,10 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag continue; } trigger_threshold = 0; + if (samples_to_skip > samples_skipped) { + samples_skipped++; + continue; + } sample_total_numbers++; if(averaging) @@ -218,7 +225,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag */ uint32_t DoAcquisition_default(int trigger_threshold, bool silent) { - return DoAcquisition(1,8,0,trigger_threshold,silent,0,0); + return DoAcquisition(1,8,0,trigger_threshold,silent,0,0,0); } uint32_t DoAcquisition_config(bool silent, int sample_size) { @@ -228,11 +235,12 @@ uint32_t DoAcquisition_config(bool silent, int sample_size) ,config.trigger_threshold ,silent ,sample_size - ,0); + ,0 + ,config.samples_to_skip); } uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size, int cancel_after) { - return DoAcquisition(1,8,0,trigger_threshold,silent,sample_size,cancel_after); + return DoAcquisition(1,8,0,trigger_threshold,silent,sample_size,cancel_after,0); } uint32_t ReadLF(bool activeField, bool silent, int sample_size) diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h index ea044f3c..3c0fc93e 100644 --- a/armsrc/lfsampling.h +++ b/armsrc/lfsampling.h @@ -1,5 +1,5 @@ -#ifndef LFSAMPLING_H -#define LFSAMPLING_H +#ifndef LFSAMPLING_H__ +#define LFSAMPLING_H__ /** * acquisition of Cotag LF signal. Similar to other LF, since the Cotag has such long datarate RF/384 @@ -45,7 +45,7 @@ uint32_t DoAcquisition_config(bool silent, int sample_size); * Setup the FPGA to listen for samples. This method downloads the FPGA bitstream * if not already loaded, sets divisor and starts up the antenna. * @param divisor : 1, 88> 255 or negative ==> 134.8 KHz -* 0 or 95 ==> 125 KHz +* 0 or 95 ==> 125 KHz * **/ void LFSetupFPGAForADC(int divisor, bool lf_field); @@ -61,9 +61,9 @@ void LFSetupFPGAForADC(int divisor, bool lf_field); * @brief setSamplingConfig * @param sc */ -void setSamplingConfig(sample_config *sc); +void setSamplingConfig(uint8_t *config_data); -sample_config * getSamplingConfig(); +sample_config *getSamplingConfig(); void printConfig(); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index ca513cec..15db8f11 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -15,32 +15,60 @@ #include "mifarecmd.h" +#include + +#include "proxmark3.h" +#include "usb_cdc.h" +#include "crapto1/crapto1.h" +#include "iso14443a.h" +#include "BigBuf.h" +#include "mifareutil.h" #include "apps.h" +#include "protocols.h" #include "util.h" #include "parity.h" #include "crc.h" +#include "fpgaloader.h" -#define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation) -#define HARDNESTED_PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication +#define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation) +#define HARDNESTED_PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication +/* // the block number for the ISO14443-4 PCB static uint8_t pcb_blocknum = 0; // Deselect card by sending a s-block. the crc is precalced for speed static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4}; +static void OnSuccess(){ + pcb_blocknum = 0; + ReaderTransmit(deselect_cmd, 3 , NULL); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} +*/ + +static void OnError(uint8_t reason){ + // pcb_blocknum = 0; + // ReaderTransmit(deselect_cmd, 3 , NULL); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + cmd_send(CMD_ACK,0,reason,0,0,0); + LED_A_OFF(); +} + //----------------------------------------------------------------------------- // Select, Authenticate, Read a MIFARE tag. // read block //----------------------------------------------------------------------------- void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) { - // params + LED_A_ON(); + uint8_t blockNo = arg0; uint8_t keyType = arg1; uint64_t ui64Key = 0; ui64Key = bytes_to_num(datain, 6); - // variables byte_t isOK = 0; byte_t dataoutbuf[16]; uint8_t uid[10]; @@ -53,28 +81,24 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) clear_trace(); - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - while (true) { if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); break; }; - if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); + if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); break; }; if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Read block error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Read block error"); break; }; if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); break; }; @@ -85,33 +109,31 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) // ----------------------------- crypto1 destroy crypto1_destroy(pcs); - if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED"); + if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED"); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16); LED_B_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){ + LED_A_ON(); bool turnOffField = (arg0 == 1); - LED_A_ON(); LED_B_OFF(); LED_C_OFF(); - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - clear_trace(); - - if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) { + if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card"); OnError(0); return; }; - if(!mifare_ultra_auth(keybytes)){ + if (!mifare_ultra_auth(keybytes)){ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed"); OnError(1); return; @@ -119,9 +141,11 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){ if (turnOffField) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_D_OFF(); } + cmd_send(CMD_ACK,1,0,0,0,0); + LED_A_OFF(); } // Arg0 = BlockNo, @@ -129,17 +153,15 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){ // datain = PWD bytes, void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) { + LED_A_ON(); + uint8_t blockNo = arg0; byte_t dataout[16] = {0x00}; bool useKey = (arg1 == 1); //UL_C bool usePwd = (arg1 == 2); //UL_EV1/NTAG - LEDsoff(); - LED_A_ON(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - clear_trace(); - int len = iso14443a_select_card(NULL, NULL, NULL, true, 0, true); if(!len) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len); @@ -148,7 +170,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) } // UL-C authentication - if ( useKey ) { + if (useKey) { uint8_t key[16] = {0x00}; memcpy(key, datain, sizeof(key) ); @@ -159,7 +181,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) } // UL-EV1 / NTAG authentication - if ( usePwd ) { + if (usePwd) { uint8_t pwd[4] = {0x00}; memcpy(pwd, datain, 4); uint8_t pack[4] = {0,0,0,0}; @@ -169,21 +191,23 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) } } - if( mifare_ultra_readblock(blockNo, dataout) ) { + if (mifare_ultra_readblock(blockNo, dataout)) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error"); OnError(2); return; } - if( mifare_ultra_halt() ) { + if (mifare_ultra_halt()) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error"); OnError(3); return; } - cmd_send(CMD_ACK,1,0,0,dataout,16); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_D_OFF(); + + cmd_send(CMD_ACK,1,0,0,dataout,16); + LED_A_OFF(); } //----------------------------------------------------------------------------- @@ -218,25 +242,25 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) isOK = 1; if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { isOK = 0; - if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); } - if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) { + if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST, NULL)) { isOK = 0; - if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); } for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) { if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) { isOK = 0; - if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo); + if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo); break; } } if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); } // ----------------------------- crypto1 destroy @@ -244,12 +268,13 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED"); + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo)); LED_B_OFF(); - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } @@ -259,13 +284,11 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) // datain = KEY bytes void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) { - LEDsoff(); LED_A_ON(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); // free eventually allocated BigBuf memory BigBuf_free(); - clear_trace(); // params uint8_t blockNo = arg0; @@ -288,7 +311,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) } // UL-C authentication - if ( useKey ) { + if (useKey) { uint8_t key[16] = {0x00}; memcpy(key, datain, sizeof(key) ); @@ -340,14 +363,15 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) return; } - if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks); + if (MF_DBGLEVEL >= MF_DBG_DEBUG) Dbprintf("Blocks read %d", countblocks); - countblocks *= 4; - - cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_D_OFF(); + + cmd_send(CMD_ACK, 1, countblocks*4, BigBuf_max_traceLen(), 0, 0); + BigBuf_free(); + LED_A_OFF(); } //----------------------------------------------------------------------------- @@ -383,22 +407,22 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) while (true) { if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); break; }; - if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); + if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); break; }; if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Write block error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Write block error"); break; }; if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); break; }; @@ -409,15 +433,16 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) // ----------------------------- crypto1 destroy crypto1_destroy(pcs); - if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); + if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,0,0); LED_B_OFF(); - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } @@ -445,7 +470,7 @@ void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain) if(mifare_ultra_writeblock_compat(blockNo, blockdata)) { if (MF_DBGLEVEL >= 1) Dbprintf("Write block error"); OnError(0); - return; }; + return; }; if(mifare_ultra_halt()) { if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); @@ -455,8 +480,9 @@ void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain) if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); - cmd_send(CMD_ACK,1,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + + cmd_send(CMD_ACK,1,0,0,0,0); LEDsoff(); } */ @@ -524,8 +550,9 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); - cmd_send(CMD_ACK,1,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + + cmd_send(CMD_ACK,1,0,0,0,0); LEDsoff(); } @@ -593,8 +620,9 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){ return; }; - cmd_send(CMD_ACK,1,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + + cmd_send(CMD_ACK,1,0,0,0,0); LEDsoff(); } @@ -612,8 +640,7 @@ int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) { // Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on // Computer and Communications Security, 2015 //----------------------------------------------------------------------------- -void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain) -{ +void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain) { uint64_t ui64Key = 0; uint8_t uid[10]; uint32_t cuid; @@ -638,7 +665,6 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, bool field_off = flags & 0x0004; LED_A_ON(); - LED_C_OFF(); if (initialize) { iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); @@ -646,8 +672,6 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, set_tracing(true); } - LED_C_ON(); - uint16_t num_nonces = 0; bool have_uid = false; for (uint16_t i = 0; i <= USB_CMD_DATA_SIZE - 9; ) { @@ -662,7 +686,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, if (!have_uid) { // need a full select cycle to get the uid first iso14a_card_select_t card_info; if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (ALL)"); + if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (ALL)"); continue; } switch (card_info.uidlen) { @@ -674,7 +698,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, have_uid = true; } else { // no need for anticollision. We can directly select the card if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (UID)"); + if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (UID)"); continue; } } @@ -685,15 +709,15 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, } uint32_t nt1; - if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL)) { - if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Auth1 error"); + if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Auth1 error"); continue; } // nested authentication uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par_enc, NULL); if (len != 4) { - if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Auth2 error len=%d", len); + if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Auth2 error len=%d", len); continue; } @@ -702,7 +726,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, ReaderTransmit(dummy_answer, 1, NULL); timeout = GetCountSspClk() + HARDNESTED_AUTHENTICATION_TIMEOUT; - + num_nonces++; if (num_nonces % 2) { memcpy(buf+i, receivedAnswer, 4); @@ -719,20 +743,18 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, } - LED_C_OFF(); - crypto1_destroy(pcs); - LED_B_ON(); - cmd_send(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf)); - LED_B_OFF(); - - if (MF_DBGLEVEL >= 3) DbpString("AcquireEncryptedNonces finished"); - if (field_off) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_D_OFF(); } + + if (MF_DBGLEVEL >= 3) DbpString("AcquireEncryptedNonces finished"); + + cmd_send(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf)); + + LED_A_OFF(); } @@ -740,9 +762,8 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, // MIFARE nested authentication. // //----------------------------------------------------------------------------- -void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain) -{ - // params +void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain) { + uint8_t blockNo = arg0 & 0xff; uint8_t keyType = (arg0 >> 8) & 0xff; uint8_t targetBlockNo = arg1 & 0xff; @@ -751,14 +772,15 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat ui64Key = bytes_to_num(datain, 6); - // variables uint16_t rtr, i, j, len; uint16_t davg; static uint16_t dmin, dmax; uint8_t uid[10]; - uint32_t cuid, nt1, nt2, nttmp, nttest, ks1; + uint32_t cuid, nt1, nt2_enc, nttmp, nttest, ks1; uint8_t par[1]; uint32_t target_nt[2], target_ks[2]; + uint32_t fixed_nt = 0; + uint8_t target_nt_duplicate_count = 0; uint8_t par_array[4]; uint16_t ncount = 0; @@ -767,11 +789,10 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat pcs = &mpcs; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; - uint32_t auth1_time, auth2_time; + uint32_t auth1_time, auth2_time, authentication_timeout = 0; static uint16_t delta_time; LED_A_ON(); - LED_C_OFF(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); // free eventually allocated BigBuf memory @@ -784,8 +805,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat int16_t isOK = 0; #define NESTED_MAX_TRIES 12 uint16_t unsuccessfull_tries = 0; - if (calibrate) { // for first call only. Otherwise reuse previous calibration - LED_B_ON(); + if (calibrate) { // for first call only. Otherwise reuse previous calibration WDT_HIT(); davg = dmax = 0; @@ -794,47 +814,48 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat for (rtr = 0; rtr < 17; rtr++) { - // Test if the action was cancelled - if(BUTTON_PRESS()) { - isOK = -2; - break; - } - // prepare next select. No need to power down the card. - if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error"); + if (mifare_classic_halt(pcs, cuid)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error"); rtr--; continue; } - if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card"); + // Test if the action was cancelled + if (BUTTON_PRESS()) { + isOK = -2; + break; + } + + if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card"); rtr--; continue; }; auth1_time = 0; - if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error"); + if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error"); rtr--; continue; }; + fixed_nt = nt1; if (delta_time) { auth2_time = auth1_time + delta_time; } else { auth2_time = 0; } - if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error"); + if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2_enc, &auth2_time, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error"); rtr--; continue; }; - nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160 + nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160 for (i = 101; i < 1200; i++) { nttmp = prng_successor(nttmp, 1); - if (nttmp == nt2) break; + if (nttmp == nt2_enc) break; } if (i != 1200) { @@ -849,7 +870,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i); } else { unsuccessfull_tries++; - if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable) + if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable) isOK = -3; } } @@ -862,46 +883,49 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat dmin = davg - 2; dmax = davg + 2; - LED_B_OFF(); - } // ------------------------------------------------------------------------------------------------- - LED_C_ON(); - // get crypted nonces for target sector - for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces + for (i = 0; i < 2 && !isOK; i++) { // look for exactly two different nonces target_nt[i] = 0; - while(target_nt[i] == 0) { // continue until we have an unambiguous nonce + while (target_nt[i] == 0 && !isOK) { // continue until we have an unambiguous nonce // prepare next select. No need to power down the card. - if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error"); + if (mifare_classic_halt(pcs, cuid)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error"); continue; } - if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card"); + // break out of the loop on button press + if (BUTTON_PRESS()) { + isOK = -2; + break; + } + + if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card"); continue; - }; + } auth1_time = 0; - if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error"); + authentication_timeout = 0; + if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time, &authentication_timeout)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error"); continue; - }; + } // nested authentication auth2_time = auth1_time + delta_time; len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time); if (len != 4) { - if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len); + if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len); continue; - }; + } - nt2 = bytes_to_num(receivedAnswer, 4); - if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]); + nt2_enc = bytes_to_num(receivedAnswer, 4); + if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2_enc, par[0]); // Parity validity check for (j = 0; j < 4; j++) { @@ -912,10 +936,10 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat nttest = prng_successor(nt1, dmin - 1); for (j = dmin; j < dmax + 1; j++) { nttest = prng_successor(nttest, 1); - ks1 = nt2 ^ nttest; + ks1 = nt2_enc ^ nttest; - if (valid_nonce(nttest, nt2, ks1, par_array)){ - if (ncount > 0) { // we are only interested in disambiguous nonces, try again + if (valid_nonce(nttest, nt2_enc, ks1, par_array)){ + if (ncount > 0) { // we are only interested in disambiguous nonces, try again if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j); target_nt[i] = 0; break; @@ -924,7 +948,12 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat target_ks[i] = ks1; ncount++; if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces - target_nt[i] = 0; + if( ++target_nt_duplicate_count >= NESTED_MAX_TRIES ) { // unable to get a 2nd nonce after NESTED_MAX_TRIES tries, probably a fixed nonce + if (MF_DBGLEVEL >= 2) Dbprintf("Nonce#2: cannot get nonce that != nonce#1, continuing anyway with single nonce! ntdist=%d", j); + break; + } + + target_nt[1] = 0; if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j); break; } @@ -935,86 +964,148 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat } } - LED_C_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); - // ----------------------------- crypto1 destroy crypto1_destroy(pcs); - byte_t buf[4 + 4 * 4]; + uint8_t buf[4 + 4 * 4 + 4 + 4]; memcpy(buf, &cuid, 4); memcpy(buf+4, &target_nt[0], 4); memcpy(buf+8, &target_ks[0], 4); memcpy(buf+12, &target_nt[1], 4); memcpy(buf+16, &target_ks[1], 4); + memcpy(buf+20, &authentication_timeout, 4); + memcpy(buf+24, &fixed_nt, 4); + + if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED"); - LED_B_ON(); cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf)); - LED_B_OFF(); - if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED"); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LED_A_OFF(); } + //----------------------------------------------------------------------------- // MIFARE check keys. key count up to 85. // //----------------------------------------------------------------------------- -void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) -{ +void MifareChkKeys(uint16_t arg0, uint32_t arg1, uint8_t arg2, uint8_t *datain) { + uint8_t blockNo = arg0 & 0xff; - uint8_t keyType = (arg0 >> 8) & 0xff; + uint8_t keyType = arg0 >> 8; bool clearTrace = arg1 & 0x01; bool multisectorCheck = arg1 & 0x02; - uint8_t set14aTimeout = (arg1 >> 8) & 0xff; + bool init = arg1 & 0x04; + bool drop_field = arg1 & 0x08; + bool fixed_nonce = arg1 & 0x10; + uint32_t auth_timeout = arg1 >> 16; uint8_t keyCount = arg2; - // clear debug level + LED_A_ON(); + + if (init) { + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + } + + if (clearTrace) { + clear_trace(); + } + set_tracing(true); + + // clear debug level. We are expecting lots of authentication failures... int OLD_MF_DBGLEVEL = MF_DBGLEVEL; MF_DBGLEVEL = MF_DBG_NONE; - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - - if (clearTrace) clear_trace(); - set_tracing(true); - - if (set14aTimeout){ - iso14a_set_timeout(set14aTimeout * 10); // timeout: ms = x/106 35-minimum, 50-OK 106-recommended 500-safe - } - + int res = 0; if (multisectorCheck) { TKeyIndex keyIndex = {{0}}; uint8_t sectorCnt = blockNo; - int res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, OLD_MF_DBGLEVEL, &keyIndex); - - LED_B_ON(); + res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, &auth_timeout, OLD_MF_DBGLEVEL, &keyIndex); if (res >= 0) { - cmd_send(CMD_ACK, 1, 0, 0, keyIndex, 80); + cmd_send(CMD_ACK, 1, res, 0, keyIndex, 80); } else { - cmd_send(CMD_ACK, 0, 0, 0, NULL, 0); + cmd_send(CMD_ACK, 0, res, 0, NULL, 0); } - LED_B_OFF(); - } else { - int res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, OLD_MF_DBGLEVEL); - - LED_B_ON(); + } else if (fixed_nonce) { + res = MifareChkBlockKeysFixedNonce(datain, keyCount, blockNo, keyType, &auth_timeout, OLD_MF_DBGLEVEL); if (res > 0) { - cmd_send(CMD_ACK, 1, 0, 0, datain + (res - 1) * 6, 6); + cmd_send(CMD_ACK, 1, res, 0, NULL, 0); // key found } else { - cmd_send(CMD_ACK, 0, 0, 0, NULL, 0); + cmd_send(CMD_ACK, 0, res, 0, NULL, 0); // no key found or aborted + } + } else { + res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, &auth_timeout, OLD_MF_DBGLEVEL); + if (res > 0) { + cmd_send(CMD_ACK, 1, res, 0, datain + (res - 1) * 6, 6); + } else { + cmd_send(CMD_ACK, 0, res, 0, NULL, 0); } - LED_B_OFF(); } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + if (drop_field || res != 0) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + } // restore debug level MF_DBGLEVEL = OLD_MF_DBGLEVEL; + + LED_A_OFF(); +} + + +//----------------------------------------------------------------------------- +// MIFARE Personalize UID. Only for Mifare Classic EV1 7Byte UID +//----------------------------------------------------------------------------- +void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint8_t *data) { + + uint8_t uid[10]; + uint32_t cuid; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + LED_A_ON(); + clear_trace(); + + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + bool isOK = false; + while (true) { + if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + break; + } + + uint8_t block_number = 0; + uint64_t key = bytes_to_num(data, 6); + if (mifare_classic_auth(pcs, cuid, block_number, keyType, key, AUTH_FIRST, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); + break; + } + + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; + uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; + int len = mifare_sendcmd_short(pcs, true, MIFARE_EV1_PERSONAL_UID, perso_option, receivedAnswer, receivedAnswerPar, NULL); + if (len != 1 || receivedAnswer[0] != CARD_ACK) { + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + break;; + } + isOK = true; + break; + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + + crypto1_destroy(pcs); + + if (MF_DBGLEVEL >= 2) DbpString("PERSONALIZE UID FINISHED"); + + cmd_send(CMD_ACK, isOK, 0, 0, NULL, 0); + + LED_A_OFF(); } //----------------------------------------------------------------------------- @@ -1084,21 +1175,21 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { isOK = false; - if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); } for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) { ui64Key = emlGetKey(sectorNo, keyType); if (sectorNo == 0){ - if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) { + if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST, NULL)) { isOK = false; - if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo); + if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo); break; } } else { - if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) { + if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED, NULL)) { isOK = false; - if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo); + if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo); break; } } @@ -1106,13 +1197,13 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) { if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) { isOK = false; - if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo); + if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo); break; }; if (isOK) { if (blockNo < NumBlocksPerSector(sectorNo) - 1) { emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1); - } else { // sector trailer, keep the keys, set only the AC + } else { // sector trailer, keep the keys, set only the AC emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1); memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4); emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1); @@ -1123,7 +1214,7 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai } if(mifare_classic_halt(pcs, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); }; // ----------------------------- crypto1 destroy @@ -1164,20 +1255,20 @@ void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){ bool needWipe = cmdParams & 0x01; bool needFill = cmdParams & 0x02; bool gen1b = cmdParams & 0x04; - + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + uint8_t block0[16] = {0x01, 0x02, 0x03, 0x04, 0x04, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBE, 0xAF}; uint8_t block1[16] = {0x00}; uint8_t blockK[16] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x08, 0x77, 0x8F, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; uint8_t d_block[18] = {0x00}; - + // card commands uint8_t wupC1[] = { 0x40 }; uint8_t wupC2[] = { 0x43 }; uint8_t wipeC[] = { 0x41 }; - + // iso14443 setup LED_A_ON(); LED_B_OFF(); @@ -1187,54 +1278,54 @@ void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){ // tracing clear_trace(); set_tracing(true); - + while (true){ // wipe if (needWipe){ ReaderTransmitBitsPar(wupC1,7,0, NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); break; }; ReaderTransmit(wipeC, sizeof(wipeC), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error"); break; }; if(mifare_classic_halt(NULL, 0)) { - if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); }; }; - + // put default data if (needFill){ // select commands ReaderTransmitBitsPar(wupC1, 7, 0, NULL); - // gen1b magic tag : do no issue wupC2 and don't expect 0x0a response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command) - if (!gen1b) { + // gen1b magic tag : do no issue wupC2 and don't expect CARD_ACK response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command) + if (!gen1b) { - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); break; }; ReaderTransmit(wupC2, sizeof(wupC2), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); break; }; } // send blocks command for (int blockNo = 0; blockNo < numBlocks; blockNo++) { - if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); + if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); break; }; - + // check type of block and add crc if (!isBlockTrailer(blockNo)){ memcpy(d_block, block1, 16); @@ -1248,33 +1339,34 @@ void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){ // send write command ReaderTransmit(d_block, sizeof(d_block), NULL); - if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error"); + if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error"); break; }; } - + // halt - // do no issue halt command for gen1b + // do no issue halt command for gen1b if (!gen1b) { if (mifare_classic_halt(NULL, 0)) { - if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); break; } } } break; - } + } + + // reset fpga + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // send USB response LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,NULL,0); LED_B_OFF(); - - // reset fpga - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); - + return; } @@ -1321,13 +1413,13 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // get UID from chip if (workFlags & 0x01) { if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); // Continue, if we set wrong UID or wrong UID checksum or some ATQA or SAK we will can't select card. But we need to write block 0 to make card work. //break; }; if(mifare_classic_halt(NULL, cuid)) { - if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); // Continue, some magic tags misbehavies and send an answer to it. // break; }; @@ -1337,21 +1429,21 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // Wipe command don't work with gen1b if (needWipe && !(workFlags & 0x40)){ ReaderTransmitBitsPar(wupC1,7,0, NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); break; }; ReaderTransmit(wipeC, sizeof(wipeC), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error"); break; }; if(mifare_classic_halt(NULL, 0)) { - if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); // Continue, some magic tags misbehavies and send an answer to it. - // break; + // break; }; }; @@ -1359,24 +1451,24 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai if (workFlags & 0x02) { ReaderTransmitBitsPar(wupC1,7,0, NULL); - // gen1b magic tag : do no issue wupC2 and don't expect 0x0a response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command) + // gen1b magic tag : do no issue wupC2 and don't expect CARD_ACK response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command) if (!(workFlags & 0x40)) { - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); break; }; ReaderTransmit(wupC2, sizeof(wupC2), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); break; }; } } - if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); + if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); break; }; @@ -1384,8 +1476,8 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai AppendCrc14443a(d_block, 16); ReaderTransmit(d_block, sizeof(d_block), NULL); - if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error"); + if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error"); break; }; @@ -1393,7 +1485,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // do no issue halt command for gen1b magic tag (#db# halt error. response len: 1) if (!(workFlags & 0x40)) { if (mifare_classic_halt(NULL, 0)) { - if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 2) Dbprintf("Halt error"); // Continue, some magic tags misbehavies and send an answer to it. // break; } @@ -1404,14 +1496,15 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai break; } + if ((workFlags & 0x10) || (!isOK)) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + } + LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,uid,4); LED_B_OFF(); - if ((workFlags & 0x10) || (!isOK)) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - } + LEDsoff(); } @@ -1452,15 +1545,15 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai while (true) { if (workFlags & 0x02) { ReaderTransmitBitsPar(wupC1,7,0, NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); break; }; // do no issue for gen1b magic tag if (!(workFlags & 0x40)) { ReaderTransmit(wupC2, sizeof(wupC2), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != CARD_ACK)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); break; }; } @@ -1468,7 +1561,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // read block if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) { - if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error"); + if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error"); break; }; memcpy(data, receivedAnswer, 18); @@ -1477,9 +1570,9 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // do no issue halt command for gen1b magic tag (#db# halt error. response len: 1) if (!(workFlags & 0x40)) { if (mifare_classic_halt(NULL, cuid)) { - if (MF_DBGLEVEL > 1) Dbprintf("Halt error"); + if (MF_DBGLEVEL > 1) Dbprintf("Halt error"); // Continue, some magic tags misbehavies and send an answer to it. - // break; + // break; } } } @@ -1488,6 +1581,10 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai break; } + if ((workFlags & 0x10) || (!isOK)) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + } + LED_B_ON(); if (workFlags & 0x20) { if (isOK) @@ -1497,10 +1594,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai cmd_send(CMD_ACK,isOK,0,0,data,18); LED_B_OFF(); - if ((workFlags & 0x10) || (!isOK)) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - } + LEDsoff(); } void MifareCIdent(){ @@ -1514,34 +1608,35 @@ void MifareCIdent(){ uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + LED_A_ON(); LED_B_OFF(); LED_C_OFF(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); clear_trace(); - set_tracing(true); + set_tracing(true); ReaderTransmitBitsPar(wupC1,7,0, NULL); - if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) { + if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == CARD_ACK)) { isOK = 2; ReaderTransmit(wupC2, sizeof(wupC2), NULL); - if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) { + if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == CARD_ACK)) { isOK = 1; }; }; // From iceman1001: removed the if, since some magic tags misbehavies and send an answer to it. mifare_classic_halt(NULL, 0); - + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_B_ON(); cmd_send(CMD_ACK,isOK,0,0,0,0); LED_B_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + LEDsoff(); } // @@ -1571,7 +1666,8 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){ } if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED"); - cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout)); + + cmd_send(CMD_ACK, 1, cuid, 0, dataout, sizeof(dataout)); } void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){ @@ -1585,30 +1681,17 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){ isOK = mifare_desfire_des_auth2(cuid, key, dataout); - if( isOK) { + if (isOK) { if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed"); OnError(4); return; } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED"); cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout)); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } -void OnSuccess(){ - pcb_blocknum = 0; - ReaderTransmit(deselect_cmd, 3 , NULL); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); -} - -void OnError(uint8_t reason){ - pcb_blocknum = 0; - ReaderTransmit(deselect_cmd, 3 , NULL); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - cmd_send(CMD_ACK,0,reason,0,0,0); - LEDsoff(); -} diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index e17fa998..40bfb965 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -10,18 +10,36 @@ // Routines to support ISO 14443 type A. //----------------------------------------------------------------------------- -#ifndef __MIFARECMD_H -#define __MIFARECMD_H +#ifndef MIFARECMD_H__ +#define MIFARECMD_H__ -#include "proxmark3.h" -#include "apps.h" -#include "util.h" +#include -#include "iso14443crc.h" -#include "iso14443a.h" -#include "crapto1/crapto1.h" -#include "mifareutil.h" -#include "common.h" +extern void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); +extern void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain); +extern void MifareUC_Auth(uint8_t arg0, uint8_t *datain); +extern void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain); +extern void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); +extern void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); +//extern void MifareUWriteBlockCompat(uint8_t arg0,uint8_t *datain); +extern void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain); +extern void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain); +extern void MifareChkKeys(uint16_t arg0, uint32_t arg1, uint8_t arg2, uint8_t *datain); +extern void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card +extern void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +extern void MifareCIdent(); // is "magic chinese" card? +extern void MifareUSetPwd(uint8_t arg0, uint8_t *datain); +extern void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint8_t *datain); +//desfire +extern void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain); +extern void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); -#endif \ No newline at end of file +#endif diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index c9264836..abf800ce 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -20,31 +20,30 @@ #include "fpgaloader.h" #include "proxmark3.h" #include "usb_cdc.h" -#include "cmd.h" #include "protocols.h" #include "apps.h" +#include "util.h" + //mifare emulator states -#define MFEMUL_NOFIELD 0 -#define MFEMUL_IDLE 1 -#define MFEMUL_SELECT1 2 -#define MFEMUL_SELECT2 3 -#define MFEMUL_SELECT3 4 -#define MFEMUL_AUTH1 5 -#define MFEMUL_AUTH2 6 -#define MFEMUL_WORK 7 -#define MFEMUL_WRITEBL2 8 -#define MFEMUL_INTREG_INC 9 -#define MFEMUL_INTREG_DEC 10 -#define MFEMUL_INTREG_REST 11 -#define MFEMUL_HALTED 12 - -#define cardSTATE_TO_IDLE() { cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF(); } +#define MFEMUL_NOFIELD 0 +#define MFEMUL_IDLE 1 +#define MFEMUL_SELECT1 2 +#define MFEMUL_SELECT2 3 +#define MFEMUL_SELECT3 4 +#define MFEMUL_AUTH1 5 +#define MFEMUL_AUTH2 6 +#define MFEMUL_WORK 7 +#define MFEMUL_WRITEBL2 8 +#define MFEMUL_INTREG_INC 9 +#define MFEMUL_INTREG_DEC 10 +#define MFEMUL_INTREG_REST 11 +#define MFEMUL_HALTED 12 #define AC_DATA_READ 0 #define AC_DATA_WRITE 1 -#define AC_DATA_INC 2 -#define AC_DATA_DEC_TRANS_REST 3 +#define AC_DATA_INC 2 +#define AC_DATA_DEC_TRANS_REST 3 #define AC_KEYA_READ 0 #define AC_KEYA_WRITE 1 #define AC_KEYB_READ 2 @@ -57,11 +56,30 @@ #define AUTHKEYNONE 0xff +static int ParamCardSizeBlocks(const char c) { + int numBlocks = 16 * 4; + switch (c) { + case '0' : numBlocks = 5 * 4; break; + case '2' : numBlocks = 32 * 4; break; + case '4' : numBlocks = 32 * 4 + 8 * 16; break; + default: numBlocks = 16 * 4; + } + return numBlocks; +} + +static uint8_t BlockToSector(int block_num) { + if (block_num < 32 * 4) { // 4 blocks per sector + return (block_num / 4); + } else { // 16 blocks per sector + return 32 + (block_num - 32 * 4) / 16; + } +} + static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { uint8_t sector_trailer[16]; emlGetMem(sector_trailer, blockNo, 1); uint8_t AC = ((sector_trailer[7] >> 5) & 0x04) - | ((sector_trailer[8] >> 2) & 0x02) + | ((sector_trailer[8] >> 2) & 0x02) | ((sector_trailer[8] >> 7) & 0x01); switch (action) { case AC_KEYA_READ: { @@ -69,8 +87,8 @@ static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t act break; } case AC_KEYA_WRITE: { - return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01)) - || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); + return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01)) + || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); break; } case AC_KEYB_READ: { @@ -78,18 +96,18 @@ static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t act break; } case AC_KEYB_WRITE: { - return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x04)) - || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); + return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01)) + || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); break; } case AC_AC_READ: { return ((keytype == AUTHKEYA) - || (keytype == AUTHKEYB && !(AC == 0x00 || AC == 0x02 || AC == 0x01))); + || (keytype == AUTHKEYB && !(AC == 0x00 || AC == 0x02 || AC == 0x01))); break; } case AC_AC_WRITE: { return ((keytype == AUTHKEYA && (AC == 0x01)) - || (keytype == AUTHKEYB && (AC == 0x03 || AC == 0x05))); + || (keytype == AUTHKEYB && (AC == 0x03 || AC == 0x05))); break; } default: return false; @@ -129,33 +147,33 @@ static bool IsDataAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action | ((sector_trailer[8] >> 6) & 0x01); break; } - default: + default: return false; } - + switch (action) { case AC_DATA_READ: { return ((keytype == AUTHKEYA && !(AC == 0x03 || AC == 0x05 || AC == 0x07)) - || (keytype == AUTHKEYB && !(AC == 0x07))); + || (keytype == AUTHKEYB && !(AC == 0x07))); break; } case AC_DATA_WRITE: { return ((keytype == AUTHKEYA && (AC == 0x00)) - || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x04 || AC == 0x06 || AC == 0x03))); + || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x04 || AC == 0x06 || AC == 0x03))); break; } case AC_DATA_INC: { return ((keytype == AUTHKEYA && (AC == 0x00)) - || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06))); + || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06))); break; } case AC_DATA_DEC_TRANS_REST: { return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x06 || AC == 0x01)) - || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06 || AC == 0x01))); + || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06 || AC == 0x01))); break; } } - + return false; } @@ -169,18 +187,18 @@ static bool IsAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { } -static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len) { +static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len, uint8_t cardsize) { - #define TAG_RESPONSE_COUNT 5 // number of precompiled responses - static uint8_t rATQA[] = {0x04, 0x00}; // indicate Mifare classic 1k 4Byte UID - static uint8_t rUIDBCC1[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 1st cascade level - static uint8_t rUIDBCC2[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 2nd cascade level - static uint8_t rSAKfinal[]= {0x08, 0xb6, 0xdd}; // mifare 1k indicated - static uint8_t rSAK1[] = {0x04, 0xda, 0x17}; // indicate UID not finished + #define TAG_RESPONSE_COUNT 5 // number of precompiled responses + static uint8_t rATQA[] = {0x00, 0x00}; + static uint8_t rUIDBCC1[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 1st cascade level + static uint8_t rUIDBCC2[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 2nd cascade level + static uint8_t rSAKfinal[]= {0x00, 0x00, 0x00}; // SAK after UID complete + static uint8_t rSAK1[] = {0x00, 0x00, 0x00}; // indicate UID not finished *uid_len = 4; // UID can be set from emulator memory or incoming data and can be 4 or 7 bytes long - if (flags & FLAG_4B_UID_IN_DATA) { // get UID from datain + if (flags & FLAG_4B_UID_IN_DATA) { // get UID from datain memcpy(rUIDBCC1, datain, 4); } else if (flags & FLAG_7B_UID_IN_DATA) { rUIDBCC1[0] = 0x88; @@ -189,10 +207,10 @@ static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t ** *uid_len = 7; } else { uint8_t probable_atqa; - emlGetMemBt(&probable_atqa, 7, 1); // get UID from emul memory - weak guess at length - if (probable_atqa == 0x00) { // ---------- 4BUID + emlGetMemBt(&probable_atqa, 7, 1); // get UID from emul memory - weak guess at length + if (probable_atqa == 0x00) { // ---------- 4BUID emlGetMemBt(rUIDBCC1, 0, 4); - } else { // ---------- 7BUID + } else { // ---------- 7BUID rUIDBCC1[0] = 0x88; emlGetMemBt(rUIDBCC1+1, 0, 3); emlGetMemBt(rUIDBCC2, 3, 4); @@ -204,37 +222,65 @@ static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t ** case 4: *cuid = bytes_to_num(rUIDBCC1, 4); rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; - if (MF_DBGLEVEL >= 2) { - Dbprintf("4B UID: %02x%02x%02x%02x", - rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3] ); + if (MF_DBGLEVEL >= MF_DBG_INFO) { + Dbprintf("4B UID: %02x%02x%02x%02x", + rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3] ); } break; case 7: - rATQA[0] |= 0x40; *cuid = bytes_to_num(rUIDBCC2, 4); - rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; - rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3]; - if (MF_DBGLEVEL >= 2) { + rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; + rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3]; + if (MF_DBGLEVEL >= MF_DBG_INFO) { Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x", rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3], rUIDBCC2[0], rUIDBCC2[1], rUIDBCC2[2], rUIDBCC2[3] ); } break; - default: + default: break; } - + + // set SAK based on cardsize + switch (cardsize) { + case '0': rSAKfinal[0] = 0x09; break; // Mifare Mini + case '2': rSAKfinal[0] = 0x10; break; // Mifare 2K + case '4': rSAKfinal[0] = 0x18; break; // Mifare 4K + default: rSAKfinal[0] = 0x08; // Mifare 1K + } + ComputeCrc14443(CRC_14443_A, rSAKfinal, 1, rSAKfinal + 1, rSAKfinal + 2); + if (MF_DBGLEVEL >= MF_DBG_INFO) { + Dbprintf("SAK: %02x", rSAKfinal[0]); + } + + // set SAK for incomplete UID + rSAK1[0] = 0x04; // Bit 3 indicates incomplete UID + ComputeCrc14443(CRC_14443_A, rSAK1, 1, rSAK1 + 1, rSAK1 + 2); + + // set ATQA based on cardsize and UIDlen + if (cardsize == '4') { + rATQA[0] = 0x02; + } else { + rATQA[0] = 0x04; + } + if (*uid_len == 7) { + rATQA[0] |= 0x40; + } + if (MF_DBGLEVEL >= MF_DBG_INFO) { + Dbprintf("ATQA: %02x %02x", rATQA[1], rATQA[0]); + } + static tag_response_info_t responses_init[TAG_RESPONSE_COUNT] = { - { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type - { .response = rUIDBCC1, .response_n = sizeof(rUIDBCC1) }, // Anticollision cascade1 - respond with first part of uid - { .response = rUIDBCC2, .response_n = sizeof(rUIDBCC2) }, // Anticollision cascade2 - respond with 2nd part of uid - { .response = rSAKfinal, .response_n = sizeof(rSAKfinal) }, // Acknowledge select - last cascade - { .response = rSAK1, .response_n = sizeof(rSAK1) } // Acknowledge select - previous cascades + { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type + { .response = rUIDBCC1, .response_n = sizeof(rUIDBCC1) }, // Anticollision cascade1 - respond with first part of uid + { .response = rUIDBCC2, .response_n = sizeof(rUIDBCC2) }, // Anticollision cascade2 - respond with 2nd part of uid + { .response = rSAKfinal, .response_n = sizeof(rSAKfinal) }, // Acknowledge select - last cascade + { .response = rSAK1, .response_n = sizeof(rSAK1) } // Acknowledge select - previous cascades }; // Prepare ("precompile") the responses of the anticollision phase. There will be not enough time to do this at the moment the reader sends its REQA or SELECT - // There are 7 predefined responses with a total of 18 bytes data to transmit. Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) + // There are 5 predefined responses with a total of 18 bytes data to transmit. Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) // 18 * 8 data bits, 18 * 1 parity bits, 5 start bits, 5 stop bits, 5 correction bits -> need 177 bytes buffer - #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 177 // number of bytes required for precompiled responses + #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 177 // number of bytes required for precompiled responses uint8_t *free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE); size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE; @@ -262,22 +308,23 @@ static bool HasValidCRC(uint8_t *receivedCmd, uint16_t receivedCmd_len) { /** - *MIFARE 1K simulate. + *MIFARE simulate. * *@param flags : - * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK + * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that - * FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section not finished - * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later + * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack) *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ... * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted) */ -void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain) +void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t *datain) { + LED_A_ON(); + tag_response_info_t *responses; - uint8_t uid_len = 4; + uint8_t uid_len = 4; uint32_t cuid = 0; uint8_t cardWRBL = 0; uint8_t cardAUTHSC = 0; @@ -288,48 +335,47 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint32_t cardINTREG = 0; uint8_t cardINTBLOCK = 0; struct Crypto1State mpcs = {0, 0}; - struct Crypto1State *pcs; - pcs = &mpcs; - uint32_t numReads = 0;//Counts numer of times reader reads a block + struct Crypto1State *pcs = &mpcs; + uint32_t numReads = 0; //Counts numer of times reader reads a block uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedCmd_dec[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE]; uint16_t receivedCmd_len; uint8_t response[MAX_MIFARE_FRAME_SIZE]; uint8_t response_par[MAX_MIFARE_PARITY_SIZE]; - - uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04}; - uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00}; - - //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2 + uint8_t fixed_nonce[] = {0x01, 0x02, 0x03, 0x04}; + + int num_blocks = ParamCardSizeBlocks(cardsize); + + // Here we collect UID, sector, keytype, NT, AR, NR, NT2, AR2, NR2 // This will be used in the reader-only attack. - //allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys + // allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7) - nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius) 36 * 7 * 2 bytes = 504 bytes + nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // *2 for 2 separate attack types (nml, moebius) 36 * 7 * 2 bytes = 504 bytes memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp)); - uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius) + uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // *2 for 2nd attack type (moebius) memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected)); - uint8_t nonce1_count = 0; - uint8_t nonce2_count = 0; - uint8_t moebius_n_count = 0; + uint8_t nonce1_count = 0; + uint8_t nonce2_count = 0; + uint8_t moebius_n_count = 0; bool gettingMoebius = false; - uint8_t mM = 0; //moebius_modifier for collection storage + uint8_t mM = 0; // moebius_modifier for collection storage // Authenticate response - nonce uint32_t nonce; if (flags & FLAG_RANDOM_NONCE) { nonce = prand(); } else { - nonce = bytes_to_num(rAUTH_NT, 4); + nonce = bytes_to_num(fixed_nonce, 4); } // free eventually allocated BigBuf memory but keep Emulator Memory BigBuf_free_keep_EM(); - MifareSimInit(flags, datain, &responses, &cuid, &uid_len); - + MifareSimInit(flags, datain, &responses, &cuid, &uid_len, cardsize); + // We need to listen to the high-frequency, peak-detected path. iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); @@ -337,7 +383,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * clear_trace(); set_tracing(true); ResetSspClk(); - + bool finished = false; bool button_pushed = BUTTON_PRESS(); int cardSTATE = MFEMUL_NOFIELD; @@ -345,25 +391,28 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * while (!button_pushed && !finished && !usb_poll_validate_length()) { WDT_HIT(); - // find reader field if (cardSTATE == MFEMUL_NOFIELD) { + // wait for reader HF field int vHf = (MAX_ADC_HF_VOLTAGE_LOW * AvgAdc(ADC_CHAN_HF_LOW)) >> 10; if (vHf > MF_MINFIELDV) { - LED_A_ON(); - cardSTATE_TO_IDLE(); + LED_D_ON(); + cardSTATE = MFEMUL_IDLE; } button_pushed = BUTTON_PRESS(); continue; } //Now, get data + FpgaEnableTracing(); int res = EmGetCmd(receivedCmd, &receivedCmd_len, receivedCmd_par); - - if (res == 2) { //Field is off! - LEDsoff(); + + if (res == 2) { // Reader has dropped the HF field. Power off. + FpgaDisableTracing(); + LED_D_OFF(); cardSTATE = MFEMUL_NOFIELD; continue; } else if (res == 1) { // button pressed + FpgaDisableTracing(); button_pushed = true; break; } @@ -371,6 +420,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * // WUPA in HALTED state or REQA or WUPA in any other state if (receivedCmd_len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) { EmSendPrecompiledCmd(&responses[ATQA]); + FpgaDisableTracing(); // init crypto block crypto1_destroy(pcs); @@ -378,66 +428,68 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if (flags & FLAG_RANDOM_NONCE) { nonce = prand(); } - LED_B_OFF(); - LED_C_OFF(); cardSTATE = MFEMUL_SELECT1; continue; } - + switch (cardSTATE) { case MFEMUL_NOFIELD: case MFEMUL_HALTED: case MFEMUL_IDLE:{ break; } + case MFEMUL_SELECT1:{ // select all - 0x93 0x20 if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) { - if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL CL1 received"); EmSendPrecompiledCmd(&responses[UIDBCC1]); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT ALL CL1 received"); break; } // select card - 0x93 0x70 ... if (receivedCmd_len == 9 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC1].response, 4) == 0)) { - if (MF_DBGLEVEL >= 4) Dbprintf("SELECT CL1 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); if (uid_len == 4) { EmSendPrecompiledCmd(&responses[SAKfinal]); - LED_B_ON(); cardSTATE = MFEMUL_WORK; - break; } else if (uid_len == 7) { EmSendPrecompiledCmd(&responses[SAK1]); - cardSTATE = MFEMUL_SELECT2; - break; + cardSTATE = MFEMUL_SELECT2; } + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT CL1 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); + break; } - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } + case MFEMUL_SELECT2:{ // select all cl2 - 0x95 0x20 if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) { - if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL CL2 received"); EmSendPrecompiledCmd(&responses[UIDBCC2]); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT ALL CL2 received"); break; } // select cl2 card - 0x95 0x70 xxxxxxxxxxxx - if (receivedCmd_len == 9 && + if (receivedCmd_len == 9 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC2].response, 4) == 0)) { if (uid_len == 7) { - if (MF_DBGLEVEL >= 4) Dbprintf("SELECT CL2 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); EmSendPrecompiledCmd(&responses[SAKfinal]); - LED_B_ON(); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT CL2 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); cardSTATE = MFEMUL_WORK; break; } } - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } + case MFEMUL_WORK:{ - if (receivedCmd_len != 4) { // all commands must have exactly 4 bytes + if (receivedCmd_len != 4) { // all commands must have exactly 4 bytes break; } bool encrypted_data = (cardAUTHKEY != AUTHKEYNONE) ; @@ -448,76 +500,92 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * memcpy(receivedCmd_dec, receivedCmd, receivedCmd_len); } if (!HasValidCRC(receivedCmd_dec, receivedCmd_len)) { // all commands must have a valid CRC - EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); + EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_TR)); break; } + if (receivedCmd_dec[0] == MIFARE_AUTH_KEYA || receivedCmd_dec[0] == MIFARE_AUTH_KEYB) { // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack - if (receivedCmd_dec[1] >= 16 * 4 && !(flags & FLAG_NR_AR_ATTACK)) { + if (receivedCmd_dec[1] >= num_blocks && !(flags & FLAG_NR_AR_ATTACK)) { //is this the correct response to an auth on a out of range block? marshmellow EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], receivedCmd_dec[1]); break; } - cardAUTHSC = receivedCmd_dec[1] / 4; // received block num + cardAUTHSC = BlockToSector(receivedCmd_dec[1]); // received block num cardAUTHKEY = receivedCmd_dec[0] & 0x01; crypto1_destroy(pcs);//Added by martin crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY)); if (!encrypted_data) { // first authentication - if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); - crypto1_word(pcs, cuid ^ nonce, 0);//Update crypto state - num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce + crypto1_word(pcs, cuid ^ nonce, 0); // Update crypto state + num_to_bytes(nonce, 4, response); // Send unencrypted nonce + EmSendCmd(response, sizeof(nonce)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); } else { // nested authentication - if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); - ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); - num_to_bytes(ans, 4, rAUTH_AT); + num_to_bytes(nonce, sizeof(nonce), response); + uint8_t pcs_in[4] = {0}; + num_to_bytes(cuid ^ nonce, sizeof(nonce), pcs_in); + mf_crypto1_encryptEx(pcs, response, pcs_in, sizeof(nonce), response_par); + EmSendCmdPar(response, sizeof(nonce), response_par); // send encrypted nonce + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); } - EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT)); cardSTATE = MFEMUL_AUTH1; break; } - if (!encrypted_data) { // all other commands must be encrypted (authenticated) + + // halt can be sent encrypted or in clear + if (receivedCmd_dec[0] == ISO14443A_CMD_HALT && receivedCmd_dec[1] == 0x00) { + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("--> HALTED."); + cardSTATE = MFEMUL_HALTED; break; } - if(receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK - || receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK + + if(receivedCmd_dec[0] == MIFARE_CMD_READBLOCK + || receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK || receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE || receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) { - if (receivedCmd_dec[1] >= 16 * 4) { + if (receivedCmd_dec[1] >= num_blocks) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]); break; } - if (receivedCmd_dec[1] / 4 != cardAUTHSC) { + if (BlockToSector(receivedCmd_dec[1]) != cardAUTHSC) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],cardAUTHSC); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],cardAUTHSC); break; } } - if (receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK) { + + if (receivedCmd_dec[0] == MIFARE_CMD_READBLOCK) { uint8_t blockNo = receivedCmd_dec[1]; - if (MF_DBGLEVEL >= 4) { - Dbprintf("Reader reading block %d (0x%02x)", blockNo, blockNo); - } emlGetMem(response, blockNo, 1); if (IsSectorTrailer(blockNo)) { - memset(response, 0x00, 6); // keyA can never be read + memset(response, 0x00, 6); // keyA can never be read if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_KEYB_READ)) { - memset(response+10, 0x00, 6); // keyB cannot be read + memset(response+10, 0x00, 6); // keyB cannot be read } if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_AC_READ)) { - memset(response+6, 0x00, 4); // AC bits cannot be read + memset(response+6, 0x00, 4); // AC bits cannot be read } } else { if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_DATA_READ)) { - memset(response, 0x00, 16); // datablock cannot be read + memset(response, 0x00, 16); // datablock cannot be read } } AppendCrc14443a(response, 16); mf_crypto1_encrypt(pcs, response, 18, response_par); EmSendCmdPar(response, 18, response_par); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("Reader reading block %d (0x%02x)", blockNo, blockNo); + } numReads++; if(exitAfterNReads > 0 && numReads == exitAfterNReads) { Dbprintf("%d reads done, exiting", numReads); @@ -525,23 +593,33 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } break; } - if (receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK) { + + if (receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK) { uint8_t blockNo = receivedCmd_dec[1]; - if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)", blockNo, blockNo); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("RECV 0xA0 write block %d (%02x)", blockNo, blockNo); cardWRBL = blockNo; cardSTATE = MFEMUL_WRITEBL2; break; } + if (receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE) { uint8_t blockNo = receivedCmd_dec[1]; - if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); if (emlCheckValBl(blockNo)) { - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking"); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); + } + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking"); break; } EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); + } cardWRBL = blockNo; if (receivedCmd_dec[0] == MIFARE_CMD_INC) cardSTATE = MFEMUL_INTREG_INC; @@ -551,31 +629,29 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * cardSTATE = MFEMUL_INTREG_REST; break; } + if (receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) { uint8_t blockNo = receivedCmd_dec[1]; - if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd_dec[1])) EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); else EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); break; } - // halt - if (receivedCmd_dec[0] == ISO14443A_CMD_HALT && receivedCmd_dec[1] == 0x00) { - if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED."); - LED_B_OFF(); - LED_C_OFF(); - cardSTATE = MFEMUL_HALTED; - break; - } + // command not allowed - if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking"); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Received command not allowed, nacking"); + cardSTATE = MFEMUL_IDLE; break; } + case MFEMUL_AUTH1:{ if (receivedCmd_len != 8) { - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } @@ -590,7 +666,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if (ar_nr_collected[i+mM] < 2) { // if we haven't already collected 2 nonces for this sector if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) { - // Avoid duplicates... probably not necessary, ar should vary. + // Avoid duplicates... probably not necessary, ar should vary. if (ar_nr_collected[i+mM]==0) { // first nonce collect ar_nr_resp[i+mM].cuid = cuid; @@ -618,7 +694,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if ( nonce2_count == nonce1_count ) { // done collecting std test switch to moebius // first finish incrementing last sample - ar_nr_collected[i+mM]++; + ar_nr_collected[i+mM]++; // switch to moebius collection gettingMoebius = true; mM = ATTACK_KEY_COUNT; @@ -650,25 +726,28 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * // test if auth OK if (cardRr != prng_successor(nonce, 64)){ - if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", cardAUTHSC, cardAUTHKEY == AUTHKEYA ? 'A' : 'B', cardRr, prng_successor(nonce, 64)); // Shouldn't we respond anything here? // Right now, we don't nack or anything, which causes the // reader to do a WUPA after a while. /Martin // -- which is the correct response. /piwi - cardAUTHKEY = AUTHKEYNONE; // not authenticated - cardSTATE_TO_IDLE(); + cardAUTHKEY = AUTHKEYNONE; // not authenticated + cardSTATE = MFEMUL_IDLE; break; } - ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0); - num_to_bytes(ans, 4, rAUTH_AT); - EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT)); - if (MF_DBGLEVEL >= 4) Dbprintf("AUTH COMPLETED for sector %d with key %c.", cardAUTHSC, cardAUTHKEY == AUTHKEYA ? 'A' : 'B'); - LED_C_ON(); + ans = prng_successor(nonce, 96); + num_to_bytes(ans, 4, response); + mf_crypto1_encrypt(pcs, response, 4, response_par); + EmSendCmdPar(response, 4, response_par); + FpgaDisableTracing(); + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("AUTH COMPLETED for sector %d with key %c.", cardAUTHSC, cardAUTHKEY == AUTHKEYA ? 'A' : 'B'); cardSTATE = MFEMUL_WORK; break; } + case MFEMUL_WRITEBL2:{ if (receivedCmd_len == 18) { mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec); @@ -676,73 +755,80 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if (IsSectorTrailer(cardWRBL)) { emlGetMem(response, cardWRBL, 1); if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_KEYA_WRITE)) { - memcpy(receivedCmd_dec, response, 6); // don't change KeyA + memcpy(receivedCmd_dec, response, 6); // don't change KeyA } if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_KEYB_WRITE)) { - memcpy(receivedCmd_dec+10, response+10, 6); // don't change KeyA + memcpy(receivedCmd_dec+10, response+10, 6); // don't change KeyA } if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_AC_WRITE)) { - memcpy(receivedCmd_dec+6, response+6, 4); // don't change AC bits + memcpy(receivedCmd_dec+6, response+6, 4); // don't change AC bits } } else { if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_DATA_WRITE)) { - memcpy(receivedCmd_dec, response, 16); // don't change anything + memcpy(receivedCmd_dec, response, 16); // don't change anything } } emlSetMem(receivedCmd_dec, cardWRBL, 1); - EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); // always ACK? + EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); // always ACK? cardSTATE = MFEMUL_WORK; break; } } - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } + case MFEMUL_INTREG_INC:{ if (receivedCmd_len == 6) { mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } cardINTREG = cardINTREG + ans; + cardSTATE = MFEMUL_WORK; } - cardSTATE = MFEMUL_WORK; break; } + case MFEMUL_INTREG_DEC:{ if (receivedCmd_len == 6) { mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } + cardINTREG = cardINTREG - ans; + cardSTATE = MFEMUL_WORK; } - cardINTREG = cardINTREG - ans; - cardSTATE = MFEMUL_WORK; break; } + case MFEMUL_INTREG_REST:{ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - cardSTATE_TO_IDLE(); + cardSTATE = MFEMUL_IDLE; break; } cardSTATE = MFEMUL_WORK; break; } - } + + } // end of switch + + FpgaDisableTracing(); button_pushed = BUTTON_PRESS(); - } + + } // end of while FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); - if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) { - for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { + if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= MF_DBG_INFO) { + for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { if (ar_nr_collected[i] == 2) { Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", get_tracing(), BigBuf_get_traceLen()); + if (MF_DBGLEVEL >= MF_DBG_INFO) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", get_tracing(), BigBuf_get_traceLen()); if(flags & FLAG_INTERACTIVE) { // Interactive mode flag, means we need to send ACK //Send the collected ar_nr in the response - cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp)); + cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, button_pushed, 0, &ar_nr_resp, sizeof(ar_nr_resp)); } + + LED_A_OFF(); } diff --git a/armsrc/mifaresim.h b/armsrc/mifaresim.h index 1e17a882..8f089b85 100644 --- a/armsrc/mifaresim.h +++ b/armsrc/mifaresim.h @@ -15,6 +15,6 @@ #include -extern void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain); +extern void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t *datain); #endif diff --git a/armsrc/mifaresniff.c b/armsrc/mifaresniff.c index 5391e5f9..f3ee4a3f 100644 --- a/armsrc/mifaresniff.c +++ b/armsrc/mifaresniff.c @@ -9,7 +9,7 @@ //----------------------------------------------------------------------------- #include "mifaresniff.h" -#include "apps.h" + #include "proxmark3.h" #include "util.h" #include "string.h" @@ -18,6 +18,9 @@ #include "crapto1/crapto1.h" #include "mifareutil.h" #include "common.h" +#include "usb_cdc.h" +#include "BigBuf.h" +#include "fpgaloader.h" static int sniffState = SNF_INIT; @@ -149,7 +152,7 @@ bool intMfSniffSend() { while (pckLen > 0) { pckSize = MIN(USB_CMD_DATA_SIZE, pckLen); LED_B_ON(); - cmd_send(CMD_ACK, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize); + cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize); LED_B_OFF(); pckLen -= pckSize; @@ -157,7 +160,7 @@ bool intMfSniffSend() { } LED_B_ON(); - cmd_send(CMD_ACK,2,0,0,0,0); + cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,2,0,0,0,0); LED_B_OFF(); clear_trace(); diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 684b5e36..e46c5515 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -21,15 +21,16 @@ #include "iso14443crc.h" #include "iso14443a.h" #include "crapto1/crapto1.h" -#include "polarssl/des.h" +#include "mbedtls/des.h" +#include "protocols.h" -int MF_DBGLEVEL = MF_DBG_ALL; +int MF_DBGLEVEL = MF_DBG_INFO; // crypto1 helpers void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out){ - uint8_t bt = 0; + uint8_t bt = 0; int i; - + if (len != 1) { for (i = 0; i < len; i++) data_out[i] = crypto1_byte(pcs, 0x00, 0) ^ data_in[i]; @@ -37,7 +38,7 @@ void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, u bt = 0; for (i = 0; i < 4; i++) bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], i)) << i; - + data_out[0] = bt; } return; @@ -47,34 +48,37 @@ void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){ mf_crypto1_decryptEx(pcs, data, len, data); } -void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) { +void mf_crypto1_encryptEx(struct Crypto1State *pcs, uint8_t *data, uint8_t *in, uint16_t len, uint8_t *par) { uint8_t bt = 0; int i; par[0] = 0; - + for (i = 0; i < len; i++) { bt = data[i]; - data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i]; - if((i&0x0007) == 0) + data[i] = crypto1_byte(pcs, in==NULL?0x00:in[i], 0) ^ data[i]; + if((i&0x0007) == 0) par[i>>3] = 0; par[i>>3] |= (((filter(pcs->odd) ^ oddparity8(bt)) & 0x01)<<(7-(i&0x0007))); - } + } return; } +void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) { + mf_crypto1_encryptEx(pcs, data, NULL, len, par); +} + uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data) { uint8_t bt = 0; int i; for (i = 0; i < 4; i++) bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data, i)) << i; - + return bt; } // send X byte basic commands -int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing) -{ +int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing) { uint8_t dcmd[data_size+3]; dcmd[0] = cmd; memcpy(dcmd+1,data,data_size); @@ -90,43 +94,40 @@ int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answe } // send 2 byte commands -int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing) -{ +int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing) { uint8_t dcmd[4], ecmd[4]; uint16_t pos, res; - uint8_t par[1]; // 1 Byte parity is enough here + uint8_t par[1]; // 1 Byte parity is enough here dcmd[0] = cmd; dcmd[1] = data; AppendCrc14443a(dcmd, 2); - + memcpy(ecmd, dcmd, sizeof(dcmd)); - + if (crypted) { par[0] = 0; for (pos = 0; pos < 4; pos++) { ecmd[pos] = crypto1_byte(pcs, 0x00, 0) ^ dcmd[pos]; par[0] |= (((filter(pcs->odd) ^ oddparity8(dcmd[pos])) & 0x01) << (7-pos)); - } - + } ReaderTransmitPar(ecmd, sizeof(ecmd), par, timing); - } else { ReaderTransmit(dcmd, sizeof(dcmd), timing); } int len = ReaderReceive(answer, par); - + if (answer_parity) *answer_parity = par[0]; - + if (crypted == CRYPT_ALL) { if (len == 1) { res = 0; for (pos = 0; pos < 4; pos++) res |= (crypto1_bit(pcs, 0, 0) ^ BIT(answer[0], pos)) << pos; - + answer[0] = res; - + } else { for (pos = 0; pos < len; pos++) { @@ -134,41 +135,41 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, } } } - + return len; } + // mifare classic commands -int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested) -{ - return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL); +int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *auth_timeout) { + + return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL, auth_timeout); } -int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *ntptr, uint32_t *timing) -{ - // variables - int len; + +int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *ntptr, uint32_t *timing, uint32_t *auth_timeout) { + + int len; uint32_t pos; - uint8_t tmp4[4]; uint8_t par[1] = {0x00}; byte_t nr[4]; uint32_t nt, ntpp; // Supplied tag nonce - + uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + // Transmit MIFARE_CLASSIC_AUTH - len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing); - if (MF_DBGLEVEL >= 4) Dbprintf("rand tag nonce len: %x", len); + len = mifare_sendcmd_short(pcs, isNested, keyType & 0x01 ? MIFARE_AUTH_KEYB : MIFARE_AUTH_KEYA, blockNo, receivedAnswer, receivedAnswerPar, timing); + if (MF_DBGLEVEL >= 4) Dbprintf("rand tag nonce len: %x", len); if (len != 4) return 1; - + // "random" reader nonce: nr[0] = 0x55; nr[1] = 0x41; nr[2] = 0x49; - nr[3] = 0x92; - + nr[3] = 0x92; + // Save the tag nonce (nt) nt = bytes_to_num(receivedAnswer, 4); @@ -180,7 +181,7 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN crypto1_create(pcs, ui64Key); if (isNested == AUTH_NESTED) { - // decrypt nt with help of new key + // decrypt nt with help of new key nt = crypto1_word(pcs, nt ^ uid, 1) ^ nt; } else { // Load (plain) uid^nt into the cipher @@ -189,80 +190,85 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN // some statistic if (!ntptr && (MF_DBGLEVEL >= 3)) - Dbprintf("auth uid: %08x nt: %08x", uid, nt); - + Dbprintf("auth uid: %08x nt: %08x", uid, nt); + // save Nt if (ntptr) *ntptr = nt; // Generate (encrypted) nr+parity by loading it into the cipher (Nr) par[0] = 0; - for (pos = 0; pos < 4; pos++) - { + for (pos = 0; pos < 4; pos++) { mf_nr_ar[pos] = crypto1_byte(pcs, nr[pos], 0) ^ nr[pos]; par[0] |= (((filter(pcs->odd) ^ oddparity8(nr[pos])) & 0x01) << (7-pos)); - } - + } + // Skip 32 bits in pseudo random generator nt = prng_successor(nt,32); // ar+parity - for (pos = 4; pos < 8; pos++) - { + for (pos = 4; pos < 8; pos++) { nt = prng_successor(nt,8); - mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff); + mf_nr_ar[pos] = crypto1_byte(pcs, 0x00, 0) ^ (nt & 0xff); par[0] |= (((filter(pcs->odd) ^ oddparity8(nt)) & 0x01) << (7-pos)); - } - + } + // Transmit reader nonce and reader answer ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL); // Receive 4 byte tag answer + uint32_t save_timeout = iso14a_get_timeout(); // save standard timeout + if (auth_timeout && *auth_timeout) { + iso14a_set_timeout(*auth_timeout); // set timeout for authentication response + } + uint32_t auth_timeout_start = GetCountSspClk(); len = ReaderReceive(receivedAnswer, receivedAnswerPar); - if (!len) - { - if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout."); + iso14a_set_timeout(save_timeout); // restore standard timeout + if (!len) { + if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout."); return 2; } - - memcpy(tmp4, receivedAnswer, 4); - ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0); - - if (ntpp != bytes_to_num(tmp4, 4)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Error card response."); + if (auth_timeout && !*auth_timeout) { // measure time for future authentication response timeout + *auth_timeout = (GetCountSspClk() - auth_timeout_start - (len * 9 + 2) * 8) / 8 + 1; + } + + ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0, 0); + + if (ntpp != bytes_to_num(receivedAnswer, 4)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Error card response."); return 3; } return 0; } -int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) -{ + +int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) { // variables - int len; - uint8_t bt[2]; - + int len; + uint8_t bt[2]; + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + // command MIFARE_CLASSIC_READBLOCK - len = mifare_sendcmd_short(pcs, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL); + len = mifare_sendcmd_short(pcs, 1, MIFARE_CMD_READBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL); if (len == 1) { - if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); return 1; } if (len != 18) { - if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len); + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len); return 2; } memcpy(bt, receivedAnswer + 16, 2); AppendCrc14443a(receivedAnswer, 16); if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) { - if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error."); + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error."); return 3; } - + memcpy(blockData, receivedAnswer, 16); return 0; } @@ -277,8 +283,8 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){ memcpy(key, keybytes, 4); if (MF_DBGLEVEL >= MF_DBG_EXTENDED) - Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]); - len = mifare_sendcmd(0x1B, key, sizeof(key), resp, respPar, NULL); + Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]); + len = mifare_sendcmd(MIFARE_ULEV1_AUTH, key, sizeof(key), resp, respPar, NULL); //len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL); if (len != 4) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len); @@ -296,7 +302,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ /// 3des2k - des3_context ctx = { 0x00 }; + mbedtls_des3_context ctx = { {0} }; uint8_t random_a[8] = {1,1,1,1,1,1,1,1}; uint8_t random_b[8] = {0x00}; uint8_t enc_random_b[8] = {0x00}; @@ -310,7 +316,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ uint8_t respPar[3] = {0,0,0}; // REQUEST AUTHENTICATION - len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL); + len = mifare_sendcmd_short(NULL, 1, MIFARE_ULC_AUTH_1, 0x00, resp, respPar ,NULL); if (len != 11) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); return 0; @@ -321,13 +327,13 @@ int mifare_ultra_auth(uint8_t *keybytes){ // decrypt nonce. // tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV ); - des3_set2key_dec(&ctx, key); - des3_crypt_cbc(&ctx // des3_context - , DES_DECRYPT // int mode - , sizeof(random_b) // length - , IV // iv[8] - , enc_random_b // input - , random_b // output + mbedtls_des3_set2key_dec(&ctx, key); + mbedtls_des3_crypt_cbc(&ctx // des3_context + , MBEDTLS_DES_DECRYPT // int mode + , sizeof(random_b) // length + , IV // iv[8] + , enc_random_b // input + , random_b // output ); rol(random_b,8); @@ -350,17 +356,17 @@ int mifare_ultra_auth(uint8_t *keybytes){ // encrypt out, in, length, key, iv //tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b); - des3_set2key_enc(&ctx, key); - des3_crypt_cbc(&ctx // des3_context - , DES_ENCRYPT // int mode - , sizeof(rnd_ab) // length - , enc_random_b // iv[8] - , rnd_ab // input - , rnd_ab // output + mbedtls_des3_set2key_enc(&ctx, key); + mbedtls_des3_crypt_cbc(&ctx // des3_context + , MBEDTLS_DES_ENCRYPT // int mode + , sizeof(rnd_ab) // length + , enc_random_b // iv[8] + , rnd_ab // input + , rnd_ab // output ); //len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL); - len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL); + len = mifare_sendcmd(MIFARE_ULC_AUTH_2, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL); if (len != 11) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); return 0; @@ -370,15 +376,15 @@ int mifare_ultra_auth(uint8_t *keybytes){ uint8_t resp_random_a[8] = { 0,0,0,0,0,0,0,0 }; memcpy(enc_resp, resp+1, 8); - // decrypt out, in, length, key, iv + // decrypt out, in, length, key, iv // tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b); - des3_set2key_dec(&ctx, key); - des3_crypt_cbc(&ctx // des3_context - , DES_DECRYPT // int mode - , 8 // length - , enc_random_b // iv[8] - , enc_resp // input - , resp_random_a // output + mbedtls_des3_set2key_dec(&ctx, key); + mbedtls_des3_crypt_cbc(&ctx // des3_context + , MBEDTLS_DES_DECRYPT // int mode + , 8 // length + , enc_random_b // iv[8] + , enc_resp // input + , resp_random_a // output ); if ( memcmp(resp_random_a, random_a, 8) != 0 ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication"); @@ -386,7 +392,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ } if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { - Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", + Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3], rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]); @@ -410,14 +416,14 @@ int mifare_ultra_auth(uint8_t *keybytes){ int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData) { uint16_t len; - uint8_t bt[2]; + uint8_t bt[2]; uint8_t receivedAnswer[MAX_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_PARITY_SIZE]; uint8_t retries; int result = 0; for (retries = 0; retries < MFU_MAX_RETRIES; retries++) { - len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL); + len = mifare_sendcmd_short(NULL, 1, MIFARE_CMD_READBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL); if (len == 1) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); result = 1; @@ -447,59 +453,59 @@ int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData) return result; } - memcpy(blockData, receivedAnswer, 14); + memcpy(blockData, receivedAnswer, 16); return 0; } -int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) +int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) { // variables - uint16_t len, i; + uint16_t len, i; uint32_t pos; - uint8_t par[3] = {0}; // enough for 18 Bytes to send + uint8_t par[3] = {0}; // enough for 18 Bytes to send byte_t res; - + uint8_t d_block[18], d_block_enc[18]; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + // command MIFARE_CLASSIC_WRITEBLOCK - len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL); + len = mifare_sendcmd_short(pcs, 1, MIFARE_CMD_WRITEBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL); if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK - if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); return 1; } - + memcpy(d_block, blockData, 16); AppendCrc14443a(d_block, 16); - + // crypto for (pos = 0; pos < 18; pos++) { d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos]; par[pos>>3] |= (((filter(pcs->odd) ^ oddparity8(d_block[pos])) & 0x01) << (7 - (pos&0x0007))); - } + } ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par, NULL); // Receive the response - len = ReaderReceive(receivedAnswer, receivedAnswerPar); + len = ReaderReceive(receivedAnswer, receivedAnswerPar); res = 0; for (i = 0; i < 4; i++) res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i; if ((len != 1) || (res != 0x0A)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Cmd send data2 Error: %02x", res); + if (MF_DBGLEVEL >= 1) Dbprintf("Cmd send data2 Error: %02x", res); return 2; } - + return 0; } /* // command not needed, but left for future testing -int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData) +int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData) { uint16_t len; uint8_t par[3] = {0}; // enough for 18 parity bits @@ -507,7 +513,7 @@ int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData) uint8_t receivedAnswer[MAX_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_PARITY_SIZE]; - len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL); + len = mifare_sendcmd_short(NULL, true, MIFARE_CMD_WRITEBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL); if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK if (MF_DBGLEVEL >= MF_DBG_ERROR) @@ -553,16 +559,16 @@ int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData) return 0; } -int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) +int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) { - uint16_t len; + uint16_t len; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL); + len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, ISO14443A_CMD_HALT, 0x00, receivedAnswer, receivedAnswerPar, NULL); if (len != 0) { if (MF_DBGLEVEL >= MF_DBG_ERROR) - Dbprintf("halt error. response len: %x", len); + Dbprintf("halt error. response len: %x", len); return 1; } @@ -574,8 +580,8 @@ int mifare_ultra_halt() uint16_t len; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - - len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL); + + len = mifare_sendcmd_short(NULL, true, ISO14443A_CMD_HALT, 0x00, receivedAnswer, receivedAnswerPar, NULL); if (len != 0) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len); @@ -587,21 +593,21 @@ int mifare_ultra_halt() // Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards), // plus evtl. 8 sectors with 16 blocks each (4k cards) -uint8_t NumBlocksPerSector(uint8_t sectorNo) +uint8_t NumBlocksPerSector(uint8_t sectorNo) { - if (sectorNo < 32) + if (sectorNo < 32) return 4; else return 16; } -uint8_t FirstBlockOfSector(uint8_t sectorNo) +uint8_t FirstBlockOfSector(uint8_t sectorNo) { if (sectorNo < 32) return sectorNo * 4; else return 32*4 + (sectorNo - 32) * 16; - + } uint8_t SectorTrailer(uint8_t blockNo) @@ -644,7 +650,7 @@ int emlCheckValBl(int blockNum) { (data[3] != (data[7] ^ 0xff)) || (data[3] != data[11]) || (data[12] != (data[13] ^ 0xff)) || (data[12] != data[14]) || (data[12] != (data[15] ^ 0xff)) - ) + ) return 1; return 0; } @@ -652,11 +658,11 @@ int emlCheckValBl(int blockNum) { int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) { uint8_t* emCARD = BigBuf_get_EM_addr(); uint8_t* data = emCARD + blockNum * 16; - + if (emlCheckValBl(blockNum)) { return 1; } - + memcpy(blReg, data, 4); *blBlock = data[12]; return 0; @@ -665,41 +671,41 @@ int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) { int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum) { uint8_t* emCARD = BigBuf_get_EM_addr(); uint8_t* data = emCARD + blockNum * 16; - + memcpy(data + 0, &blReg, 4); memcpy(data + 8, &blReg, 4); blReg = blReg ^ 0xffffffff; memcpy(data + 4, &blReg, 4); - + data[12] = blBlock; data[13] = blBlock ^ 0xff; data[14] = blBlock; data[15] = blBlock ^ 0xff; - + return 0; } uint64_t emlGetKey(int sectorNum, int keyType) { uint8_t key[6]; uint8_t* emCARD = BigBuf_get_EM_addr(); - + memcpy(key, emCARD + 16 * (FirstBlockOfSector(sectorNum) + NumBlocksPerSector(sectorNum) - 1) + keyType * 10, 6); return bytes_to_num(key, 6); } void emlClearMem(void) { int b; - + const uint8_t trailer[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0x80, 0x69, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; const uint8_t uid[] = {0xe6, 0x84, 0x87, 0xf3, 0x16, 0x88, 0x04, 0x00, 0x46, 0x8e, 0x45, 0x55, 0x4d, 0x70, 0x41, 0x04}; uint8_t* emCARD = BigBuf_get_EM_addr(); - + memset(emCARD, 0, CARD_MEMORY_SIZE); - + // fill sectors trailer data for(b = 3; b < 256; b<127?(b+=4):(b+=16)) { emlSetMem((uint8_t *)trailer, b , 1); - } + } // uid emlSetMem((uint8_t *)uid, 0, 1); @@ -710,35 +716,35 @@ void emlClearMem(void) { // Mifare desfire commands int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing) { - uint8_t dcmd[5] = {0x00}; - dcmd[0] = cmd; - memcpy(dcmd+1,data,2); + uint8_t dcmd[5] = {0x00}; + dcmd[0] = cmd; + memcpy(dcmd+1,data,2); AppendCrc14443a(dcmd, 3); - + ReaderTransmit(dcmd, sizeof(dcmd), NULL); int len = ReaderReceive(answer, answer_parity); if(!len) { - if (MF_DBGLEVEL >= MF_DBG_ERROR) + if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout."); return 1; - } + } return len; } int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing) { - uint8_t dcmd[20] = {0x00}; - dcmd[0] = cmd; - memcpy(dcmd+1,data,17); + uint8_t dcmd[20] = {0x00}; + dcmd[0] = cmd; + memcpy(dcmd+1,data,17); AppendCrc14443a(dcmd, 18); ReaderTransmit(dcmd, sizeof(dcmd), NULL); int len = ReaderReceive(answer, answer_parity); if(!len){ - if (MF_DBGLEVEL >= MF_DBG_ERROR) + if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout."); return 1; - } + } return len; } @@ -749,23 +755,23 @@ int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){ uint8_t data[2]={0x0a, 0x00}; uint8_t receivedAnswer[MAX_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_PARITY_SIZE]; - + len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL); if (len == 1) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); return 1; } - + if (len == 12) { - if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4], receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9], receivedAnswer[10],receivedAnswer[11]); } memcpy(blockData, receivedAnswer, 12); - return 0; + return 0; } return 1; } @@ -776,18 +782,18 @@ int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ uint8_t data[17] = {0x00}; data[0] = 0xAF; memcpy(data+1,key,16); - + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; - + len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL); - + if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]); return 1; } - + if (len == 12){ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", @@ -806,18 +812,17 @@ int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ // //----------------------------------------------------------------------------- // one key check -int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uint64_t ui64Key, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel) { +static int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uint8_t *key, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel, bool fixed_nonce) { struct Crypto1State mpcs = {0, 0}; struct Crypto1State *pcs; pcs = &mpcs; - // Iceman: use piwi's faster nonce collecting part in hardnested. if (*cascade_levels == 0) { // need a full select cycle to get the uid first iso14a_card_select_t card_info; - if(!iso14443a_select_card(uid, &card_info, cuid, true, 0, true)) { - if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card"); - return 1; + if (!iso14443a_select_card(uid, &card_info, cuid, true, 0, true)) { + if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card"); + return -1; } switch (card_info.uidlen) { case 4 : *cascade_levels = 1; break; @@ -826,99 +831,114 @@ int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uin default: break; } } else { // no need for anticollision. We can directly select the card - if(!iso14443a_select_card(uid, NULL, NULL, false, *cascade_levels, true)) { - if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card (UID) lvl=%d", *cascade_levels); - return 1; + if (!iso14443a_select_card(uid, NULL, NULL, false, *cascade_levels, true)) { + if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card (UID) lvl=%d", *cascade_levels); + return -1; } } - - if(mifare_classic_auth(pcs, *cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) { -// SpinDelayUs(AUTHENTICATION_TIMEOUT); // it not needs because mifare_classic_auth have timeout from iso14a_set_timeout() - return 2; + + if (!fixed_nonce) { + uint64_t ui64Key = bytes_to_num(key, 6); + if (mifare_classic_auth(pcs, *cuid, blockNo, keyType, ui64Key, AUTH_FIRST, auth_timeout)) { // authentication failed + return -2; + } else { + mifare_classic_halt(pcs, *cuid); + } } else { -/* // let it be here. it like halt command, but maybe it will work in some strange cases - uint8_t dummy_answer = 0; - ReaderTransmit(&dummy_answer, 1, NULL); - int timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT; - // wait for the card to become ready again - while(GetCountSspClk() < timeout) {}; -*/ - // it needs after success authentication - mifare_classic_halt(pcs, *cuid); + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; + uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; + // Transmit MIFARE_CLASSIC_AUTH + int len = mifare_sendcmd_short(pcs, false, keyType & 0x01 ? MIFARE_AUTH_KEYB : MIFARE_AUTH_KEYA, blockNo, receivedAnswer, receivedAnswerPar, NULL); + if (len != 4) return -2; + // Transmit encrypted reader nonce and reader answer + uint8_t mf_nr_ar[8] = NESTED_FIXED_NR_ENC; + memcpy(mf_nr_ar + 4, key, 4); + ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), key + 4, NULL); + uint32_t save_timeout = iso14a_get_timeout(); // save standard timeout + iso14a_set_timeout(*auth_timeout); // set timeout for authentication response + len = ReaderReceive(receivedAnswer, receivedAnswerPar); + iso14a_set_timeout(save_timeout); // restore standard timeout + if (!len) return -2; } - - return 0; + + return 0; // success } // multi key check -int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel) { +static int MifareChkBlockKeysEx(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel, bool fixed_nonce) { + uint8_t uid[10]; uint32_t cuid = 0; uint8_t cascade_levels = 0; - uint64_t ui64Key = 0; int retryCount = 0; for (uint8_t i = 0; i < keyCount; i++) { - - // Allow button press / usb cmd to interrupt device - if (BUTTON_PRESS() && !usb_poll_validate_length()) { - Dbprintf("ChkKeys: Cancel operation. Exit..."); - return -2; - } - - ui64Key = bytes_to_num(keys + i * 6, 6); - int res = MifareChkBlockKey(uid, &cuid, &cascade_levels, ui64Key, blockNo, keyType, debugLevel); - - // can't select - if (res == 1) { + uint8_t bytes_per_key = fixed_nonce ? 5 : 6; + int res = MifareChkBlockKey(uid, &cuid, &cascade_levels, keys + i*bytes_per_key, blockNo, keyType, auth_timeout, debugLevel, fixed_nonce); + if (res == -1) { // couldn't select retryCount++; if (retryCount >= 5) { - Dbprintf("ChkKeys: block=%d key=%d. Can't select. Exit...", blockNo, keyType); + Dbprintf("ChkKeys: block=%d key=%d. Couldn't select. Exit...", blockNo, keyType); return -1; + } else { + --i; // try the same key once again + SpinDelay(20); + // Dbprintf("ChkKeys: block=%d key=%d. Try the same key once again...", blockNo, keyType); + continue; } - --i; // try the same key once again - - SpinDelay(20); -// Dbprintf("ChkKeys: block=%d key=%d. Try the same key once again...", blockNo, keyType); + } + if (res == -2) { // couldn't authenticate with this key + retryCount = 0; continue; } - - // can't authenticate - if (res == 2) { - retryCount = 0; - continue; // can't auth. wrong key. - } - return i + 1; + return i + 1; // successful authentication + } - - return 0; + + if (BUTTON_PRESS()) { + return -2; + } + + return 0; // couldn't authenticate with any key } + +int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel) { + return MifareChkBlockKeysEx(keys, keyCount, blockNo, keyType, auth_timeout, debugLevel, false); +} + + +// fixed nonce check +int MifareChkBlockKeysFixedNonce(uint8_t *ar_par, uint8_t ar_par_cnt, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel) { + return MifareChkBlockKeysEx(ar_par, ar_par_cnt, blockNo, keyType, auth_timeout, debugLevel, true); +} + + // multisector multikey check -int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint8_t debugLevel, TKeyIndex *keyIndex) { +int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel, TKeyIndex *keyIndex) { int res = 0; - -// int clk = GetCountSspClk(); + +// int clk = GetCountSspClk(); for(int sc = 0; sc < SectorCount; sc++){ WDT_HIT(); int keyAB = keyType; do { - res = MifareChkBlockKeys(keys, keyCount, FirstBlockOfSector(sc), keyAB & 0x01, debugLevel); - if (res < 0){ + res = MifareChkBlockKeys(keys, keyCount, FirstBlockOfSector(sc), keyAB & 0x01, auth_timeout, debugLevel); + if (res < 0) { return res; } - if (res > 0){ + if (res > 0) { (*keyIndex)[keyAB & 0x01][sc] = res; } } while(--keyAB > 0); } - -// Dbprintf("%d %d", GetCountSspClk() - clk, (GetCountSspClk() - clk)/(SectorCount*keyCount*(keyType==2?2:1))); - - return 0; + +// Dbprintf("%d %d", GetCountSspClk() - clk, (GetCountSspClk() - clk)/(SectorCount*keyCount*(keyType==2?2:1))); + + return 1; } diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index b2912895..c2bfc634 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -9,8 +9,8 @@ // code for work with mifare cards. //----------------------------------------------------------------------------- -#ifndef __MIFAREUTIL_H -#define __MIFAREUTIL_H +#ifndef MIFAREUTIL_H__ +#define MIFAREUTIL_H__ #include #include @@ -19,26 +19,21 @@ #include "usb_cdc.h" // mifare authentication -#define CRYPT_NONE 0 -#define CRYPT_ALL 1 -#define CRYPT_REQUEST 2 -#define AUTH_FIRST 0 -#define AUTH_NESTED 2 - -// mifare 4bit card answers -#define CARD_ACK 0x0A // 1010 - ACK -#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed) -#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error +#define CRYPT_NONE 0 +#define CRYPT_ALL 1 +#define CRYPT_REQUEST 2 +#define AUTH_FIRST 0 +#define AUTH_NESTED 2 // reader voltage field detector #define MF_MINFIELDV 4000 // debug -// 0 - no debug messages 1 - error messages 2 - all messages 4 - extended debug mode -#define MF_DBG_NONE 0 -#define MF_DBG_ERROR 1 -#define MF_DBG_ALL 2 -#define MF_DBG_EXTENDED 4 +#define MF_DBG_NONE 0 // no messages +#define MF_DBG_ERROR 1 // errors only +#define MF_DBG_INFO 2 // errors + info messages +#define MF_DBG_DEBUG 3 // errors + info + debug messages +#define MF_DBG_EXTENDED 4 // errors + info + debug + breaking debug messages extern int MF_DBGLEVEL; @@ -47,10 +42,10 @@ int mifare_sendcmd(uint8_t cmd, uint8_t *data, uint8_t data_size, uint8_t* answe int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing); // mifare classic -int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested); -int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing); +int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *auth_timeout); +int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing, uint32_t *auth_timeout); int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); -int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); +int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); // Ultralight/NTAG... @@ -71,6 +66,7 @@ int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData); void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len); void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out); void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par); +void mf_crypto1_encryptEx(struct Crypto1State *pcs, uint8_t *data, uint8_t *in, uint16_t len, uint8_t *par); uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data); // Mifare memory structure @@ -91,8 +87,8 @@ int emlCheckValBl(int blockNum); // mifare check keys typedef uint8_t TKeyIndex[2][40]; -int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uint64_t ui64Key, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel); -int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel); -int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint8_t debugLevel, TKeyIndex *keyIndex); +int MifareChkBlockKeysFixedNonce(uint8_t *ar_par, uint8_t ar_par_cnt, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel); +int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel); +int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint32_t *auth_timeout, uint8_t debugLevel, TKeyIndex *keyIndex); #endif diff --git a/armsrc/optimized_cipher.c b/armsrc/optimized_cipher.c index b1f33737..2ac72ec0 100644 --- a/armsrc/optimized_cipher.c +++ b/armsrc/optimized_cipher.c @@ -1,13 +1,13 @@ /***************************************************************************** * WARNING * - * THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY. - * - * USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL - * PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL, - * AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES. - * - * THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS. + * THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY. + * + * USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL + * PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL, + * AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES. + * + * THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS. * ***************************************************************************** * @@ -31,9 +31,9 @@ * * You should have received a copy of the GNU General Public License * along with loclass. If not, see . - * - * - * + * + * + * ****************************************************************************/ /** @@ -60,15 +60,63 @@ -- MHS 2015 **/ +/** + + The runtime of opt_doTagMAC_2() with the MHS optimized version was 403 microseconds on Proxmark3. + This was still to slow for some newer readers which didn't want to wait that long. + + Further optimizations to speedup the MAC calculations: + * Optimized opt_Tt logic + * Look up table for opt_select + * Removing many unnecessary bit maskings (& 0x1) + * updating state in place instead of alternating use of a second state structure + * remove the necessity to reverse bits of input and output bytes + + opt_doTagMAC_2() now completes in 270 microseconds. + + -- piwi 2019 +**/ + #include "optimized_cipher.h" #include #include #include +#include "string.h" +static const uint8_t opt_select_LUT[256] = { + 00, 03, 02, 01, 02, 03, 00, 01, 04, 07, 07, 04, 06, 07, 05, 04, + 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, + 06, 05, 04, 07, 04, 05, 06, 07, 06, 05, 05, 06, 04, 05, 07, 06, + 07, 04, 05, 06, 04, 05, 06, 07, 07, 04, 04, 07, 04, 05, 07, 06, + 06, 05, 04, 07, 04, 05, 06, 07, 02, 01, 01, 02, 00, 01, 03, 02, + 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, + 00, 03, 02, 01, 02, 03, 00, 01, 00, 03, 03, 00, 02, 03, 01, 00, + 05, 06, 07, 04, 06, 07, 04, 05, 05, 06, 06, 05, 06, 07, 05, 04, + 02, 01, 00, 03, 00, 01, 02, 03, 06, 05, 05, 06, 04, 05, 07, 06, + 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, + 02, 01, 00, 03, 00, 01, 02, 03, 02, 01, 01, 02, 00, 01, 03, 02, + 03, 00, 01, 02, 00, 01, 02, 03, 03, 00, 00, 03, 00, 01, 03, 02, + 04, 07, 06, 05, 06, 07, 04, 05, 00, 03, 03, 00, 02, 03, 01, 00, + 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, + 04, 07, 06, 05, 06, 07, 04, 05, 04, 07, 07, 04, 06, 07, 05, 04, + 01, 02, 03, 00, 02, 03, 00, 01, 01, 02, 02, 01, 02, 03, 01, 00 +}; -#define opt_T(s) (0x1 & ((s->t >> 15) ^ (s->t >> 14)^ (s->t >> 10)^ (s->t >> 8)^ (s->t >> 5)^ (s->t >> 4)^ (s->t >> 1)^ s->t)) - -#define opt_B(s) (((s->b >> 6) ^ (s->b >> 5) ^ (s->b >> 4) ^ (s->b)) & 0x1) +/********************** the table above has been generated with this code: ******** +#include "util.h" +static void init_opt_select_LUT(void) { + for (int r = 0; r < 256; r++) { + uint8_t r_ls2 = r << 2; + uint8_t r_and_ls2 = r & r_ls2; + uint8_t r_or_ls2 = r | r_ls2; + uint8_t z0 = (r_and_ls2 >> 5) ^ ((r & ~r_ls2) >> 4) ^ ( r_or_ls2 >> 3); + uint8_t z1 = (r_or_ls2 >> 6) ^ ( r_or_ls2 >> 1) ^ (r >> 5) ^ r; + uint8_t z2 = ((r & ~r_ls2) >> 4) ^ (r_and_ls2 >> 3) ^ r; + opt_select_LUT[r] = (z0 & 4) | (z1 & 2) | (z2 & 1); + } + print_result("", opt_select_LUT, 256); +} +***********************************************************************************/ #define opt__select(x,y,r) (4 & (((r & (r << 2)) >> 5) ^ ((r & ~(r << 2)) >> 4) ^ ( (r | r << 2) >> 3)))\ |(2 & (((r | r << 2) >> 6) ^ ( (r | r << 2) >> 1) ^ (r >> 5) ^ r ^ ((x^y) << 1)))\ @@ -78,169 +126,145 @@ * Some background on the expression above can be found here... uint8_t xopt__select(bool x, bool y, uint8_t r) { - uint8_t r_ls2 = r << 2; - uint8_t r_and_ls2 = r & r_ls2; - uint8_t r_or_ls2 = r | r_ls2; //r: r0 r1 r2 r3 r4 r5 r6 r7 //r_ls2: r2 r3 r4 r5 r6 r7 0 0 // z0 // z1 -// uint8_t z0 = (r0 & r2) ^ (r1 & ~r3) ^ (r2 | r4); // <-- original +// uint8_t z0 = (r0 & r2) ^ (r1 & ~r3) ^ (r2 | r4); // <-- original uint8_t z0 = (r_and_ls2 >> 5) ^ ((r & ~r_ls2) >> 4) ^ ( r_or_ls2 >> 3); -// uint8_t z1 = (r0 | r2) ^ ( r5 | r7) ^ r1 ^ r6 ^ x ^ y; // <-- original +// uint8_t z1 = (r0 | r2) ^ ( r5 | r7) ^ r1 ^ r6 ^ x ^ y; // <-- original uint8_t z1 = (r_or_ls2 >> 6) ^ ( r_or_ls2 >> 1) ^ (r >> 5) ^ r ^ ((x^y) << 1); -// uint8_t z2 = (r3 & ~r5) ^ (r4 & r6 ) ^ r7 ^ x; // <-- original +// uint8_t z2 = (r3 & ~r5) ^ (r4 & r6 ) ^ r7 ^ x; // <-- original uint8_t z2 = ((r & ~r_ls2) >> 4) ^ (r_and_ls2 >> 3) ^ r ^ x; return (z0 & 4) | (z1 & 2) | (z2 & 1); } */ -void opt_successor(const uint8_t* k, State *s, bool y, State* successor) -{ +static void opt_successor(const uint8_t *k, State *s, uint8_t y) { +// #define opt_T(s) (0x1 & ((s->t >> 15) ^ (s->t >> 14) ^ (s->t >> 10) ^ (s->t >> 8) ^ (s->t >> 5) ^ (s->t >> 4)^ (s->t >> 1) ^ s->t)) + // uint8_t Tt = opt_T(s); + uint16_t Tt = s->t & 0xc533; + Tt = Tt ^ (Tt >> 1); + Tt = Tt ^ (Tt >> 4); + Tt = Tt ^ (Tt >> 10); + Tt = Tt ^ (Tt >> 8); - uint8_t Tt = 1 & opt_T(s); + s->t = (s->t >> 1); + s->t |= (Tt ^ (s->r >> 7) ^ (s->r >> 3)) << 15; - successor->t = (s->t >> 1); - successor->t |= (Tt ^ (s->r >> 7 & 0x1) ^ (s->r >> 3 & 0x1)) << 15; + uint8_t opt_B = s->b; + opt_B ^= s->b >> 6; + opt_B ^= s->b >> 5; + opt_B ^= s->b >> 4; - successor->b = s->b >> 1; - successor->b |= (opt_B(s) ^ (s->r & 0x1)) << 7; + s->b = s->b >> 1; + s->b |= (opt_B ^ s->r) << 7; - successor->r = (k[opt__select(Tt,y,s->r)] ^ successor->b) + s->l ; - successor->l = successor->r+s->r; + uint8_t opt_select = opt_select_LUT[s->r] & 0x04; + opt_select |= (opt_select_LUT[s->r] ^ ((Tt ^ y) << 1)) & 0x02; + opt_select |= (opt_select_LUT[s->r] ^ Tt) & 0x01; + uint8_t r = s->r; + s->r = (k[opt_select] ^ s->b) + s->l ; + s->l = s->r + r; } -void opt_suc(const uint8_t* k,State* s, uint8_t *in, uint8_t length, bool add32Zeroes) -{ - State x2; - int i; - uint8_t head = 0; - for(i =0 ; i < length ; i++) - { - head = 1 & (in[i] >> 7); - opt_successor(k,s,head,&x2); +static void opt_suc(const uint8_t *k, State *s, uint8_t *in, uint8_t length, bool add32Zeroes) { + for (int i = 0; i < length; i++) { + uint8_t head; + head = in[i]; + opt_successor(k, s, head); - head = 1 & (in[i] >> 6); - opt_successor(k,&x2,head,s); + head >>= 1; + opt_successor(k, s, head); - head = 1 & (in[i] >> 5); - opt_successor(k,s,head,&x2); + head >>= 1; + opt_successor(k, s, head); - head = 1 & (in[i] >> 4); - opt_successor(k,&x2,head,s); + head >>= 1; + opt_successor(k, s, head); - head = 1 & (in[i] >> 3); - opt_successor(k,s,head,&x2); + head >>= 1; + opt_successor(k, s, head); - head = 1 & (in[i] >> 2); - opt_successor(k,&x2,head,s); + head >>= 1; + opt_successor(k, s, head); - head = 1 & (in[i] >> 1); - opt_successor(k,s,head,&x2); - - head = 1 & in[i]; - opt_successor(k,&x2,head,s); + head >>= 1; + opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); } //For tag MAC, an additional 32 zeroes - if(add32Zeroes) - for(i =0 ; i < 16 ; i++) - { - opt_successor(k,s,0,&x2); - opt_successor(k,&x2,0,s); + if (add32Zeroes) { + for(int i = 0; i < 16; i++) { + opt_successor(k, s, 0); + opt_successor(k, s, 0); } + } } -void opt_output(const uint8_t* k,State* s, uint8_t *buffer) -{ - uint8_t times = 0; - uint8_t bout = 0; - State temp = {0,0,0,0}; - for( ; times < 4 ; times++) - { - bout =0; - bout |= (s->r & 0x4) << 5; - opt_successor(k,s,0,&temp); - bout |= (temp.r & 0x4) << 4; - opt_successor(k,&temp,0,s); - bout |= (s->r & 0x4) << 3; - opt_successor(k,s,0,&temp); - bout |= (temp.r & 0x4) << 2; - opt_successor(k,&temp,0,s); - bout |= (s->r & 0x4) << 1; - opt_successor(k,s,0,&temp); - bout |= (temp.r & 0x4) ; - opt_successor(k,&temp,0,s); +static void opt_output(const uint8_t *k, State *s, uint8_t *buffer) { + for (uint8_t times = 0; times < 4; times++) { + uint8_t bout = 0; + bout |= (s->r & 0x4) >> 2; + opt_successor(k, s, 0); bout |= (s->r & 0x4) >> 1; - opt_successor(k,s,0,&temp); - bout |= (temp.r & 0x4) >> 2; - opt_successor(k,&temp,0,s); + opt_successor(k, s, 0); + bout |= (s->r & 0x4); + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 1; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 2; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 3; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 4; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 5; + opt_successor(k, s, 0); buffer[times] = bout; } - } -void opt_MAC(uint8_t* k, uint8_t* input, uint8_t* out) -{ +static void opt_MAC(uint8_t *k, uint8_t *input, uint8_t *out) { State _init = { - ((k[0] ^ 0x4c) + 0xEC) & 0xFF,// l - ((k[0] ^ 0x4c) + 0x21) & 0xFF,// r - 0x4c, // b - 0xE012 // t - }; + ((k[0] ^ 0x4c) + 0xEC) & 0xFF,// l + ((k[0] ^ 0x4c) + 0x21) & 0xFF,// r + 0x4c, // b + 0xE012 // t + }; - opt_suc(k,&_init,input,12, false); + opt_suc(k, &_init, input, 12, false); //printf("\noutp "); - opt_output(k,&_init, out); -} -uint8_t rev_byte(uint8_t b) { - b = (b & 0xF0) >> 4 | (b & 0x0F) << 4; - b = (b & 0xCC) >> 2 | (b & 0x33) << 2; - b = (b & 0xAA) >> 1 | (b & 0x55) << 1; - return b; -} -void opt_reverse_arraybytecpy(uint8_t* dest, uint8_t *src, size_t len) -{ - uint8_t i; - for( i =0; i< len ; i++) - dest[i] = rev_byte(src[i]); + opt_output(k, &_init, out); } -void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]) -{ - static uint8_t cc_nr[12]; - - opt_reverse_arraybytecpy(cc_nr, cc_nr_p,12); - uint8_t dest []= {0,0,0,0,0,0,0,0}; - opt_MAC(div_key_p,cc_nr, dest); - //The output MAC must also be reversed - opt_reverse_arraybytecpy(mac, dest,4); +void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]) { + uint8_t dest[] = {0, 0, 0, 0, 0, 0, 0, 0}; + opt_MAC(div_key_p, cc_nr_p, dest); + memcpy(mac, dest, 4); return; } -void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]) -{ - static uint8_t cc_nr[8+4+4]; - opt_reverse_arraybytecpy(cc_nr, cc_p,12); - State _init = { - ((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l - ((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r - 0x4c, // b - 0xE012 // t - }; - opt_suc(div_key_p,&_init,cc_nr, 12,true); - uint8_t dest []= {0,0,0,0}; - opt_output(div_key_p,&_init, dest); - //The output MAC must also be reversed - opt_reverse_arraybytecpy(mac, dest,4); - return; +void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]) { + State _init = { + ((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l + ((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r + 0x4c, // b + 0xE012 // t + }; + opt_suc(div_key_p, &_init, cc_p, 12, true); + opt_output(div_key_p, &_init, mac); + return; } + /** * The tag MAC can be divided (both can, but no point in dividing the reader mac) into * two functions, since the first 8 bytes are known, we can pre-calculate the state @@ -249,19 +273,17 @@ void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]) * @param div_key_p * @return the cipher state */ -State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) -{ - static uint8_t cc_nr[8]; - opt_reverse_arraybytecpy(cc_nr, cc_p,8); - State _init = { - ((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l - ((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r - 0x4c, // b - 0xE012 // t - }; - opt_suc(div_key_p,&_init,cc_nr, 8,false); +State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) { + State _init = { + ((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l + ((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r + 0x4c, // b + 0xE012 // t + }; + opt_suc(div_key_p, &_init, cc_p, 8, false); return _init; } + /** * The second part of the tag MAC calculation, since the CC is already calculated into the state, * this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag @@ -271,15 +293,8 @@ State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) * @param mac - where to store the MAC * @param div_key_p - the key to use */ -void opt_doTagMAC_2(State _init, uint8_t* nr, uint8_t mac[4], const uint8_t* div_key_p) -{ - static uint8_t _nr [4]; - opt_reverse_arraybytecpy(_nr, nr, 4); - opt_suc(div_key_p,&_init,_nr, 4, true); - //opt_suc(div_key_p,&_init,nr, 4, false); - uint8_t dest []= {0,0,0,0}; - opt_output(div_key_p,&_init, dest); - //The output MAC must also be reversed - opt_reverse_arraybytecpy(mac, dest,4); +void opt_doTagMAC_2(State _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p) { + opt_suc(div_key_p, &_init, nr, 4, true); + opt_output(div_key_p, &_init, mac); return; } diff --git a/armsrc/optimized_cipher.h b/armsrc/optimized_cipher.h index 6a4e2641..be77a250 100644 --- a/armsrc/optimized_cipher.h +++ b/armsrc/optimized_cipher.h @@ -35,17 +35,18 @@ * ****************************************************************************/ - #ifndef OPTIMIZED_CIPHER_H -#define OPTIMIZED_CIPHER_H +#ifndef OPTIMIZED_CIPHER_H__ +#define OPTIMIZED_CIPHER_H__ + #include /** * Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2 * consisting of the following four components: -* 1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ; -* 2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ; -* 3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 . -* 4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 . +* 1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ; +* 2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ; +* 3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 . +* 4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 . **/ typedef struct { uint8_t l; @@ -57,6 +58,7 @@ typedef struct { /** The reader MAC is MAC(key, CC * NR ) **/ void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]); + /** * The tag MAC is MAC(key, CC * NR * 32x0)) */ @@ -71,6 +73,7 @@ void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]); * @return the cipher state */ State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p); + /** * The second part of the tag MAC calculation, since the CC is already calculated into the state, * this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag @@ -80,6 +83,6 @@ State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p); * @param mac - where to store the MAC * @param div_key_p - the key to use */ -void opt_doTagMAC_2(State _init, uint8_t* nr, uint8_t mac[4], const uint8_t* div_key_p); +void opt_doTagMAC_2(State _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p); -#endif // OPTIMIZED_CIPHER_H +#endif // OPTIMIZED_CIPHER_H__ diff --git a/armsrc/pcf7931.c b/armsrc/pcf7931.c index e4ba1da5..2fae74cc 100644 --- a/armsrc/pcf7931.c +++ b/armsrc/pcf7931.c @@ -1,30 +1,30 @@ #include "proxmark3.h" #include "apps.h" +#include "usb_cdc.h" #include "lfsampling.h" #include "pcf7931.h" #include "util.h" #include "string.h" +#include "fpgaloader.h" #define T0_PCF 8 //period for the pcf7931 in us #define ALLOC 16 -int DemodPCF7931(uint8_t **outBlocks) { - - uint8_t bits[256] = {0x00}; +size_t DemodPCF7931(uint8_t **outBlocks) { + uint8_t bits[256] = {0x00}; uint8_t blocks[8][16]; - uint8_t *dest = BigBuf_get_addr(); - + uint8_t *dest = BigBuf_get_addr(); + int GraphTraceLen = BigBuf_max_traceLen(); - if ( GraphTraceLen > 18000 ) + if (GraphTraceLen > 18000) GraphTraceLen = 18000; - - + int i, j, lastval, bitidx, half_switch; int clock = 64; int tolerance = clock / 8; int pmc, block_done; int lc, warnings = 0; - int num_blocks = 0; + size_t num_blocks = 0; int lmin=128, lmax=128; uint8_t dir; //clear read buffer @@ -39,17 +39,16 @@ int DemodPCF7931(uint8_t **outBlocks) { i = 2; /* Find first local max/min */ - if(dest[1] > dest[0]) { + if(dest[1] > dest[0]) { while(i < GraphTraceLen) { - if( !(dest[i] > dest[i-1]) && dest[i] > lmax) + if( !(dest[i] > dest[i-1]) && dest[i] > lmax) break; i++; } dir = 0; - } - else { + } else { while(i < GraphTraceLen) { - if( !(dest[i] < dest[i-1]) && dest[i] < lmin) + if( !(dest[i] < dest[i-1]) && dest[i] < lmin) break; i++; } @@ -61,10 +60,8 @@ int DemodPCF7931(uint8_t **outBlocks) { pmc = 0; block_done = 0; - for (bitidx = 0; i < GraphTraceLen; i++) - { - if ( (dest[i-1] > dest[i] && dir == 1 && dest[i] > lmax) || (dest[i-1] < dest[i] && dir == 0 && dest[i] < lmin)) - { + for (bitidx = 0; i < GraphTraceLen; i++) { + if ((dest[i-1] > dest[i] && dir == 1 && dest[i] > lmax) || (dest[i-1] < dest[i] && dir == 0 && dest[i] < lmin)) { lc = i - lastval; lastval = i; @@ -78,8 +75,7 @@ int DemodPCF7931(uint8_t **outBlocks) { lastval = i; pmc = 0; block_done = 1; - } - else { + } else { pmc = i; } } else if (ABS(lc-clock/2) < tolerance) { @@ -90,21 +86,18 @@ int DemodPCF7931(uint8_t **outBlocks) { lastval = i; pmc = 0; block_done = 1; - } - else if(half_switch == 1) { - bits[bitidx++] = 0; + } else if(half_switch == 1) { + bits[bitidx++] = 0; half_switch = 0; } else half_switch++; } else if (ABS(lc-clock) < tolerance) { // 64TO - bits[bitidx++] = 1; + bits[bitidx++] = 1; } else { // Error - warnings++; - if (warnings > 10) - { + if (++warnings > 10) { Dbprintf("Error: too many detection errors, aborting."); return 0; } @@ -112,16 +105,17 @@ int DemodPCF7931(uint8_t **outBlocks) { if(block_done == 1) { if(bitidx == 128) { - for(j=0; j<16; j++) { - blocks[num_blocks][j] = 128*bits[j*8+7]+ - 64*bits[j*8+6]+ - 32*bits[j*8+5]+ - 16*bits[j*8+4]+ - 8*bits[j*8+3]+ - 4*bits[j*8+2]+ - 2*bits[j*8+1]+ - bits[j*8]; - + for(j = 0; j < 16; ++j) { + blocks[num_blocks][j] = + 128 * bits[j*8 + 7]+ + 64 * bits[j*8 + 6] + + 32 * bits[j*8 + 5] + + 16 * bits[j*8 + 4] + + 8 * bits[j*8 + 3] + + 4 * bits[j*8 + 2] + + 2 * bits[j*8 + 1] + + bits[j*8] + ; } num_blocks++; } @@ -130,272 +124,357 @@ int DemodPCF7931(uint8_t **outBlocks) { half_switch = 0; } if(i < GraphTraceLen) - dir =(dest[i-1] > dest[i]) ? 0 : 1; + dir = (dest[i-1] > dest[i]) ? 0 : 1; } if(bitidx==255) bitidx=0; warnings = 0; if(num_blocks == 4) break; } - memcpy(outBlocks, blocks, 16*num_blocks); + memcpy(outBlocks, blocks, 16 * num_blocks); return num_blocks; } -int IsBlock0PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled - return 1; - if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ? - return 1; - return 0; +bool IsBlock0PCF7931(uint8_t *block) { + // assuming all RFU bits are set to 0 + // if PAC is enabled password is set to 0 + if (block[7] == 0x01) + { + if (!memcmp(block, "\x00\x00\x00\x00\x00\x00\x00", 7) && !memcmp(block+9, "\x00\x00\x00\x00\x00\x00\x00", 7)) + return true; + } + else if (block[7] == 0x00) + { + if (!memcmp(block+9, "\x00\x00\x00\x00\x00\x00\x00", 7)) + return true; + } + return false; } -int IsBlock1PCF7931(uint8_t *Block) { - // Assume RFU means 0 :) - if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0) - if((Block[14] & 0x7f) <= 9 && Block[15] <= 9) - return 1; +bool IsBlock1PCF7931(uint8_t *block) { + // assuming all RFU bits are set to 0 - return 0; + uint8_t rb1 = block[14] & 0x80; + uint8_t rfb = block[14] & 0x7f; + uint8_t rlb = block[15]; + + if (block[10] == 0 && block[11] == 0 && block[12] == 0 && block[13] == 0) + // block 1 is sent only if (RLB >= 1 && RFB <= 1) or RB1 enabled + if(rfb <= rlb && rfb <= 9 && rlb <= 9 && ((rfb <= 1 && rlb >= 1) || rb1)) + return true; + + return false; } void ReadPCF7931() { - uint8_t Blocks[8][17]; - uint8_t tmpBlocks[4][16]; - int i, j, ind, ind2, n; - int num_blocks = 0; - int max_blocks = 8; - int ident = 0; - int error = 0; - int tries = 0; + int found_blocks = 0; // successfully read blocks + int max_blocks = 8; // readable blocks + uint8_t memory_blocks[8][17]; // PCF content - memset(Blocks, 0, 8*17*sizeof(uint8_t)); + uint8_t single_blocks[8][17]; // PFC blocks with unknown position + int single_blocks_cnt = 0; + + size_t n = 0; // transmitted blocks + uint8_t tmp_blocks[4][16]; // temporary read buffer + + uint8_t found_0_1 = 0; // flag: blocks 0 and 1 were found + int errors = 0; // error counter + int tries = 0; // tries counter + + memset(memory_blocks, 0, 8*17*sizeof(uint8_t)); + memset(single_blocks, 0, 8*17*sizeof(uint8_t)); + + int i = 0, j = 0; do { - memset(tmpBlocks, 0, 4*16*sizeof(uint8_t)); - n = DemodPCF7931((uint8_t**)tmpBlocks); + i = 0; + + memset(tmp_blocks, 0, 4*16*sizeof(uint8_t)); + n = DemodPCF7931((uint8_t**)tmp_blocks); if(!n) - error++; - if(error==10 && num_blocks == 0) { + ++errors; + + // exit if no block is received + if (errors >= 10 && found_blocks == 0 && single_blocks_cnt == 0) { Dbprintf("Error, no tag or bad tag"); return; } - else if (tries==20 || error==10) { + + // exit if too many errors during reading + if (tries > 50 && (2*errors > tries)) { Dbprintf("Error reading the tag"); Dbprintf("Here is the partial content"); goto end; } - for(i=0; i= 0; ind--,ind2--) { - if(ind2 < 0) - ind2 = max_blocks; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } - for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) { - if(ind2 > max_blocks) - ind2 = 0; - if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found - // Dbprintf("Tmp %d -> Block %d", ind, ind2); - memcpy(Blocks[ind2], tmpBlocks[ind], 16); - Blocks[ind2][ALLOC] = 1; - num_blocks++; - if(num_blocks == max_blocks) goto end; - } - } + + Dbprintf("(dbg) got %d blocks (%d/%d found) (%d tries, %d errors)", n, found_blocks, (max_blocks == 0 ? found_blocks : max_blocks), tries, errors); + for (i = 0; i < n; ++i) + { + print_result("got consecutive blocks", tmp_blocks[i], 16); + } + + i = 0; + if(!found_0_1) { + while (i < n - 1) { + if (IsBlock0PCF7931(tmp_blocks[i]) && IsBlock1PCF7931(tmp_blocks[i+1])) { + found_0_1 = 1; + memcpy(memory_blocks[0], tmp_blocks[i], 16); + memcpy(memory_blocks[1], tmp_blocks[i+1], 16); + memory_blocks[0][ALLOC] = memory_blocks[1][ALLOC] = 1; + // block 1 tells how many blocks are going to be sent + max_blocks = MAX((memory_blocks[1][14] & 0x7f), memory_blocks[1][15]) + 1; + found_blocks = 2; + + Dbprintf("Found blocks 0 and 1. PCF is transmitting %d blocks.", max_blocks); + + // handle the following blocks + for (j = i + 2; j < n; ++j) { + memcpy(memory_blocks[found_blocks], tmp_blocks[j], 16); + memory_blocks[found_blocks][ALLOC] = 1; + ++found_blocks; + } + break; + } + ++i; + } + } else { + // Trying to re-order blocks + // Look for identical block in memory blocks + while (i < n-1) { + // skip all zeroes blocks + if (memcmp(tmp_blocks[i], "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)) { + for (j = 1; j < max_blocks - 1; ++j) { + if (!memcmp(tmp_blocks[i], memory_blocks[j], 16) && !memory_blocks[j+1][ALLOC]) { + memcpy(memory_blocks[j+1], tmp_blocks[i+1], 16); + memory_blocks[j+1][ALLOC] = 1; + if (++found_blocks >= max_blocks) goto end; } } } + if (memcmp(tmp_blocks[i+1], "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)) { + for (j = 0; j < max_blocks; ++j) { + if (!memcmp(tmp_blocks[i+1], memory_blocks[j], 16) && !memory_blocks[(j == 0 ? max_blocks : j) -1][ALLOC]) { + if (j == 0) { + memcpy(memory_blocks[max_blocks - 1], tmp_blocks[i], 16); + memory_blocks[max_blocks - 1][ALLOC] = 1; + } else { + memcpy(memory_blocks[j-1], tmp_blocks[i], 16); + memory_blocks[j-1][ALLOC] = 1; + } + if (++found_blocks >= max_blocks) goto end; + } + } + } + ++i; } } - tries++; - if (BUTTON_PRESS()) return; - } while (num_blocks != max_blocks); + ++tries; + if (BUTTON_PRESS()) { + Dbprintf("Button pressed, stopping."); + goto end; + } + } + while (found_blocks < max_blocks); + end: Dbprintf("-----------------------------------------"); Dbprintf("Memory content:"); Dbprintf("-----------------------------------------"); - for(i=0; i", i); } Dbprintf("-----------------------------------------"); + if (found_blocks < max_blocks) { + Dbprintf("-----------------------------------------"); + Dbprintf("Blocks with unknown position:"); + Dbprintf("-----------------------------------------"); + for (i = 0; i < single_blocks_cnt; ++i) + print_result("Block", single_blocks[i], 16); + + Dbprintf("-----------------------------------------"); + } cmd_send(CMD_ACK,0,0,0,0,0); } - -/* Write on a byte of a PCF7931 tag - * @param address : address of the block to write - @param byte : address of the byte to write - @param data : data to write - */ -void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) -{ - +static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) { uint32_t tab[1024]={0}; // data times frame uint32_t u = 0; uint8_t parity = 0; bool comp = 0; //BUILD OF THE DATA FRAME - //alimentation of the tag (time for initializing) AddPatternPCF7931(init_delay, 0, 8192/2*T0_PCF, tab); - - //PMC - Dbprintf("Initialization delay : %d us", init_delay); AddPatternPCF7931(8192/2*T0_PCF + 319*T0_PCF+70, 3*T0_PCF, 29*T0_PCF, tab); - - Dbprintf("Offsets : %d us on the low pulses width, %d us on the low pulses positions", l, p); - //password indication bit AddBitPCF7931(1, tab, l, p); - - - //password (on 56 bits) - Dbprintf("Password (LSB first on each byte) : %02x %02x %02x %02x %02x %02x %02x", pass1,pass2,pass3,pass4,pass5,pass6,pass7); - AddBytePCF7931(pass1, tab, l, p); - AddBytePCF7931(pass2, tab, l, p); - AddBytePCF7931(pass3, tab, l, p); - AddBytePCF7931(pass4, tab, l, p); - AddBytePCF7931(pass5, tab, l, p); - AddBytePCF7931(pass6, tab, l, p); - AddBytePCF7931(pass7, tab, l, p); - + // password (on 56 bits) + AddBytePCF7931(pass[0], tab, l, p); + AddBytePCF7931(pass[1], tab, l, p); + AddBytePCF7931(pass[2], tab, l, p); + AddBytePCF7931(pass[3], tab, l, p); + AddBytePCF7931(pass[4], tab, l, p); + AddBytePCF7931(pass[5], tab, l, p); + AddBytePCF7931(pass[6], tab, l, p); //programming mode (0 or 1) AddBitPCF7931(0, tab, l, p); //block adress on 6 bits - Dbprintf("Block address : %02x", address); - for (u=0; u<6; u++) - { - if (address&(1< 0xFFFF){ + for (u = 0; tab[u] != 0; ++u) + if(tab[u] > 0xFFFF) { tab[u] -= 0xFFFF; comp = 0; } - } } SendCmdPCF7931(tab); } +void BruteForcePCF7931(uint64_t password, uint8_t tries, uint16_t init_delay, int32_t l, int32_t p) { + uint8_t i = 0; + uint8_t pass_array[7]; + + while (password < 0x00FFFFFFFFFFFFFF) { + if (BUTTON_PRESS()) { + Dbprintf("Button pressed, stopping bruteforce ..."); + return; + } + + num_to_bytes(password, 7, pass_array); + + Dbprintf("Trying: %02x %02x %02x %02x %02x %02x %02x ...", + pass_array[0], + pass_array[1], + pass_array[2], + pass_array[3], + pass_array[4], + pass_array[5], + pass_array[6]); + + for (i = 0; i < tries; ++i) + RealWritePCF7931 + ( + pass_array, + init_delay, + l, + p, + 0, + 7, + 0x01 + ); + + ++password; + } +} + +/* Write on a byte of a PCF7931 tag + * @param address : address of the block to write + @param byte : address of the byte to write + @param data : data to write + */ +void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) { + Dbprintf("Initialization delay : %d us", init_delay); + Dbprintf("Offsets : %d us on the low pulses width, %d us on the low pulses positions", l, p); + Dbprintf("Password (LSB first on each byte): %02x %02x %02x %02x %02x %02x %02x", pass1, pass2, pass3, pass4, pass5, pass6, pass7); + Dbprintf("Block address : %02x", address); + Dbprintf("Byte address : %02x", byte); + Dbprintf("Data : %02x", data); + + uint8_t password[7] = {pass1, pass2, pass3, pass4, pass5, pass6, pass7}; + + RealWritePCF7931 (password, init_delay, l, p, address, byte, data); +} + /* Send a trame to a PCF7931 tags * @param tab : array of the data frame */ -void SendCmdPCF7931(uint32_t * tab){ +void SendCmdPCF7931(uint32_t * tab) { uint16_t u=0; uint16_t tempo=0; - Dbprintf("SENDING DATA FRAME..."); + Dbprintf("Sending data frame ..."); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU ); LED_A_ON(); @@ -412,60 +491,46 @@ void SendCmdPCF7931(uint32_t * tab){ AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TCB->TCB_BCR = 1; - tempo = AT91C_BASE_TC0->TC_CV; - for(u=0;tab[u]!= 0;u+=3){ - - + for (u = 0; tab[u] != 0; u += 3) { // modulate antenna HIGH(GPIO_SSC_DOUT); - while(tempo != tab[u]){ + while(tempo != tab[u]) tempo = AT91C_BASE_TC0->TC_CV; - } // stop modulating antenna LOW(GPIO_SSC_DOUT); - while(tempo != tab[u+1]){ + while(tempo != tab[u+1]) tempo = AT91C_BASE_TC0->TC_CV; - } - // modulate antenna HIGH(GPIO_SSC_DOUT); - while(tempo != tab[u+2]){ + while(tempo != tab[u+2]) tempo = AT91C_BASE_TC0->TC_CV; - } - - } LED_A_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelay(200); - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // timer disable - DbpString("FINISH !"); - DbpString("(Could be usefull to send the same trame many times)"); + DbpString("Data frame sent (multiple sends may be needed)"); LED(0xFFFF, 1000); } -/* Add a byte for building the data frame of PCF7931 tags +/* Add a byte for building the data frame of PCF7931 tags * @param b : byte to add * @param tab : array of the data frame * @param l : offset on low pulse width * @param p : offset on low pulse positioning */ - -bool AddBytePCF7931(uint8_t byte, uint32_t * tab, int32_t l, int32_t p){ - +bool AddBytePCF7931(uint8_t byte, uint32_t * tab, int32_t l, int32_t p) { uint32_t u; - for (u=0; u<8; u++) - { - if (byte&(1< -void *memcpy(void *dest, const void *src, int len) -{ +void *memcpy(void *dest, const void *src, size_t len) { uint8_t *d = dest; const uint8_t *s = src; while((len--) > 0) { @@ -23,8 +22,8 @@ void *memcpy(void *dest, const void *src, int len) return dest; } -void *memset(void *dest, int c, int len) -{ + +void *memset(void *dest, int c, size_t len) { uint8_t *d = dest; while((len--) > 0) { *d = c; @@ -33,8 +32,30 @@ void *memset(void *dest, int c, int len) return dest; } -int memcmp(const void *av, const void *bv, int len) -{ + +void *memmove(void *dest, const void *src, size_t len) { + uint8_t *d = dest; + const uint8_t *s = src; + if (dest <= src) { + while((len--) > 0) { + *d = *s; + d++; + s++; + } + } else { + d = d + len - 1; + s = s + len - 1; + while((len--) > 0) { + *d = *s; + d--; + s--; + } + } + return dest; +} + + +int memcmp(const void *av, const void *bv, size_t len) { const uint8_t *a = av; const uint8_t *b = bv; @@ -48,13 +69,8 @@ int memcmp(const void *av, const void *bv, int len) return 0; } -void memxor(uint8_t * dest, uint8_t * src, size_t len) { - for( ; len > 0; len--,dest++,src++) - *dest ^= *src; -} -int strlen(const char *str) -{ +size_t strlen(const char *str) { int l = 0; while(*str) { l++; @@ -63,8 +79,8 @@ int strlen(const char *str) return l; } -char* strncat(char *dest, const char *src, unsigned int n) -{ + +char* strncat(char *dest, const char *src, size_t n) { unsigned int dest_len = strlen(dest); unsigned int i; @@ -75,8 +91,8 @@ char* strncat(char *dest, const char *src, unsigned int n) return dest; } -char* strcat(char *dest, const char *src) -{ + +char* strcat(char *dest, const char *src) { unsigned int dest_len = strlen(dest); unsigned int i; @@ -86,35 +102,3 @@ char* strcat(char *dest, const char *src) return dest; } -////////////////////////////////////////// code to do 'itoa' - -/* reverse: reverse string s in place */ -void strreverse(char s[]) -{ - int c, i, j; - - for (i = 0, j = strlen(s)-1; i 0); /* delete it */ - if (sign < 0) - s[i++] = '-'; - s[i] = '\0'; - strreverse(s); -} - -//////////////////////////////////////// END 'itoa' CODE diff --git a/armsrc/string.h b/armsrc/string.h index 07ac112f..87058391 100644 --- a/armsrc/string.h +++ b/armsrc/string.h @@ -12,18 +12,14 @@ #ifndef __STRING_H #define __STRING_H -#include -#include "util.h" +#include -int strlen(const char *str); -RAMFUNC void *memcpy(void *dest, const void *src, int len); -void *memset(void *dest, int c, int len); -RAMFUNC int memcmp(const void *av, const void *bv, int len); -void memxor(uint8_t * dest, uint8_t * src, size_t len); -char *strncat(char *dest, const char *src, unsigned int n); +void *memcpy(void *dest, const void *src, size_t len); +void *memset(void *dest, int c, size_t len); +void *memmove(void *dest, const void *src, size_t len); +int memcmp(const void *av, const void *bv, size_t len); +size_t strlen(const char *str); +char *strncat(char *dest, const char *src, size_t n); char *strcat(char *dest, const char *src); -void strreverse(char s[]); -void itoa(int n, char s[]); - #endif /* __STRING_H */ diff --git a/armsrc/util.c b/armsrc/util.c index a1b0f151..b0cd1818 100644 --- a/armsrc/util.c +++ b/armsrc/util.c @@ -21,7 +21,7 @@ void print_result(char *name, uint8_t *buf, size_t len) { if ( len % 16 == 0 ) { for(; p-buf < len; p += 16) - Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", + Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, @@ -30,7 +30,7 @@ void print_result(char *name, uint8_t *buf, size_t len) { } else { for(; p-buf < len; p += 8) - Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); + Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); } } @@ -68,17 +68,17 @@ uint64_t bytes_to_num(uint8_t* src, size_t len) // RotateLeft - Ultralight, Desfire void rol(uint8_t *data, const size_t len){ - uint8_t first = data[0]; - for (size_t i = 0; i < len-1; i++) { - data[i] = data[i+1]; - } - data[len-1] = first; + uint8_t first = data[0]; + for (size_t i = 0; i < len-1; i++) { + data[i] = data[i+1]; + } + data[len-1] = first; } void lsl (uint8_t *data, size_t len) { - for (size_t n = 0; n < len - 1; n++) { - data[n] = (data[n] << 1) | (data[n+1] >> 7); - } - data[len - 1] <<= 1; + for (size_t n = 0; n < len - 1; n++) { + data[n] = (data[n] << 1) | (data[n+1] >> 7); + } + data[len - 1] <<= 1; } void LEDsoff() @@ -89,6 +89,22 @@ void LEDsoff() LED_D_OFF(); } +void LEDson() +{ + LED_A_ON(); + LED_B_ON(); + LED_C_ON(); + LED_D_ON(); +} + +void LEDsinvert() +{ + LED_A_INV(); + LED_B_INV(); + LED_C_INV(); + LED_D_INV(); +} + // LEDs: R(C) O(A) G(B) -- R(D) [1, 2, 4 and 8] void LED(int led, int ms) { @@ -121,8 +137,7 @@ void LED(int led, int ms) // not clicked, or held down (for ms || 1sec) // In general, don't use this function unless you expect a // double click, otherwise it will waste 500ms -- use BUTTON_HELD instead -int BUTTON_CLICKED(int ms) -{ +int BUTTON_CLICKED(int ms) { // Up to 500ms in between clicks to mean a double click int ticks = (48000 * (ms ? ms : 1000)) >> 10; @@ -184,8 +199,7 @@ int BUTTON_CLICKED(int ms) } // Determine if a button is held down -int BUTTON_HELD(int ms) -{ +int BUTTON_HELD(int ms) { // If button is held for one second int ticks = (48000 * (ms ? ms : 1000)) >> 10; @@ -202,8 +216,7 @@ int BUTTON_HELD(int ms) uint16_t start = AT91C_BASE_PWMC_CH0->PWMC_CCNTR; - for(;;) - { + for(;;) { uint16_t now = AT91C_BASE_PWMC_CH0->PWMC_CCNTR; // As soon as our button let go, we didn't hold long enough @@ -211,8 +224,7 @@ int BUTTON_HELD(int ms) return BUTTON_SINGLE_CLICK; // Have we waited the full second? - else - if (now == (uint16_t)(start + ticks)) + else if (now == (uint16_t)(start + ticks)) return BUTTON_HOLD; WDT_HIT(); @@ -224,8 +236,7 @@ int BUTTON_HELD(int ms) // attempt at high resolution microsecond timer // beware: timer counts in 21.3uS increments (1024/48Mhz) -void SpinDelayUs(int us) -{ +void SpinDelayUs(int us) { int ticks = (48*us) >> 10; // Borrow a PWM unit for my real-time clock @@ -246,8 +257,7 @@ void SpinDelayUs(int us) } } -void SpinDelay(int ms) -{ +void SpinDelay(int ms) { // convert to uS and call microsecond delay function SpinDelayUs(ms*1000); } @@ -293,16 +303,15 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers // ------------------------------------------------------------------------- // test procedure: // -// ti = GetTickCount(); -// SpinDelay(1000); -// ti = GetTickCount() - ti; -// Dbprintf("timer(1s): %d t=%d", ti, GetTickCount()); +// ti = GetTickCount(); +// SpinDelay(1000); +// ti = GetTickCount() - ti; +// Dbprintf("timer(1s): %d t=%d", ti, GetTickCount()); -void StartTickCount() -{ +void StartTickCount() { // This timer is based on the slow clock. The slow clock frequency is between 22kHz and 40kHz. // We can determine the actual slow clock frequency by looking at the Main Clock Frequency Register. - uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency + uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency // set RealTimeCounter divider to count at 1kHz: AT91C_BASE_RTTC->RTTC_RTMR = AT91C_RTTC_RTTRST | ((256000 + (mainf/2)) / mainf); // note: worst case precision is approx 2.5% @@ -312,18 +321,17 @@ void StartTickCount() /* * Get the current count. */ -uint32_t RAMFUNC GetTickCount(){ +uint32_t RAMFUNC GetTickCount(void) { return AT91C_BASE_RTTC->RTTC_RTVR;// was * 2; } // ------------------------------------------------------------------------- -// microseconds timer +// microseconds timer // ------------------------------------------------------------------------- -void StartCountUS() -{ +void StartCountUS(void) { AT91C_BASE_PMC->PMC_PCER |= (0x1 << 12) | (0x1 << 13) | (0x1 << 14); -// AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC1XC1S_TIOA0; +// AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC1XC1S_TIOA0; AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; // fast clock @@ -333,24 +341,24 @@ void StartCountUS() AT91C_TC_ACPC_SET | AT91C_TC_ASWTRG_SET; AT91C_BASE_TC0->TC_RA = 1; AT91C_BASE_TC0->TC_RC = 0xBFFF + 1; // 0xC000 - - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // timer disable + + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // timer disable AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_XC1; // from timer 0 - + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TCB->TCB_BCR = 1; } -uint32_t RAMFUNC GetCountUS(){ +uint32_t RAMFUNC GetCountUS(void) { return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV * 2) / 3); //was /15) * 10); } static uint32_t GlobalUsCounter = 0; -uint32_t RAMFUNC GetDeltaCountUS(){ +uint32_t RAMFUNC GetDeltaCountUS(void) { uint32_t g_cnt = GetCountUS(); uint32_t g_res = g_cnt - GlobalUsCounter; GlobalUsCounter = g_cnt; @@ -359,61 +367,71 @@ uint32_t RAMFUNC GetDeltaCountUS(){ // ------------------------------------------------------------------------- -// Timer for iso14443 commands. Uses ssp_clk from FPGA +// Timer for iso14443 commands. Uses ssp_clk from FPGA // ------------------------------------------------------------------------- -void StartCountSspClk() -{ +void StartCountSspClk(void) { AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers - AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 - | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none - | AT91C_TCB_TC2XC2S_TIOA0; // XC2 Clock = TIOA0 + AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 + | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none + | AT91C_TCB_TC2XC2S_TIOA0; // XC2 Clock = TIOA0 // configure TC1 to create a short pulse on TIOA1 when a rising edge on TIOB1 (= ssp_clk from FPGA) occurs: - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // disable TC1 + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // disable TC1 AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK // TC1 Clock = MCK(48MHz)/2 = 24MHz - | AT91C_TC_CPCSTOP // Stop clock on RC compare - | AT91C_TC_EEVTEDG_RISING // Trigger on rising edge of Event - | AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16) - | AT91C_TC_ENETRG // Enable external trigger event - | AT91C_TC_WAVESEL_UP // Upmode without automatic trigger on RC compare - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_AEEVT_SET // Set TIOA1 on external event - | AT91C_TC_ACPC_CLEAR; // Clear TIOA1 on RC Compare - AT91C_BASE_TC1->TC_RC = 0x04; // RC Compare value = 0x04 + | AT91C_TC_CPCSTOP // Stop clock on RC compare + | AT91C_TC_EEVTEDG_RISING // Trigger on rising edge of Event + | AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16 ... 13,56MHz/4) + | AT91C_TC_ENETRG // Enable external trigger event + | AT91C_TC_WAVESEL_UP // Upmode without automatic trigger on RC compare + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_AEEVT_SET // Set TIOA1 on external event + | AT91C_TC_ACPC_CLEAR; // Clear TIOA1 on RC Compare + AT91C_BASE_TC1->TC_RC = 1; // RC Compare value = 1; pulse width to TC0 // use TC0 to count TIOA1 pulses - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // disable TC0 - AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_XC0 // TC0 clock = XC0 clock = TIOA1 - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_WAVESEL_UP // just count - | AT91C_TC_ACPA_CLEAR // Clear TIOA0 on RA Compare - | AT91C_TC_ACPC_SET; // Set TIOA0 on RC Compare - AT91C_BASE_TC0->TC_RA = 1; // RA Compare value = 1; pulse width to TC2 - AT91C_BASE_TC0->TC_RC = 0; // RC Compare value = 0; increment TC2 on overflow + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // disable TC0 + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_XC0 // TC0 clock = XC0 clock = TIOA1 + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_WAVESEL_UP // just count + | AT91C_TC_ACPA_CLEAR // Clear TIOA0 on RA Compare + | AT91C_TC_ACPC_SET; // Set TIOA0 on RC Compare + AT91C_BASE_TC0->TC_RA = 1; // RA Compare value = 1; pulse width to TC2 + AT91C_BASE_TC0->TC_RC = 0; // RC Compare value = 0; increment TC2 on overflow // use TC2 to count TIOA0 pulses (giving us a 32bit counter (TC0/TC2) clocked by ssp_clk) - AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; // disable TC2 - AT91C_BASE_TC2->TC_CMR = AT91C_TC_CLKS_XC2 // TC2 clock = XC2 clock = TIOA0 - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_WAVESEL_UP; // just count - - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; // enable TC0 - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; // enable TC1 - AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN; // enable TC2 + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; // disable TC2 + AT91C_BASE_TC2->TC_CMR = AT91C_TC_CLKS_XC2 // TC2 clock = XC2 clock = TIOA0 + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_WAVESEL_UP; // just count + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; // enable TC0 + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; // enable TC1 + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN; // enable TC2 // - // synchronize the counter with the ssp_frame signal. Note: FPGA must be in any iso14443 mode, otherwise SSC_FRAME and SSC_CLK signals would not be present + // synchronize the counter with the ssp_frame signal. Note: FPGA must be in a FPGA mode with SSC transfer, otherwise SSC_FRAME and SSC_CLK signals would not be present // - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME)); // wait for ssp_frame to go high (start of frame) - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME); // wait for ssp_frame to be low - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high - // note: up to now two ssp_clk rising edges have passed since the rising edge of ssp_frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME); // wait for ssp_frame to be low + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME)); // wait for ssp_frame to go high (start of frame) + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 1st ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 2nd ssp_clk after start of frame + if ((AT91C_BASE_SSC->SSC_RFMR & SSC_FRAME_MODE_BITS_IN_WORD(32)) == SSC_FRAME_MODE_BITS_IN_WORD(16)) { // 16bit frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 3rd ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 4th ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 5th ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 6th ssp_clk after start of frame + } // it is now safe to assert a sync signal. This sets all timers to 0 on next active clock edge - AT91C_BASE_TCB->TCB_BCR = 1; // assert Sync (set all timers to 0 on next active clock edge) - // at the next (3rd) ssp_clk rising edge, TC1 will be reset (and not generate a clock signal to TC0) - // at the next (4th) ssp_clk rising edge, TC0 (the low word of our counter) will be reset. From now on, - // whenever the last three bits of our counter go 0, we can be sure to be in the middle of a frame transfer. - // (just started with the transfer of the 4th Bit). + AT91C_BASE_TCB->TCB_BCR = 1; // assert Sync (set all timers to 0 on next active clock edge) + // at the next (3rd/7th) ssp_clk rising edge, TC1 will be reset (and not generate a clock signal to TC0) + // at the next (4th/8th) ssp_clk rising edge, TC0 (the low word of our counter) will be reset. From now on, + // whenever the last three/four bits of our counter go 0, we can be sure to be in the middle of a frame transfer. + // The high word of the counter (TC2) will not reset until the low word (TC0) overflows. Therefore need to wait quite some time before // we can use the counter. while (AT91C_BASE_TC0->TC_CV < 0xFFFF); @@ -429,19 +447,17 @@ void ResetSspClk(void) { while (AT91C_BASE_TC2->TC_CV > 0); } +uint32_t GetCountSspClk(){ + uint32_t hi, lo; -uint32_t RAMFUNC GetCountSspClk(){ - uint32_t tmp_count; - tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV; - if ((tmp_count & 0x0000ffff) == 0) { //small chance that we may have missed an increment in TC2 - return (AT91C_BASE_TC2->TC_CV << 16); - } - else { - return tmp_count; - } + do { + hi = AT91C_BASE_TC2->TC_CV; + lo = AT91C_BASE_TC0->TC_CV; + } while (hi != AT91C_BASE_TC2->TC_CV); + + return (hi << 16) | lo; } - // ------------------------------------------------------------------------- // Timer for bitbanging, or LF stuff when you need a very precis timer // 1us = 1.5ticks @@ -460,11 +476,11 @@ void StartTicks(void){ AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // re-enable timer and wait for TC0 // second configure TC0 (lower, 0x0000FFFF) 16 bit counter - AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK(48MHz) / 32 - AT91C_TC_WAVE | AT91C_TC_WAVESEL_UP_AUTO | - AT91C_TC_ACPA_CLEAR | // RA comperator clears TIOA (carry bit) - AT91C_TC_ACPC_SET | // RC comperator sets TIOA (carry bit) - AT91C_TC_ASWTRG_SET; // SWTriger sets TIOA (carry bit) + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK(48MHz) / 32 + AT91C_TC_WAVE | AT91C_TC_WAVESEL_UP_AUTO | + AT91C_TC_ACPA_CLEAR | // RA comperator clears TIOA (carry bit) + AT91C_TC_ACPC_SET | // RC comperator sets TIOA (carry bit) + AT91C_TC_ASWTRG_SET; // SWTriger sets TIOA (carry bit) AT91C_BASE_TC0->TC_RC = 0; // set TIOA (carry bit) on overflow, return to zero AT91C_BASE_TC0->TC_RA = 1; // clear carry bit on next clock cycle AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // reset and re-enable timer @@ -501,7 +517,7 @@ void WaitTicks(uint32_t ticks){ } -// Wait / Spindelay in us (microseconds) +// Wait / Spindelay in us (microseconds) // 1us = 1.5ticks. void WaitUS(uint16_t us){ WaitTicks( (uint32_t)us * 3 / 2 ) ; @@ -530,7 +546,7 @@ void ResetTimer(AT91PS_TC timer){ // stop clock void StopTicks(void){ AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; } diff --git a/armsrc/util.h b/armsrc/util.h index fb50ecc8..bdb7fafd 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -8,57 +8,66 @@ // Utility functions used in many places, not specific to any piece of code. //----------------------------------------------------------------------------- -#ifndef __UTIL_H -#define __UTIL_H +#ifndef UTIL_H__ +#define UTIL_H__ #include #include #include "common.h" +#include "at91sam7s512.h" #define BYTEx(x, n) (((x) >> (n * 8)) & 0xff ) -#define LED_RED 1 +#define LED_RED 1 #define LED_ORANGE 2 -#define LED_GREEN 4 -#define LED_RED2 8 -#define BUTTON_HOLD 1 -#define BUTTON_NO_CLICK 0 -#define BUTTON_SINGLE_CLICK -1 -#define BUTTON_DOUBLE_CLICK -2 -#define BUTTON_ERROR -99 +#define LED_GREEN 4 +#define LED_RED2 8 -void print_result(char *name, uint8_t *buf, size_t len); -size_t nbytes(size_t nbits); -uint32_t SwapBits(uint32_t value, int nrbits); -void num_to_bytes(uint64_t n, size_t len, uint8_t* dest); -uint64_t bytes_to_num(uint8_t* src, size_t len); -void rol(uint8_t *data, const size_t len); -void lsl (uint8_t *data, size_t len); +#define BUTTON_HOLD 1 +#define BUTTON_NO_CLICK 0 +#define BUTTON_SINGLE_CLICK -1 +#define BUTTON_DOUBLE_CLICK -2 +#define BUTTON_ERROR -99 -void LED(int led, int ms); -void LEDsoff(); -int BUTTON_CLICKED(int ms); -int BUTTON_HELD(int ms); -void FormatVersionInformation(char *dst, int len, const char *prefix, void *version_information); +#define REV8(x) ((((x)>>7)&1)|((((x)>>6)&1)<<1)|((((x)>>5)&1)<<2)|((((x)>>4)&1)<<3)|((((x)>>3)&1)<<4)|((((x)>>2)&1)<<5)|((((x)>>1)&1)<<6)|(((x)&1)<<7)) +#define REV16(x) (REV8(x) | (REV8 (x >> 8) << 8)) +#define REV32(x) (REV16(x) | (REV16(x >> 16) << 16)) +#define REV64(x) (REV32(x) | (REV32(x >> 32) << 32)) + +extern void print_result(char *name, uint8_t *buf, size_t len); +extern size_t nbytes(size_t nbits); +extern uint32_t SwapBits(uint32_t value, int nrbits); +extern void num_to_bytes(uint64_t n, size_t len, uint8_t* dest); +extern uint64_t bytes_to_num(uint8_t* src, size_t len); +extern void rol(uint8_t *data, const size_t len); +extern void lsl (uint8_t *data, size_t len); + +extern void LED(int led, int ms); +extern void LEDsoff(); +extern void LEDson(); +extern void LEDsinvert(); +extern int BUTTON_CLICKED(int ms); +extern int BUTTON_HELD(int ms); +extern void FormatVersionInformation(char *dst, int len, const char *prefix, void *version_information); //iceman's ticks.h #ifndef GET_TICKS # define GET_TICKS GetTicks() #endif -void SpinDelay(int ms); -void SpinDelayUs(int us); +extern void SpinDelay(int ms); +extern void SpinDelayUs(int us); -void StartTickCount(); -uint32_t RAMFUNC GetTickCount(); +extern void StartTickCount(); +extern uint32_t RAMFUNC GetTickCount(); -void StartCountUS(); -uint32_t RAMFUNC GetCountUS(); -uint32_t RAMFUNC GetDeltaCountUS(); +extern void StartCountUS(); +extern uint32_t RAMFUNC GetCountUS(); +extern uint32_t RAMFUNC GetDeltaCountUS(); -void StartCountSspClk(); -void ResetSspClk(void); -uint32_t RAMFUNC GetCountSspClk(); +extern void StartCountSspClk(); +extern void ResetSspClk(void); +extern uint32_t GetCountSspClk(); extern void StartTicks(void); extern uint32_t GetTicks(void); @@ -70,6 +79,6 @@ extern void ResetTimer(AT91PS_TC timer); extern void StopTicks(void); // end iceman's ticks.h -uint32_t prand(); +extern uint32_t prand(); #endif diff --git a/bootrom/Makefile b/bootrom/Makefile index dd1e7e08..a2cd1b40 100644 --- a/bootrom/Makefile +++ b/bootrom/Makefile @@ -7,8 +7,8 @@ #----------------------------------------------------------------------------- # DO NOT use thumb mode in the phase 1 bootloader since that generates a section with glue code -ARMSRC = -THUMBSRC = cmd.c usb_cdc.c bootrom.c +ARMSRC = string.c +THUMBSRC = usb_cdc.c bootrom.c ASMSRC = ram-reset.s flash-reset.s VERSIONSRC = version.c @@ -19,7 +19,6 @@ VERSIONSRC = version.c # ARMSRC := $(ARMSRC) $(THUMBSRC) # THUMBSRC := -# stdint.h provided locally until GCC 4.5 becomes C99 compliant APP_CFLAGS = -I. # version.c should be remade on every compilation diff --git a/bootrom/bootrom.c b/bootrom/bootrom.c index bbea07b5..81742176 100644 --- a/bootrom/bootrom.c +++ b/bootrom/bootrom.c @@ -6,17 +6,15 @@ // Main code for the bootloader //----------------------------------------------------------------------------- -#include +#include "proxmark3.h" #include "usb_cdc.h" -#include "cmd.h" -//#include "usb_hid.h" void DbpString(char *str) { - byte_t len = 0; + uint8_t len = 0; while (str[len] != 0x00) { len++; } - cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len); + cmd_send_old(CMD_DEBUG_PRINT_STRING,len,0,0,(uint8_t*)str,len); } struct common_area common_area __attribute__((section(".commonarea"))); @@ -89,26 +87,22 @@ static void Fatal(void) for(;;); } -void UsbPacketReceived(uint8_t *packet, int len) { +void UsbPacketReceived(UsbCommand *c) { int i, dont_ack=0; - UsbCommand* c = (UsbCommand *)packet; volatile uint32_t *p; - if(len != sizeof(UsbCommand)) { - Fatal(); - } - uint32_t arg0 = (uint32_t)c->arg[0]; switch(c->cmd) { case CMD_DEVICE_INFO: { dont_ack = 1; - arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | - DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; + arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT + | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM + | DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; if(common_area.flags.osimage_present) { arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; } - cmd_send(CMD_DEVICE_INFO,arg0,1,2,0,0); + cmd_send_old(CMD_DEVICE_INFO,arg0,1,2,0,0); } break; case CMD_SETUP_WRITE: { @@ -134,7 +128,7 @@ void UsbPacketReceived(uint8_t *packet, int len) { if( ((flash_address+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (flash_address < start_addr) ) { /* Disallow write */ dont_ack = 1; - cmd_send(CMD_NACK,0,0,0,0,0); + cmd_send_old(CMD_NACK,0,0,0,0,0); } else { uint32_t page_n = (flash_address - ((uint32_t)flash_mem)) / AT91C_IFLASH_PAGE_SIZE; /* Translate address to flash page and do flash, update here for the 512k part */ @@ -148,7 +142,7 @@ void UsbPacketReceived(uint8_t *packet, int len) { while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY)); if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) { dont_ack = 1; - cmd_send(CMD_NACK,0,0,0,0,0); + cmd_send_old(CMD_NACK,0,0,0,0,0); } } } break; @@ -179,7 +173,7 @@ void UsbPacketReceived(uint8_t *packet, int len) { } else { start_addr = end_addr = 0; dont_ack = 1; - cmd_send(CMD_NACK,0,0,0,0,0); + cmd_send_old(CMD_NACK,0,0,0,0,0); } } } break; @@ -190,7 +184,7 @@ void UsbPacketReceived(uint8_t *packet, int len) { } if(!dont_ack) { - cmd_send(CMD_ACK,arg0,0,0,0,0); + cmd_send_old(CMD_ACK,arg0,0,0,0,0); } } @@ -199,21 +193,17 @@ static void flash_mode(int externally_entered) start_addr = 0; end_addr = 0; bootrom_unlocked = 0; - byte_t rx[sizeof(UsbCommand)]; - size_t rx_len; + UsbCommand rx; - usb_enable(); - for (volatile size_t i=0; i<0x100000; i++) {}; + usb_enable(); + for (volatile size_t i=0; i<0x100000; i++) {}; for(;;) { WDT_HIT(); - if (usb_poll()) { - rx_len = usb_read(rx,sizeof(UsbCommand)); - if (rx_len) { - UsbPacketReceived(rx,rx_len); - } - } + if (cmd_receive(&rx)) { + UsbPacketReceived(&rx); + } if(!externally_entered && !BUTTON_PRESS()) { /* Perform a reset to leave flash mode */ diff --git a/bootrom/string.c b/bootrom/string.c new file mode 100644 index 00000000..b2710d07 --- /dev/null +++ b/bootrom/string.c @@ -0,0 +1,104 @@ +//----------------------------------------------------------------------------- +// Jonathan Westhues, Sept 2005 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Common string.h functions +//----------------------------------------------------------------------------- + +#include "string.h" +#include + +void *memcpy(void *dest, const void *src, size_t len) { + uint8_t *d = dest; + const uint8_t *s = src; + while((len--) > 0) { + *d = *s; + d++; + s++; + } + return dest; +} + + +void *memset(void *dest, int c, size_t len) { + uint8_t *d = dest; + while((len--) > 0) { + *d = c; + d++; + } + return dest; +} + + +void *memmove(void *dest, const void *src, size_t len) { + uint8_t *d = dest; + const uint8_t *s = src; + if (dest <= src) { + while((len--) > 0) { + *d = *s; + d++; + s++; + } + } else { + d = d + len - 1; + s = s + len - 1; + while((len--) > 0) { + *d = *s; + d--; + s--; + } + } + return dest; +} + + +int memcmp(const void *av, const void *bv, size_t len) { + const uint8_t *a = av; + const uint8_t *b = bv; + + while((len--) > 0) { + if(*a != *b) { + return *a - *b; + } + a++; + b++; + } + return 0; +} + + +size_t strlen(const char *str) { + int l = 0; + while(*str) { + l++; + str++; + } + return l; +} + + +char* strncat(char *dest, const char *src, size_t n) { + unsigned int dest_len = strlen(dest); + unsigned int i; + + for (i = 0 ; i < n && src[i] != '\0' ; i++) + dest[dest_len + i] = src[i]; + dest[dest_len + i] = '\0'; + + return dest; +} + + +char* strcat(char *dest, const char *src) { + unsigned int dest_len = strlen(dest); + unsigned int i; + + for (i = 0 ; src[i] != '\0' ; i++) + dest[dest_len + i] = src[i]; + dest[dest_len + i] = '\0'; + + return dest; +} diff --git a/bootrom/string.h b/bootrom/string.h new file mode 100644 index 00000000..87058391 --- /dev/null +++ b/bootrom/string.h @@ -0,0 +1,25 @@ +//----------------------------------------------------------------------------- +// Jonathan Westhues, Aug 2005 +// Copyright (C) 2010 Hector Martin "marcan" +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Common string.h functions +//----------------------------------------------------------------------------- + +#ifndef __STRING_H +#define __STRING_H + +#include + +void *memcpy(void *dest, const void *src, size_t len); +void *memset(void *dest, int c, size_t len); +void *memmove(void *dest, const void *src, size_t len); +int memcmp(const void *av, const void *bv, size_t len); +size_t strlen(const char *str); +char *strncat(char *dest, const char *src, size_t n); +char *strcat(char *dest, const char *src); + +#endif /* __STRING_H */ diff --git a/client/Makefile b/client/Makefile index 9e5bde30..2b5e9ae6 100644 --- a/client/Makefile +++ b/client/Makefile @@ -21,21 +21,41 @@ LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread -lm LUALIB = ../liblua/liblua.a JANSSONLIBPATH = ./jansson JANSSONLIB = $(JANSSONLIBPATH)/libjansson.a +MBEDTLSLIBPATH = ../common/mbedtls +MBEDTLSLIB = $(MBEDTLSLIBPATH)/libmbedtls.a +CBORLIBPATH = ./tinycbor +CBORLIB = $(CBORLIBPATH)/tinycbor.a +LIBINCLUDES = -I../zlib -I../uart -I../liblua -I$(MBEDTLSLIBPATH) -I$(JANSSONLIBPATH) -I$(CBORLIBPATH) +INCLUDES_CLIENT = -I. -I../include -I../common -I/opt/local/include $(LIBINCLUDES) LDFLAGS = $(ENV_LDFLAGS) -CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE -I. -I../include -I../common -I../common/polarssl -I../zlib -I../uart -I/opt/local/include -I../liblua -I$(JANSSONLIBPATH) -Wall -g -O3 +CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE $(INCLUDES_CLIENT) -Wall -g -O3 CXXFLAGS = -I../include -Wall -O3 APP_CFLAGS = include ../common/Makefile_Enabled_Options.common CFLAGS += $(APP_CFLAGS) ifneq (,$(findstring WITH_SMARTCARD,$(APP_CFLAGS))) - SRC_SMARTCARD = cmdsmartcard.c + SRC_SMARTCARD = cmdsmartcard.c pcsc.c else SRC_SMARTCARD = endif -LUAPLATFORM = generic platform = $(shell uname) + +ifneq (,$(findstring MINGW,$(platform))) + PCSC_INCLUDES := + PCSC_LIBS = -lwinscard +else + ifeq ($(platform),Darwin) + PCSC_INCLUDES = + PCSC_LIBS = -framework PCSC + else + PCSC_INCLUDES := $(shell pkg-config --cflags libpcsclite) + PCSC_LIBS := $(shell pkg-config --libs libpcsclite) + endif +endif + +LUAPLATFORM = generic ifneq (,$(findstring MINGW,$(platform))) LUAPLATFORM = mingw else @@ -105,21 +125,26 @@ CORESRCS = uart_posix.c \ CMDSRCS = $(SRC_SMARTCARD) \ crapto1/crapto1.c\ crapto1/crypto1.c\ - polarssl/des.c \ - polarssl/aes.c\ - polarssl/bignum.c\ - polarssl/rsa.c\ - polarssl/sha1.c\ + crypto/libpcrypto.c\ + crypto/asn1utils.c\ + crypto/asn1dump.c\ cliparser/argtable3.c\ cliparser/cliparser.c\ - mfkey.c\ + fido/additional_ca.c \ + fido/cose.c \ + fido/cbortools.c \ + fido/fidocore.c \ + mifare/mfkey.c \ loclass/cipher.c \ loclass/cipherutils.c \ loclass/ikeys.c \ loclass/elite_crack.c\ loclass/fileutils.c\ whereami.c\ - mifarehost.c\ + mifare/mifarehost.c\ + mifare/mifare4.c\ + mifare/mad.c \ + mifare/ndef.c \ parity.c\ crc.c \ crc16.c \ @@ -140,12 +165,14 @@ CMDSRCS = $(SRC_SMARTCARD) \ emv/tlv.c\ emv/emv_tags.c\ emv/dol.c\ + emv/emvjson.c\ emv/emvcore.c\ emv/test/crypto_test.c\ emv/test/sda_test.c\ emv/test/dda_test.c\ emv/test/cda_test.c\ emv/cmdemv.c\ + emv/emv_roca.c \ cmdhf.c \ cmdhflist.c \ cmdhf14a.c \ @@ -155,10 +182,12 @@ CMDSRCS = $(SRC_SMARTCARD) \ cmdhflegic.c \ cmdhficlass.c \ cmdhfmf.c \ + cmdhfmfp.c \ cmdhfmfu.c \ cmdhfmfhard.c \ hardnested/hardnested_bruteforce.c \ cmdhftopaz.c \ + cmdhffido.c \ cmdhw.c \ cmdlf.c \ cmdlfawid.c \ @@ -191,7 +220,8 @@ CMDSRCS = $(SRC_SMARTCARD) \ cmdscript.c\ pm3_binlib.c\ pm3_bitlib.c\ - protocols.c + protocols.c\ + taginfo.c cpu_arch = $(shell uname -m) ifneq ($(findstring 86, $(cpu_arch)), ) @@ -238,15 +268,15 @@ endif BINS = proxmark3 flasher fpga_compress WINBINS = $(patsubst %, %.exe, $(BINS)) -CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h +CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h lualibs/usb_cmd.lua # need to assign dependancies to build these first... -all: lua_build jansson_build $(BINS) +all: lua_build jansson_build mbedtls_build cbor_build $(BINS) all-static: LDLIBS:=-static $(LDLIBS) all-static: proxmark3 flasher fpga_compress -proxmark3: LDLIBS+=$(LUALIB) $(JANSSONLIB) $(QTLDLIBS) +proxmark3: LDLIBS+=$(LUALIB) $(JANSSONLIB) $(MBEDTLSLIB) $(CBORLIB) $(QTLDLIBS) $(PCSC_LIBS) proxmark3: $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) lualibs/usb_cmd.lua $(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(LDLIBS) -o $@ @@ -270,7 +300,9 @@ lualibs/usb_cmd.lua: ../include/usb_cmd.h clean: $(RM) $(CLEAN) cd ../liblua && make clean - cd ./jansson && make clean + cd $(JANSSONLIBPATH) && make clean + cd $(MBEDTLSLIBPATH) && make clean + cd $(CBORLIBPATH) && make clean tarbin: $(BINS) $(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(BINS:%=client/%) $(WINBINS:%=client/%) @@ -281,8 +313,16 @@ lua_build: jansson_build: @echo Compiling jansson - cd ./jansson && make all - + cd $(JANSSONLIBPATH) && make all + +mbedtls_build: + @echo Compiling mbedtls + cd $(MBEDTLSLIBPATH) && make all + +cbor_build: + @echo Compiling tinycbor + cd $(CBORLIBPATH) && make all + .PHONY: all clean $(OBJDIR)/%_NOSIMD.o : %.c $(OBJDIR)/%.d @@ -305,7 +345,7 @@ $(OBJDIR)/%_AVX512.o : %.c $(OBJDIR)/%.d %.o: %.c $(OBJDIR)/%.o : %.c $(OBJDIR)/%.d - $(CC) $(DEPFLAGS) $(CFLAGS) $(ZLIBFLAGS) -c -o $@ $< + $(CC) $(DEPFLAGS) $(CFLAGS) $(ZLIBFLAGS) $(PCSC_INCLUDES) -c -o $@ $< $(POSTCOMPILE) %.o: %.cpp diff --git a/client/cliparser/argtable3.c b/client/cliparser/argtable3.c index f70f68c7..dfcc9c19 100644 --- a/client/cliparser/argtable3.c +++ b/client/cliparser/argtable3.c @@ -30,19 +30,14 @@ #include "argtable3.h" -// On Windows isspace crashes app in case of using Unicode character set and string to be above ASCII -// so you have to use _istspace instead of space -#ifdef UNICODE -#include - #define ISSPACE _istspace -#else - #define ISSPACE isspace -#endif +#define ARG_AMALGAMATION /******************************************************************************* + * argtable3_private: Declares private types, constants, and interfaces + * * This file is part of the argtable3 library. * - * Copyright (C) 2013 Tom G. Huang + * Copyright (C) 2013-2019 Tom G. Huang * * All rights reserved. * @@ -72,6 +67,8 @@ #ifndef ARG_UTILS_H #define ARG_UTILS_H +#include + #define ARG_ENABLE_TRACE 0 #define ARG_ENABLE_LOG 1 @@ -79,56 +76,199 @@ extern "C" { #endif -enum -{ - EMINCOUNT = 1, - EMAXCOUNT, - EBADINT, - // The same name define EOVERFLOW in errno.h on windows platform -#ifdef __STDC_WANT_SECURE_LIB__ - EOVERFLOW_, -#else - EOVERFLOW, -#endif - EBADDOUBLE, - EBADDATE, - EREGNOMATCH -}; +enum { ARG_ERR_MINCOUNT = 1, ARG_ERR_MAXCOUNT, ARG_ERR_BADINT, ARG_ERR_OVERFLOW, ARG_ERR_BADDOUBLE, ARG_ERR_BADDATE, ARG_ERR_REGNOMATCH }; +typedef void(arg_panicfn)(const char* fmt, ...); #if defined(_MSC_VER) -#define ARG_TRACE(x) \ - __pragma(warning(push)) \ - __pragma(warning(disable:4127)) \ - do { if (ARG_ENABLE_TRACE) dbg_printf x; } while (0) \ +#define ARG_TRACE(x) \ + __pragma(warning(push)) __pragma(warning(disable : 4127)) do { \ + if (ARG_ENABLE_TRACE) \ + dbg_printf x; \ + } \ + while (0) \ __pragma(warning(pop)) -#define ARG_LOG(x) \ - __pragma(warning(push)) \ - __pragma(warning(disable:4127)) \ - do { if (ARG_ENABLE_LOG) dbg_printf x; } while (0) \ +#define ARG_LOG(x) \ + __pragma(warning(push)) __pragma(warning(disable : 4127)) do { \ + if (ARG_ENABLE_LOG) \ + dbg_printf x; \ + } \ + while (0) \ __pragma(warning(pop)) #else -#define ARG_TRACE(x) \ - do { if (ARG_ENABLE_TRACE) dbg_printf x; } while (0) +#define ARG_TRACE(x) \ + do { \ + if (ARG_ENABLE_TRACE) \ + dbg_printf x; \ + } while (0) -#define ARG_LOG(x) \ - do { if (ARG_ENABLE_LOG) dbg_printf x; } while (0) -#endif +#define ARG_LOG(x) \ + do { \ + if (ARG_ENABLE_LOG) \ + dbg_printf x; \ + } while (0) +#endif -extern void dbg_printf(const char *fmt, ...); +extern void dbg_printf(const char* fmt, ...); +extern void arg_set_panic(arg_panicfn* proc); +extern void* xmalloc(size_t size); +extern void* xcalloc(size_t count, size_t size); +extern void* xrealloc(void* ptr, size_t size); +extern void xfree(void* ptr); + +struct arg_hashtable_entry { + void *k, *v; + unsigned int h; + struct arg_hashtable_entry* next; +}; + +typedef struct arg_hashtable { + unsigned int tablelength; + struct arg_hashtable_entry** table; + unsigned int entrycount; + unsigned int loadlimit; + unsigned int primeindex; + unsigned int (*hashfn)(const void* k); + int (*eqfn)(const void* k1, const void* k2); +} arg_hashtable_t; + +/** + * @brief Create a hash table. + * + * @param minsize minimum initial size of hash table + * @param hashfn function for hashing keys + * @param eqfn function for determining key equality + * @return newly created hash table or NULL on failure + */ +arg_hashtable_t* arg_hashtable_create(unsigned int minsize, unsigned int (*hashfn)(const void*), int (*eqfn)(const void*, const void*)); + +/** + * @brief This function will cause the table to expand if the insertion would take + * the ratio of entries to table size over the maximum load factor. + * + * This function does not check for repeated insertions with a duplicate key. + * The value returned when using a duplicate key is undefined -- when + * the hash table changes size, the order of retrieval of duplicate key + * entries is reversed. + * If in doubt, remove before insert. + * + * @param h the hash table to insert into + * @param k the key - hash table claims ownership and will free on removal + * @param v the value - does not claim ownership + * @return non-zero for successful insertion + */ +void arg_hashtable_insert(arg_hashtable_t* h, void* k, void* v); + +#define ARG_DEFINE_HASHTABLE_INSERT(fnname, keytype, valuetype) \ + int fnname(arg_hashtable_t* h, keytype* k, valuetype* v) { return arg_hashtable_insert(h, k, v); } + +/** + * @brief Search the specified key in the hash table. + * + * @param h the hash table to search + * @param k the key to search for - does not claim ownership + * @return the value associated with the key, or NULL if none found + */ +void* arg_hashtable_search(arg_hashtable_t* h, const void* k); + +#define ARG_DEFINE_HASHTABLE_SEARCH(fnname, keytype, valuetype) \ + valuetype* fnname(arg_hashtable_t* h, keytype* k) { return (valuetype*)(arg_hashtable_search(h, k)); } + +/** + * @brief Remove the specified key from the hash table. + * + * @param h the hash table to remove the item from + * @param k the key to search for - does not claim ownership + */ +void arg_hashtable_remove(arg_hashtable_t* h, const void* k); + +#define ARG_DEFINE_HASHTABLE_REMOVE(fnname, keytype, valuetype) \ + void fnname(arg_hashtable_t* h, keytype* k) { arg_hashtable_remove(h, k); } + +/** + * @brief Return the number of keys in the hash table. + * + * @param h the hash table + * @return the number of items stored in the hash table + */ +unsigned int arg_hashtable_count(arg_hashtable_t* h); + +/** + * @brief Change the value associated with the key. + * + * function to change the value associated with a key, where there already + * exists a value bound to the key in the hash table. + * Source due to Holger Schemel. + * + * @name hashtable_change + * @param h the hash table + * @param key + * @param value + */ +int arg_hashtable_change(arg_hashtable_t* h, void* k, void* v); + +/** + * @brief Free the hash table and the memory allocated for each key-value pair. + * + * @param h the hash table + * @param free_values whether to call 'free' on the remaining values + */ +void arg_hashtable_destroy(arg_hashtable_t* h, int free_values); + +typedef struct arg_hashtable_itr { + arg_hashtable_t* h; + struct arg_hashtable_entry* e; + struct arg_hashtable_entry* parent; + unsigned int index; +} arg_hashtable_itr_t; + +arg_hashtable_itr_t* arg_hashtable_itr_create(arg_hashtable_t* h); + +void arg_hashtable_itr_destroy(arg_hashtable_itr_t* itr); + +/** + * @brief Return the value of the (key,value) pair at the current position. + */ +extern void* arg_hashtable_itr_key(arg_hashtable_itr_t* i); + +/** + * @brief Return the value of the (key,value) pair at the current position. + */ +extern void* arg_hashtable_itr_value(arg_hashtable_itr_t* i); + +/** + * @brief Advance the iterator to the next element. Returns zero if advanced to end of table. + */ +int arg_hashtable_itr_advance(arg_hashtable_itr_t* itr); + +/** + * @brief Remove current element and advance the iterator to the next element. + */ +int arg_hashtable_itr_remove(arg_hashtable_itr_t* itr); + +/** + * @brief Search and overwrite the supplied iterator, to point to the entry matching the supplied key. + * + * @return Zero if not found. + */ +int arg_hashtable_itr_search(arg_hashtable_itr_t* itr, arg_hashtable_t* h, void* k); + +#define ARG_DEFINE_HASHTABLE_ITERATOR_SEARCH(fnname, keytype) \ + int fnname(arg_hashtable_itr_t* i, arg_hashtable_t* h, keytype* k) { return (arg_hashtable_iterator_search(i, h, k)); } #ifdef __cplusplus } #endif #endif - /******************************************************************************* + * arg_utils: Implements memory, panic, and other utility functions + * * This file is part of the argtable3 library. * - * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann - * + * Copyright (C) 2013-2019 Tom G. Huang + * * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -154,18 +294,914 @@ extern void dbg_printf(const char *fmt, ...); * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ +#include "argtable3.h" + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + #include #include +#include +#include +static void panic(const char* fmt, ...); +static arg_panicfn* s_panic = panic; -void dbg_printf(const char *fmt, ...) -{ +void dbg_printf(const char* fmt, ...) { va_list args; va_start(args, fmt); vfprintf(stderr, fmt, args); va_end(args); } +static void panic(const char* fmt, ...) { + va_list args; + char* s; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable : 4996) +#endif + s = getenv("EF_DUMPCORE"); +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + if (s != NULL && *s != '\0') { + abort(); + } else { + exit(EXIT_FAILURE); + } +} + +void arg_set_panic(arg_panicfn* proc) { + s_panic = proc; +} + +void* xmalloc(size_t size) { + void* ret = malloc(size); + if (!ret) { + s_panic("Out of memory!\n"); + } + return ret; +} + +void* xcalloc(size_t count, size_t size) { + size_t allocated_count = count && size ? count : 1; + size_t allocated_size = count && size ? size : 1; + void* ret = calloc(allocated_count, allocated_size); + if (!ret) { + s_panic("Out of memory!\n"); + } + return ret; +} + +void* xrealloc(void* ptr, size_t size) { + size_t allocated_size = size ? size : 1; + void* ret = realloc(ptr, allocated_size); + if (!ret) { + s_panic("Out of memory!\n"); + } + return ret; +} + +void xfree(void* ptr) { + free(ptr); +} + +static void merge(void* data, int esize, int i, int j, int k, arg_comparefn* comparefn) { + char* a = (char*)data; + char* m; + int ipos, jpos, mpos; + + /* Initialize the counters used in merging. */ + ipos = i; + jpos = j + 1; + mpos = 0; + + /* Allocate storage for the merged elements. */ + m = (char*)xmalloc(esize * ((k - i) + 1)); + + /* Continue while either division has elements to merge. */ + while (ipos <= j || jpos <= k) { + if (ipos > j) { + /* The left division has no more elements to merge. */ + while (jpos <= k) { + memcpy(&m[mpos * esize], &a[jpos * esize], esize); + jpos++; + mpos++; + } + + continue; + } else if (jpos > k) { + /* The right division has no more elements to merge. */ + while (ipos <= j) { + memcpy(&m[mpos * esize], &a[ipos * esize], esize); + ipos++; + mpos++; + } + + continue; + } + + /* Append the next ordered element to the merged elements. */ + if (comparefn(&a[ipos * esize], &a[jpos * esize]) < 0) { + memcpy(&m[mpos * esize], &a[ipos * esize], esize); + ipos++; + mpos++; + } else { + memcpy(&m[mpos * esize], &a[jpos * esize], esize); + jpos++; + mpos++; + } + } + + /* Prepare to pass back the merged data. */ + memcpy(&a[i * esize], m, esize * ((k - i) + 1)); + xfree(m); +} + +void arg_mgsort(void* data, int size, int esize, int i, int k, arg_comparefn* comparefn) { + int j; + + /* Stop the recursion when no more divisions can be made. */ + if (i < k) { + /* Determine where to divide the elements. */ + j = (int)(((i + k - 1)) / 2); + + /* Recursively sort the two divisions. */ + arg_mgsort(data, size, esize, i, j, comparefn); + arg_mgsort(data, size, esize, j + 1, k, comparefn); + merge(data, esize, i, j, k, comparefn); + } +} +/******************************************************************************* + * arg_hashtable: Implements the hash table utilities + * + * This file is part of the argtable3 library. + * + * Copyright (C) 2013-2019 Tom G. Huang + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of STEWART HEITMANN nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL STEWART HEITMANN BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + +#include +#include +#include +#include + +/* + * This hash table module is adapted from the C hash table implementation by + * Christopher Clark. Here is the copyright notice from the library: + * + * Copyright (c) 2002, Christopher Clark + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * * Neither the name of the original author; nor the names of any contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Credit for primes table: Aaron Krowne + * http://br.endernet.org/~akrowne/ + * http://planetmath.org/encyclopedia/GoodHashTablePrimes.html + */ +static const unsigned int primes[] = {53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, + 24593, 49157, 98317, 196613, 393241, 786433, 1572869, 3145739, 6291469, + 12582917, 25165843, 50331653, 100663319, 201326611, 402653189, 805306457, 1610612741}; +const unsigned int prime_table_length = sizeof(primes) / sizeof(primes[0]); +const float max_load_factor = (float)0.65; + +static unsigned int enhanced_hash(arg_hashtable_t* h, const void* k) { + /* + * Aim to protect against poor hash functions by adding logic here. + * The logic is taken from Java 1.4 hash table source. + */ + unsigned int i = h->hashfn(k); + i += ~(i << 9); + i ^= ((i >> 14) | (i << 18)); /* >>> */ + i += (i << 4); + i ^= ((i >> 10) | (i << 22)); /* >>> */ + return i; +} + +static unsigned int index_for(unsigned int tablelength, unsigned int hashvalue) { + return (hashvalue % tablelength); +} + +arg_hashtable_t* arg_hashtable_create(unsigned int minsize, unsigned int (*hashfn)(const void*), int (*eqfn)(const void*, const void*)) { + arg_hashtable_t* h; + unsigned int pindex; + unsigned int size = primes[0]; + + /* Check requested hash table isn't too large */ + if (minsize > (1u << 30)) + return NULL; + + /* + * Enforce size as prime. The reason is to avoid clustering of values + * into a small number of buckets (yes, distribution). A more even + * distributed hash table will perform more consistently. + */ + for (pindex = 0; pindex < prime_table_length; pindex++) { + if (primes[pindex] > minsize) { + size = primes[pindex]; + break; + } + } + + h = (arg_hashtable_t*)xmalloc(sizeof(arg_hashtable_t)); + h->table = (struct arg_hashtable_entry**)xmalloc(sizeof(struct arg_hashtable_entry*) * size); + memset(h->table, 0, size * sizeof(struct arg_hashtable_entry*)); + h->tablelength = size; + h->primeindex = pindex; + h->entrycount = 0; + h->hashfn = hashfn; + h->eqfn = eqfn; + h->loadlimit = (unsigned int)ceil(size * max_load_factor); + return h; +} + +static int arg_hashtable_expand(arg_hashtable_t* h) { + /* Double the size of the table to accommodate more entries */ + struct arg_hashtable_entry** newtable; + struct arg_hashtable_entry* e; + unsigned int newsize; + unsigned int i; + unsigned int index; + + /* Check we're not hitting max capacity */ + if (h->primeindex == (prime_table_length - 1)) + return 0; + newsize = primes[++(h->primeindex)]; + + newtable = (struct arg_hashtable_entry**)xmalloc(sizeof(struct arg_hashtable_entry*) * newsize); + memset(newtable, 0, newsize * sizeof(struct arg_hashtable_entry*)); + /* + * This algorithm is not 'stable': it reverses the list + * when it transfers entries between the tables + */ + for (i = 0; i < h->tablelength; i++) { + while (NULL != (e = h->table[i])) { + h->table[i] = e->next; + index = index_for(newsize, e->h); + e->next = newtable[index]; + newtable[index] = e; + } + } + + xfree(h->table); + h->table = newtable; + h->tablelength = newsize; + h->loadlimit = (unsigned int)ceil(newsize * max_load_factor); + return -1; +} + +unsigned int arg_hashtable_count(arg_hashtable_t* h) { + return h->entrycount; +} + +void arg_hashtable_insert(arg_hashtable_t* h, void* k, void* v) { + /* This method allows duplicate keys - but they shouldn't be used */ + unsigned int index; + struct arg_hashtable_entry* e; + if ((h->entrycount + 1) > h->loadlimit) { + /* + * Ignore the return value. If expand fails, we should + * still try cramming just this value into the existing table + * -- we may not have memory for a larger table, but one more + * element may be ok. Next time we insert, we'll try expanding again. + */ + arg_hashtable_expand(h); + } + e = (struct arg_hashtable_entry*)xmalloc(sizeof(struct arg_hashtable_entry)); + e->h = enhanced_hash(h, k); + index = index_for(h->tablelength, e->h); + e->k = k; + e->v = v; + e->next = h->table[index]; + h->table[index] = e; + h->entrycount++; +} + +void* arg_hashtable_search(arg_hashtable_t* h, const void* k) { + struct arg_hashtable_entry* e; + unsigned int hashvalue; + unsigned int index; + + hashvalue = enhanced_hash(h, k); + index = index_for(h->tablelength, hashvalue); + e = h->table[index]; + while (e != NULL) { + /* Check hash value to short circuit heavier comparison */ + if ((hashvalue == e->h) && (h->eqfn(k, e->k))) + return e->v; + e = e->next; + } + return NULL; +} + +void arg_hashtable_remove(arg_hashtable_t* h, const void* k) { + /* + * TODO: consider compacting the table when the load factor drops enough, + * or provide a 'compact' method. + */ + + struct arg_hashtable_entry* e; + struct arg_hashtable_entry** pE; + unsigned int hashvalue; + unsigned int index; + + hashvalue = enhanced_hash(h, k); + index = index_for(h->tablelength, hashvalue); + pE = &(h->table[index]); + e = *pE; + while (NULL != e) { + /* Check hash value to short circuit heavier comparison */ + if ((hashvalue == e->h) && (h->eqfn(k, e->k))) { + *pE = e->next; + h->entrycount--; + xfree(e->k); + xfree(e->v); + xfree(e); + return; + } + pE = &(e->next); + e = e->next; + } +} + +void arg_hashtable_destroy(arg_hashtable_t* h, int free_values) { + unsigned int i; + struct arg_hashtable_entry *e, *f; + struct arg_hashtable_entry** table = h->table; + if (free_values) { + for (i = 0; i < h->tablelength; i++) { + e = table[i]; + while (NULL != e) { + f = e; + e = e->next; + xfree(f->k); + xfree(f->v); + xfree(f); + } + } + } else { + for (i = 0; i < h->tablelength; i++) { + e = table[i]; + while (NULL != e) { + f = e; + e = e->next; + xfree(f->k); + xfree(f); + } + } + } + xfree(h->table); + xfree(h); +} + +arg_hashtable_itr_t* arg_hashtable_itr_create(arg_hashtable_t* h) { + unsigned int i; + unsigned int tablelength; + + arg_hashtable_itr_t* itr = (arg_hashtable_itr_t*)xmalloc(sizeof(arg_hashtable_itr_t)); + itr->h = h; + itr->e = NULL; + itr->parent = NULL; + tablelength = h->tablelength; + itr->index = tablelength; + if (0 == h->entrycount) + return itr; + + for (i = 0; i < tablelength; i++) { + if (h->table[i] != NULL) { + itr->e = h->table[i]; + itr->index = i; + break; + } + } + return itr; +} + +void arg_hashtable_itr_destroy(arg_hashtable_itr_t* itr) { + xfree(itr); +} + +void* arg_hashtable_itr_key(arg_hashtable_itr_t* i) { + return i->e->k; +} + +void* arg_hashtable_itr_value(arg_hashtable_itr_t* i) { + return i->e->v; +} + +int arg_hashtable_itr_advance(arg_hashtable_itr_t* itr) { + unsigned int j; + unsigned int tablelength; + struct arg_hashtable_entry** table; + struct arg_hashtable_entry* next; + + if (itr->e == NULL) + return 0; /* stupidity check */ + + next = itr->e->next; + if (NULL != next) { + itr->parent = itr->e; + itr->e = next; + return -1; + } + + tablelength = itr->h->tablelength; + itr->parent = NULL; + if (tablelength <= (j = ++(itr->index))) { + itr->e = NULL; + return 0; + } + + table = itr->h->table; + while (NULL == (next = table[j])) { + if (++j >= tablelength) { + itr->index = tablelength; + itr->e = NULL; + return 0; + } + } + + itr->index = j; + itr->e = next; + return -1; +} + +int arg_hashtable_itr_remove(arg_hashtable_itr_t* itr) { + struct arg_hashtable_entry* remember_e; + struct arg_hashtable_entry* remember_parent; + int ret; + + /* Do the removal */ + if ((itr->parent) == NULL) { + /* element is head of a chain */ + itr->h->table[itr->index] = itr->e->next; + } else { + /* element is mid-chain */ + itr->parent->next = itr->e->next; + } + /* itr->e is now outside the hashtable */ + remember_e = itr->e; + itr->h->entrycount--; + xfree(remember_e->k); + xfree(remember_e->v); + + /* Advance the iterator, correcting the parent */ + remember_parent = itr->parent; + ret = arg_hashtable_itr_advance(itr); + if (itr->parent == remember_e) { + itr->parent = remember_parent; + } + xfree(remember_e); + return ret; +} + +int arg_hashtable_itr_search(arg_hashtable_itr_t* itr, arg_hashtable_t* h, void* k) { + struct arg_hashtable_entry* e; + struct arg_hashtable_entry* parent; + unsigned int hashvalue; + unsigned int index; + + hashvalue = enhanced_hash(h, k); + index = index_for(h->tablelength, hashvalue); + + e = h->table[index]; + parent = NULL; + while (e != NULL) { + /* Check hash value to short circuit heavier comparison */ + if ((hashvalue == e->h) && (h->eqfn(k, e->k))) { + itr->index = index; + itr->e = e; + itr->parent = parent; + itr->h = h; + return -1; + } + parent = e; + e = e->next; + } + return 0; +} + +int arg_hashtable_change(arg_hashtable_t* h, void* k, void* v) { + struct arg_hashtable_entry* e; + unsigned int hashvalue; + unsigned int index; + + hashvalue = enhanced_hash(h, k); + index = index_for(h->tablelength, hashvalue); + e = h->table[index]; + while (e != NULL) { + /* Check hash value to short circuit heavier comparison */ + if ((hashvalue == e->h) && (h->eqfn(k, e->k))) { + xfree(e->v); + e->v = v; + return -1; + } + e = e->next; + } + return 0; +} +/******************************************************************************* + * arg_dstr: Implements the dynamic string utilities + * + * This file is part of the argtable3 library. + * + * Copyright (C) 2013-2019 Tom G. Huang + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of STEWART HEITMANN nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL STEWART HEITMANN BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ + +#include "argtable3.h" + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + +#include +#include +#include + +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable : 4996) +#endif + +#define START_VSNBUFF 16 + +/* + * This dynamic string module is adapted from TclResult.c in the Tcl library. + * Here is the copyright notice from the library: + * + * This software is copyrighted by the Regents of the University of + * California, Sun Microsystems, Inc., Scriptics Corporation, ActiveState + * Corporation and other parties. The following terms apply to all files + * associated with the software unless explicitly disclaimed in + * individual files. + * + * The authors hereby grant permission to use, copy, modify, distribute, + * and license this software and its documentation for any purpose, provided + * that existing copyright notices are retained in all copies and that this + * notice is included verbatim in any distributions. No written agreement, + * license, or royalty fee is required for any of the authorized uses. + * Modifications to this software may be copyrighted by their authors + * and need not follow the licensing terms described here, provided that + * the new terms are clearly indicated on the first page of each file where + * they apply. + * + * IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY + * FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES + * ARISING OUT OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, OR ANY + * DERIVATIVES THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ANY WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS SOFTWARE + * IS PROVIDED ON AN "AS IS" BASIS, AND THE AUTHORS AND DISTRIBUTORS HAVE + * NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR + * MODIFICATIONS. + * + * GOVERNMENT USE: If you are acquiring this software on behalf of the + * U.S. government, the Government shall have only "Restricted Rights" + * in the software and related documentation as defined in the Federal + * Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2). If you + * are acquiring the software on behalf of the Department of Defense, the + * software shall be classified as "Commercial Computer Software" and the + * Government shall have only "Restricted Rights" as defined in Clause + * 252.227-7014 (b) (3) of DFARs. Notwithstanding the foregoing, the + * authors grant the U.S. Government and others acting in its behalf + * permission to use and distribute the software in accordance with the + * terms specified in this license. + */ + +typedef struct _internal_arg_dstr { + char* data; + arg_dstr_freefn* free_proc; + char sbuf[ARG_DSTR_SIZE + 1]; + char* append_data; + int append_data_size; + int append_used; +} _internal_arg_dstr_t; + +static void setup_append_buf(arg_dstr_t res, int newSpace); + +arg_dstr_t arg_dstr_create(void) { + _internal_arg_dstr_t* h = (_internal_arg_dstr_t*)xmalloc(sizeof(_internal_arg_dstr_t)); + memset(h, 0, sizeof(_internal_arg_dstr_t)); + h->sbuf[0] = 0; + h->data = h->sbuf; + h->free_proc = ARG_DSTR_STATIC; + return h; +} + +void arg_dstr_destroy(arg_dstr_t ds) { + if (ds == NULL) + return; + + arg_dstr_reset(ds); + xfree(ds); + return; +} + +void arg_dstr_set(arg_dstr_t ds, char* str, arg_dstr_freefn* free_proc) { + int length; + register arg_dstr_freefn* old_free_proc = ds->free_proc; + char* old_result = ds->data; + + if (str == NULL) { + ds->sbuf[0] = 0; + ds->data = ds->sbuf; + ds->free_proc = ARG_DSTR_STATIC; + } else if (free_proc == ARG_DSTR_VOLATILE) { + length = (int)strlen(str); + if (length > ARG_DSTR_SIZE) { + ds->data = (char*)xmalloc((unsigned)length + 1); + ds->free_proc = ARG_DSTR_DYNAMIC; + } else { + ds->data = ds->sbuf; + ds->free_proc = ARG_DSTR_STATIC; + } + strcpy(ds->data, str); + } else { + ds->data = str; + ds->free_proc = free_proc; + } + + /* + * If the old result was dynamically-allocated, free it up. Do it here, + * rather than at the beginning, in case the new result value was part of + * the old result value. + */ + + if ((old_free_proc != 0) && (old_result != ds->data)) { + if (old_free_proc == ARG_DSTR_DYNAMIC) { + xfree(old_result); + } else { + (*old_free_proc)(old_result); + } + } + + if ((ds->append_data != NULL) && (ds->append_data_size > 0)) { + xfree(ds->append_data); + ds->append_data = NULL; + ds->append_data_size = 0; + } +} + +char* arg_dstr_cstr(arg_dstr_t ds) /* Interpreter whose result to return. */ +{ + return ds->data; +} + +void arg_dstr_cat(arg_dstr_t ds, const char* str) { + setup_append_buf(ds, (int)strlen(str) + 1); + memcpy(ds->data + strlen(ds->data), str, strlen(str)); +} + +void arg_dstr_catc(arg_dstr_t ds, char c) { + setup_append_buf(ds, 2); + memcpy(ds->data + strlen(ds->data), &c, 1); +} + +/* + * The logic of the `arg_dstr_catf` function is adapted from the `bformat` + * function in The Better String Library by Paul Hsieh. Here is the copyright + * notice from the library: + * + * Copyright (c) 2014, Paul Hsieh + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * * Neither the name of bstrlib nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +void arg_dstr_catf(arg_dstr_t ds, const char* fmt, ...) { + va_list arglist; + char* buff; + int n, r; + size_t slen; + + if (fmt == NULL) + return; + + /* Since the length is not determinable beforehand, a search is + performed using the truncating "vsnprintf" call (to avoid buffer + overflows) on increasing potential sizes for the output result. */ + + if ((n = (int)(2 * strlen(fmt))) < START_VSNBUFF) + n = START_VSNBUFF; + + buff = (char*)xmalloc(n + 2); + memset(buff, 0, n + 2); + + for (;;) { + va_start(arglist, fmt); + r = vsnprintf(buff, n + 1, fmt, arglist); + va_end(arglist); + + slen = strlen(buff); + if (slen < (size_t)n) + break; + + if (r > n) + n = r; + else + n += n; + + xfree(buff); + buff = (char*)xmalloc(n + 2); + memset(buff, 0, n + 2); + } + + arg_dstr_cat(ds, buff); + xfree(buff); +} + +static void setup_append_buf(arg_dstr_t ds, int new_space) { + int total_space; + + /* + * Make the append buffer larger, if that's necessary, then copy the + * data into the append buffer and make the append buffer the official + * data. + */ + if (ds->data != ds->append_data) { + /* + * If the buffer is too big, then free it up so we go back to a + * smaller buffer. This avoids tying up memory forever after a large + * operation. + */ + if (ds->append_data_size > 500) { + xfree(ds->append_data); + ds->append_data = NULL; + ds->append_data_size = 0; + } + ds->append_used = (int)strlen(ds->data); + } else if (ds->data[ds->append_used] != 0) { + /* + * Most likely someone has modified a result created by + * arg_dstr_cat et al. so that it has a different size. Just + * recompute the size. + */ + ds->append_used = (int)strlen(ds->data); + } + + total_space = new_space + ds->append_used; + if (total_space >= ds->append_data_size) { + char* newbuf; + + if (total_space < 100) { + total_space = 200; + } else { + total_space *= 2; + } + newbuf = (char*)xmalloc((unsigned)total_space); + memset(newbuf, 0, total_space); + strcpy(newbuf, ds->data); + if (ds->append_data != NULL) { + xfree(ds->append_data); + } + ds->append_data = newbuf; + ds->append_data_size = total_space; + } else if (ds->data != ds->append_data) { + strcpy(ds->append_data, ds->data); + } + + arg_dstr_free(ds); + ds->data = ds->append_data; +} + +void arg_dstr_free(arg_dstr_t ds) { + if (ds->free_proc != NULL) { + if (ds->free_proc == ARG_DSTR_DYNAMIC) { + xfree(ds->data); + } else { + (*ds->free_proc)(ds->data); + } + ds->free_proc = NULL; + } +} + +void arg_dstr_reset(arg_dstr_t ds) { + arg_dstr_free(ds); + if ((ds->append_data != NULL) && (ds->append_data_size > 0)) { + xfree(ds->append_data); + ds->append_data = NULL; + ds->append_data_size = 0; + } + + ds->data = ds->sbuf; + ds->sbuf[0] = 0; +} + +#if defined(_MSC_VER) +#pragma warning(pop) +#endif /* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ /* $FreeBSD$ */ @@ -200,11 +1236,11 @@ void dbg_printf(const char *fmt, ...) * POSSIBILITY OF SUCH DAMAGE. */ +#if ARG_REPLACE_GETOPT == 1 + #ifndef _GETOPT_H_ #define _GETOPT_H_ -#include - /* * GNU-like getopt_long()/getopt_long_only() with 4.4BSD optreset extension. * getopt() is declared here too for GNU programs. @@ -227,14 +1263,17 @@ struct option { int val; }; -__BEGIN_DECLS +#ifdef __cplusplus +extern "C" { +#endif + int getopt_long(int, char * const *, const char *, const struct option *, int *); int getopt_long_only(int, char * const *, const char *, const struct option *, int *); #ifndef _GETOPT_DECLARED #define _GETOPT_DECLARED -int getopt(int, char * const [], const char *); +int getopt(int, char * const [], const char *); extern char *optarg; /* getopt(3) external variables */ extern int optind, opterr, optopt; @@ -243,11 +1282,15 @@ extern int optind, opterr, optopt; #define _OPTRESET_DECLARED extern int optreset; /* getopt(3) external variable */ #endif -__END_DECLS - + +#ifdef __cplusplus +} +#endif + #endif /* !_GETOPT_H_ */ -/* $Id: getopt_long.c,v 1.1 2009/10/16 19:50:28 rodney Exp rodney $ */ -/* $OpenBSD: getopt_long.c,v 1.23 2007/10/31 12:34:57 chl Exp $ */ + +#endif /* ARG_REPLACE_GETOPT == 1 */ +/* $OpenBSD: getopt_long.c,v 1.26 2013/06/08 22:47:56 millert Exp $ */ /* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ /* @@ -269,9 +1312,6 @@ __END_DECLS * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ - -// $Id: getopt_long.c,v 1.1 2009/10/16 19:50:28 rodney Exp rodney $" - /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. @@ -301,23 +1341,25 @@ __END_DECLS * POSSIBILITY OF SUCH DAMAGE. */ -#if 0 -#include +#include "argtable3.h" + +#if ARG_REPLACE_GETOPT == 1 + +#ifndef ARG_AMALGAMATION +#include "arg_getopt.h" #endif + #include #include #include +#define GNU_COMPATIBLE /* Be more compatible, configure's use us! */ -#define REPLACE_GETOPT /* use this getopt as the system getopt(3) */ - -#ifdef REPLACE_GETOPT int opterr = 1; /* if error message should be printed */ int optind = 1; /* index into parent argv vector */ -int optopt = '?'; /* character checked for validity */ +int optopt = '?'; /* character checked for validity */ int optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ -#endif +char *optarg; /* argument associated with option */ #define PRINT_ERROR ((opterr) && (*options != ':')) @@ -332,10 +1374,17 @@ char *optarg; /* argument associated with option */ #define EMSG "" +#ifdef GNU_COMPATIBLE +#define NO_PREFIX (-1) +#define D_PREFIX 0 +#define DD_PREFIX 1 +#define W_PREFIX 2 +#endif + static int getopt_internal(int, char * const *, const char *, const struct option *, int *, int); static int parse_long_options(char * const *, const char *, - const struct option *, int *, int); + const struct option *, int *, int, int); static int gcd(int, int); static void permute_args(int, int, int, char * const *); @@ -347,57 +1396,67 @@ static int nonopt_end = -1; /* first option after non options (for permute) */ /* Error messages */ static const char recargchar[] = "option requires an argument -- %c"; +static const char illoptchar[] = "illegal option -- %c"; /* From P1003.2 */ +#ifdef GNU_COMPATIBLE +static int dash_prefix = NO_PREFIX; +static const char gnuoptchar[] = "invalid option -- %c"; + +static const char recargstring[] = "option `%s%s' requires an argument"; +static const char ambig[] = "option `%s%.*s' is ambiguous"; +static const char noarg[] = "option `%s%.*s' doesn't allow an argument"; +static const char illoptstring[] = "unrecognized option `%s%s'"; +#else static const char recargstring[] = "option requires an argument -- %s"; static const char ambig[] = "ambiguous option -- %.*s"; static const char noarg[] = "option doesn't take an argument -- %.*s"; -static const char illoptchar[] = "unknown option -- %c"; static const char illoptstring[] = "unknown option -- %s"; - - +#endif #ifdef _WIN32 -/* Windows needs warnx(). We change the definition though: +/* + * Windows needs warnx(). We change the definition though: * 1. (another) global is defined, opterrmsg, which holds the error message * 2. errors are always printed out on stderr w/o the program name * Note that opterrmsg always gets set no matter what opterr is set to. The * error message will not be printed if opterr is 0 as usual. */ -#include #include +#include -#define MAX_OPTER_MSG_SIZE 128 +#define MAX_OPTERRMSG_SIZE 128 -extern char opterrmsg[MAX_OPTER_MSG_SIZE]; -char opterrmsg[MAX_OPTER_MSG_SIZE]; /* buffer for the last error message */ +extern char opterrmsg[MAX_OPTERRMSG_SIZE]; +char opterrmsg[MAX_OPTERRMSG_SIZE]; /* buffer for the last error message */ + +static void warnx(const char* fmt, ...) { + va_list ap; + va_start(ap, fmt); -static void warnx(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); /* - Make sure opterrmsg is always zero-terminated despite the _vsnprintf() - implementation specifics and manually suppress the warning. - */ - memset(opterrmsg, 0, sizeof opterrmsg); - if (fmt != NULL) -#ifdef __STDC_WANT_SECURE_LIB__ - _vsnprintf_s(opterrmsg, MAX_OPTER_MSG_SIZE, sizeof(opterrmsg) - 1, fmt, ap); + * Make sure opterrmsg is always zero-terminated despite the _vsnprintf() + * implementation specifics and manually suppress the warning. + */ + memset(opterrmsg, 0, sizeof(opterrmsg)); + if (fmt != NULL) +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + _vsnprintf_s(opterrmsg, sizeof(opterrmsg), sizeof(opterrmsg) - 1, fmt, ap); #else _vsnprintf(opterrmsg, sizeof(opterrmsg) - 1, fmt, ap); #endif - va_end(ap); -#pragma warning(suppress: 6053) - fprintf(stderr, "%s\n", opterrmsg); + va_end(ap); + +#ifdef _MSC_VER +#pragma warning(suppress : 6053) +#endif + fprintf(stderr, "%s\n", opterrmsg); } #else #include #endif /*_WIN32*/ - - /* * Compute the greatest common divisor of a and b. */ @@ -460,14 +1519,35 @@ permute_args(int panonopt_start, int panonopt_end, int opt_end, */ static int parse_long_options(char * const *nargv, const char *options, - const struct option *long_options, int *idx, int short_too) + const struct option *long_options, int *idx, int short_too, int flags) { char *current_argv, *has_equal; +#ifdef GNU_COMPATIBLE + char *current_dash; +#endif size_t current_argv_len; - int i, match; + int i, match, exact_match, second_partial_match; current_argv = place; +#ifdef GNU_COMPATIBLE + switch (dash_prefix) { + case D_PREFIX: + current_dash = "-"; + break; + case DD_PREFIX: + current_dash = "--"; + break; + case W_PREFIX: + current_dash = "-W "; + break; + default: + current_dash = ""; + break; + } +#endif match = -1; + exact_match = 0; + second_partial_match = 0; optind++; @@ -487,6 +1567,7 @@ parse_long_options(char * const *nargv, const char *options, if (strlen(long_options[i].name) == current_argv_len) { /* exact match */ match = i; + exact_match = 1; break; } /* @@ -496,22 +1577,36 @@ parse_long_options(char * const *nargv, const char *options, if (short_too && current_argv_len == 1) continue; - if (match == -1) /* partial match */ + if (match == -1) /* first partial match */ match = i; - else { - /* ambiguous abbreviation */ - if (PRINT_ERROR) - warnx(ambig, (int)current_argv_len, - current_argv); - optopt = 0; - return (BADCH); - } + else if ((flags & FLAG_LONGONLY) || + long_options[i].has_arg != + long_options[match].has_arg || + long_options[i].flag != long_options[match].flag || + long_options[i].val != long_options[match].val) + second_partial_match = 1; + } + if (!exact_match && second_partial_match) { + /* ambiguous abbreviation */ + if (PRINT_ERROR) + warnx(ambig, +#ifdef GNU_COMPATIBLE + current_dash, +#endif + (int)current_argv_len, + current_argv); + optopt = 0; + return (BADCH); } if (match != -1) { /* option found */ if (long_options[match].has_arg == no_argument && has_equal) { if (PRINT_ERROR) - warnx(noarg, (int)current_argv_len, + warnx(noarg, +#ifdef GNU_COMPATIBLE + current_dash, +#endif + (int)current_argv_len, current_argv); /* * XXX: GNU sets optopt to val regardless of flag @@ -520,7 +1615,11 @@ parse_long_options(char * const *nargv, const char *options, optopt = long_options[match].val; else optopt = 0; +#ifdef GNU_COMPATIBLE + return (BADCH); +#else return (BADARG); +#endif } if (long_options[match].has_arg == required_argument || long_options[match].has_arg == optional_argument) { @@ -542,6 +1641,9 @@ parse_long_options(char * const *nargv, const char *options, */ if (PRINT_ERROR) warnx(recargstring, +#ifdef GNU_COMPATIBLE + current_dash, +#endif current_argv); /* * XXX: GNU sets optopt to val regardless of flag @@ -559,7 +1661,11 @@ parse_long_options(char * const *nargv, const char *options, return (-1); } if (PRINT_ERROR) - warnx(illoptstring, current_argv); + warnx(illoptstring, +#ifdef GNU_COMPATIBLE + current_dash, +#endif + current_argv); optopt = 0; return (BADCH); } @@ -583,39 +1689,10 @@ getopt_internal(int nargc, char * const *nargv, const char *options, char *oli; /* option letter list index */ int optchar, short_too; static int posixly_correct = -1; -#ifdef __STDC_WANT_SECURE_LIB__ - char* buffer = NULL; - size_t buffer_size = 0; - errno_t err = 0; -#endif if (options == NULL) return (-1); - /* - * Disable GNU extensions if POSIXLY_CORRECT is set or options - * string begins with a '+'. - */ - -#ifdef __STDC_WANT_SECURE_LIB__ - if (posixly_correct == -1) { - err = _dupenv_s(&buffer, &buffer_size, "POSIXLY_CORRECT") == 0; - posixly_correct = buffer != NULL; - if(buffer != NULL && err == 0) { - free(buffer); - } - } -#else - if (posixly_correct == -1) - posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); -#endif - if (posixly_correct || *options == '+') - flags &= ~FLAG_PERMUTE; - else if (*options == '-') - flags |= FLAG_ALLARGS; - if (*options == '+' || *options == '-') - options++; - /* * XXX Some GNU programs (like cvs) set optind to 0 instead of * XXX using optreset. Work around this braindamage. @@ -623,6 +1700,27 @@ getopt_internal(int nargc, char * const *nargv, const char *options, if (optind == 0) optind = optreset = 1; + /* + * Disable GNU extensions if POSIXLY_CORRECT is set or options + * string begins with a '+'. + */ + if (posixly_correct == -1 || optreset) { +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + size_t requiredSize; + getenv_s(&requiredSize, NULL, 0, "POSIXLY_CORRECT"); + posixly_correct = requiredSize != 0; +#else + posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); +#endif + } + + if (*options == '-') + flags |= FLAG_ALLARGS; + else if (posixly_correct || *options == '+') + flags &= ~FLAG_PERMUTE; + if (*options == '+' || *options == '-') + options++; + optarg = NULL; if (optreset) nonopt_start = nonopt_end = -1; @@ -648,7 +1746,11 @@ start: return (-1); } if (*(place = nargv[optind]) != '-' || +#ifdef GNU_COMPATIBLE + place[1] == '\0') { +#else (place[1] == '\0' && strchr(options, '-') == NULL)) { +#endif place = EMSG; /* found non-option */ if (flags & FLAG_ALLARGS) { /* @@ -711,13 +1813,21 @@ start: if (long_options != NULL && place != nargv[optind] && (*place == '-' || (flags & FLAG_LONGONLY))) { short_too = 0; - if (*place == '-') +#ifdef GNU_COMPATIBLE + dash_prefix = D_PREFIX; +#endif + if (*place == '-') { place++; /* --foo long option */ - else if (*place != ':' && strchr(options, *place) != NULL) + if (*place == '\0') + return (BADARG); /* malformed option */ +#ifdef GNU_COMPATIBLE + dash_prefix = DD_PREFIX; +#endif + } else if (*place != ':' && strchr(options, *place) != NULL) short_too = 1; /* could be short option too */ optchar = parse_long_options(nargv, options, long_options, - idx, short_too); + idx, short_too, flags); if (optchar != -1) { place = EMSG; return (optchar); @@ -736,8 +1846,14 @@ start: return (-1); if (!*place) ++optind; +#ifdef GNU_COMPATIBLE + if (PRINT_ERROR) + warnx(posixly_correct ? illoptchar : gnuoptchar, + optchar); +#else if (PRINT_ERROR) warnx(illoptchar, optchar); +#endif optopt = optchar; return (BADCH); } @@ -753,8 +1869,11 @@ start: return (BADARG); } else /* white space */ place = nargv[optind]; +#ifdef GNU_COMPATIBLE + dash_prefix = W_PREFIX; +#endif optchar = parse_long_options(nargv, options, long_options, - idx, 0); + idx, 0, flags); place = EMSG; return (optchar); } @@ -782,7 +1901,6 @@ start: return (optchar); } -#ifdef REPLACE_GETOPT /* * getopt -- * Parse argc/argv argument vector. @@ -803,7 +1921,6 @@ getopt(int nargc, char * const *nargv, const char *options) */ return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); } -#endif /* REPLACE_GETOPT */ /* * getopt_long -- @@ -811,7 +1928,7 @@ getopt(int nargc, char * const *nargv, const char *options) */ int getopt_long(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) + const struct option *long_options, int *idx) { return (getopt_internal(nargc, nargv, options, long_options, idx, @@ -824,13 +1941,17 @@ getopt_long(int nargc, char * const *nargv, const char *options, */ int getopt_long_only(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) + const struct option *long_options, int *idx) { return (getopt_internal(nargc, nargv, options, long_options, idx, FLAG_PERMUTE|FLAG_LONGONLY)); } + +#endif /* ARG_REPLACE_GETOPT == 1 */ /******************************************************************************* + * arg_date: Implements the date command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -860,38 +1981,32 @@ getopt_long_only(int nargc, char * const *nargv, const char *options, * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ +#include "argtable3.h" + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + #include #include -#include "argtable3.h" +char* arg_strptime(const char* buf, const char* fmt, struct tm* tm); - -char * arg_strptime(const char *buf, const char *fmt, struct tm *tm); - - -static void arg_date_resetfn(struct arg_date *parent) -{ +static void arg_date_resetfn(struct arg_date* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } - -static int arg_date_scanfn(struct arg_date *parent, const char *argval) -{ +static int arg_date_scanfn(struct arg_date* parent, const char* argval) { int errorcode = 0; - if (parent->count == parent->hdr.maxcount) - { - errorcode = EMAXCOUNT; - } - else if (!argval) - { + if (parent->count == parent->hdr.maxcount) { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* no argument value was given, leave parent->tmval[] unaltered but still count it */ parent->count++; - } - else - { - const char *pend; + } else { + const char* pend; struct tm tm = parent->tmval[parent->count]; /* parse the given argument value, store result in parent->tmval[] */ @@ -899,99 +2014,66 @@ static int arg_date_scanfn(struct arg_date *parent, const char *argval) if (pend && pend[0] == '\0') parent->tmval[parent->count++] = tm; else - errorcode = EBADDATE; + errorcode = ARG_ERR_BADDATE; } ARG_TRACE(("%s:scanfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } - -static int arg_date_checkfn(struct arg_date *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; +static int arg_date_checkfn(struct arg_date* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; ARG_TRACE(("%s:checkfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } - -static void arg_date_errorfn( - struct arg_date *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_date_errorfn(struct arg_date* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - case EBADDATE: - { - struct tm tm; - char buff[200]; + case ARG_ERR_BADDATE: { + struct tm tm; + char buff[200]; - fprintf(fp, "illegal timestamp format \"%s\"\n", argval); - memset(&tm, 0, sizeof(tm)); - arg_strptime("1999-12-31 23:59:59", "%F %H:%M:%S", &tm); - strftime(buff, sizeof(buff), parent->format, &tm); - printf("correct format is \"%s\"\n", buff); - break; - } + arg_dstr_catf(ds, "illegal timestamp format \"%s\"\n", argval); + memset(&tm, 0, sizeof(tm)); + arg_strptime("1999-12-31 23:59:59", "%F %H:%M:%S", &tm); + strftime(buff, sizeof(buff), parent->format, &tm); + arg_dstr_catf(ds, "correct format is \"%s\"\n", buff); + break; + } } } - -struct arg_date * arg_date0( - const char * shortopts, - const char * longopts, - const char * format, - const char *datatype, - const char *glossary) -{ +struct arg_date* arg_date0(const char* shortopts, const char* longopts, const char* format, const char* datatype, const char* glossary) { return arg_daten(shortopts, longopts, format, datatype, 0, 1, glossary); } - -struct arg_date * arg_date1( - const char * shortopts, - const char * longopts, - const char * format, - const char *datatype, - const char *glossary) -{ +struct arg_date* arg_date1(const char* shortopts, const char* longopts, const char* format, const char* datatype, const char* glossary) { return arg_daten(shortopts, longopts, format, datatype, 1, 1, glossary); } - -struct arg_date * arg_daten( - const char * shortopts, - const char * longopts, - const char * format, - const char *datatype, - int mincount, - int maxcount, - const char *glossary) -{ +struct arg_date* +arg_daten(const char* shortopts, const char* longopts, const char* format, const char* datatype, int mincount, int maxcount, const char* glossary) { size_t nbytes; - struct arg_date *result; + struct arg_date* result; /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; @@ -1001,40 +2083,37 @@ struct arg_date * arg_daten( format = "%x"; nbytes = sizeof(struct arg_date) /* storage for struct arg_date */ - + maxcount * sizeof(struct tm); /* storage for tmval[maxcount] array */ + + maxcount * sizeof(struct tm); /* storage for tmval[maxcount] array */ /* allocate storage for the arg_date struct + tmval[] array. */ /* we use calloc because we want the tmval[] array zero filled. */ - result = (struct arg_date *)calloc(1, nbytes); - if (result) - { - /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = datatype ? datatype : format; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_date_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_date_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_date_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_date_errorfn; + result = (struct arg_date*)xcalloc(1, nbytes); - /* store the tmval[maxcount] array immediately after the arg_date struct */ - result->tmval = (struct tm *)(result + 1); + /* init the arg_hdr struct */ + result->hdr.flag = ARG_HASVALUE; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.datatype = datatype ? datatype : format; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_date_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_date_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_date_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_date_errorfn; - /* init the remaining arg_date member variables */ - result->count = 0; - result->format = format; - } + /* store the tmval[maxcount] array immediately after the arg_date struct */ + result->tmval = (struct tm*)(result + 1); + + /* init the remaining arg_date member variables */ + result->count = 0; + result->format = format; ARG_TRACE(("arg_daten() returns %p\n", result)); return result; } - /*- * Copyright (c) 1997, 1998, 2005, 2008 The NetBSD Foundation, Inc. * All rights reserved. @@ -1072,41 +2151,31 @@ struct arg_date * arg_daten( * We do not implement alternate representations. However, we always * check whether a given modifier is allowed for a certain conversion. */ -#define ALT_E 0x01 -#define ALT_O 0x02 -#define LEGAL_ALT(x) { if (alt_format & ~(x)) return (0); } -#define TM_YEAR_BASE (1900) +#define ALT_E 0x01 +#define ALT_O 0x02 +#define LEGAL_ALT(x) \ + { \ + if (alt_format & ~(x)) \ + return (0); \ + } +#define TM_YEAR_BASE (1900) -static int conv_num(const char * *, int *, int, int); +static int conv_num(const char**, int*, int, int); -static const char *day[7] = { - "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", - "Friday", "Saturday" -}; +static const char* day[7] = {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"}; -static const char *abday[7] = { - "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" -}; +static const char* abday[7] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; -static const char *mon[12] = { - "January", "February", "March", "April", "May", "June", "July", - "August", "September", "October", "November", "December" -}; +static const char* mon[12] = {"January", "February", "March", "April", "May", "June", + "July", "August", "September", "October", "November", "December"}; -static const char *abmon[12] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -}; +static const char* abmon[12] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; -static const char *am_pm[2] = { - "AM", "PM" -}; +static const char* am_pm[2] = {"AM", "PM"}; - -static int arg_strcasecmp(const char *s1, const char *s2) -{ - const unsigned char *us1 = (const unsigned char *)s1; - const unsigned char *us2 = (const unsigned char *)s2; +static int arg_strcasecmp(const char* s1, const char* s2) { + const unsigned char* us1 = (const unsigned char*)s1; + const unsigned char* us2 = (const unsigned char*)s2; while (tolower(*us1) == tolower(*us2++)) if (*us1++ == '\0') return 0; @@ -1114,15 +2183,11 @@ static int arg_strcasecmp(const char *s1, const char *s2) return tolower(*us1) - tolower(*--us2); } - -static int arg_strncasecmp(const char *s1, const char *s2, size_t n) -{ - if (n != 0) - { - const unsigned char *us1 = (const unsigned char *)s1; - const unsigned char *us2 = (const unsigned char *)s2; - do - { +static int arg_strncasecmp(const char* s1, const char* s2, size_t n) { + if (n != 0) { + const unsigned char* us1 = (const unsigned char*)s1; + const unsigned char* us2 = (const unsigned char*)s2; + do { if (tolower(*us1) != tolower(*us2++)) return tolower(*us1) - tolower(*--us2); @@ -1134,11 +2199,9 @@ static int arg_strncasecmp(const char *s1, const char *s2, size_t n) return 0; } - -char * arg_strptime(const char *buf, const char *fmt, struct tm *tm) -{ +char* arg_strptime(const char* buf, const char* fmt, struct tm* tm) { char c; - const char *bp; + const char* bp; size_t len = 0; int alt_format, i, split_year = 0; @@ -1149,8 +2212,8 @@ char * arg_strptime(const char *buf, const char *fmt, struct tm *tm) alt_format = 0; /* Eat up white-space. */ - if (ISSPACE(c)) { - while (ISSPACE(*bp)) + if (isspace(c)) { + while (isspace(*bp)) bp++; fmt++; @@ -1160,289 +2223,282 @@ char * arg_strptime(const char *buf, const char *fmt, struct tm *tm) if ((c = *fmt++) != '%') goto literal; - -again: - switch (c = *fmt++) - { - case '%': /* "%%" is converted to "%". */ -literal: - if (c != *bp++) - return (0); - break; - - /* - * "Alternative" modifiers. Just set the appropriate flag - * and start over again. - */ - case 'E': /* "%E?" alternative conversion modifier. */ - LEGAL_ALT(0); - alt_format |= ALT_E; - goto again; - - case 'O': /* "%O?" alternative conversion modifier. */ - LEGAL_ALT(0); - alt_format |= ALT_O; - goto again; - - /* - * "Complex" conversion rules, implemented through recursion. - */ - case 'c': /* Date and time, using the locale's format. */ - LEGAL_ALT(ALT_E); - bp = arg_strptime(bp, "%x %X", tm); - if (!bp) - return (0); - break; - - case 'D': /* The date as "%m/%d/%y". */ - LEGAL_ALT(0); - bp = arg_strptime(bp, "%m/%d/%y", tm); - if (!bp) - return (0); - break; - - case 'R': /* The time as "%H:%M". */ - LEGAL_ALT(0); - bp = arg_strptime(bp, "%H:%M", tm); - if (!bp) - return (0); - break; - - case 'r': /* The time in 12-hour clock representation. */ - LEGAL_ALT(0); - bp = arg_strptime(bp, "%I:%M:%S %p", tm); - if (!bp) - return (0); - break; - - case 'T': /* The time as "%H:%M:%S". */ - LEGAL_ALT(0); - bp = arg_strptime(bp, "%H:%M:%S", tm); - if (!bp) - return (0); - break; - - case 'X': /* The time, using the locale's format. */ - LEGAL_ALT(ALT_E); - bp = arg_strptime(bp, "%H:%M:%S", tm); - if (!bp) - return (0); - break; - - case 'x': /* The date, using the locale's format. */ - LEGAL_ALT(ALT_E); - bp = arg_strptime(bp, "%m/%d/%y", tm); - if (!bp) - return (0); - break; - - /* - * "Elementary" conversion rules. - */ - case 'A': /* The day of week, using the locale's form. */ - case 'a': - LEGAL_ALT(0); - for (i = 0; i < 7; i++) { - /* Full name. */ - len = strlen(day[i]); - if (arg_strncasecmp(day[i], bp, len) == 0) - break; - - /* Abbreviated name. */ - len = strlen(abday[i]); - if (arg_strncasecmp(abday[i], bp, len) == 0) - break; - } - - /* Nothing matched. */ - if (i == 7) - return (0); - - tm->tm_wday = i; - bp += len; - break; - - case 'B': /* The month, using the locale's form. */ - case 'b': - case 'h': - LEGAL_ALT(0); - for (i = 0; i < 12; i++) { - /* Full name. */ - len = strlen(mon[i]); - if (arg_strncasecmp(mon[i], bp, len) == 0) - break; - - /* Abbreviated name. */ - len = strlen(abmon[i]); - if (arg_strncasecmp(abmon[i], bp, len) == 0) - break; - } - - /* Nothing matched. */ - if (i == 12) - return (0); - - tm->tm_mon = i; - bp += len; - break; - - case 'C': /* The century number. */ - LEGAL_ALT(ALT_E); - if (!(conv_num(&bp, &i, 0, 99))) - return (0); - - if (split_year) { - tm->tm_year = (tm->tm_year % 100) + (i * 100); - } else { - tm->tm_year = i * 100; - split_year = 1; - } - break; - - case 'd': /* The day of month. */ - case 'e': - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_mday, 1, 31))) - return (0); - break; - - case 'k': /* The hour (24-hour clock representation). */ - LEGAL_ALT(0); - /* FALLTHROUGH */ - case 'H': - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_hour, 0, 23))) - return (0); - break; - - case 'l': /* The hour (12-hour clock representation). */ - LEGAL_ALT(0); - /* FALLTHROUGH */ - case 'I': - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_hour, 1, 12))) - return (0); - if (tm->tm_hour == 12) - tm->tm_hour = 0; - break; - - case 'j': /* The day of year. */ - LEGAL_ALT(0); - if (!(conv_num(&bp, &i, 1, 366))) - return (0); - tm->tm_yday = i - 1; - break; - - case 'M': /* The minute. */ - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_min, 0, 59))) - return (0); - break; - - case 'm': /* The month. */ - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &i, 1, 12))) - return (0); - tm->tm_mon = i - 1; - break; - - case 'p': /* The locale's equivalent of AM/PM. */ - LEGAL_ALT(0); - /* AM? */ - if (arg_strcasecmp(am_pm[0], bp) == 0) { - if (tm->tm_hour > 11) + again: + switch (c = *fmt++) { + case '%': /* "%%" is converted to "%". */ + literal: + if (c != *bp++) return (0); - - bp += strlen(am_pm[0]); break; - } - /* PM? */ - else if (arg_strcasecmp(am_pm[1], bp) == 0) { - if (tm->tm_hour > 11) - return (0); - tm->tm_hour += 12; - bp += strlen(am_pm[1]); - break; - } - - /* Nothing matched. */ - return (0); - - case 'S': /* The seconds. */ - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_sec, 0, 61))) - return (0); - break; - - case 'U': /* The week of year, beginning on sunday. */ - case 'W': /* The week of year, beginning on monday. */ - LEGAL_ALT(ALT_O); /* - * XXX This is bogus, as we can not assume any valid - * information present in the tm structure at this - * point to calculate a real value, so just check the - * range for now. + * "Alternative" modifiers. Just set the appropriate flag + * and start over again. */ - if (!(conv_num(&bp, &i, 0, 53))) - return (0); - break; + case 'E': /* "%E?" alternative conversion modifier. */ + LEGAL_ALT(0); + alt_format |= ALT_E; + goto again; - case 'w': /* The day of week, beginning on sunday. */ - LEGAL_ALT(ALT_O); - if (!(conv_num(&bp, &tm->tm_wday, 0, 6))) - return (0); - break; + case 'O': /* "%O?" alternative conversion modifier. */ + LEGAL_ALT(0); + alt_format |= ALT_O; + goto again; - case 'Y': /* The year. */ - LEGAL_ALT(ALT_E); - if (!(conv_num(&bp, &i, 0, 9999))) - return (0); - - tm->tm_year = i - TM_YEAR_BASE; - break; - - case 'y': /* The year within 100 years of the epoch. */ - LEGAL_ALT(ALT_E | ALT_O); - if (!(conv_num(&bp, &i, 0, 99))) - return (0); - - if (split_year) { - tm->tm_year = ((tm->tm_year / 100) * 100) + i; + /* + * "Complex" conversion rules, implemented through recursion. + */ + case 'c': /* Date and time, using the locale's format. */ + LEGAL_ALT(ALT_E); + bp = arg_strptime(bp, "%x %X", tm); + if (!bp) + return (0); break; - } - split_year = 1; - if (i <= 68) - tm->tm_year = i + 2000 - TM_YEAR_BASE; - else - tm->tm_year = i + 1900 - TM_YEAR_BASE; - break; - /* - * Miscellaneous conversions. - */ - case 'n': /* Any kind of white-space. */ - case 't': - LEGAL_ALT(0); - while (ISSPACE(*bp)) - bp++; - break; + case 'D': /* The date as "%m/%d/%y". */ + LEGAL_ALT(0); + bp = arg_strptime(bp, "%m/%d/%y", tm); + if (!bp) + return (0); + break; + case 'R': /* The time as "%H:%M". */ + LEGAL_ALT(0); + bp = arg_strptime(bp, "%H:%M", tm); + if (!bp) + return (0); + break; - default: /* Unknown/unsupported conversion. */ - return (0); + case 'r': /* The time in 12-hour clock representation. */ + LEGAL_ALT(0); + bp = arg_strptime(bp, "%I:%M:%S %p", tm); + if (!bp) + return (0); + break; + + case 'T': /* The time as "%H:%M:%S". */ + LEGAL_ALT(0); + bp = arg_strptime(bp, "%H:%M:%S", tm); + if (!bp) + return (0); + break; + + case 'X': /* The time, using the locale's format. */ + LEGAL_ALT(ALT_E); + bp = arg_strptime(bp, "%H:%M:%S", tm); + if (!bp) + return (0); + break; + + case 'x': /* The date, using the locale's format. */ + LEGAL_ALT(ALT_E); + bp = arg_strptime(bp, "%m/%d/%y", tm); + if (!bp) + return (0); + break; + + /* + * "Elementary" conversion rules. + */ + case 'A': /* The day of week, using the locale's form. */ + case 'a': + LEGAL_ALT(0); + for (i = 0; i < 7; i++) { + /* Full name. */ + len = strlen(day[i]); + if (arg_strncasecmp(day[i], bp, len) == 0) + break; + + /* Abbreviated name. */ + len = strlen(abday[i]); + if (arg_strncasecmp(abday[i], bp, len) == 0) + break; + } + + /* Nothing matched. */ + if (i == 7) + return (0); + + tm->tm_wday = i; + bp += len; + break; + + case 'B': /* The month, using the locale's form. */ + case 'b': + case 'h': + LEGAL_ALT(0); + for (i = 0; i < 12; i++) { + /* Full name. */ + len = strlen(mon[i]); + if (arg_strncasecmp(mon[i], bp, len) == 0) + break; + + /* Abbreviated name. */ + len = strlen(abmon[i]); + if (arg_strncasecmp(abmon[i], bp, len) == 0) + break; + } + + /* Nothing matched. */ + if (i == 12) + return (0); + + tm->tm_mon = i; + bp += len; + break; + + case 'C': /* The century number. */ + LEGAL_ALT(ALT_E); + if (!(conv_num(&bp, &i, 0, 99))) + return (0); + + if (split_year) { + tm->tm_year = (tm->tm_year % 100) + (i * 100); + } else { + tm->tm_year = i * 100; + split_year = 1; + } + break; + + case 'd': /* The day of month. */ + case 'e': + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_mday, 1, 31))) + return (0); + break; + + case 'k': /* The hour (24-hour clock representation). */ + LEGAL_ALT(0); + /* FALLTHROUGH */ + case 'H': + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_hour, 0, 23))) + return (0); + break; + + case 'l': /* The hour (12-hour clock representation). */ + LEGAL_ALT(0); + /* FALLTHROUGH */ + case 'I': + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_hour, 1, 12))) + return (0); + if (tm->tm_hour == 12) + tm->tm_hour = 0; + break; + + case 'j': /* The day of year. */ + LEGAL_ALT(0); + if (!(conv_num(&bp, &i, 1, 366))) + return (0); + tm->tm_yday = i - 1; + break; + + case 'M': /* The minute. */ + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_min, 0, 59))) + return (0); + break; + + case 'm': /* The month. */ + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &i, 1, 12))) + return (0); + tm->tm_mon = i - 1; + break; + + case 'p': /* The locale's equivalent of AM/PM. */ + LEGAL_ALT(0); + /* AM? */ + if (arg_strcasecmp(am_pm[0], bp) == 0) { + if (tm->tm_hour > 11) + return (0); + + bp += strlen(am_pm[0]); + break; + } + /* PM? */ + else if (arg_strcasecmp(am_pm[1], bp) == 0) { + if (tm->tm_hour > 11) + return (0); + + tm->tm_hour += 12; + bp += strlen(am_pm[1]); + break; + } + + /* Nothing matched. */ + return (0); + + case 'S': /* The seconds. */ + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_sec, 0, 61))) + return (0); + break; + + case 'U': /* The week of year, beginning on sunday. */ + case 'W': /* The week of year, beginning on monday. */ + LEGAL_ALT(ALT_O); + /* + * XXX This is bogus, as we can not assume any valid + * information present in the tm structure at this + * point to calculate a real value, so just check the + * range for now. + */ + if (!(conv_num(&bp, &i, 0, 53))) + return (0); + break; + + case 'w': /* The day of week, beginning on sunday. */ + LEGAL_ALT(ALT_O); + if (!(conv_num(&bp, &tm->tm_wday, 0, 6))) + return (0); + break; + + case 'Y': /* The year. */ + LEGAL_ALT(ALT_E); + if (!(conv_num(&bp, &i, 0, 9999))) + return (0); + + tm->tm_year = i - TM_YEAR_BASE; + break; + + case 'y': /* The year within 100 years of the epoch. */ + LEGAL_ALT(ALT_E | ALT_O); + if (!(conv_num(&bp, &i, 0, 99))) + return (0); + + if (split_year) { + tm->tm_year = ((tm->tm_year / 100) * 100) + i; + break; + } + split_year = 1; + if (i <= 68) + tm->tm_year = i + 2000 - TM_YEAR_BASE; + else + tm->tm_year = i + 1900 - TM_YEAR_BASE; + break; + + /* + * Miscellaneous conversions. + */ + case 'n': /* Any kind of white-space. */ + case 't': + LEGAL_ALT(0); + while (isspace(*bp)) + bp++; + break; + + default: /* Unknown/unsupported conversion. */ + return (0); } - - } /* LINTED functional specification */ - return ((char *)bp); + return ((char*)bp); } - -static int conv_num(const char * *buf, int *dest, int llim, int ulim) -{ +static int conv_num(const char** buf, int* dest, int llim, int ulim) { int result = 0; /* The limit also determines the number of valid digits. */ @@ -1464,6 +2520,8 @@ static int conv_num(const char * *buf, int *dest, int llim, int ulim) return (1); } /******************************************************************************* + * arg_dbl: Implements the double command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -1493,38 +2551,33 @@ static int conv_num(const char * *buf, int *dest, int llim, int ulim) * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include - #include "argtable3.h" +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif -static void arg_dbl_resetfn(struct arg_dbl *parent) -{ +#include + +static void arg_dbl_resetfn(struct arg_dbl* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } - -static int arg_dbl_scanfn(struct arg_dbl *parent, const char *argval) -{ +static int arg_dbl_scanfn(struct arg_dbl* parent, const char* argval) { int errorcode = 0; - if (parent->count == parent->hdr.maxcount) - { + if (parent->count == parent->hdr.maxcount) { /* maximum number of arguments exceeded */ - errorcode = EMAXCOUNT; - } - else if (!argval) - { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ /* leave parent argument value unaltered but still count the argument. */ parent->count++; - } - else - { + } else { double val; - char *end; + char* end; /* extract double from argval into val */ val = strtod(argval, &end); @@ -1533,132 +2586,101 @@ static int arg_dbl_scanfn(struct arg_dbl *parent, const char *argval) if (*end == 0) parent->dval[parent->count++] = val; else - errorcode = EBADDOUBLE; + errorcode = ARG_ERR_BADDOUBLE; } ARG_TRACE(("%s:scanfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } +static int arg_dbl_checkfn(struct arg_dbl* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; -static int arg_dbl_checkfn(struct arg_dbl *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; - ARG_TRACE(("%s:checkfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } - -static void arg_dbl_errorfn( - struct arg_dbl *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_dbl_errorfn(struct arg_dbl* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - case EBADDOUBLE: - fprintf(fp, "invalid argument \"%s\" to option ", argval); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + case ARG_ERR_BADDOUBLE: + arg_dstr_catf(ds, "invalid argument \"%s\" to option ", argval); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; } } - -struct arg_dbl * arg_dbl0( - const char * shortopts, - const char * longopts, - const char *datatype, - const char *glossary) -{ +struct arg_dbl* arg_dbl0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_dbln(shortopts, longopts, datatype, 0, 1, glossary); } - -struct arg_dbl * arg_dbl1( - const char * shortopts, - const char * longopts, - const char *datatype, - const char *glossary) -{ +struct arg_dbl* arg_dbl1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_dbln(shortopts, longopts, datatype, 1, 1, glossary); } - -struct arg_dbl * arg_dbln( - const char * shortopts, - const char * longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary) -{ +struct arg_dbl* arg_dbln(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary) { size_t nbytes; - struct arg_dbl *result; + struct arg_dbl* result; + size_t addr; + size_t rem; /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; - nbytes = sizeof(struct arg_dbl) /* storage for struct arg_dbl */ + nbytes = sizeof(struct arg_dbl) /* storage for struct arg_dbl */ + (maxcount + 1) * sizeof(double); /* storage for dval[maxcount] array plus one extra for padding to memory boundary */ - result = (struct arg_dbl *)malloc(nbytes); - if (result) - { - size_t addr; - size_t rem; + result = (struct arg_dbl*)xmalloc(nbytes); - /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = datatype ? datatype : ""; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_dbl_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_dbl_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_dbl_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_dbl_errorfn; + /* init the arg_hdr struct */ + result->hdr.flag = ARG_HASVALUE; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.datatype = datatype ? datatype : ""; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_dbl_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_dbl_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_dbl_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_dbl_errorfn; - /* Store the dval[maxcount] array on the first double boundary that - * immediately follows the arg_dbl struct. We do the memory alignment - * purely for SPARC and Motorola systems. They require floats and - * doubles to be aligned on natural boundaries. - */ - addr = (size_t)(result + 1); - rem = addr % sizeof(double); - result->dval = (double *)(addr + sizeof(double) - rem); - ARG_TRACE(("addr=%p, dval=%p, sizeof(double)=%d rem=%d\n", addr, result->dval, (int)sizeof(double), (int)rem)); + /* Store the dval[maxcount] array on the first double boundary that + * immediately follows the arg_dbl struct. We do the memory alignment + * purely for SPARC and Motorola systems. They require floats and + * doubles to be aligned on natural boundaries. + */ + addr = (size_t)(result + 1); + rem = addr % sizeof(double); + result->dval = (double*)(addr + sizeof(double) - rem); + ARG_TRACE(("addr=%p, dval=%p, sizeof(double)=%d rem=%d\n", addr, result->dval, (int)sizeof(double), (int)rem)); + + result->count = 0; - result->count = 0; - } - ARG_TRACE(("arg_dbln() returns %p\n", result)); return result; } /******************************************************************************* + * arg_end: Implements the error handling utilities + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -1688,115 +2710,107 @@ struct arg_dbl * arg_dbln( * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include - #include "argtable3.h" +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif -static void arg_end_resetfn(struct arg_end *parent) -{ +#include + +static void arg_end_resetfn(struct arg_end* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } -static void arg_end_errorfn( - void *parent, - FILE *fp, - int error, - const char *argval, - const char *progname) -{ +static void arg_end_errorfn(void* parent, arg_dstr_t ds, int error, const char* argval, const char* progname) { /* suppress unreferenced formal parameter warning */ (void)parent; progname = progname ? progname : ""; argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(error) - { - case ARG_ELIMIT: - fputs("too many errors to display", fp); - break; - case ARG_EMALLOC: - fputs("insufficent memory", fp); - break; - case ARG_ENOMATCH: - fprintf(fp, "unexpected argument \"%s\"", argval); - break; - case ARG_EMISSARG: - fprintf(fp, "option \"%s\" requires an argument", argval); - break; - case ARG_ELONGOPT: - fprintf(fp, "invalid option \"%s\"", argval); - break; - default: - fprintf(fp, "invalid option \"-%c\"", error); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (error) { + case ARG_ELIMIT: + arg_dstr_cat(ds, "too many errors to display"); + break; + case ARG_EMALLOC: + arg_dstr_cat(ds, "insufficient memory"); + break; + case ARG_ENOMATCH: + arg_dstr_catf(ds, "unexpected argument \"%s\"", argval); + break; + case ARG_EMISSARG: + arg_dstr_catf(ds, "option \"%s\" requires an argument", argval); + break; + case ARG_ELONGOPT: + arg_dstr_catf(ds, "invalid option \"%s\"", argval); + break; + default: + arg_dstr_catf(ds, "invalid option \"-%c\"", error); + break; } - - fputc('\n', fp); + + arg_dstr_cat(ds, "\n"); } - -struct arg_end * arg_end(int maxcount) -{ +struct arg_end* arg_end(int maxcount) { size_t nbytes; - struct arg_end *result; + struct arg_end* result; - nbytes = sizeof(struct arg_end) - + maxcount * sizeof(int) /* storage for int error[maxcount] array*/ - + maxcount * sizeof(void *) /* storage for void* parent[maxcount] array */ - + maxcount * sizeof(char *); /* storage for char* argval[maxcount] array */ + nbytes = sizeof(struct arg_end) + maxcount * sizeof(int) /* storage for int error[maxcount] array*/ + + maxcount * sizeof(void*) /* storage for void* parent[maxcount] array */ + + maxcount * sizeof(char*); /* storage for char* argval[maxcount] array */ - result = (struct arg_end *)malloc(nbytes); - if (result) - { - /* init the arg_hdr struct */ - result->hdr.flag = ARG_TERMINATOR; - result->hdr.shortopts = NULL; - result->hdr.longopts = NULL; - result->hdr.datatype = NULL; - result->hdr.glossary = NULL; - result->hdr.mincount = 1; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_end_resetfn; - result->hdr.scanfn = NULL; - result->hdr.checkfn = NULL; - result->hdr.errorfn = (arg_errorfn *)arg_end_errorfn; + result = (struct arg_end*)xmalloc(nbytes); - /* store error[maxcount] array immediately after struct arg_end */ - result->error = (int *)(result + 1); + /* init the arg_hdr struct */ + result->hdr.flag = ARG_TERMINATOR; + result->hdr.shortopts = NULL; + result->hdr.longopts = NULL; + result->hdr.datatype = NULL; + result->hdr.glossary = NULL; + result->hdr.mincount = 1; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_end_resetfn; + result->hdr.scanfn = NULL; + result->hdr.checkfn = NULL; + result->hdr.errorfn = (arg_errorfn*)arg_end_errorfn; - /* store parent[maxcount] array immediately after error[] array */ - result->parent = (void * *)(result->error + maxcount ); + /* store error[maxcount] array immediately after struct arg_end */ + result->error = (int*)(result + 1); - /* store argval[maxcount] array immediately after parent[] array */ - result->argval = (const char * *)(result->parent + maxcount ); - } + /* store parent[maxcount] array immediately after error[] array */ + result->parent = (void**)(result->error + maxcount); + + /* store argval[maxcount] array immediately after parent[] array */ + result->argval = (const char**)(result->parent + maxcount); ARG_TRACE(("arg_end(%d) returns %p\n", maxcount, result)); return result; } - -void arg_print_errors(FILE * fp, struct arg_end * end, const char * progname) -{ +void arg_print_errors_ds(arg_dstr_t ds, struct arg_end* end, const char* progname) { int i; ARG_TRACE(("arg_errors()\n")); - for (i = 0; i < end->count; i++) - { - struct arg_hdr *errorparent = (struct arg_hdr *)(end->parent[i]); + for (i = 0; i < end->count; i++) { + struct arg_hdr* errorparent = (struct arg_hdr*)(end->parent[i]); if (errorparent->errorfn) - errorparent->errorfn(end->parent[i], - fp, - end->error[i], - end->argval[i], - progname); + errorparent->errorfn(end->parent[i], ds, end->error[i], end->argval[i], progname); } } + +void arg_print_errors(FILE* fp, struct arg_end* end, const char* progname) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_errors_ds(ds, end, progname); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} /******************************************************************************* + * arg_file: Implements the file command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -1826,30 +2840,30 @@ void arg_print_errors(FILE * fp, struct arg_end * end, const char * progname) * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include -#include - #include "argtable3.h" -#ifdef WIN32 -# define FILESEPARATOR1 '\\' -# define FILESEPARATOR2 '/' -#else -# define FILESEPARATOR1 '/' -# define FILESEPARATOR2 '/' +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" #endif +#include +#include -static void arg_file_resetfn(struct arg_file *parent) -{ +#ifdef WIN32 +#define FILESEPARATOR1 '\\' +#define FILESEPARATOR2 '/' +#else +#define FILESEPARATOR1 '/' +#define FILESEPARATOR2 '/' +#endif + +static void arg_file_resetfn(struct arg_file* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } - /* Returns ptr to the base filename within *filename */ -static const char * arg_basename(const char *filename) -{ +static const char* arg_basename(const char* filename) { const char *result = NULL, *result1, *result2; /* Find the last occurrence of eother file separator character. */ @@ -1859,27 +2873,25 @@ static const char * arg_basename(const char *filename) result2 = (filename ? strrchr(filename, FILESEPARATOR2) : NULL); if (result2) - result = result2 + 1; /* using FILESEPARATOR2 (the alternative file separator) */ + result = result2 + 1; /* using FILESEPARATOR2 (the alternative file separator) */ if (result1) - result = result1 + 1; /* using FILESEPARATOR1 (the preferred file separator) */ + result = result1 + 1; /* using FILESEPARATOR1 (the preferred file separator) */ if (!result) - result = filename; /* neither file separator was found so basename is the whole filename */ + result = filename; /* neither file separator was found so basename is the whole filename */ /* special cases of "." and ".." are not considered basenames */ - if (result && ( strcmp(".", result) == 0 || strcmp("..", result) == 0 )) + if (result && (strcmp(".", result) == 0 || strcmp("..", result) == 0)) result = filename + strlen(filename); return result; } - /* Returns ptr to the file extension within *basename */ -static const char * arg_extension(const char *basename) -{ +static const char* arg_extension(const char* basename) { /* find the last occurrence of '.' in basename */ - const char *result = (basename ? strrchr(basename, '.') : NULL); + const char* result = (basename ? strrchr(basename, '.') : NULL); /* if no '.' was found then return pointer to end of basename */ if (basename && !result) @@ -1890,35 +2902,28 @@ static const char * arg_extension(const char *basename) result = basename + strlen(basename); /* special case: empty extensions (eg "foo.","foo..") are not considered as true extensions */ - if (basename && result && result[1] == '\0') + if (basename && result && strlen(result) == 1) result = basename + strlen(basename); return result; } - -static int arg_file_scanfn(struct arg_file *parent, const char *argval) -{ +static int arg_file_scanfn(struct arg_file* parent, const char* argval) { int errorcode = 0; - if (parent->count == parent->hdr.maxcount) - { + if (parent->count == parent->hdr.maxcount) { /* maximum number of arguments exceeded */ - errorcode = EMAXCOUNT; - } - else if (!argval) - { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ /* leave parent arguiment value unaltered but still count the argument. */ parent->count++; - } - else - { - parent->filename[parent->count] = argval; - parent->basename[parent->count] = arg_basename(argval); + } else { + parent->filename[parent->count] = argval; + parent->basename[parent->count] = arg_basename(argval); parent->extension[parent->count] = - arg_extension(parent->basename[parent->count]); /* only seek extensions within the basename (not the file path)*/ + arg_extension(parent->basename[parent->count]); /* only seek extensions within the basename (not the file path)*/ parent->count++; } @@ -1926,126 +2931,94 @@ static int arg_file_scanfn(struct arg_file *parent, const char *argval) return errorcode; } +static int arg_file_checkfn(struct arg_file* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; -static int arg_file_checkfn(struct arg_file *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; - ARG_TRACE(("%s:checkfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } - -static void arg_file_errorfn( - struct arg_file *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_file_errorfn(struct arg_file* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - default: - fprintf(fp, "unknown error at \"%s\"\n", argval); + default: + arg_dstr_catf(ds, "unknown error at \"%s\"\n", argval); } } - -struct arg_file * arg_file0( - const char * shortopts, - const char * longopts, - const char *datatype, - const char *glossary) -{ +struct arg_file* arg_file0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_filen(shortopts, longopts, datatype, 0, 1, glossary); } - -struct arg_file * arg_file1( - const char * shortopts, - const char * longopts, - const char *datatype, - const char *glossary) -{ +struct arg_file* arg_file1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_filen(shortopts, longopts, datatype, 1, 1, glossary); } - -struct arg_file * arg_filen( - const char * shortopts, - const char * longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary) -{ +struct arg_file* arg_filen(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary) { size_t nbytes; - struct arg_file *result; + struct arg_file* result; + int i; /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; - nbytes = sizeof(struct arg_file) /* storage for struct arg_file */ - + sizeof(char *) * maxcount /* storage for filename[maxcount] array */ - + sizeof(char *) * maxcount /* storage for basename[maxcount] array */ - + sizeof(char *) * maxcount; /* storage for extension[maxcount] array */ + nbytes = sizeof(struct arg_file) /* storage for struct arg_file */ + + sizeof(char*) * maxcount /* storage for filename[maxcount] array */ + + sizeof(char*) * maxcount /* storage for basename[maxcount] array */ + + sizeof(char*) * maxcount; /* storage for extension[maxcount] array */ - result = (struct arg_file *)malloc(nbytes); - if (result) - { - int i; + result = (struct arg_file*)xmalloc(nbytes); - /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.glossary = glossary; - result->hdr.datatype = datatype ? datatype : ""; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_file_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_file_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_file_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_file_errorfn; + /* init the arg_hdr struct */ + result->hdr.flag = ARG_HASVALUE; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.glossary = glossary; + result->hdr.datatype = datatype ? datatype : ""; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_file_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_file_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_file_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_file_errorfn; - /* store the filename,basename,extension arrays immediately after the arg_file struct */ - result->filename = (const char * *)(result + 1); - result->basename = result->filename + maxcount; - result->extension = result->basename + maxcount; - result->count = 0; + /* store the filename,basename,extension arrays immediately after the arg_file struct */ + result->filename = (const char**)(result + 1); + result->basename = result->filename + maxcount; + result->extension = result->basename + maxcount; + result->count = 0; - /* foolproof the string pointers by initialising them with empty strings */ - for (i = 0; i < maxcount; i++) - { - result->filename[i] = ""; - result->basename[i] = ""; - result->extension[i] = ""; - } + /* foolproof the string pointers by initialising them with empty strings */ + for (i = 0; i < maxcount; i++) { + result->filename[i] = ""; + result->basename[i] = ""; + result->extension[i] = ""; } - + ARG_TRACE(("arg_filen() returns %p\n", result)); return result; } /******************************************************************************* + * arg_int: Implements the int command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -2075,20 +3048,21 @@ struct arg_file * arg_filen( * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include -#include -#include - #include "argtable3.h" +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif -static void arg_int_resetfn(struct arg_int *parent) -{ +#include +#include +#include + +static void arg_int_resetfn(struct arg_int* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } - /* strtol0x() is like strtol() except that the numeric string is */ /* expected to be prefixed by "0X" where X is a user supplied char. */ /* The string may optionally be prefixed by white space and + or - */ @@ -2099,47 +3073,40 @@ static void arg_int_resetfn(struct arg_int *parent) /* eg: to parse oct str="+0o12324", specify X='O' and base=8. */ /* eg: to parse bin str="-0B01010", specify X='B' and base=2. */ /* Failure of conversion is indicated by result where *endptr==str. */ -static long int strtol0X(const char * str, - const char * *endptr, - char X, - int base) -{ - long int val; /* stores result */ - int s = 1; /* sign is +1 or -1 */ - const char *ptr = str; /* ptr to current position in str */ +static long int strtol0X(const char* str, const char** endptr, char X, int base) { + long int val; /* stores result */ + int s = 1; /* sign is +1 or -1 */ + const char* ptr = str; /* ptr to current position in str */ /* skip leading whitespace */ - while (ISSPACE(*ptr)) + while (isspace(*ptr)) ptr++; /* printf("1) %s\n",ptr); */ /* scan optional sign character */ - switch (*ptr) - { - case '+': - ptr++; - s = 1; - break; - case '-': - ptr++; - s = -1; - break; - default: - s = 1; - break; + switch (*ptr) { + case '+': + ptr++; + s = 1; + break; + case '-': + ptr++; + s = -1; + break; + default: + s = 1; + break; } /* printf("2) %s\n",ptr); */ /* '0X' prefix */ - if ((*ptr++) != '0') - { + if ((*ptr++) != '0') { /* printf("failed to detect '0'\n"); */ *endptr = str; return 0; } /* printf("3) %s\n",ptr); */ - if (toupper(*ptr++) != toupper(X)) - { + if (toupper(*ptr++) != toupper(X)) { /* printf("failed to detect '%c'\n",X); */ *endptr = str; return 0; @@ -2147,9 +3114,8 @@ static long int strtol0X(const char * str, /* printf("4) %s\n",ptr); */ /* attempt conversion on remainder of string using strtol() */ - val = strtol(ptr, (char * *)endptr, base); - if (*endptr == ptr) - { + val = strtol(ptr, (char**)endptr, base); + if (*endptr == ptr) { /* conversion failed */ *endptr = str; return 0; @@ -2159,14 +3125,11 @@ static long int strtol0X(const char * str, return s * val; } - /* Returns 1 if str matches suffix (case insensitive). */ /* Str may contain trailing whitespace, but nothing else. */ -static int detectsuffix(const char *str, const char *suffix) -{ +static int detectsuffix(const char* str, const char* suffix) { /* scan pairwise through strings until mismatch detected */ - while( toupper(*str) == toupper(*suffix) ) - { + while (toupper(*str) == toupper(*suffix)) { /* printf("'%c' '%c'\n", *str, *suffix); */ /* return 1 (success) if match persists until the string terminator */ @@ -2181,56 +3144,45 @@ static int detectsuffix(const char *str, const char *suffix) /* return 0 (fail) if the matching did not consume the entire suffix */ if (*suffix != 0) - return 0; /* failed to consume entire suffix */ + return 0; /* failed to consume entire suffix */ /* skip any remaining whitespace in str */ - while (ISSPACE(*str)) + while (isspace(*str)) str++; /* return 1 (success) if we have reached end of str else return 0 (fail) */ return (*str == '\0') ? 1 : 0; } - -static int arg_int_scanfn(struct arg_int *parent, const char *argval) -{ +static int arg_int_scanfn(struct arg_int* parent, const char* argval) { int errorcode = 0; - if (parent->count == parent->hdr.maxcount) - { + if (parent->count == parent->hdr.maxcount) { /* maximum number of arguments exceeded */ - errorcode = EMAXCOUNT; - } - else if (!argval) - { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ /* leave parent arguiment value unaltered but still count the argument. */ parent->count++; - } - else - { + } else { long int val; - const char *end; + const char* end; /* attempt to extract hex integer (eg: +0x123) from argval into val conversion */ val = strtol0X(argval, &end, 'X', 16); - if (end == argval) - { + if (end == argval) { /* hex failed, attempt octal conversion (eg +0o123) */ val = strtol0X(argval, &end, 'O', 8); - if (end == argval) - { + if (end == argval) { /* octal failed, attempt binary conversion (eg +0B101) */ val = strtol0X(argval, &end, 'B', 2); - if (end == argval) - { + if (end == argval) { /* binary failed, attempt decimal conversion with no prefix (eg 1234) */ - val = strtol(argval, (char * *)&end, 10); - if (end == argval) - { + val = strtol(argval, (char**)&end, 10); + if (end == argval) { /* all supported number formats failed */ - return EBADINT; + return ARG_ERR_BADINT; } } } @@ -2238,144 +3190,91 @@ static int arg_int_scanfn(struct arg_int *parent, const char *argval) /* Safety check for integer overflow. WARNING: this check */ /* achieves nothing on machines where size(int)==size(long). */ - if ( val > INT_MAX || val < INT_MIN ) -#ifdef __STDC_WANT_SECURE_LIB__ - errorcode = EOVERFLOW_; -#else - errorcode = EOVERFLOW; -#endif + if (val > INT_MAX || val < INT_MIN) + errorcode = ARG_ERR_OVERFLOW; /* Detect any suffixes (KB,MB,GB) and multiply argument value appropriately. */ /* We need to be mindful of integer overflows when using such big numbers. */ - if (detectsuffix(end, "KB")) /* kilobytes */ + if (detectsuffix(end, "KB")) /* kilobytes */ { - if ( val > (INT_MAX / 1024) || val < (INT_MIN / 1024) ) -#ifdef __STDC_WANT_SECURE_LIB__ - errorcode = EOVERFLOW_; /* Overflow would occur if we proceed */ -#else - errorcode = EOVERFLOW; /* Overflow would occur if we proceed */ -#endif + if (val > (INT_MAX / 1024) || val < (INT_MIN / 1024)) + errorcode = ARG_ERR_OVERFLOW; /* Overflow would occur if we proceed */ else - val *= 1024; /* 1KB = 1024 */ - } - else if (detectsuffix(end, "MB")) /* megabytes */ + val *= 1024; /* 1KB = 1024 */ + } else if (detectsuffix(end, "MB")) /* megabytes */ { - if ( val > (INT_MAX / 1048576) || val < (INT_MIN / 1048576) ) -#ifdef __STDC_WANT_SECURE_LIB__ - errorcode = EOVERFLOW_; /* Overflow would occur if we proceed */ -#else - errorcode = EOVERFLOW; /* Overflow would occur if we proceed */ -#endif + if (val > (INT_MAX / 1048576) || val < (INT_MIN / 1048576)) + errorcode = ARG_ERR_OVERFLOW; /* Overflow would occur if we proceed */ else - val *= 1048576; /* 1MB = 1024*1024 */ - } - else if (detectsuffix(end, "GB")) /* gigabytes */ + val *= 1048576; /* 1MB = 1024*1024 */ + } else if (detectsuffix(end, "GB")) /* gigabytes */ { - if ( val > (INT_MAX / 1073741824) || val < (INT_MIN / 1073741824) ) -#ifdef __STDC_WANT_SECURE_LIB__ - errorcode = EOVERFLOW_; /* Overflow would occur if we proceed */ -#else - errorcode = EOVERFLOW; /* Overflow would occur if we proceed */ -#endif + if (val > (INT_MAX / 1073741824) || val < (INT_MIN / 1073741824)) + errorcode = ARG_ERR_OVERFLOW; /* Overflow would occur if we proceed */ else - val *= 1073741824; /* 1GB = 1024*1024*1024 */ - } - else if (!detectsuffix(end, "")) - errorcode = EBADINT; /* invalid suffix detected */ + val *= 1073741824; /* 1GB = 1024*1024*1024 */ + } else if (!detectsuffix(end, "")) + errorcode = ARG_ERR_BADINT; /* invalid suffix detected */ /* if success then store result in parent->ival[] array */ if (errorcode == 0) - parent->ival[parent->count++] = val; + parent->ival[parent->count++] = (int)val; } /* printf("%s:scanfn(%p,%p) returns %d\n",__FILE__,parent,argval,errorcode); */ return errorcode; } - -static int arg_int_checkfn(struct arg_int *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; +static int arg_int_checkfn(struct arg_int* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; /*printf("%s:checkfn(%p) returns %d\n",__FILE__,parent,errorcode);*/ return errorcode; } - -static void arg_int_errorfn( - struct arg_int *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_int_errorfn(struct arg_int* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - case EBADINT: - fprintf(fp, "invalid argument \"%s\" to option ", argval); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + case ARG_ERR_BADINT: + arg_dstr_catf(ds, "invalid argument \"%s\" to option ", argval); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; -#ifdef __STDC_WANT_SECURE_LIB__ - case EOVERFLOW_: -#else - case EOVERFLOW: -#endif - fputs("integer overflow at option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, " "); - fprintf(fp, "(%s is too large)\n", argval); - break; + case ARG_ERR_OVERFLOW: + arg_dstr_cat(ds, "integer overflow at option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, " "); + arg_dstr_catf(ds, "(%s is too large)\n", argval); + break; } } - -struct arg_int * arg_int0( - const char *shortopts, - const char *longopts, - const char *datatype, - const char *glossary) -{ +struct arg_int* arg_int0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_intn(shortopts, longopts, datatype, 0, 1, glossary); } - -struct arg_int * arg_int1( - const char *shortopts, - const char *longopts, - const char *datatype, - const char *glossary) -{ +struct arg_int* arg_int1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_intn(shortopts, longopts, datatype, 1, 1, glossary); } - -struct arg_int * arg_intn( - const char *shortopts, - const char *longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary) -{ +struct arg_int* arg_intn(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary) { size_t nbytes; - struct arg_int *result; + struct arg_int* result; /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; @@ -2383,32 +3282,32 @@ struct arg_int * arg_intn( nbytes = sizeof(struct arg_int) /* storage for struct arg_int */ + maxcount * sizeof(int); /* storage for ival[maxcount] array */ - result = (struct arg_int *)malloc(nbytes); - if (result) - { - /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = datatype ? datatype : ""; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_int_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_int_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_int_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_int_errorfn; + result = (struct arg_int*)xmalloc(nbytes); + + /* init the arg_hdr struct */ + result->hdr.flag = ARG_HASVALUE; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.datatype = datatype ? datatype : ""; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_int_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_int_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_int_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_int_errorfn; + + /* store the ival[maxcount] array immediately after the arg_int struct */ + result->ival = (int*)(result + 1); + result->count = 0; - /* store the ival[maxcount] array immediately after the arg_int struct */ - result->ival = (int *)(result + 1); - result->count = 0; - } - ARG_TRACE(("arg_intn() returns %p\n", result)); return result; } /******************************************************************************* + * arg_lit: Implements the literature command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -2438,125 +3337,96 @@ struct arg_int * arg_intn( * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include - #include "argtable3.h" +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif -static void arg_lit_resetfn(struct arg_lit *parent) -{ +#include + +static void arg_lit_resetfn(struct arg_lit* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } - -static int arg_lit_scanfn(struct arg_lit *parent, const char *argval) -{ +static int arg_lit_scanfn(struct arg_lit* parent, const char* argval) { int errorcode = 0; - if (parent->count < parent->hdr.maxcount ) + if (parent->count < parent->hdr.maxcount) parent->count++; else - errorcode = EMAXCOUNT; + errorcode = ARG_ERR_MAXCOUNT; - ARG_TRACE(("%s:scanfn(%p,%s) returns %d\n", __FILE__, parent, argval, - errorcode)); + ARG_TRACE(("%s:scanfn(%p,%s) returns %d\n", __FILE__, parent, argval, errorcode)); return errorcode; } - -static int arg_lit_checkfn(struct arg_lit *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; +static int arg_lit_checkfn(struct arg_lit* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; ARG_TRACE(("%s:checkfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } +static void arg_lit_errorfn(struct arg_lit* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; -static void arg_lit_errorfn( - struct arg_lit *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_catf(ds, "%s: missing option ", progname); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + arg_dstr_cat(ds, "\n"); + break; - switch(errorcode) - { - case EMINCOUNT: - fprintf(fp, "%s: missing option ", progname); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - fprintf(fp, "\n"); - break; - - case EMAXCOUNT: - fprintf(fp, "%s: extraneous option ", progname); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_catf(ds, "%s: extraneous option ", progname); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; } - ARG_TRACE(("%s:errorfn(%p, %p, %d, %s, %s)\n", __FILE__, parent, fp, - errorcode, argval, progname)); + ARG_TRACE(("%s:errorfn(%p, %p, %d, %s, %s)\n", __FILE__, parent, ds, errorcode, argval, progname)); } - -struct arg_lit * arg_lit0( - const char * shortopts, - const char * longopts, - const char * glossary) -{ +struct arg_lit* arg_lit0(const char* shortopts, const char* longopts, const char* glossary) { return arg_litn(shortopts, longopts, 0, 1, glossary); } - -struct arg_lit * arg_lit1( - const char *shortopts, - const char *longopts, - const char *glossary) -{ +struct arg_lit* arg_lit1(const char* shortopts, const char* longopts, const char* glossary) { return arg_litn(shortopts, longopts, 1, 1, glossary); } - -struct arg_lit * arg_litn( - const char *shortopts, - const char *longopts, - int mincount, - int maxcount, - const char *glossary) -{ - struct arg_lit *result; +struct arg_lit* arg_litn(const char* shortopts, const char* longopts, int mincount, int maxcount, const char* glossary) { + struct arg_lit* result; /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; - result = (struct arg_lit *)malloc(sizeof(struct arg_lit)); - if (result) - { - /* init the arg_hdr struct */ - result->hdr.flag = 0; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = NULL; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_lit_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_lit_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_lit_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_lit_errorfn; + result = (struct arg_lit*)xmalloc(sizeof(struct arg_lit)); + + /* init the arg_hdr struct */ + result->hdr.flag = 0; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.datatype = NULL; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_lit_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_lit_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_lit_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_lit_errorfn; + + /* init local variables */ + result->count = 0; - /* init local variables */ - result->count = 0; - } - ARG_TRACE(("arg_litn() returns %p\n", result)); return result; } /******************************************************************************* + * arg_rem: Implements the rem command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -2586,34 +3456,36 @@ struct arg_lit * arg_litn( * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include - #include "argtable3.h" -struct arg_rem *arg_rem(const char *datatype, const char *glossary) -{ - struct arg_rem *result = (struct arg_rem *)malloc(sizeof(struct arg_rem)); - if (result) - { - result->hdr.flag = 0; - result->hdr.shortopts = NULL; - result->hdr.longopts = NULL; - result->hdr.datatype = datatype; - result->hdr.glossary = glossary; - result->hdr.mincount = 1; - result->hdr.maxcount = 1; - result->hdr.parent = result; - result->hdr.resetfn = NULL; - result->hdr.scanfn = NULL; - result->hdr.checkfn = NULL; - result->hdr.errorfn = NULL; - } +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + +#include + +struct arg_rem* arg_rem(const char* datatype, const char* glossary) { + struct arg_rem* result = (struct arg_rem*)xmalloc(sizeof(struct arg_rem)); + + result->hdr.flag = 0; + result->hdr.shortopts = NULL; + result->hdr.longopts = NULL; + result->hdr.datatype = datatype; + result->hdr.glossary = glossary; + result->hdr.mincount = 1; + result->hdr.maxcount = 1; + result->hdr.parent = result; + result->hdr.resetfn = NULL; + result->hdr.scanfn = NULL; + result->hdr.checkfn = NULL; + result->hdr.errorfn = NULL; ARG_TRACE(("arg_rem() returns %p\n", result)); return result; } - /******************************************************************************* + * arg_rex: Implements the regex command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -2643,58 +3515,54 @@ struct arg_rem *arg_rem(const char *datatype, const char *glossary) * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ +#include "argtable3.h" + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + #include #include -#include "argtable3.h" - - #ifndef _TREX_H_ #define _TREX_H_ -/*************************************************************** - T-Rex a tiny regular expression library - Copyright (C) 2003-2006 Alberto Demichelis - - This software is provided 'as-is', without any express - or implied warranty. In no event will the authors be held - liable for any damages arising from the use of this software. - - Permission is granted to anyone to use this software for - any purpose, including commercial applications, and to alter - it and redistribute it freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; - you must not claim that you wrote the original software. - If you use this software in a product, an acknowledgment - in the product documentation would be appreciated but - is not required. - - 2. Altered source versions must be plainly marked as such, - and must not be misrepresented as being the original software. - - 3. This notice may not be removed or altered from any - source distribution. - -****************************************************************/ +/* + * This module uses the T-Rex regular expression library to implement the regex + * logic. Here is the copyright notice of the library: + * + * Copyright (C) 2003-2006 Alberto Demichelis + * + * This software is provided 'as-is', without any express + * or implied warranty. In no event will the authors be held + * liable for any damages arising from the use of this software. + * + * Permission is granted to anyone to use this software for + * any purpose, including commercial applications, and to alter + * it and redistribute it freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; + * you must not claim that you wrote the original software. + * If you use this software in a product, an acknowledgment + * in the product documentation would be appreciated but + * is not required. + * + * 2. Altered source versions must be plainly marked as such, + * and must not be misrepresented as being the original software. + * + * 3. This notice may not be removed or altered from any + * source distribution. + */ #ifdef __cplusplus extern "C" { #endif -#ifdef _UNICODE -#define TRexChar unsigned short -#define MAX_CHAR 0xFFFF -#define _TREXC(c) L##c -#define trex_strlen wcslen -#define trex_printf wprintf -#else #define TRexChar char #define MAX_CHAR 0xFF #define _TREXC(c) (c) #define trex_strlen strlen #define trex_printf printf -#endif #ifndef TREX_API #define TREX_API extern @@ -2709,17 +3577,22 @@ typedef unsigned int TRexBool; typedef struct TRex TRex; typedef struct { - const TRexChar *begin; - int len; + const TRexChar* begin; + int len; } TRexMatch; -TREX_API TRex *trex_compile(const TRexChar *pattern, const TRexChar **error, int flags); -TREX_API void trex_free(TRex *exp); +#ifdef __GNUC__ +TREX_API TRex* trex_compile(const TRexChar* pattern, const TRexChar** error, int flags) __attribute__((optimize(0))); +#else +TREX_API TRex* trex_compile(const TRexChar* pattern, const TRexChar** error, int flags); +#endif +TREX_API void trex_free(TRex* exp); TREX_API TRexBool trex_match(TRex* exp, const TRexChar* text); TREX_API TRexBool trex_search(TRex* exp, const TRexChar* text, const TRexChar** out_begin, const TRexChar** out_end); -TREX_API TRexBool trex_searchrange(TRex* exp, const TRexChar* text_begin, const TRexChar* text_end, const TRexChar** out_begin, const TRexChar** out_end); +TREX_API TRexBool +trex_searchrange(TRex* exp, const TRexChar* text_begin, const TRexChar* text_end, const TRexChar** out_begin, const TRexChar** out_end); TREX_API int trex_getsubexpcount(TRex* exp); -TREX_API TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch *subexp); +TREX_API TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch* subexp); #ifdef __cplusplus } @@ -2727,43 +3600,32 @@ TREX_API TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch *subexp); #endif - - -struct privhdr -{ - const char *pattern; +struct privhdr { + const char* pattern; int flags; }; - -static void arg_rex_resetfn(struct arg_rex *parent) -{ +static void arg_rex_resetfn(struct arg_rex* parent) { ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); parent->count = 0; } -static int arg_rex_scanfn(struct arg_rex *parent, const char *argval) -{ +static int arg_rex_scanfn(struct arg_rex* parent, const char* argval) { int errorcode = 0; - const TRexChar *error = NULL; - TRex *rex = NULL; + const TRexChar* error = NULL; + TRex* rex = NULL; TRexBool is_match = TRex_False; - if (parent->count == parent->hdr.maxcount ) - { + if (parent->count == parent->hdr.maxcount) { /* maximum number of arguments exceeded */ - errorcode = EMAXCOUNT; - } - else if (!argval) - { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ /* leave parent argument value unaltered but still count the argument. */ parent->count++; - } - else - { - struct privhdr *priv = (struct privhdr *)parent->hdr.priv; + } else { + struct privhdr* priv = (struct privhdr*)parent->hdr.priv; /* test the current argument value for a match with the regular expression */ /* if a match is detected, record the argument value in the arg_rex struct */ @@ -2771,126 +3633,90 @@ static int arg_rex_scanfn(struct arg_rex *parent, const char *argval) rex = trex_compile(priv->pattern, &error, priv->flags); is_match = trex_match(rex, argval); if (!is_match) - errorcode = EREGNOMATCH; + errorcode = ARG_ERR_REGNOMATCH; else parent->sval[parent->count++] = argval; trex_free(rex); } - ARG_TRACE(("%s:scanfn(%p) returns %d\n",__FILE__,parent,errorcode)); + ARG_TRACE(("%s:scanfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } -static int arg_rex_checkfn(struct arg_rex *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; - //struct privhdr *priv = (struct privhdr*)parent->hdr.priv; +static int arg_rex_checkfn(struct arg_rex* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; +#if 0 + struct privhdr *priv = (struct privhdr*)parent->hdr.priv; /* free the regex "program" we constructed in resetfn */ - //regfree(&(priv->regex)); + regfree(&(priv->regex)); /*printf("%s:checkfn(%p) returns %d\n",__FILE__,parent,errorcode);*/ +#endif return errorcode; } -static void arg_rex_errorfn(struct arg_rex *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_rex_errorfn(struct arg_rex* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - case EREGNOMATCH: - fputs("illegal value ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_REGNOMATCH: + arg_dstr_cat(ds, "illegal value "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; - default: - { - //char errbuff[256]; - //regerror(errorcode, NULL, errbuff, sizeof(errbuff)); - //printf("%s\n", errbuff); - } - break; + default: { + #if 0 + char errbuff[256]; + regerror(errorcode, NULL, errbuff, sizeof(errbuff)); + printf("%s\n", errbuff); + #endif + } break; } } - -struct arg_rex * arg_rex0(const char * shortopts, - const char * longopts, - const char * pattern, - const char *datatype, - int flags, - const char *glossary) -{ - return arg_rexn(shortopts, - longopts, - pattern, - datatype, - 0, - 1, - flags, - glossary); +struct arg_rex* arg_rex0(const char* shortopts, const char* longopts, const char* pattern, const char* datatype, int flags, const char* glossary) { + return arg_rexn(shortopts, longopts, pattern, datatype, 0, 1, flags, glossary); } -struct arg_rex * arg_rex1(const char * shortopts, - const char * longopts, - const char * pattern, - const char *datatype, - int flags, - const char *glossary) -{ - return arg_rexn(shortopts, - longopts, - pattern, - datatype, - 1, - 1, - flags, - glossary); +struct arg_rex* arg_rex1(const char* shortopts, const char* longopts, const char* pattern, const char* datatype, int flags, const char* glossary) { + return arg_rexn(shortopts, longopts, pattern, datatype, 1, 1, flags, glossary); } - -struct arg_rex * arg_rexn(const char * shortopts, - const char * longopts, - const char * pattern, - const char *datatype, - int mincount, - int maxcount, - int flags, - const char *glossary) -{ +struct arg_rex* arg_rexn(const char* shortopts, + const char* longopts, + const char* pattern, + const char* datatype, + int mincount, + int maxcount, + int flags, + const char* glossary) { size_t nbytes; - struct arg_rex *result; - struct privhdr *priv; + struct arg_rex* result; + struct privhdr* priv; int i; - const TRexChar *error = NULL; - TRex *rex = NULL; + const TRexChar* error = NULL; + TRex* rex = NULL; - if (!pattern) - { - printf( - "argtable: ERROR - illegal regular expression pattern \"(NULL)\"\n"); + if (!pattern) { + printf("argtable: ERROR - illegal regular expression pattern \"(NULL)\"\n"); printf("argtable: Bad argument table.\n"); return NULL; } @@ -2898,36 +3724,33 @@ struct arg_rex * arg_rexn(const char * shortopts, /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; - nbytes = sizeof(struct arg_rex) /* storage for struct arg_rex */ - + sizeof(struct privhdr) /* storage for private arg_rex data */ - + maxcount * sizeof(char *); /* storage for sval[maxcount] array */ - - result = (struct arg_rex *)malloc(nbytes); - if (result == NULL) - return result; + nbytes = sizeof(struct arg_rex) /* storage for struct arg_rex */ + + sizeof(struct privhdr) /* storage for private arg_rex data */ + + maxcount * sizeof(char*); /* storage for sval[maxcount] array */ /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; + result = (struct arg_rex*)xmalloc(nbytes); + result->hdr.flag = ARG_HASVALUE; result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = datatype ? datatype : pattern; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_rex_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_rex_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_rex_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_rex_errorfn; + result->hdr.longopts = longopts; + result->hdr.datatype = datatype ? datatype : pattern; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_rex_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_rex_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_rex_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_rex_errorfn; /* store the arg_rex_priv struct immediately after the arg_rex struct */ - result->hdr.priv = result + 1; - priv = (struct privhdr *)(result->hdr.priv); + result->hdr.priv = result + 1; + priv = (struct privhdr*)(result->hdr.priv); priv->pattern = pattern; priv->flags = flags; /* store the sval[maxcount] array immediately after the arg_rex_priv struct */ - result->sval = (const char * *)(priv + 1); + result->sval = (const char**)(priv + 1); result->count = 0; /* foolproof the string pointers by initializing them to reference empty strings */ @@ -2941,8 +3764,7 @@ struct arg_rex * arg_rexn(const char * shortopts, */ rex = trex_compile(priv->pattern, &error, priv->flags); - if (rex == NULL) - { + if (rex == NULL) { ARG_LOG(("argtable: %s \"%s\"\n", error ? error : _TREXC("undefined"), priv->pattern)); ARG_LOG(("argtable: Bad argument table.\n")); } @@ -2953,13 +3775,11 @@ struct arg_rex * arg_rexn(const char * shortopts, return result; } - - /* see copyright notice in trex.h */ -#include -#include #include #include +#include +#include #ifdef _UINCODE #define scisprint iswprint @@ -2973,31 +3793,27 @@ struct arg_rex * arg_rexn(const char * shortopts, #define _SC(x) (x) #endif -#ifdef _DEBUG +#ifdef ARG_REX_DEBUG #include -static const TRexChar *g_nnames[] = -{ - _SC("NONE"),_SC("OP_GREEDY"), _SC("OP_OR"), - _SC("OP_EXPR"),_SC("OP_NOCAPEXPR"),_SC("OP_DOT"), _SC("OP_CLASS"), - _SC("OP_CCLASS"),_SC("OP_NCLASS"),_SC("OP_RANGE"),_SC("OP_CHAR"), - _SC("OP_EOL"),_SC("OP_BOL"),_SC("OP_WB") -}; +static const TRexChar* g_nnames[] = {_SC("NONE"), _SC("OP_GREEDY"), _SC("OP_OR"), _SC("OP_EXPR"), _SC("OP_NOCAPEXPR"), + _SC("OP_DOT"), _SC("OP_CLASS"), _SC("OP_CCLASS"), _SC("OP_NCLASS"), _SC("OP_RANGE"), + _SC("OP_CHAR"), _SC("OP_EOL"), _SC("OP_BOL"), _SC("OP_WB")}; #endif -#define OP_GREEDY (MAX_CHAR+1) // * + ? {n} -#define OP_OR (MAX_CHAR+2) -#define OP_EXPR (MAX_CHAR+3) //parentesis () -#define OP_NOCAPEXPR (MAX_CHAR+4) //parentesis (?:) -#define OP_DOT (MAX_CHAR+5) -#define OP_CLASS (MAX_CHAR+6) -#define OP_CCLASS (MAX_CHAR+7) -#define OP_NCLASS (MAX_CHAR+8) //negates class the [^ -#define OP_RANGE (MAX_CHAR+9) -#define OP_CHAR (MAX_CHAR+10) -#define OP_EOL (MAX_CHAR+11) -#define OP_BOL (MAX_CHAR+12) -#define OP_WB (MAX_CHAR+13) +#define OP_GREEDY (MAX_CHAR + 1) /* * + ? {n} */ +#define OP_OR (MAX_CHAR + 2) +#define OP_EXPR (MAX_CHAR + 3) /* parentesis () */ +#define OP_NOCAPEXPR (MAX_CHAR + 4) /* parentesis (?:) */ +#define OP_DOT (MAX_CHAR + 5) +#define OP_CLASS (MAX_CHAR + 6) +#define OP_CCLASS (MAX_CHAR + 7) +#define OP_NCLASS (MAX_CHAR + 8) /* negates class the [^ */ +#define OP_RANGE (MAX_CHAR + 9) +#define OP_CHAR (MAX_CHAR + 10) +#define OP_EOL (MAX_CHAR + 11) +#define OP_BOL (MAX_CHAR + 12) +#define OP_WB (MAX_CHAR + 13) #define TREX_SYMBOL_ANY_CHAR ('.') #define TREX_SYMBOL_GREEDY_ONE_OR_MORE ('+') @@ -3008,616 +3824,675 @@ static const TRexChar *g_nnames[] = #define TREX_SYMBOL_BEGINNING_OF_STRING ('^') #define TREX_SYMBOL_ESCAPE_CHAR ('\\') - typedef int TRexNodeType; -typedef struct tagTRexNode{ - TRexNodeType type; - int left; - int right; - int next; -}TRexNode; +typedef struct tagTRexNode { + TRexNodeType type; + int left; + int right; + int next; +} TRexNode; -struct TRex{ - const TRexChar *_eol; - const TRexChar *_bol; - const TRexChar *_p; - int _first; - int _op; - TRexNode *_nodes; - int _nallocated; - int _nsize; - int _nsubexpr; - TRexMatch *_matches; - int _currsubexp; - void *_jmpbuf; - const TRexChar **_error; - int _flags; +struct TRex { + const TRexChar* _eol; + const TRexChar* _bol; + const TRexChar* _p; + int _first; + int _op; + TRexNode* _nodes; + int _nallocated; + int _nsize; + int _nsubexpr; + TRexMatch* _matches; + int _currsubexp; + void* _jmpbuf; + const TRexChar** _error; + int _flags; }; -static int trex_list(TRex *exp); +static int trex_list(TRex* exp); -static int trex_newnode(TRex *exp, TRexNodeType type) -{ - TRexNode n; - int newid; - n.type = type; - n.next = n.right = n.left = -1; - if(type == OP_EXPR) - n.right = exp->_nsubexpr++; - if(exp->_nallocated < (exp->_nsize + 1)) { - exp->_nallocated *= 2; - exp->_nodes = (TRexNode *)realloc(exp->_nodes, exp->_nallocated * sizeof(TRexNode)); - } - exp->_nodes[exp->_nsize++] = n; - newid = exp->_nsize - 1; - return (int)newid; +static int trex_newnode(TRex* exp, TRexNodeType type) { + TRexNode n; + int newid; + n.type = type; + n.next = n.right = n.left = -1; + if (type == OP_EXPR) + n.right = exp->_nsubexpr++; + if (exp->_nallocated < (exp->_nsize + 1)) { + exp->_nallocated *= 2; + exp->_nodes = (TRexNode*)xrealloc(exp->_nodes, exp->_nallocated * sizeof(TRexNode)); + } + exp->_nodes[exp->_nsize++] = n; + newid = exp->_nsize - 1; + return (int)newid; } -static void trex_error(TRex *exp,const TRexChar *error) -{ - if(exp->_error) *exp->_error = error; - longjmp(*((jmp_buf*)exp->_jmpbuf),-1); +static void trex_error(TRex* exp, const TRexChar* error) { + if (exp->_error) + *exp->_error = error; + longjmp(*((jmp_buf*)exp->_jmpbuf), -1); } -static void trex_expect(TRex *exp, int n){ - if((*exp->_p) != n) - trex_error(exp, _SC("expected paren")); - exp->_p++; +static void trex_expect(TRex* exp, int n) { + if ((*exp->_p) != n) + trex_error(exp, _SC("expected paren")); + exp->_p++; } -static TRexChar trex_escapechar(TRex *exp) -{ - if(*exp->_p == TREX_SYMBOL_ESCAPE_CHAR){ - exp->_p++; - switch(*exp->_p) { - case 'v': exp->_p++; return '\v'; - case 'n': exp->_p++; return '\n'; - case 't': exp->_p++; return '\t'; - case 'r': exp->_p++; return '\r'; - case 'f': exp->_p++; return '\f'; - default: return (*exp->_p++); - } - } else if(!scisprint(*exp->_p)) trex_error(exp,_SC("letter expected")); - return (*exp->_p++); +static TRexChar trex_escapechar(TRex* exp) { + if (*exp->_p == TREX_SYMBOL_ESCAPE_CHAR) { + exp->_p++; + switch (*exp->_p) { + case 'v': + exp->_p++; + return '\v'; + case 'n': + exp->_p++; + return '\n'; + case 't': + exp->_p++; + return '\t'; + case 'r': + exp->_p++; + return '\r'; + case 'f': + exp->_p++; + return '\f'; + default: + return (*exp->_p++); + } + } else if (!scisprint(*exp->_p)) + trex_error(exp, _SC("letter expected")); + return (*exp->_p++); } -static int trex_charclass(TRex *exp,int classid) -{ - int n = trex_newnode(exp,OP_CCLASS); - exp->_nodes[n].left = classid; - return n; +static int trex_charclass(TRex* exp, int classid) { + int n = trex_newnode(exp, OP_CCLASS); + exp->_nodes[n].left = classid; + return n; } -static int trex_charnode(TRex *exp,TRexBool isclass) -{ - TRexChar t; - if(*exp->_p == TREX_SYMBOL_ESCAPE_CHAR) { - exp->_p++; - switch(*exp->_p) { - case 'n': exp->_p++; return trex_newnode(exp,'\n'); - case 't': exp->_p++; return trex_newnode(exp,'\t'); - case 'r': exp->_p++; return trex_newnode(exp,'\r'); - case 'f': exp->_p++; return trex_newnode(exp,'\f'); - case 'v': exp->_p++; return trex_newnode(exp,'\v'); - case 'a': case 'A': case 'w': case 'W': case 's': case 'S': - case 'd': case 'D': case 'x': case 'X': case 'c': case 'C': - case 'p': case 'P': case 'l': case 'u': - { - t = *exp->_p; exp->_p++; - return trex_charclass(exp,t); - } - case 'b': - case 'B': - if(!isclass) { - int node = trex_newnode(exp,OP_WB); - exp->_nodes[node].left = *exp->_p; - exp->_p++; - return node; - } //else default - default: - t = *exp->_p; exp->_p++; - return trex_newnode(exp,t); - } - } - else if(!scisprint(*exp->_p)) { - - trex_error(exp,_SC("letter expected")); - } - t = *exp->_p; exp->_p++; - return trex_newnode(exp,t); +static int trex_charnode(TRex* exp, TRexBool isclass) { + TRexChar t; + if (*exp->_p == TREX_SYMBOL_ESCAPE_CHAR) { + exp->_p++; + switch (*exp->_p) { + case 'n': + exp->_p++; + return trex_newnode(exp, '\n'); + case 't': + exp->_p++; + return trex_newnode(exp, '\t'); + case 'r': + exp->_p++; + return trex_newnode(exp, '\r'); + case 'f': + exp->_p++; + return trex_newnode(exp, '\f'); + case 'v': + exp->_p++; + return trex_newnode(exp, '\v'); + case 'a': + case 'A': + case 'w': + case 'W': + case 's': + case 'S': + case 'd': + case 'D': + case 'x': + case 'X': + case 'c': + case 'C': + case 'p': + case 'P': + case 'l': + case 'u': { + t = *exp->_p; + exp->_p++; + return trex_charclass(exp, t); + } + case 'b': + case 'B': + if (!isclass) { + int node = trex_newnode(exp, OP_WB); + exp->_nodes[node].left = *exp->_p; + exp->_p++; + return node; + } + /* fall through */ + default: + t = *exp->_p; + exp->_p++; + return trex_newnode(exp, t); + } + } else if (!scisprint(*exp->_p)) { + trex_error(exp, _SC("letter expected")); + } + t = *exp->_p; + exp->_p++; + return trex_newnode(exp, t); } -static int trex_class(TRex *exp) -{ - int ret = -1; - int first = -1,chain; - if(*exp->_p == TREX_SYMBOL_BEGINNING_OF_STRING){ - ret = trex_newnode(exp,OP_NCLASS); - exp->_p++; - }else ret = trex_newnode(exp,OP_CLASS); +static int trex_class(TRex* exp) { + int ret = -1; + int first = -1, chain; + if (*exp->_p == TREX_SYMBOL_BEGINNING_OF_STRING) { + ret = trex_newnode(exp, OP_NCLASS); + exp->_p++; + } else + ret = trex_newnode(exp, OP_CLASS); - if(*exp->_p == ']') trex_error(exp,_SC("empty class")); - chain = ret; - while(*exp->_p != ']' && exp->_p != exp->_eol) { - if(*exp->_p == '-' && first != -1){ - int r,t; - if(*exp->_p++ == ']') trex_error(exp,_SC("unfinished range")); - r = trex_newnode(exp,OP_RANGE); - if(first>*exp->_p) trex_error(exp,_SC("invalid range")); - if(exp->_nodes[first].type == OP_CCLASS) trex_error(exp,_SC("cannot use character classes in ranges")); - exp->_nodes[r].left = exp->_nodes[first].type; - t = trex_escapechar(exp); - exp->_nodes[r].right = t; + if (*exp->_p == ']') + trex_error(exp, _SC("empty class")); + chain = ret; + while (*exp->_p != ']' && exp->_p != exp->_eol) { + if (*exp->_p == '-' && first != -1) { + int r, t; + if (*exp->_p++ == ']') + trex_error(exp, _SC("unfinished range")); + r = trex_newnode(exp, OP_RANGE); + if (first > *exp->_p) + trex_error(exp, _SC("invalid range")); + if (exp->_nodes[first].type == OP_CCLASS) + trex_error(exp, _SC("cannot use character classes in ranges")); + exp->_nodes[r].left = exp->_nodes[first].type; + t = trex_escapechar(exp); + exp->_nodes[r].right = t; exp->_nodes[chain].next = r; - chain = r; - first = -1; - } - else{ - if(first!=-1){ - int c = first; - exp->_nodes[chain].next = c; - chain = c; - first = trex_charnode(exp,TRex_True); - } - else{ - first = trex_charnode(exp,TRex_True); - } - } - } - if(first!=-1){ - int c = first; - exp->_nodes[chain].next = c; - chain = c; - first = -1; - } - /* hack? */ - exp->_nodes[ret].left = exp->_nodes[ret].next; - exp->_nodes[ret].next = -1; - return ret; + chain = r; + first = -1; + } else { + if (first != -1) { + int c = first; + exp->_nodes[chain].next = c; + chain = c; + first = trex_charnode(exp, TRex_True); + } else { + first = trex_charnode(exp, TRex_True); + } + } + } + if (first != -1) { + int c = first; + exp->_nodes[chain].next = c; + chain = c; + first = -1; + } + /* hack? */ + exp->_nodes[ret].left = exp->_nodes[ret].next; + exp->_nodes[ret].next = -1; + return ret; } -static int trex_parsenumber(TRex *exp) -{ - int ret = *exp->_p-'0'; - int positions = 10; - exp->_p++; - while(isdigit(*exp->_p)) { - ret = ret*10+(*exp->_p++-'0'); - if(positions==1000000000) trex_error(exp,_SC("overflow in numeric constant")); - positions *= 10; - }; - return ret; +static int trex_parsenumber(TRex* exp) { + int ret = *exp->_p - '0'; + int positions = 10; + exp->_p++; + while (isdigit(*exp->_p)) { + ret = ret * 10 + (*exp->_p++ - '0'); + if (positions == 1000000000) + trex_error(exp, _SC("overflow in numeric constant")); + positions *= 10; + }; + return ret; } -static int trex_element(TRex *exp) -{ - int ret = -1; - switch(*exp->_p) - { - case '(': { - int expr,newn; - exp->_p++; +static int trex_element(TRex* exp) { + int ret = -1; + switch (*exp->_p) { + case '(': { + int expr, newn; + exp->_p++; + if (*exp->_p == '?') { + exp->_p++; + trex_expect(exp, ':'); + expr = trex_newnode(exp, OP_NOCAPEXPR); + } else + expr = trex_newnode(exp, OP_EXPR); + newn = trex_list(exp); + exp->_nodes[expr].left = newn; + ret = expr; + trex_expect(exp, ')'); + } break; + case '[': + exp->_p++; + ret = trex_class(exp); + trex_expect(exp, ']'); + break; + case TREX_SYMBOL_END_OF_STRING: + exp->_p++; + ret = trex_newnode(exp, OP_EOL); + break; + case TREX_SYMBOL_ANY_CHAR: + exp->_p++; + ret = trex_newnode(exp, OP_DOT); + break; + default: + ret = trex_charnode(exp, TRex_False); + break; + } - if(*exp->_p =='?') { - exp->_p++; - trex_expect(exp,':'); - expr = trex_newnode(exp,OP_NOCAPEXPR); - } - else - expr = trex_newnode(exp,OP_EXPR); - newn = trex_list(exp); - exp->_nodes[expr].left = newn; - ret = expr; - trex_expect(exp,')'); - } - break; - case '[': - exp->_p++; - ret = trex_class(exp); - trex_expect(exp,']'); - break; - case TREX_SYMBOL_END_OF_STRING: exp->_p++; ret = trex_newnode(exp,OP_EOL);break; - case TREX_SYMBOL_ANY_CHAR: exp->_p++; ret = trex_newnode(exp,OP_DOT);break; - default: - ret = trex_charnode(exp,TRex_False); - break; - } + { + TRexBool isgreedy = TRex_False; + unsigned short p0 = 0, p1 = 0; + switch (*exp->_p) { + case TREX_SYMBOL_GREEDY_ZERO_OR_MORE: + p0 = 0; + p1 = 0xFFFF; + exp->_p++; + isgreedy = TRex_True; + break; + case TREX_SYMBOL_GREEDY_ONE_OR_MORE: + p0 = 1; + p1 = 0xFFFF; + exp->_p++; + isgreedy = TRex_True; + break; + case TREX_SYMBOL_GREEDY_ZERO_OR_ONE: + p0 = 0; + p1 = 1; + exp->_p++; + isgreedy = TRex_True; + break; + case '{': + exp->_p++; + if (!isdigit(*exp->_p)) + trex_error(exp, _SC("number expected")); + p0 = (unsigned short)trex_parsenumber(exp); + /*******************************/ + switch (*exp->_p) { + case '}': + p1 = p0; + exp->_p++; + break; + case ',': + exp->_p++; + p1 = 0xFFFF; + if (isdigit(*exp->_p)) { + p1 = (unsigned short)trex_parsenumber(exp); + } + trex_expect(exp, '}'); + break; + default: + trex_error(exp, _SC(", or } expected")); + } + /*******************************/ + isgreedy = TRex_True; + break; + } + if (isgreedy) { + int nnode = trex_newnode(exp, OP_GREEDY); + exp->_nodes[nnode].left = ret; + exp->_nodes[nnode].right = ((p0) << 16) | p1; + ret = nnode; + } + } + if ((*exp->_p != TREX_SYMBOL_BRANCH) && (*exp->_p != ')') && (*exp->_p != TREX_SYMBOL_GREEDY_ZERO_OR_MORE) && + (*exp->_p != TREX_SYMBOL_GREEDY_ONE_OR_MORE) && (*exp->_p != '\0')) { + int nnode = trex_element(exp); + exp->_nodes[ret].next = nnode; + } - { - TRexBool isgreedy = TRex_False; - unsigned short p0 = 0, p1 = 0; - switch(*exp->_p){ - case TREX_SYMBOL_GREEDY_ZERO_OR_MORE: p0 = 0; p1 = 0xFFFF; exp->_p++; isgreedy = TRex_True; break; - case TREX_SYMBOL_GREEDY_ONE_OR_MORE: p0 = 1; p1 = 0xFFFF; exp->_p++; isgreedy = TRex_True; break; - case TREX_SYMBOL_GREEDY_ZERO_OR_ONE: p0 = 0; p1 = 1; exp->_p++; isgreedy = TRex_True; break; - case '{': - exp->_p++; - if(!isdigit(*exp->_p)) trex_error(exp,_SC("number expected")); - p0 = (unsigned short)trex_parsenumber(exp); - /*******************************/ - switch(*exp->_p) { - case '}': - p1 = p0; exp->_p++; - break; - case ',': - exp->_p++; - p1 = 0xFFFF; - if(isdigit(*exp->_p)){ - p1 = (unsigned short)trex_parsenumber(exp); - } - trex_expect(exp,'}'); - break; - default: - trex_error(exp,_SC(", or } expected")); - } - /*******************************/ - isgreedy = TRex_True; - break; - - } - if(isgreedy) { - int nnode = trex_newnode(exp,OP_GREEDY); - exp->_nodes[nnode].left = ret; - exp->_nodes[nnode].right = ((p0)<<16)|p1; - ret = nnode; - } - } - if((*exp->_p != TREX_SYMBOL_BRANCH) && (*exp->_p != ')') && (*exp->_p != TREX_SYMBOL_GREEDY_ZERO_OR_MORE) && (*exp->_p != TREX_SYMBOL_GREEDY_ONE_OR_MORE) && (*exp->_p != '\0')) { - int nnode = trex_element(exp); - exp->_nodes[ret].next = nnode; - } - - return ret; + return ret; } -static int trex_list(TRex *exp) -{ - int ret=-1,e; - if(*exp->_p == TREX_SYMBOL_BEGINNING_OF_STRING) { - exp->_p++; - ret = trex_newnode(exp,OP_BOL); - } - e = trex_element(exp); - if(ret != -1) { - exp->_nodes[ret].next = e; - } - else ret = e; +static int trex_list(TRex* exp) { + int ret = -1, e; + if (*exp->_p == TREX_SYMBOL_BEGINNING_OF_STRING) { + exp->_p++; + ret = trex_newnode(exp, OP_BOL); + } + e = trex_element(exp); + if (ret != -1) { + exp->_nodes[ret].next = e; + } else + ret = e; - if(*exp->_p == TREX_SYMBOL_BRANCH) { - int temp,tright; - exp->_p++; - temp = trex_newnode(exp,OP_OR); - exp->_nodes[temp].left = ret; - tright = trex_list(exp); - exp->_nodes[temp].right = tright; - ret = temp; - } - return ret; + if (*exp->_p == TREX_SYMBOL_BRANCH) { + int temp, tright; + exp->_p++; + temp = trex_newnode(exp, OP_OR); + exp->_nodes[temp].left = ret; + tright = trex_list(exp); + exp->_nodes[temp].right = tright; + ret = temp; + } + return ret; } -static TRexBool trex_matchcclass(int cclass,TRexChar c) -{ - switch(cclass) { - case 'a': return isalpha(c)?TRex_True:TRex_False; - case 'A': return !isalpha(c)?TRex_True:TRex_False; - case 'w': return (isalnum(c) || c == '_')?TRex_True:TRex_False; - case 'W': return (!isalnum(c) && c != '_')?TRex_True:TRex_False; - case 's': return ISSPACE(c)?TRex_True:TRex_False; - case 'S': return !ISSPACE(c)?TRex_True:TRex_False; - case 'd': return isdigit(c)?TRex_True:TRex_False; - case 'D': return !isdigit(c)?TRex_True:TRex_False; - case 'x': return isxdigit(c)?TRex_True:TRex_False; - case 'X': return !isxdigit(c)?TRex_True:TRex_False; - case 'c': return iscntrl(c)?TRex_True:TRex_False; - case 'C': return !iscntrl(c)?TRex_True:TRex_False; - case 'p': return ispunct(c)?TRex_True:TRex_False; - case 'P': return !ispunct(c)?TRex_True:TRex_False; - case 'l': return islower(c)?TRex_True:TRex_False; - case 'u': return isupper(c)?TRex_True:TRex_False; - } - return TRex_False; /*cannot happen*/ +static TRexBool trex_matchcclass(int cclass, TRexChar c) { + switch (cclass) { + case 'a': + return isalpha(c) ? TRex_True : TRex_False; + case 'A': + return !isalpha(c) ? TRex_True : TRex_False; + case 'w': + return (isalnum(c) || c == '_') ? TRex_True : TRex_False; + case 'W': + return (!isalnum(c) && c != '_') ? TRex_True : TRex_False; + case 's': + return isspace(c) ? TRex_True : TRex_False; + case 'S': + return !isspace(c) ? TRex_True : TRex_False; + case 'd': + return isdigit(c) ? TRex_True : TRex_False; + case 'D': + return !isdigit(c) ? TRex_True : TRex_False; + case 'x': + return isxdigit(c) ? TRex_True : TRex_False; + case 'X': + return !isxdigit(c) ? TRex_True : TRex_False; + case 'c': + return iscntrl(c) ? TRex_True : TRex_False; + case 'C': + return !iscntrl(c) ? TRex_True : TRex_False; + case 'p': + return ispunct(c) ? TRex_True : TRex_False; + case 'P': + return !ispunct(c) ? TRex_True : TRex_False; + case 'l': + return islower(c) ? TRex_True : TRex_False; + case 'u': + return isupper(c) ? TRex_True : TRex_False; + } + return TRex_False; /*cannot happen*/ } -static TRexBool trex_matchclass(TRex* exp,TRexNode *node,TRexChar c) -{ - do { - switch(node->type) { - case OP_RANGE: - if (exp->_flags & TREX_ICASE) - { - if(c >= toupper(node->left) && c <= toupper(node->right)) return TRex_True; - if(c >= tolower(node->left) && c <= tolower(node->right)) return TRex_True; - } - else - { - if(c >= node->left && c <= node->right) return TRex_True; - } - break; - case OP_CCLASS: - if(trex_matchcclass(node->left,c)) return TRex_True; - break; - default: - if (exp->_flags & TREX_ICASE) - { - if (c == tolower(node->type) || c == toupper(node->type)) return TRex_True; - } - else - { - if(c == node->type)return TRex_True; - } - - } - } while((node->next != -1) && (node = &exp->_nodes[node->next])); - return TRex_False; +static TRexBool trex_matchclass(TRex* exp, TRexNode* node, TRexChar c) { + do { + switch (node->type) { + case OP_RANGE: + if (exp->_flags & TREX_ICASE) { + if (c >= toupper(node->left) && c <= toupper(node->right)) + return TRex_True; + if (c >= tolower(node->left) && c <= tolower(node->right)) + return TRex_True; + } else { + if (c >= node->left && c <= node->right) + return TRex_True; + } + break; + case OP_CCLASS: + if (trex_matchcclass(node->left, c)) + return TRex_True; + break; + default: + if (exp->_flags & TREX_ICASE) { + if (c == tolower(node->type) || c == toupper(node->type)) + return TRex_True; + } else { + if (c == node->type) + return TRex_True; + } + } + } while ((node->next != -1) && ((node = &exp->_nodes[node->next]) != NULL)); + return TRex_False; } -static const TRexChar *trex_matchnode(TRex* exp,TRexNode *node,const TRexChar *str,TRexNode *next) -{ +static const TRexChar* trex_matchnode(TRex* exp, TRexNode* node, const TRexChar* str, TRexNode* next) { + TRexNodeType type = node->type; + switch (type) { + case OP_GREEDY: { + /* TRexNode *greedystop = (node->next != -1) ? &exp->_nodes[node->next] : NULL; */ + TRexNode* greedystop = NULL; + int p0 = (node->right >> 16) & 0x0000FFFF, p1 = node->right & 0x0000FFFF, nmaches = 0; + const TRexChar *s = str, *good = str; - TRexNodeType type = node->type; - switch(type) { - case OP_GREEDY: { - //TRexNode *greedystop = (node->next != -1) ? &exp->_nodes[node->next] : NULL; - TRexNode *greedystop = NULL; - int p0 = (node->right >> 16)&0x0000FFFF, p1 = node->right&0x0000FFFF, nmaches = 0; - const TRexChar *s=str, *good = str; + if (node->next != -1) { + greedystop = &exp->_nodes[node->next]; + } else { + greedystop = next; + } - if(node->next != -1) { - greedystop = &exp->_nodes[node->next]; - } - else { - greedystop = next; - } + while ((nmaches == 0xFFFF || nmaches < p1)) { + const TRexChar* stop; + if ((s = trex_matchnode(exp, &exp->_nodes[node->left], s, greedystop)) == NULL) + break; + nmaches++; + good = s; + if (greedystop) { + /* checks that 0 matches satisfy the expression(if so skips) */ + /* if not would always stop(for instance if is a '?') */ + if (greedystop->type != OP_GREEDY || (greedystop->type == OP_GREEDY && ((greedystop->right >> 16) & 0x0000FFFF) != 0)) { + TRexNode* gnext = NULL; + if (greedystop->next != -1) { + gnext = &exp->_nodes[greedystop->next]; + } else if (next && next->next != -1) { + gnext = &exp->_nodes[next->next]; + } + stop = trex_matchnode(exp, greedystop, s, gnext); + if (stop) { + /* if satisfied stop it */ + if (p0 == p1 && p0 == nmaches) + break; + else if (nmaches >= p0 && p1 == 0xFFFF) + break; + else if (nmaches >= p0 && nmaches <= p1) + break; + } + } + } - while((nmaches == 0xFFFF || nmaches < p1)) { + if (s >= exp->_eol) + break; + } + if (p0 == p1 && p0 == nmaches) + return good; + else if (nmaches >= p0 && p1 == 0xFFFF) + return good; + else if (nmaches >= p0 && nmaches <= p1) + return good; + return NULL; + } + case OP_OR: { + const TRexChar* asd = str; + TRexNode* temp = &exp->_nodes[node->left]; + while ((asd = trex_matchnode(exp, temp, asd, NULL)) != NULL) { + if (temp->next != -1) + temp = &exp->_nodes[temp->next]; + else + return asd; + } + asd = str; + temp = &exp->_nodes[node->right]; + while ((asd = trex_matchnode(exp, temp, asd, NULL)) != NULL) { + if (temp->next != -1) + temp = &exp->_nodes[temp->next]; + else + return asd; + } + return NULL; + break; + } + case OP_EXPR: + case OP_NOCAPEXPR: { + TRexNode* n = &exp->_nodes[node->left]; + const TRexChar* cur = str; + int capture = -1; + if (node->type != OP_NOCAPEXPR && node->right == exp->_currsubexp) { + capture = exp->_currsubexp; + exp->_matches[capture].begin = cur; + exp->_currsubexp++; + } - const TRexChar *stop; - if(!(s = trex_matchnode(exp,&exp->_nodes[node->left],s,greedystop))) - break; - nmaches++; - good=s; - if(greedystop) { - //checks that 0 matches satisfy the expression(if so skips) - //if not would always stop(for instance if is a '?') - if(greedystop->type != OP_GREEDY || - (greedystop->type == OP_GREEDY && ((greedystop->right >> 16)&0x0000FFFF) != 0)) - { - TRexNode *gnext = NULL; - if(greedystop->next != -1) { - gnext = &exp->_nodes[greedystop->next]; - }else if(next && next->next != -1){ - gnext = &exp->_nodes[next->next]; - } - stop = trex_matchnode(exp,greedystop,s,gnext); - if(stop) { - //if satisfied stop it - if(p0 == p1 && p0 == nmaches) break; - else if(nmaches >= p0 && p1 == 0xFFFF) break; - else if(nmaches >= p0 && nmaches <= p1) break; - } - } - } + do { + TRexNode* subnext = NULL; + if (n->next != -1) { + subnext = &exp->_nodes[n->next]; + } else { + subnext = next; + } + if ((cur = trex_matchnode(exp, n, cur, subnext)) == NULL) { + if (capture != -1) { + exp->_matches[capture].begin = 0; + exp->_matches[capture].len = 0; + } + return NULL; + } + } while ((n->next != -1) && ((n = &exp->_nodes[n->next]) != NULL)); - if(s >= exp->_eol) - break; - } - if(p0 == p1 && p0 == nmaches) return good; - else if(nmaches >= p0 && p1 == 0xFFFF) return good; - else if(nmaches >= p0 && nmaches <= p1) return good; - return NULL; - } - case OP_OR: { - const TRexChar *asd = str; - TRexNode *temp=&exp->_nodes[node->left]; - while( (asd = trex_matchnode(exp,temp,asd,NULL)) ) { - if(temp->next != -1) - temp = &exp->_nodes[temp->next]; - else - return asd; - } - asd = str; - temp = &exp->_nodes[node->right]; - while( (asd = trex_matchnode(exp,temp,asd,NULL)) ) { - if(temp->next != -1) - temp = &exp->_nodes[temp->next]; - else - return asd; - } - return NULL; - break; - } - case OP_EXPR: - case OP_NOCAPEXPR:{ - TRexNode *n = &exp->_nodes[node->left]; - const TRexChar *cur = str; - int capture = -1; - if(node->type != OP_NOCAPEXPR && node->right == exp->_currsubexp) { - capture = exp->_currsubexp; - exp->_matches[capture].begin = cur; - exp->_currsubexp++; - } - - do { - TRexNode *subnext = NULL; - if(n->next != -1) { - subnext = &exp->_nodes[n->next]; - }else { - subnext = next; - } - if(!(cur = trex_matchnode(exp,n,cur,subnext))) { - if(capture != -1){ - exp->_matches[capture].begin = 0; - exp->_matches[capture].len = 0; - } - return NULL; - } - } while((n->next != -1) && (n = &exp->_nodes[n->next])); - - if(capture != -1) - exp->_matches[capture].len = (int)(cur - exp->_matches[capture].begin); - return cur; - } - case OP_WB: - if((str == exp->_bol && !ISSPACE(*str)) - || ((str == exp->_eol && !ISSPACE(*(str-1)))) - || ((!ISSPACE(*str) && ISSPACE(*(str+1)))) - || ((ISSPACE(*str) && !ISSPACE(*(str+1)))) ) { - return (node->left == 'b')?str:NULL; - } - return (node->left == 'b')?NULL:str; - case OP_BOL: - if(str == exp->_bol) return str; - return NULL; - case OP_EOL: - if(str == exp->_eol) return str; - return NULL; - case OP_DOT: - str++; - return str; - case OP_NCLASS: - case OP_CLASS: - if(trex_matchclass(exp,&exp->_nodes[node->left],*str)?(type == OP_CLASS?TRex_True:TRex_False):(type == OP_NCLASS?TRex_True:TRex_False)) { - str++; - return str; - } - return NULL; - case OP_CCLASS: - if(trex_matchcclass(node->left,*str)) { - str++; - return str; - } - return NULL; - default: /* char */ - if (exp->_flags & TREX_ICASE) - { - if(*str != tolower(node->type) && *str != toupper(node->type)) return NULL; - } - else - { - if (*str != node->type) return NULL; - } - str++; - return str; - } - return NULL; + if (capture != -1) + exp->_matches[capture].len = (int)(cur - exp->_matches[capture].begin); + return cur; + } + case OP_WB: + if ((str == exp->_bol && !isspace(*str)) || (str == exp->_eol && !isspace(*(str - 1))) || (!isspace(*str) && isspace(*(str + 1))) || + (isspace(*str) && !isspace(*(str + 1)))) { + return (node->left == 'b') ? str : NULL; + } + return (node->left == 'b') ? NULL : str; + case OP_BOL: + if (str == exp->_bol) + return str; + return NULL; + case OP_EOL: + if (str == exp->_eol) + return str; + return NULL; + case OP_DOT: { + str++; + } + return str; + case OP_NCLASS: + case OP_CLASS: + if (trex_matchclass(exp, &exp->_nodes[node->left], *str) ? (type == OP_CLASS ? TRex_True : TRex_False) + : (type == OP_NCLASS ? TRex_True : TRex_False)) { + str++; + return str; + } + return NULL; + case OP_CCLASS: + if (trex_matchcclass(node->left, *str)) { + str++; + return str; + } + return NULL; + default: /* char */ + if (exp->_flags & TREX_ICASE) { + if (*str != tolower(node->type) && *str != toupper(node->type)) + return NULL; + } else { + if (*str != node->type) + return NULL; + } + str++; + return str; + } } /* public api */ -TRex *trex_compile(const TRexChar *pattern,const TRexChar **error,int flags) -{ - TRex *exp = (TRex *)malloc(sizeof(TRex)); - exp->_eol = exp->_bol = NULL; - exp->_p = pattern; - exp->_nallocated = (int)scstrlen(pattern) * sizeof(TRexChar); - exp->_nodes = (TRexNode *)malloc(exp->_nallocated * sizeof(TRexNode)); - exp->_nsize = 0; - exp->_matches = 0; - exp->_nsubexpr = 0; - exp->_first = trex_newnode(exp,OP_EXPR); - exp->_error = error; - exp->_jmpbuf = malloc(sizeof(jmp_buf)); - exp->_flags = flags; - if(setjmp(*((jmp_buf*)exp->_jmpbuf)) == 0) { - int res = trex_list(exp); - exp->_nodes[exp->_first].left = res; - if(*exp->_p!='\0') - trex_error(exp,_SC("unexpected character")); -#ifdef _DEBUG - { - int nsize,i; - TRexNode *t; - nsize = exp->_nsize; - t = &exp->_nodes[0]; - scprintf(_SC("\n")); - for(i = 0;i < nsize; i++) { - if(exp->_nodes[i].type>MAX_CHAR) - scprintf(_SC("[%02d] %10s "),i,g_nnames[exp->_nodes[i].type-MAX_CHAR]); - else - scprintf(_SC("[%02d] %10c "),i,exp->_nodes[i].type); - scprintf(_SC("left %02d right %02d next %02d\n"),exp->_nodes[i].left,exp->_nodes[i].right,exp->_nodes[i].next); - } - scprintf(_SC("\n")); - } +TRex* trex_compile(const TRexChar* pattern, const TRexChar** error, int flags) { + TRex* exp = (TRex*)xmalloc(sizeof(TRex)); + exp->_eol = exp->_bol = NULL; + exp->_p = pattern; + exp->_nallocated = (int)scstrlen(pattern) * sizeof(TRexChar); + exp->_nodes = (TRexNode*)xmalloc(exp->_nallocated * sizeof(TRexNode)); + exp->_nsize = 0; + exp->_matches = 0; + exp->_nsubexpr = 0; + exp->_first = trex_newnode(exp, OP_EXPR); + exp->_error = error; + exp->_jmpbuf = xmalloc(sizeof(jmp_buf)); + exp->_flags = flags; + if (setjmp(*((jmp_buf*)exp->_jmpbuf)) == 0) { + int res = trex_list(exp); + exp->_nodes[exp->_first].left = res; + if (*exp->_p != '\0') + trex_error(exp, _SC("unexpected character")); +#ifdef ARG_REX_DEBUG + { + int nsize, i; + nsize = exp->_nsize; + scprintf(_SC("\n")); + for (i = 0; i < nsize; i++) { + if (exp->_nodes[i].type > MAX_CHAR) + scprintf(_SC("[%02d] %10s "), i, g_nnames[exp->_nodes[i].type - MAX_CHAR]); + else + scprintf(_SC("[%02d] %10c "), i, exp->_nodes[i].type); + scprintf(_SC("left %02d right %02d next %02d\n"), exp->_nodes[i].left, exp->_nodes[i].right, exp->_nodes[i].next); + } + scprintf(_SC("\n")); + } #endif - exp->_matches = (TRexMatch *) malloc(exp->_nsubexpr * sizeof(TRexMatch)); - memset(exp->_matches,0,exp->_nsubexpr * sizeof(TRexMatch)); - } - else{ - trex_free(exp); - return NULL; - } - return exp; + exp->_matches = (TRexMatch*)xmalloc(exp->_nsubexpr * sizeof(TRexMatch)); + memset(exp->_matches, 0, exp->_nsubexpr * sizeof(TRexMatch)); + } else { + trex_free(exp); + return NULL; + } + return exp; } -void trex_free(TRex *exp) -{ - if(exp) { - if(exp->_nodes) free(exp->_nodes); - if(exp->_jmpbuf) free(exp->_jmpbuf); - if(exp->_matches) free(exp->_matches); - free(exp); - } +void trex_free(TRex* exp) { + if (exp) { + xfree(exp->_nodes); + xfree(exp->_jmpbuf); + xfree(exp->_matches); + xfree(exp); + } } -TRexBool trex_match(TRex* exp,const TRexChar* text) -{ - const TRexChar* res = NULL; - exp->_bol = text; - exp->_eol = text + scstrlen(text); - exp->_currsubexp = 0; - res = trex_matchnode(exp,exp->_nodes,text,NULL); - if(res == NULL || res != exp->_eol) - return TRex_False; - return TRex_True; +TRexBool trex_match(TRex* exp, const TRexChar* text) { + const TRexChar* res = NULL; + exp->_bol = text; + exp->_eol = text + scstrlen(text); + exp->_currsubexp = 0; + res = trex_matchnode(exp, exp->_nodes, text, NULL); + if (res == NULL || res != exp->_eol) + return TRex_False; + return TRex_True; } -TRexBool trex_searchrange(TRex* exp,const TRexChar* text_begin,const TRexChar* text_end,const TRexChar** out_begin, const TRexChar** out_end) -{ - const TRexChar *cur = NULL; - int node = exp->_first; - if(text_begin >= text_end) return TRex_False; - exp->_bol = text_begin; - exp->_eol = text_end; - do { - cur = text_begin; - while(node != -1) { - exp->_currsubexp = 0; - cur = trex_matchnode(exp,&exp->_nodes[node],cur,NULL); - if(!cur) - break; - node = exp->_nodes[node].next; - } - text_begin++; - } while(cur == NULL && text_begin != text_end); +TRexBool trex_searchrange(TRex* exp, const TRexChar* text_begin, const TRexChar* text_end, const TRexChar** out_begin, const TRexChar** out_end) { + const TRexChar* cur = NULL; + int node = exp->_first; + if (text_begin >= text_end) + return TRex_False; + exp->_bol = text_begin; + exp->_eol = text_end; + do { + cur = text_begin; + while (node != -1) { + exp->_currsubexp = 0; + cur = trex_matchnode(exp, &exp->_nodes[node], cur, NULL); + if (!cur) + break; + node = exp->_nodes[node].next; + } + text_begin++; + } while (cur == NULL && text_begin != text_end); - if(cur == NULL) - return TRex_False; + if (cur == NULL) + return TRex_False; - --text_begin; + --text_begin; - if(out_begin) *out_begin = text_begin; - if(out_end) *out_end = cur; - return TRex_True; + if (out_begin) + *out_begin = text_begin; + if (out_end) + *out_end = cur; + return TRex_True; } -TRexBool trex_search(TRex* exp,const TRexChar* text, const TRexChar** out_begin, const TRexChar** out_end) -{ - return trex_searchrange(exp,text,text + scstrlen(text),out_begin,out_end); +TRexBool trex_search(TRex* exp, const TRexChar* text, const TRexChar** out_begin, const TRexChar** out_end) { + return trex_searchrange(exp, text, text + scstrlen(text), out_begin, out_end); } -int trex_getsubexpcount(TRex* exp) -{ - return exp->_nsubexpr; +int trex_getsubexpcount(TRex* exp) { + return exp->_nsubexpr; } -TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch *subexp) -{ - if( n<0 || n >= exp->_nsubexpr) return TRex_False; - *subexp = exp->_matches[n]; - return TRex_True; +TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch* subexp) { + if (n < 0 || n >= exp->_nsubexpr) + return TRex_False; + *subexp = exp->_matches[n]; + return TRex_True; } /******************************************************************************* + * arg_str: Implements the str command-line option + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -3647,36 +4522,36 @@ TRexBool trex_getsubexp(TRex* exp, int n, TRexMatch *subexp) * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include - #include "argtable3.h" +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + +#include + +static void arg_str_resetfn(struct arg_str* parent) { + int i; -static void arg_str_resetfn(struct arg_str *parent) -{ ARG_TRACE(("%s:resetfn(%p)\n", __FILE__, parent)); + for (i = 0; i < parent->count; i++) { + parent->sval[i] = ""; + } parent->count = 0; } - -static int arg_str_scanfn(struct arg_str *parent, const char *argval) -{ +static int arg_str_scanfn(struct arg_str* parent, const char* argval) { int errorcode = 0; - if (parent->count == parent->hdr.maxcount) - { + if (parent->count == parent->hdr.maxcount) { /* maximum number of arguments exceeded */ - errorcode = EMAXCOUNT; - } - else if (!argval) - { + errorcode = ARG_ERR_MAXCOUNT; + } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ - /* leave parent arguiment value unaltered but still count the argument. */ + /* leave parent argument value unaltered but still count the argument. */ parent->count++; - } - else - { + } else { parent->sval[parent->count++] = argval; } @@ -3684,117 +4559,366 @@ static int arg_str_scanfn(struct arg_str *parent, const char *argval) return errorcode; } +static int arg_str_checkfn(struct arg_str* parent) { + int errorcode = (parent->count < parent->hdr.mincount) ? ARG_ERR_MINCOUNT : 0; -static int arg_str_checkfn(struct arg_str *parent) -{ - int errorcode = (parent->count < parent->hdr.mincount) ? EMINCOUNT : 0; - ARG_TRACE(("%s:checkfn(%p) returns %d\n", __FILE__, parent, errorcode)); return errorcode; } - -static void arg_str_errorfn( - struct arg_str *parent, - FILE *fp, - int errorcode, - const char *argval, - const char *progname) -{ - const char *shortopts = parent->hdr.shortopts; - const char *longopts = parent->hdr.longopts; - const char *datatype = parent->hdr.datatype; +static void arg_str_errorfn(struct arg_str* parent, arg_dstr_t ds, int errorcode, const char* argval, const char* progname) { + const char* shortopts = parent->hdr.shortopts; + const char* longopts = parent->hdr.longopts; + const char* datatype = parent->hdr.datatype; /* make argval NULL safe */ argval = argval ? argval : ""; - fprintf(fp, "%s: ", progname); - switch(errorcode) - { - case EMINCOUNT: - fputs("missing option ", fp); - arg_print_option(fp, shortopts, longopts, datatype, "\n"); - break; + arg_dstr_catf(ds, "%s: ", progname); + switch (errorcode) { + case ARG_ERR_MINCOUNT: + arg_dstr_cat(ds, "missing option "); + arg_print_option_ds(ds, shortopts, longopts, datatype, "\n"); + break; - case EMAXCOUNT: - fputs("excess option ", fp); - arg_print_option(fp, shortopts, longopts, argval, "\n"); - break; + case ARG_ERR_MAXCOUNT: + arg_dstr_cat(ds, "excess option "); + arg_print_option_ds(ds, shortopts, longopts, argval, "\n"); + break; } } - -struct arg_str * arg_str0( - const char *shortopts, - const char *longopts, - const char *datatype, - const char *glossary) -{ +struct arg_str* arg_str0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_strn(shortopts, longopts, datatype, 0, 1, glossary); } - -struct arg_str * arg_str1( - const char *shortopts, - const char *longopts, - const char *datatype, - const char *glossary) -{ +struct arg_str* arg_str1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary) { return arg_strn(shortopts, longopts, datatype, 1, 1, glossary); } - -struct arg_str * arg_strn( - const char *shortopts, - const char *longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary) -{ +struct arg_str* arg_strn(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary) { size_t nbytes; - struct arg_str *result; + struct arg_str* result; + int i; /* should not allow this stupid error */ /* we should return an error code warning this logic error */ /* foolproof things by ensuring maxcount is not less than mincount */ maxcount = (maxcount < mincount) ? mincount : maxcount; - nbytes = sizeof(struct arg_str) /* storage for struct arg_str */ - + maxcount * sizeof(char *); /* storage for sval[maxcount] array */ + nbytes = sizeof(struct arg_str) /* storage for struct arg_str */ + + maxcount * sizeof(char*); /* storage for sval[maxcount] array */ - result = (struct arg_str *)malloc(nbytes); - if (result) - { - int i; + result = (struct arg_str*)xmalloc(nbytes); - /* init the arg_hdr struct */ - result->hdr.flag = ARG_HASVALUE; - result->hdr.shortopts = shortopts; - result->hdr.longopts = longopts; - result->hdr.datatype = datatype ? datatype : ""; - result->hdr.glossary = glossary; - result->hdr.mincount = mincount; - result->hdr.maxcount = maxcount; - result->hdr.parent = result; - result->hdr.resetfn = (arg_resetfn *)arg_str_resetfn; - result->hdr.scanfn = (arg_scanfn *)arg_str_scanfn; - result->hdr.checkfn = (arg_checkfn *)arg_str_checkfn; - result->hdr.errorfn = (arg_errorfn *)arg_str_errorfn; + /* init the arg_hdr struct */ + result->hdr.flag = ARG_HASVALUE; + result->hdr.shortopts = shortopts; + result->hdr.longopts = longopts; + result->hdr.datatype = datatype ? datatype : ""; + result->hdr.glossary = glossary; + result->hdr.mincount = mincount; + result->hdr.maxcount = maxcount; + result->hdr.parent = result; + result->hdr.resetfn = (arg_resetfn*)arg_str_resetfn; + result->hdr.scanfn = (arg_scanfn*)arg_str_scanfn; + result->hdr.checkfn = (arg_checkfn*)arg_str_checkfn; + result->hdr.errorfn = (arg_errorfn*)arg_str_errorfn; - /* store the sval[maxcount] array immediately after the arg_str struct */ - result->sval = (const char * *)(result + 1); - result->count = 0; + /* store the sval[maxcount] array immediately after the arg_str struct */ + result->sval = (const char**)(result + 1); + result->count = 0; + + /* foolproof the string pointers by initializing them to reference empty strings */ + for (i = 0; i < maxcount; i++) + result->sval[i] = ""; - /* foolproof the string pointers by initialising them to reference empty strings */ - for (i = 0; i < maxcount; i++) - result->sval[i] = ""; - } - ARG_TRACE(("arg_strn() returns %p\n", result)); return result; } /******************************************************************************* + * arg_cmd: Provides the sub-command mechanism + * + * This file is part of the argtable3 library. + * + * Copyright (C) 2013-2019 Tom G. Huang + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of STEWART HEITMANN nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL STEWART HEITMANN BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ + +#include "argtable3.h" + +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#endif + +#include +#include +#include + +#define MAX_MODULE_VERSION_SIZE 128 + +static arg_hashtable_t* s_hashtable = NULL; +static char* s_module_name = NULL; +static int s_mod_ver_major = 0; +static int s_mod_ver_minor = 0; +static int s_mod_ver_patch = 0; +static char* s_mod_ver_tag = NULL; +static char* s_mod_ver = NULL; + +void arg_set_module_name(const char* name) { + size_t slen; + + xfree(s_module_name); + slen = strlen(name); + s_module_name = (char*)xmalloc(slen + 1); + memset(s_module_name, 0, slen + 1); + +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + strncpy_s(s_module_name, slen + 1, name, slen); +#else + memcpy(s_module_name, name, slen); +#endif +} + +void arg_set_module_version(int major, int minor, int patch, const char* tag) { + size_t slen_tag, slen_ds; + arg_dstr_t ds; + + s_mod_ver_major = major; + s_mod_ver_minor = minor; + s_mod_ver_patch = patch; + + xfree(s_mod_ver_tag); + slen_tag = strlen(tag); + s_mod_ver_tag = (char*)xmalloc(slen_tag + 1); + memset(s_mod_ver_tag, 0, slen_tag + 1); + +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + strncpy_s(s_mod_ver_tag, slen_tag + 1, tag, slen_tag); +#else + memcpy(s_mod_ver_tag, tag, slen_tag); +#endif + + ds = arg_dstr_create(); + arg_dstr_catf(ds, "%d.", s_mod_ver_major); + arg_dstr_catf(ds, "%d.", s_mod_ver_minor); + arg_dstr_catf(ds, "%d.", s_mod_ver_patch); + arg_dstr_cat(ds, s_mod_ver_tag); + + xfree(s_mod_ver); + slen_ds = strlen(arg_dstr_cstr(ds)); + s_mod_ver = (char*)xmalloc(slen_ds + 1); + memset(s_mod_ver, 0, slen_ds + 1); + +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + strncpy_s(s_mod_ver, slen_ds + 1, arg_dstr_cstr(ds), slen_ds); +#else + memcpy(s_mod_ver, arg_dstr_cstr(ds), slen_ds); +#endif + + arg_dstr_destroy(ds); +} + +static unsigned int hash_key(const void* key) { + const char* str = (const char*)key; + int c; + unsigned int hash = 5381; + + while ((c = *str++) != 0) + hash = ((hash << 5) + hash) + c; /* hash * 33 + c */ + + return hash; +} + +static int equal_keys(const void* key1, const void* key2) { + char* k1 = (char*)key1; + char* k2 = (char*)key2; + return (0 == strcmp(k1, k2)); +} + +void arg_cmd_init(void) { + s_hashtable = arg_hashtable_create(32, hash_key, equal_keys); +} + +void arg_cmd_uninit(void) { + arg_hashtable_destroy(s_hashtable, 1); +} + +void arg_cmd_register(const char* name, arg_cmdfn* proc, const char* description) { + arg_cmd_info_t* cmd_info; + size_t slen_name; + void* k; + + assert(strlen(name) < ARG_CMD_NAME_LEN); + assert(strlen(description) < ARG_CMD_DESCRIPTION_LEN); + + /* Check if the command already exists. */ + /* If the command exists, replace the existing command. */ + /* If the command doesn't exist, insert the command. */ + cmd_info = (arg_cmd_info_t*)arg_hashtable_search(s_hashtable, name); + if (cmd_info) { + arg_hashtable_remove(s_hashtable, name); + cmd_info = NULL; + } + + cmd_info = (arg_cmd_info_t*)xmalloc(sizeof(arg_cmd_info_t)); + memset(cmd_info, 0, sizeof(arg_cmd_info_t)); + +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + strncpy_s(cmd_info->name, ARG_CMD_NAME_LEN, name, strlen(name)); + strncpy_s(cmd_info->description, ARG_CMD_DESCRIPTION_LEN, description, strlen(description)); +#else + memcpy(cmd_info->name, name, strlen(name)); + memcpy(cmd_info->description, description, strlen(description)); +#endif + + cmd_info->proc = proc; + + slen_name = strlen(name); + k = xmalloc(slen_name + 1); + memset(k, 0, slen_name + 1); + +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) + strncpy_s((char*)k, slen_name + 1, name, slen_name); +#else + memcpy((char*)k, name, slen_name); +#endif + + arg_hashtable_insert(s_hashtable, k, cmd_info); +} + +void arg_cmd_unregister(const char* name) { + arg_hashtable_remove(s_hashtable, name); +} + +int arg_cmd_dispatch(const char* name, int argc, char* argv[], arg_dstr_t res) { + arg_cmd_info_t* cmd_info = arg_cmd_info(name); + + assert(cmd_info != NULL); + assert(cmd_info->proc != NULL); + + return cmd_info->proc(argc, argv, res); +} + +arg_cmd_info_t* arg_cmd_info(const char* name) { + return (arg_cmd_info_t*)arg_hashtable_search(s_hashtable, name); +} + +unsigned int arg_cmd_count(void) { + return arg_hashtable_count(s_hashtable); +} + +arg_cmd_itr_t arg_cmd_itr_create(void) { + return (arg_cmd_itr_t)arg_hashtable_itr_create(s_hashtable); +} + +int arg_cmd_itr_advance(arg_cmd_itr_t itr) { + return arg_hashtable_itr_advance((arg_hashtable_itr_t*)itr); +} + +char* arg_cmd_itr_key(arg_cmd_itr_t itr) { + return (char*)arg_hashtable_itr_key((arg_hashtable_itr_t*)itr); +} + +arg_cmd_info_t* arg_cmd_itr_value(arg_cmd_itr_t itr) { + return (arg_cmd_info_t*)arg_hashtable_itr_value((arg_hashtable_itr_t*)itr); +} + +void arg_cmd_itr_destroy(arg_cmd_itr_t itr) { + arg_hashtable_itr_destroy((arg_hashtable_itr_t*)itr); +} + +int arg_cmd_itr_search(arg_cmd_itr_t itr, void* k) { + return arg_hashtable_itr_search((arg_hashtable_itr_t*)itr, s_hashtable, k); +} + +static const char* module_name(void) { + if (s_module_name == NULL || strlen(s_module_name) == 0) + return ""; + + return s_module_name; +} + +static const char* module_version(void) { + if (s_mod_ver == NULL || strlen(s_mod_ver) == 0) + return "0.0.0.0"; + + return s_mod_ver; +} + +void arg_make_get_help_msg(arg_dstr_t res) { + arg_dstr_catf(res, "%s v%s\n", module_name(), module_version()); + arg_dstr_catf(res, "Please type '%s help' to get more information.\n", module_name()); +} + +void arg_make_help_msg(arg_dstr_t ds, char* cmd_name, void** argtable) { + arg_cmd_info_t* cmd_info = (arg_cmd_info_t*)arg_hashtable_search(s_hashtable, cmd_name); + if (cmd_info) { + arg_dstr_catf(ds, "%s: %s\n", cmd_name, cmd_info->description); + } + + arg_dstr_cat(ds, "Usage:\n"); + arg_dstr_catf(ds, " %s", module_name()); + + arg_print_syntaxv_ds(ds, argtable, "\n \nAvailable options:\n"); + arg_print_glossary_ds(ds, argtable, " %-23s %s\n"); + + arg_dstr_cat(ds, "\n"); +} + +void arg_make_syntax_err_msg(arg_dstr_t ds, void** argtable, struct arg_end* end) { + arg_print_errors_ds(ds, end, module_name()); + arg_dstr_cat(ds, "Usage: \n"); + arg_dstr_catf(ds, " %s", module_name()); + arg_print_syntaxv_ds(ds, argtable, "\n"); + arg_dstr_cat(ds, "\n"); +} + +int arg_make_syntax_err_help_msg(arg_dstr_t ds, char* name, int help, int nerrors, void** argtable, struct arg_end* end, int* exitcode) { + /* help handling + * note: '-h|--help' takes precedence over error reporting + */ + if (help > 0) { + arg_make_help_msg(ds, name, argtable); + *exitcode = EXIT_SUCCESS; + return 1; + } + + /* syntax error handling */ + if (nerrors > 0) { + arg_make_syntax_err_msg(ds, argtable, end); + *exitcode = EXIT_FAILURE; + return 1; + } + + return 0; +} +/******************************************************************************* + * argtable3: Implements the main interfaces of the library + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -3824,59 +4948,64 @@ struct arg_str * arg_strn( * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************/ -#include -#include -#include -#include - #include "argtable3.h" -static -void arg_register_error(struct arg_end *end, - void *parent, - int error, - const char *argval) -{ +#ifndef ARG_AMALGAMATION +#include "argtable3_private.h" +#if ARG_REPLACE_GETOPT == 1 +#include "arg_getopt.h" +#else +#include +#endif +#else +#if ARG_REPLACE_GETOPT == 0 +#include +#endif +#endif + +#ifdef _WIN32 +#define WIN32_LEAN_AND_MEAN +#include +#undef WIN32_LEAN_AND_MEAN +#endif + +#include +#include +#include +#include +#include + +static void arg_register_error(struct arg_end* end, void* parent, int error, const char* argval) { /* printf("arg_register_error(%p,%p,%d,%s)\n",end,parent,error,argval); */ - if (end->count < end->hdr.maxcount) - { + if (end->count < end->hdr.maxcount) { end->error[end->count] = error; end->parent[end->count] = parent; end->argval[end->count] = argval; end->count++; - } - else - { - end->error[end->hdr.maxcount - 1] = ARG_ELIMIT; + } else { + end->error[end->hdr.maxcount - 1] = ARG_ELIMIT; end->parent[end->hdr.maxcount - 1] = end; end->argval[end->hdr.maxcount - 1] = NULL; } } - /* * Return index of first table entry with a matching short option * or -1 if no match was found. */ -static -int find_shortoption(struct arg_hdr * *table, char shortopt) -{ +static int find_shortoption(struct arg_hdr** table, char shortopt) { int tabindex; - for(tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - if (table[tabindex]->shortopts && - strchr(table[tabindex]->shortopts, shortopt)) + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + if (table[tabindex]->shortopts && strchr(table[tabindex]->shortopts, shortopt)) return tabindex; } return -1; } - -struct longoptions -{ +struct longoptions { int getoptval; int noptions; - struct option *options; + struct option* options; }; #if 0 @@ -3898,14 +5027,14 @@ void dump_longoptions(struct longoptions * longoptions) } #endif -static -struct longoptions * alloc_longoptions(struct arg_hdr * *table) -{ - struct longoptions *result; +static struct longoptions* alloc_longoptions(struct arg_hdr** table) { + struct longoptions* result; size_t nbytes; int noptions = 1; size_t longoptlen = 0; int tabindex; + int option_index = 0; + char* store; /* * Determine the total number of option structs required @@ -3918,156 +5047,120 @@ struct longoptions * alloc_longoptions(struct arg_hdr * *table) * and return that count in logoptlen. */ tabindex = 0; - do - { - const char *longopts = table[tabindex]->longopts; + do { + const char* longopts = table[tabindex]->longopts; longoptlen += (longopts ? strlen(longopts) : 0) + 1; - while (longopts) - { + while (longopts) { noptions++; longopts = strchr(longopts + 1, ','); } - } while(!(table[tabindex++]->flag & ARG_TERMINATOR)); + } while (!(table[tabindex++]->flag & ARG_TERMINATOR)); /*printf("%d long options consuming %d chars in total\n",noptions,longoptlen);*/ - /* allocate storage for return data structure as: */ /* (struct longoptions) + (struct options)[noptions] + char[longoptlen] */ - nbytes = sizeof(struct longoptions) - + sizeof(struct option) * noptions - + longoptlen; - result = (struct longoptions *)malloc(nbytes); - if (result) - { - int option_index = 0; - char *store; + nbytes = sizeof(struct longoptions) + sizeof(struct option) * noptions + longoptlen; + result = (struct longoptions*)xmalloc(nbytes); - result->getoptval = 0; - result->noptions = noptions; - result->options = (struct option *)(result + 1); - store = (char *)(result->options + noptions); + result->getoptval = 0; + result->noptions = noptions; + result->options = (struct option*)(result + 1); + store = (char*)(result->options + noptions); - for(tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - const char *longopts = table[tabindex]->longopts; + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + const char* longopts = table[tabindex]->longopts; - while(longopts && *longopts) - { - char *storestart = store; + while (longopts && *longopts) { + char* storestart = store; - /* copy progressive longopt strings into the store */ - while (*longopts != 0 && *longopts != ',') - *store++ = *longopts++; - *store++ = 0; - if (*longopts == ',') - longopts++; - /*fprintf(stderr,"storestart=\"%s\"\n",storestart);*/ + /* copy progressive longopt strings into the store */ + while (*longopts != 0 && *longopts != ',') + *store++ = *longopts++; + *store++ = 0; + if (*longopts == ',') + longopts++; + /*fprintf(stderr,"storestart=\"%s\"\n",storestart);*/ - result->options[option_index].name = storestart; - result->options[option_index].flag = &(result->getoptval); - result->options[option_index].val = tabindex; - if (table[tabindex]->flag & ARG_HASOPTVALUE) - result->options[option_index].has_arg = 2; - else if (table[tabindex]->flag & ARG_HASVALUE) - result->options[option_index].has_arg = 1; - else - result->options[option_index].has_arg = 0; + result->options[option_index].name = storestart; + result->options[option_index].flag = &(result->getoptval); + result->options[option_index].val = tabindex; + if (table[tabindex]->flag & ARG_HASOPTVALUE) + result->options[option_index].has_arg = 2; + else if (table[tabindex]->flag & ARG_HASVALUE) + result->options[option_index].has_arg = 1; + else + result->options[option_index].has_arg = 0; - option_index++; - } + option_index++; } - /* terminate the options array with a zero-filled entry */ - result->options[option_index].name = 0; - result->options[option_index].has_arg = 0; - result->options[option_index].flag = 0; - result->options[option_index].val = 0; } + /* terminate the options array with a zero-filled entry */ + result->options[option_index].name = 0; + result->options[option_index].has_arg = 0; + result->options[option_index].flag = 0; + result->options[option_index].val = 0; /*dump_longoptions(result);*/ return result; } -static -char * alloc_shortoptions(struct arg_hdr * *table) -{ - char *result; +static char* alloc_shortoptions(struct arg_hdr** table) { + char* result; size_t len = 2; int tabindex; + char* res; /* determine the total number of option chars required */ - for(tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - struct arg_hdr *hdr = table[tabindex]; + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + struct arg_hdr* hdr = table[tabindex]; len += 3 * (hdr->shortopts ? strlen(hdr->shortopts) : 0); } - result = malloc(len); - if (result) - { - char *res = result; + result = xmalloc(len); - /* add a leading ':' so getopt return codes distinguish */ - /* unrecognised option and options missing argument values */ - *res++ = ':'; + res = result; - for(tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - struct arg_hdr *hdr = table[tabindex]; - const char *shortopts = hdr->shortopts; - while(shortopts && *shortopts) - { - *res++ = *shortopts++; - if (hdr->flag & ARG_HASVALUE) - *res++ = ':'; - if (hdr->flag & ARG_HASOPTVALUE) - *res++ = ':'; - } + /* add a leading ':' so getopt return codes distinguish */ + /* unrecognised option and options missing argument values */ + *res++ = ':'; + + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + struct arg_hdr* hdr = table[tabindex]; + const char* shortopts = hdr->shortopts; + while (shortopts && *shortopts) { + *res++ = *shortopts++; + if (hdr->flag & ARG_HASVALUE) + *res++ = ':'; + if (hdr->flag & ARG_HASOPTVALUE) + *res++ = ':'; } - /* null terminate the string */ - *res = 0; } + /* null terminate the string */ + *res = 0; /*printf("alloc_shortoptions() returns \"%s\"\n",(result?result:"NULL"));*/ return result; } - /* return index of the table terminator entry */ -static -int arg_endindex(struct arg_hdr * *table) -{ +static int arg_endindex(struct arg_hdr** table) { int tabindex = 0; while (!(table[tabindex]->flag & ARG_TERMINATOR)) tabindex++; return tabindex; } - -static -void arg_parse_tagged(int argc, - char * *argv, - struct arg_hdr * *table, - struct arg_end *endtable) -{ - struct longoptions *longoptions; - char *shortoptions; +static void arg_parse_tagged(int argc, char** argv, struct arg_hdr** table, struct arg_end* endtable) { + struct longoptions* longoptions; + char* shortoptions; int copt; /*printf("arg_parse_tagged(%d,%p,%p,%p)\n",argc,argv,table,endtable);*/ /* allocate short and long option arrays for the given opttable[]. */ /* if the allocs fail then put an error msg in the last table entry. */ - longoptions = alloc_longoptions(table); + longoptions = alloc_longoptions(table); shortoptions = alloc_shortoptions(table); - if (!longoptions || !shortoptions) - { - /* one or both memory allocs failed */ - arg_register_error(endtable, endtable, ARG_EMALLOC, NULL); - /* free anything that was allocated (this is null safe) */ - free(shortoptions); - free(longoptions); - return; - } /*dump_longoptions(longoptions);*/ @@ -4076,135 +5169,111 @@ void arg_parse_tagged(int argc, opterr = 0; /* fetch and process args using getopt_long */ - while( (copt = - getopt_long(argc, argv, shortoptions, longoptions->options, - NULL)) != -1) - { +#ifdef ARG_LONG_ONLY + while ((copt = getopt_long_only(argc, argv, shortoptions, longoptions->options, NULL)) != -1) { +#else + while ((copt = getopt_long(argc, argv, shortoptions, longoptions->options, NULL)) != -1) { +#endif /* printf("optarg='%s'\n",optarg); printf("optind=%d\n",optind); printf("copt=%c\n",(char)copt); printf("optopt=%c (%d)\n",optopt, (int)(optopt)); */ - switch(copt) - { - case 0: - { - int tabindex = longoptions->getoptval; - void *parent = table[tabindex]->parent; - /*printf("long option detected from argtable[%d]\n", tabindex);*/ - if (optarg && optarg[0] == 0 && - (table[tabindex]->flag & ARG_HASVALUE)) - { - /* printf(": long option %s requires an argument\n",argv[optind-1]); */ - arg_register_error(endtable, endtable, ARG_EMISSARG, - argv[optind - 1]); - /* continue to scan the (empty) argument value to enforce argument count checking */ - } - if (table[tabindex]->scanfn) - { - int errorcode = table[tabindex]->scanfn(parent, optarg); - if (errorcode != 0) - arg_register_error(endtable, parent, errorcode, optarg); - } - } - break; - - case '?': - /* - * getopt_long() found an unrecognised short option. - * if it was a short option its value is in optopt - * if it was a long option then optopt=0 - */ - switch (optopt) - { - case 0: - /*printf("?0 unrecognised long option %s\n",argv[optind-1]);*/ - arg_register_error(endtable, endtable, ARG_ELONGOPT, - argv[optind - 1]); - break; - default: - /*printf("?* unrecognised short option '%c'\n",optopt);*/ - arg_register_error(endtable, endtable, optopt, NULL); - break; - } - break; - - case ':': - /* - * getopt_long() found an option with its argument missing. - */ - /*printf(": option %s requires an argument\n",argv[optind-1]); */ - arg_register_error(endtable, endtable, ARG_EMISSARG, - argv[optind - 1]); - break; - - default: - { - /* getopt_long() found a valid short option */ - int tabindex = find_shortoption(table, (char)copt); - /*printf("short option detected from argtable[%d]\n", tabindex);*/ - if (tabindex == -1) - { - /* should never get here - but handle it just in case */ - /*printf("unrecognised short option %d\n",copt);*/ - arg_register_error(endtable, endtable, copt, NULL); - } - else - { - if (table[tabindex]->scanfn) - { - void *parent = table[tabindex]->parent; + switch (copt) { + case 0: { + int tabindex = longoptions->getoptval; + void* parent = table[tabindex]->parent; + /*printf("long option detected from argtable[%d]\n", tabindex);*/ + if (optarg && optarg[0] == 0 && (table[tabindex]->flag & ARG_HASVALUE)) { + /* printf(": long option %s requires an argument\n",argv[optind-1]); */ + arg_register_error(endtable, endtable, ARG_EMISSARG, argv[optind - 1]); + /* continue to scan the (empty) argument value to enforce argument count checking */ + } + if (table[tabindex]->scanfn) { int errorcode = table[tabindex]->scanfn(parent, optarg); if (errorcode != 0) arg_register_error(endtable, parent, errorcode, optarg); } + } break; + + case '?': + /* + * getopt_long() found an unrecognised short option. + * if it was a short option its value is in optopt + * if it was a long option then optopt=0 + */ + switch (optopt) { + case 0: + /*printf("?0 unrecognised long option %s\n",argv[optind-1]);*/ + arg_register_error(endtable, endtable, ARG_ELONGOPT, argv[optind - 1]); + break; + default: + /*printf("?* unrecognised short option '%c'\n",optopt);*/ + arg_register_error(endtable, endtable, optopt, NULL); + break; + } + break; + + case ':': + /* + * getopt_long() found an option with its argument missing. + */ + /*printf(": option %s requires an argument\n",argv[optind-1]); */ + arg_register_error(endtable, endtable, ARG_EMISSARG, argv[optind - 1]); + break; + + default: { + /* getopt_long() found a valid short option */ + int tabindex = find_shortoption(table, (char)copt); + /*printf("short option detected from argtable[%d]\n", tabindex);*/ + if (tabindex == -1) { + /* should never get here - but handle it just in case */ + /*printf("unrecognised short option %d\n",copt);*/ + arg_register_error(endtable, endtable, copt, NULL); + } else { + if (table[tabindex]->scanfn) { + void* parent = table[tabindex]->parent; + int errorcode = table[tabindex]->scanfn(parent, optarg); + if (errorcode != 0) + arg_register_error(endtable, parent, errorcode, optarg); + } + } + break; } - break; - } } } - free(shortoptions); - free(longoptions); + xfree(shortoptions); + xfree(longoptions); } - -static -void arg_parse_untagged(int argc, - char * *argv, - struct arg_hdr * *table, - struct arg_end *endtable) -{ +static void arg_parse_untagged(int argc, char** argv, struct arg_hdr** table, struct arg_end* endtable) { int tabindex = 0; int errorlast = 0; - const char *optarglast = NULL; - void *parentlast = NULL; + const char* optarglast = NULL; + void* parentlast = NULL; /*printf("arg_parse_untagged(%d,%p,%p,%p)\n",argc,argv,table,endtable);*/ - while (!(table[tabindex]->flag & ARG_TERMINATOR)) - { - void *parent; + while (!(table[tabindex]->flag & ARG_TERMINATOR)) { + void* parent; int errorcode; /* if we have exhausted our argv[optind] entries then we have finished */ - if (optind >= argc) - { + if (optind >= argc) { /*printf("arg_parse_untagged(): argv[] exhausted\n");*/ return; } /* skip table entries with non-null long or short options (they are not untagged entries) */ - if (table[tabindex]->longopts || table[tabindex]->shortopts) - { + if (table[tabindex]->longopts || table[tabindex]->shortopts) { /*printf("arg_parse_untagged(): skipping argtable[%d] (tagged argument)\n",tabindex);*/ tabindex++; continue; } /* skip table entries with NULL scanfn */ - if (!(table[tabindex]->scanfn)) - { + if (!(table[tabindex]->scanfn)) { /*printf("arg_parse_untagged(): skipping argtable[%d] (NULL scanfn)\n",tabindex);*/ tabindex++; continue; @@ -4215,17 +5284,14 @@ void arg_parse_untagged(int argc, /* try again with the next table[] entry. */ parent = table[tabindex]->parent; errorcode = table[tabindex]->scanfn(parent, argv[optind]); - if (errorcode == 0) - { + if (errorcode == 0) { /* success, move onto next argv[optind] but stay with same table[tabindex] */ /*printf("arg_parse_untagged(): argtable[%d] successfully matched\n",tabindex);*/ optind++; /* clear the last tentative error */ errorlast = 0; - } - else - { + } else { /* failure, try same argv[optind] with next table[tabindex] entry */ /*printf("arg_parse_untagged(): argtable[%d] failed match\n",tabindex);*/ tabindex++; @@ -4235,20 +5301,17 @@ void arg_parse_untagged(int argc, optarglast = argv[optind]; parentlast = parent; } - } /* if a tenative error still remains at this point then register it as a proper error */ - if (errorlast) - { + if (errorlast) { arg_register_error(endtable, parentlast, errorlast, optarglast); optind++; } /* only get here when not all argv[] entries were consumed */ /* register an error for each unused argv[] entry */ - while (optind < argc) - { + while (optind < argc) { /*printf("arg_parse_untagged(): argv[%d]=\"%s\" not consumed\n",optind,argv[optind]);*/ arg_register_error(endtable, endtable, ARG_ENOMATCH, argv[optind++]); } @@ -4256,45 +5319,35 @@ void arg_parse_untagged(int argc, return; } - -static -void arg_parse_check(struct arg_hdr * *table, struct arg_end *endtable) -{ +static void arg_parse_check(struct arg_hdr** table, struct arg_end* endtable) { int tabindex = 0; /* printf("arg_parse_check()\n"); */ - do - { - if (table[tabindex]->checkfn) - { - void *parent = table[tabindex]->parent; + do { + if (table[tabindex]->checkfn) { + void* parent = table[tabindex]->parent; int errorcode = table[tabindex]->checkfn(parent); if (errorcode != 0) arg_register_error(endtable, parent, errorcode, NULL); } - } while(!(table[tabindex++]->flag & ARG_TERMINATOR)); + } while (!(table[tabindex++]->flag & ARG_TERMINATOR)); } - -static -void arg_reset(void * *argtable) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +static void arg_reset(void** argtable) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int tabindex = 0; /*printf("arg_reset(%p)\n",argtable);*/ - do - { + do { if (table[tabindex]->resetfn) table[tabindex]->resetfn(table[tabindex]->parent); - } while(!(table[tabindex++]->flag & ARG_TERMINATOR)); + } while (!(table[tabindex++]->flag & ARG_TERMINATOR)); } - -int arg_parse(int argc, char * *argv, void * *argtable) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; - struct arg_end *endtable; +int arg_parse(int argc, char** argv, void** argtable) { + struct arg_hdr** table = (struct arg_hdr**)argtable; + struct arg_end* endtable; int endindex; - char * *argvcopy = NULL; + char** argvcopy = NULL; + int i; /*printf("arg_parse(%d,%p,%p)\n",argc,argv,argtable);*/ @@ -4303,13 +5356,12 @@ int arg_parse(int argc, char * *argv, void * *argtable) /* locate the first end-of-table marker within the array */ endindex = arg_endindex(table); - endtable = (struct arg_end *)table[endindex]; + endtable = (struct arg_end*)table[endindex]; /* Special case of argc==0. This can occur on Texas Instruments DSP. */ /* Failure to trap this case results in an unwanted NULL result from */ /* the malloc for argvcopy (next code block). */ - if (argc == 0) - { + if (argc == 0) { /* We must still perform post-parse checks despite the absence of command line arguments */ arg_parse_check(table, endtable); @@ -4317,44 +5369,34 @@ int arg_parse(int argc, char * *argv, void * *argtable) return endtable->count; } - argvcopy = (char **)malloc(sizeof(char *) * (argc + 1)); - if (argvcopy) - { - int i; + argvcopy = (char**)xmalloc(sizeof(char*) * (argc + 1)); - /* - Fill in the local copy of argv[]. We need a local copy - because getopt rearranges argv[] which adversely affects - susbsequent parsing attempts. - */ - for (i = 0; i < argc; i++) - argvcopy[i] = argv[i]; + /* + Fill in the local copy of argv[]. We need a local copy + because getopt rearranges argv[] which adversely affects + susbsequent parsing attempts. + */ + for (i = 0; i < argc; i++) + argvcopy[i] = argv[i]; - argvcopy[argc] = NULL; - - /* parse the command line (local copy) for tagged options */ - arg_parse_tagged(argc, argvcopy, table, endtable); + argvcopy[argc] = NULL; - /* parse the command line (local copy) for untagged options */ - arg_parse_untagged(argc, argvcopy, table, endtable); + /* parse the command line (local copy) for tagged options */ + arg_parse_tagged(argc, argvcopy, table, endtable); - /* if no errors so far then perform post-parse checks otherwise dont bother */ - if (endtable->count == 0) - arg_parse_check(table, endtable); + /* parse the command line (local copy) for untagged options */ + arg_parse_untagged(argc, argvcopy, table, endtable); - /* release the local copt of argv[] */ - free(argvcopy); - } - else - { - /* memory alloc failed */ - arg_register_error(endtable, endtable, ARG_EMALLOC, NULL); - } + /* if no errors so far then perform post-parse checks otherwise dont bother */ + if (endtable->count == 0) + arg_parse_check(table, endtable); + + /* release the local copt of argv[] */ + xfree(argvcopy); return endtable->count; } - /* * Concatenate contents of src[] string onto *pdest[] string. * The *pdest pointer is altered to point to the end of the @@ -4375,18 +5417,16 @@ int arg_parse(int argc, char * *argv, void * *argtable) * dest[] == "goodbye cruel world!" * ndest == 10 */ -static -void arg_cat(char * *pdest, const char *src, size_t *pndest) -{ - char *dest = *pdest; - char *end = dest + *pndest; +static void arg_cat(char** pdest, const char* src, size_t* pndest) { + char* dest = *pdest; + char* end = dest + *pndest; /*locate null terminator of dest string */ - while(dest < end && *dest != 0) + while (dest < end && *dest != 0) dest++; /* concat src string to dest string */ - while(dest < end && *src != 0) + while (dest < end && *src != 0) *dest++ = *src++; /* null terminate dest string */ @@ -4394,20 +5434,11 @@ void arg_cat(char * *pdest, const char *src, size_t *pndest) /* update *pdest and *pndest */ *pndest = end - dest; - *pdest = dest; + *pdest = dest; } - -static -void arg_cat_option(char *dest, - size_t ndest, - const char *shortopts, - const char *longopts, - const char *datatype, - int optvalue) -{ - if (shortopts) - { +static void arg_cat_option(char* dest, size_t ndest, const char* shortopts, const char* longopts, const char* datatype, int optvalue) { + if (shortopts) { char option[3]; /* note: option array[] is initialiazed dynamically here to satisfy */ @@ -4417,21 +5448,16 @@ void arg_cat_option(char *dest, option[2] = 0; arg_cat(&dest, option, &ndest); - if (datatype) - { + if (datatype) { arg_cat(&dest, " ", &ndest); - if (optvalue) - { + if (optvalue) { arg_cat(&dest, "[", &ndest); arg_cat(&dest, datatype, &ndest); arg_cat(&dest, "]", &ndest); - } - else + } else arg_cat(&dest, datatype, &ndest); } - } - else if (longopts) - { + } else if (longopts) { size_t ncspn; /* add "--" tag prefix */ @@ -4439,54 +5465,37 @@ void arg_cat_option(char *dest, /* add comma separated option tag */ ncspn = strcspn(longopts, ","); -#ifdef __STDC_WANT_SECURE_LIB__ +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) strncat_s(dest, ndest, longopts, (ncspn < ndest) ? ncspn : ndest); #else strncat(dest, longopts, (ncspn < ndest) ? ncspn : ndest); #endif - if (datatype) - { + if (datatype) { arg_cat(&dest, "=", &ndest); - if (optvalue) - { + if (optvalue) { arg_cat(&dest, "[", &ndest); arg_cat(&dest, datatype, &ndest); arg_cat(&dest, "]", &ndest); - } - else + } else arg_cat(&dest, datatype, &ndest); } - } - else if (datatype) - { - if (optvalue) - { + } else if (datatype) { + if (optvalue) { arg_cat(&dest, "[", &ndest); arg_cat(&dest, datatype, &ndest); arg_cat(&dest, "]", &ndest); - } - else + } else arg_cat(&dest, datatype, &ndest); } } -static -void arg_cat_optionv(char *dest, - size_t ndest, - const char *shortopts, - const char *longopts, - const char *datatype, - int optvalue, - const char *separator) -{ +static void arg_cat_optionv(char* dest, size_t ndest, const char* shortopts, const char* longopts, const char* datatype, int optvalue, const char* separator) { separator = separator ? separator : ""; - if (shortopts) - { - const char *c = shortopts; - while(*c) - { + if (shortopts) { + const char* c = shortopts; + while (*c) { /* "-a|-b|-c" */ char shortopt[3]; @@ -4506,11 +5515,9 @@ void arg_cat_optionv(char *dest, if (shortopts && longopts) arg_cat(&dest, separator, &ndest); - if (longopts) - { - const char *c = longopts; - while(*c) - { + if (longopts) { + const char* c = longopts; + while (*c) { size_t ncspn; /* add "--" tag prefix */ @@ -4518,7 +5525,7 @@ void arg_cat_optionv(char *dest, /* add comma separated option tag */ ncspn = strcspn(c, ","); -#ifdef __STDC_WANT_SECURE_LIB__ +#if (defined(__STDC_LIB_EXT1__) && defined(__STDC_WANT_LIB_EXT1__)) || (defined(__STDC_SECURE_LIB__) && defined(__STDC_WANT_SECURE_LIB__)) strncat_s(dest, ndest, c, (ncspn < ndest) ? ncspn : ndest); #else strncat(dest, c, (ncspn < ndest) ? ncspn : ndest); @@ -4526,75 +5533,60 @@ void arg_cat_optionv(char *dest, c += ncspn; /* add given separator in place of comma */ - if (*c == ',') - { + if (*c == ',') { arg_cat(&dest, separator, &ndest); c++; } } } - if (datatype) - { + if (datatype) { if (longopts) arg_cat(&dest, "=", &ndest); else if (shortopts) arg_cat(&dest, " ", &ndest); - if (optvalue) - { + if (optvalue) { arg_cat(&dest, "[", &ndest); arg_cat(&dest, datatype, &ndest); arg_cat(&dest, "]", &ndest); - } - else + } else arg_cat(&dest, datatype, &ndest); } } - -/* this function should be deprecated because it doesnt consider optional argument values (ARG_HASOPTVALUE) */ -void arg_print_option(FILE *fp, - const char *shortopts, - const char *longopts, - const char *datatype, - const char *suffix) -{ +void arg_print_option_ds(arg_dstr_t ds, const char* shortopts, const char* longopts, const char* datatype, const char* suffix) { char syntax[200] = ""; suffix = suffix ? suffix : ""; /* there is no way of passing the proper optvalue for optional argument values here, so we must ignore it */ - arg_cat_optionv(syntax, - sizeof(syntax), - shortopts, - longopts, - datatype, - 0, - "|"); + arg_cat_optionv(syntax, sizeof(syntax) - 1, shortopts, longopts, datatype, 0, "|"); - fputs(syntax, fp); - fputs(suffix, fp); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, (char*)suffix); } +/* this function should be deprecated because it doesn't consider optional argument values (ARG_HASOPTVALUE) */ +void arg_print_option(FILE* fp, const char* shortopts, const char* longopts, const char* datatype, const char* suffix) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_option_ds(ds, shortopts, longopts, datatype, suffix); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} /* * Print a GNU style [OPTION] string in which all short options that * do not take argument values are presented in abbreviated form, as * in: -xvfsd, or -xvf[sd], or [-xvsfd] */ -static -void arg_print_gnuswitch(FILE *fp, struct arg_hdr * *table) -{ +static void arg_print_gnuswitch_ds(arg_dstr_t ds, struct arg_hdr** table) { int tabindex; - char *format1 = " -%c"; - char *format2 = " [-%c"; - char *suffix = ""; + char* format1 = " -%c"; + char* format2 = " [-%c"; + char* suffix = ""; /* print all mandatory switches that are without argument values */ - for(tabindex = 0; - table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); - tabindex++) - { + for (tabindex = 0; table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { /* skip optional options */ if (table[tabindex]->mincount < 1) continue; @@ -4608,16 +5600,13 @@ void arg_print_gnuswitch(FILE *fp, struct arg_hdr * *table) continue; /* print the short option (only the first short option char, ignore multiple choices)*/ - fprintf(fp, format1, table[tabindex]->shortopts[0]); + arg_dstr_catf(ds, format1, table[tabindex]->shortopts[0]); format1 = "%c"; format2 = "[%c"; } /* print all optional switches that are without argument values */ - for(tabindex = 0; - table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); - tabindex++) - { + for (tabindex = 0; table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { /* skip mandatory args */ if (table[tabindex]->mincount > 0) continue; @@ -4631,152 +5620,161 @@ void arg_print_gnuswitch(FILE *fp, struct arg_hdr * *table) continue; /* print first short option */ - fprintf(fp, format2, table[tabindex]->shortopts[0]); + arg_dstr_catf(ds, format2, table[tabindex]->shortopts[0]); format2 = "%c"; suffix = "]"; } - fprintf(fp, "%s", suffix); + arg_dstr_catf(ds, "%s", suffix); } - -void arg_print_syntax(FILE *fp, void * *argtable, const char *suffix) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_print_syntax_ds(arg_dstr_t ds, void** argtable, const char* suffix) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int i, tabindex; /* print GNU style [OPTION] string */ - arg_print_gnuswitch(fp, table); + arg_print_gnuswitch_ds(ds, table); /* print remaining options in abbreviated style */ - for(tabindex = 0; - table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); - tabindex++) - { + for (tabindex = 0; table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { char syntax[200] = ""; const char *shortopts, *longopts, *datatype; /* skip short options without arg values (they were printed by arg_print_gnu_switch) */ - if (table[tabindex]->shortopts && - !(table[tabindex]->flag & ARG_HASVALUE)) + if (table[tabindex]->shortopts && !(table[tabindex]->flag & ARG_HASVALUE)) continue; shortopts = table[tabindex]->shortopts; - longopts = table[tabindex]->longopts; - datatype = table[tabindex]->datatype; - arg_cat_option(syntax, - sizeof(syntax), - shortopts, - longopts, - datatype, - table[tabindex]->flag & ARG_HASOPTVALUE); + longopts = table[tabindex]->longopts; + datatype = table[tabindex]->datatype; + arg_cat_option(syntax, sizeof(syntax) - 1, shortopts, longopts, datatype, table[tabindex]->flag & ARG_HASOPTVALUE); - if (strlen(syntax) > 0) - { + if (strlen(syntax) > 0) { /* print mandatory instances of this option */ - for (i = 0; i < table[tabindex]->mincount; i++) - fprintf(fp, " %s", syntax); + for (i = 0; i < table[tabindex]->mincount; i++) { + arg_dstr_cat(ds, " "); + arg_dstr_cat(ds, syntax); + } /* print optional instances enclosed in "[..]" */ - switch ( table[tabindex]->maxcount - table[tabindex]->mincount ) - { - case 0: - break; - case 1: - fprintf(fp, " [%s]", syntax); - break; - case 2: - fprintf(fp, " [%s] [%s]", syntax, syntax); - break; - default: - fprintf(fp, " [%s]...", syntax); - break; + switch (table[tabindex]->maxcount - table[tabindex]->mincount) { + case 0: + break; + case 1: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + break; + case 2: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + break; + default: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]..."); + break; } } } - if (suffix) - fprintf(fp, "%s", suffix); + if (suffix) { + arg_dstr_cat(ds, (char*)suffix); + } } +void arg_print_syntax(FILE* fp, void** argtable, const char* suffix) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_syntax_ds(ds, argtable, suffix); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} -void arg_print_syntaxv(FILE *fp, void * *argtable, const char *suffix) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_print_syntaxv_ds(arg_dstr_t ds, void** argtable, const char* suffix) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int i, tabindex; /* print remaining options in abbreviated style */ - for(tabindex = 0; - table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); - tabindex++) - { + for (tabindex = 0; table[tabindex] && !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { char syntax[200] = ""; const char *shortopts, *longopts, *datatype; shortopts = table[tabindex]->shortopts; - longopts = table[tabindex]->longopts; - datatype = table[tabindex]->datatype; - arg_cat_optionv(syntax, - sizeof(syntax), - shortopts, - longopts, - datatype, - table[tabindex]->flag & ARG_HASOPTVALUE, - "|"); + longopts = table[tabindex]->longopts; + datatype = table[tabindex]->datatype; + arg_cat_optionv(syntax, sizeof(syntax) - 1, shortopts, longopts, datatype, table[tabindex]->flag & ARG_HASOPTVALUE, "|"); /* print mandatory options */ - for (i = 0; i < table[tabindex]->mincount; i++) - fprintf(fp, " %s", syntax); + for (i = 0; i < table[tabindex]->mincount; i++) { + arg_dstr_cat(ds, " "); + arg_dstr_cat(ds, syntax); + } /* print optional args enclosed in "[..]" */ - switch ( table[tabindex]->maxcount - table[tabindex]->mincount ) - { - case 0: - break; - case 1: - fprintf(fp, " [%s]", syntax); - break; - case 2: - fprintf(fp, " [%s] [%s]", syntax, syntax); - break; - default: - fprintf(fp, " [%s]...", syntax); - break; + switch (table[tabindex]->maxcount - table[tabindex]->mincount) { + case 0: + break; + case 1: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + break; + case 2: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]"); + break; + default: + arg_dstr_cat(ds, " ["); + arg_dstr_cat(ds, syntax); + arg_dstr_cat(ds, "]..."); + break; } } - if (suffix) - fprintf(fp, "%s", suffix); + if (suffix) { + arg_dstr_cat(ds, (char*)suffix); + } } +void arg_print_syntaxv(FILE* fp, void** argtable, const char* suffix) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_syntaxv_ds(ds, argtable, suffix); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} -void arg_print_glossary(FILE *fp, void * *argtable, const char *format) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_print_glossary_ds(arg_dstr_t ds, void** argtable, const char* format) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int tabindex; format = format ? format : " %-20s %s\n"; - for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - if (table[tabindex]->glossary) - { + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + if (table[tabindex]->glossary) { char syntax[200] = ""; - const char *shortopts = table[tabindex]->shortopts; - const char *longopts = table[tabindex]->longopts; - const char *datatype = table[tabindex]->datatype; - const char *glossary = table[tabindex]->glossary; - arg_cat_optionv(syntax, - sizeof(syntax), - shortopts, - longopts, - datatype, - table[tabindex]->flag & ARG_HASOPTVALUE, - ", "); - fprintf(fp, format, syntax, glossary); + const char* shortopts = table[tabindex]->shortopts; + const char* longopts = table[tabindex]->longopts; + const char* datatype = table[tabindex]->datatype; + const char* glossary = table[tabindex]->glossary; + arg_cat_optionv(syntax, sizeof(syntax) - 1, shortopts, longopts, datatype, table[tabindex]->flag & ARG_HASOPTVALUE, ", "); + arg_dstr_catf(ds, format, syntax, glossary); } } } +void arg_print_glossary(FILE* fp, void** argtable, const char* format) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_glossary_ds(ds, argtable, format); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} /** * Print a piece of text formatted, which means in a column with a @@ -4810,65 +5808,62 @@ void arg_print_glossary(FILE *fp, void * *argtable, const char *format) * * Author: Uli Fouquet */ -static -void arg_print_formatted( FILE *fp, - const unsigned lmargin, - const unsigned rmargin, - const char *text ) -{ - const unsigned textlen = (unsigned)strlen( text ); - unsigned line_start = 0; - unsigned line_end = textlen + 1; - const unsigned colwidth = (rmargin - lmargin) + 1; +static void arg_print_formatted_ds(arg_dstr_t ds, const unsigned lmargin, const unsigned rmargin, const char* text) { + const unsigned int textlen = (unsigned int)strlen(text); + unsigned int line_start = 0; + unsigned int line_end = textlen; + const unsigned int colwidth = (rmargin - lmargin) + 1; + + assert(strlen(text) < UINT_MAX); /* Someone doesn't like us... */ - if ( line_end < line_start ) - { fprintf( fp, "%s\n", text ); } + if (line_end < line_start) { + arg_dstr_catf(ds, "%s\n", text); + } - while (line_end - 1 > line_start ) - { - /* Eat leading whitespaces. This is essential because while + while (line_end > line_start) { + /* Eat leading white spaces. This is essential because while wrapping lines, there will often be a whitespace at beginning of line */ - while ( ISSPACE(*(text + line_start)) ) - { line_start++; } - - if ((line_end - line_start) > colwidth ) - { line_end = line_start + colwidth; } - - /* Find last whitespace, that fits into line */ - while ( ( line_end > line_start ) - && ( line_end - line_start > colwidth ) - && !ISSPACE(*(text + line_end))) - { line_end--; } - - /* Do not print trailing whitespace. If this text - has got only one line, line_end now points to the - last char due to initialization. */ - line_end--; - - /* Output line of text */ - while ( line_start < line_end ) - { - fputc(*(text + line_start), fp ); + while (isspace(*(text + line_start))) { line_start++; } - fputc( '\n', fp ); + + /* Find last whitespace, that fits into line */ + if (line_end - line_start > colwidth) { + line_end = line_start + colwidth; + + while ((line_end > line_start) && !isspace(*(text + line_end))) { + line_end--; + } + + /* Consume trailing spaces */ + while ((line_end > line_start) && isspace(*(text + line_end))) { + line_end--; + } + + /* Restore the last non-space character */ + line_end++; + } + + /* Output line of text */ + while (line_start < line_end) { + char c = *(text + line_start); + arg_dstr_catc(ds, c); + line_start++; + } + arg_dstr_cat(ds, "\n"); /* Initialize another line */ - if ( line_end + 1 < textlen ) - { + if (line_end < textlen) { unsigned i; - for (i = 0; i < lmargin; i++ ) - { fputc( ' ', fp ); } + for (i = 0; i < lmargin; i++) { + arg_dstr_cat(ds, " "); + } line_end = textlen; } - - /* If we have to print another line, get also the last char. */ - line_end++; - } /* lines of text */ } @@ -4881,59 +5876,53 @@ void arg_print_formatted( FILE *fp, * * Contributed by Uli Fouquet */ -void arg_print_glossary_gnu(FILE *fp, void * *argtable ) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_print_glossary_gnu_ds(arg_dstr_t ds, void** argtable) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int tabindex; - for(tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) - { - if (table[tabindex]->glossary) - { + for (tabindex = 0; !(table[tabindex]->flag & ARG_TERMINATOR); tabindex++) { + if (table[tabindex]->glossary) { char syntax[200] = ""; - const char *shortopts = table[tabindex]->shortopts; - const char *longopts = table[tabindex]->longopts; - const char *datatype = table[tabindex]->datatype; - const char *glossary = table[tabindex]->glossary; + const char* shortopts = table[tabindex]->shortopts; + const char* longopts = table[tabindex]->longopts; + const char* datatype = table[tabindex]->datatype; + const char* glossary = table[tabindex]->glossary; - if ( !shortopts && longopts ) - { + if (!shortopts && longopts) { /* Indent trailing line by 4 spaces... */ - memset( syntax, ' ', 4 ); + memset(syntax, ' ', 4); *(syntax + 4) = '\0'; } - arg_cat_optionv(syntax, - sizeof(syntax), - shortopts, - longopts, - datatype, - table[tabindex]->flag & ARG_HASOPTVALUE, - ", "); + arg_cat_optionv(syntax, sizeof(syntax) - 1, shortopts, longopts, datatype, table[tabindex]->flag & ARG_HASOPTVALUE, ", "); /* If syntax fits not into column, print glossary in new line... */ - if ( strlen(syntax) > 25 ) - { - fprintf( fp, " %-25s %s\n", syntax, "" ); + if (strlen(syntax) > 25) { + arg_dstr_catf(ds, " %-25s %s\n", syntax, ""); *syntax = '\0'; } - fprintf( fp, " %-25s ", syntax ); - arg_print_formatted( fp, 28, 79, glossary ); + arg_dstr_catf(ds, " %-25s ", syntax); + arg_print_formatted_ds(ds, 28, 79, glossary); } } /* for each table entry */ - fputc( '\n', fp ); + arg_dstr_cat(ds, "\n"); } +void arg_print_glossary_gnu(FILE* fp, void** argtable) { + arg_dstr_t ds = arg_dstr_create(); + arg_print_glossary_gnu_ds(ds, argtable); + fputs(arg_dstr_cstr(ds), fp); + arg_dstr_destroy(ds); +} /** * Checks the argtable[] array for NULL entries and returns 1 * if any are found, zero otherwise. */ -int arg_nullcheck(void * *argtable) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +int arg_nullcheck(void** argtable) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int tabindex; /*printf("arg_nullcheck(%p)\n",argtable);*/ @@ -4941,17 +5930,15 @@ int arg_nullcheck(void * *argtable) return 1; tabindex = 0; - do - { + do { /*printf("argtable[%d]=%p\n",tabindex,argtable[tabindex]);*/ if (!table[tabindex]) return 1; - } while(!(table[tabindex++]->flag & ARG_TERMINATOR)); + } while (!(table[tabindex++]->flag & ARG_TERMINATOR)); return 0; } - /* * arg_free() is deprecated in favour of arg_freetable() due to a flaw in its design. * The flaw results in memory leak in the (very rare) case that an intermediate @@ -4963,14 +5950,12 @@ int arg_nullcheck(void * *argtable) * with the newer arg_freetable() function. * We still keep arg_free() for backwards compatibility. */ -void arg_free(void * *argtable) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_free(void** argtable) { + struct arg_hdr** table = (struct arg_hdr**)argtable; int tabindex = 0; int flag; /*printf("arg_free(%p)\n",argtable);*/ - do - { + do { /* if we encounter a NULL entry then somewhat incorrectly we presume we have come to the end of the array. It isnt strictly true because @@ -4981,25 +5966,31 @@ void arg_free(void * *argtable) break; flag = table[tabindex]->flag; - free(table[tabindex]); + xfree(table[tabindex]); table[tabindex++] = NULL; - } while(!(flag & ARG_TERMINATOR)); + } while (!(flag & ARG_TERMINATOR)); } /* frees each non-NULL element of argtable[], where n is the size of the number of entries in the array */ -void arg_freetable(void * *argtable, size_t n) -{ - struct arg_hdr * *table = (struct arg_hdr * *)argtable; +void arg_freetable(void** argtable, size_t n) { + struct arg_hdr** table = (struct arg_hdr**)argtable; size_t tabindex = 0; /*printf("arg_freetable(%p)\n",argtable);*/ - for (tabindex = 0; tabindex < n; tabindex++) - { + for (tabindex = 0; tabindex < n; tabindex++) { if (table[tabindex] == NULL) continue; - free(table[tabindex]); + xfree(table[tabindex]); table[tabindex] = NULL; }; } +#ifdef _WIN32 +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { + return TRUE; + UNREFERENCED_PARAMETER(hinstDLL); + UNREFERENCED_PARAMETER(fdwReason); + UNREFERENCED_PARAMETER(lpvReserved); +} +#endif diff --git a/client/cliparser/argtable3.h b/client/cliparser/argtable3.h index 1107de25..487c22d3 100644 --- a/client/cliparser/argtable3.h +++ b/client/cliparser/argtable3.h @@ -1,4 +1,6 @@ /******************************************************************************* + * argtable3: Declares the main interfaces of the library + * * This file is part of the argtable3 library. * * Copyright (C) 1998-2001,2003-2011,2013 Stewart Heitmann @@ -31,273 +33,239 @@ #ifndef ARGTABLE3 #define ARGTABLE3 -#include /* FILE */ -#include /* struct tm */ +#include /* FILE */ +#include /* struct tm */ #ifdef __cplusplus extern "C" { #endif #define ARG_REX_ICASE 1 - +#define ARG_DSTR_SIZE 200 +#define ARG_CMD_NAME_LEN 100 +#define ARG_CMD_DESCRIPTION_LEN 256 + +#ifndef ARG_REPLACE_GETOPT +#define ARG_REPLACE_GETOPT 1 /* use the embedded getopt as the system getopt(3) */ +#endif /* ARG_REPLACE_GETOPT */ + /* bit masks for arg_hdr.flag */ -enum -{ - ARG_TERMINATOR=0x1, - ARG_HASVALUE=0x2, - ARG_HASOPTVALUE=0x4 -}; +enum { ARG_TERMINATOR = 0x1, ARG_HASVALUE = 0x2, ARG_HASOPTVALUE = 0x4 }; -typedef void (arg_resetfn)(void *parent); -typedef int (arg_scanfn)(void *parent, const char *argval); -typedef int (arg_checkfn)(void *parent); -typedef void (arg_errorfn)(void *parent, FILE *fp, int error, const char *argval, const char *progname); +#if defined(_WIN32) + #if defined(argtable3_EXPORTS) + #define ARG_EXTERN __declspec(dllexport) + #elif defined(argtable3_IMPORTS) + #define ARG_EXTERN __declspec(dllimport) + #else + #define ARG_EXTERN + #endif +#else + #define ARG_EXTERN +#endif +typedef struct _internal_arg_dstr* arg_dstr_t; +typedef void* arg_cmd_itr_t; + +typedef void(arg_resetfn)(void* parent); +typedef int(arg_scanfn)(void* parent, const char* argval); +typedef int(arg_checkfn)(void* parent); +typedef void(arg_errorfn)(void* parent, arg_dstr_t ds, int error, const char* argval, const char* progname); +typedef void(arg_dstr_freefn)(char* buf); +typedef int(arg_cmdfn)(int argc, char* argv[], arg_dstr_t res); +typedef int(arg_comparefn)(const void* k1, const void* k2); /* -* The arg_hdr struct defines properties that are common to all arg_xxx structs. -* The argtable library requires each arg_xxx struct to have an arg_hdr -* struct as its first data member. -* The argtable library functions then use this data to identify the -* properties of the command line option, such as its option tags, -* datatype string, and glossary strings, and so on. -* Moreover, the arg_hdr struct contains pointers to custom functions that -* are provided by each arg_xxx struct which perform the tasks of parsing -* that particular arg_xxx arguments, performing post-parse checks, and -* reporting errors. -* These functions are private to the individual arg_xxx source code -* and are the pointer to them are initiliased by that arg_xxx struct's -* constructor function. The user could alter them after construction -* if desired, but the original intention is for them to be set by the -* constructor and left unaltered. -*/ -struct arg_hdr -{ - char flag; /* Modifier flags: ARG_TERMINATOR, ARG_HASVALUE. */ - const char *shortopts; /* String defining the short options */ - const char *longopts; /* String defiing the long options */ - const char *datatype; /* Description of the argument data type */ - const char *glossary; /* Description of the option as shown by arg_print_glossary function */ - int mincount; /* Minimum number of occurences of this option accepted */ - int maxcount; /* Maximum number of occurences if this option accepted */ - void *parent; /* Pointer to parent arg_xxx struct */ - arg_resetfn *resetfn; /* Pointer to parent arg_xxx reset function */ - arg_scanfn *scanfn; /* Pointer to parent arg_xxx scan function */ - arg_checkfn *checkfn; /* Pointer to parent arg_xxx check function */ - arg_errorfn *errorfn; /* Pointer to parent arg_xxx error function */ - void *priv; /* Pointer to private header data for use by arg_xxx functions */ -}; + * The arg_hdr struct defines properties that are common to all arg_xxx structs. + * The argtable library requires each arg_xxx struct to have an arg_hdr + * struct as its first data member. + * The argtable library functions then use this data to identify the + * properties of the command line option, such as its option tags, + * datatype string, and glossary strings, and so on. + * Moreover, the arg_hdr struct contains pointers to custom functions that + * are provided by each arg_xxx struct which perform the tasks of parsing + * that particular arg_xxx arguments, performing post-parse checks, and + * reporting errors. + * These functions are private to the individual arg_xxx source code + * and are the pointer to them are initiliased by that arg_xxx struct's + * constructor function. The user could alter them after construction + * if desired, but the original intention is for them to be set by the + * constructor and left unaltered. + */ +typedef struct arg_hdr { + char flag; /* Modifier flags: ARG_TERMINATOR, ARG_HASVALUE. */ + const char* shortopts; /* String defining the short options */ + const char* longopts; /* String defiing the long options */ + const char* datatype; /* Description of the argument data type */ + const char* glossary; /* Description of the option as shown by arg_print_glossary function */ + int mincount; /* Minimum number of occurences of this option accepted */ + int maxcount; /* Maximum number of occurences if this option accepted */ + void* parent; /* Pointer to parent arg_xxx struct */ + arg_resetfn* resetfn; /* Pointer to parent arg_xxx reset function */ + arg_scanfn* scanfn; /* Pointer to parent arg_xxx scan function */ + arg_checkfn* checkfn; /* Pointer to parent arg_xxx check function */ + arg_errorfn* errorfn; /* Pointer to parent arg_xxx error function */ + void* priv; /* Pointer to private header data for use by arg_xxx functions */ +} arg_hdr_t; -struct arg_rem -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ -}; +typedef struct arg_rem { + struct arg_hdr hdr; /* The mandatory argtable header struct */ +} arg_rem_t; -struct arg_lit -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args */ -}; +typedef struct arg_lit { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args */ +} arg_lit_t; -struct arg_int -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args */ - int *ival; /* Array of parsed argument values */ -}; +typedef struct arg_int { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args */ + int* ival; /* Array of parsed argument values */ +} arg_int_t; -struct arg_dbl -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args */ - double *dval; /* Array of parsed argument values */ -}; +typedef struct arg_dbl { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args */ + double* dval; /* Array of parsed argument values */ +} arg_dbl_t; -struct arg_str -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args */ - const char **sval; /* Array of parsed argument values */ -}; +typedef struct arg_str { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args */ + const char** sval; /* Array of parsed argument values */ +} arg_str_t; -struct arg_rex -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args */ - const char **sval; /* Array of parsed argument values */ -}; +typedef struct arg_rex { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args */ + const char** sval; /* Array of parsed argument values */ +} arg_rex_t; -struct arg_file -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of matching command line args*/ - const char **filename; /* Array of parsed filenames (eg: /home/foo.bar) */ - const char **basename; /* Array of parsed basenames (eg: foo.bar) */ - const char **extension; /* Array of parsed extensions (eg: .bar) */ -}; +typedef struct arg_file { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of matching command line args*/ + const char** filename; /* Array of parsed filenames (eg: /home/foo.bar) */ + const char** basename; /* Array of parsed basenames (eg: foo.bar) */ + const char** extension; /* Array of parsed extensions (eg: .bar) */ +} arg_file_t; -struct arg_date -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - const char *format; /* strptime format string used to parse the date */ - int count; /* Number of matching command line args */ - struct tm *tmval; /* Array of parsed time values */ -}; +typedef struct arg_date { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + const char* format; /* strptime format string used to parse the date */ + int count; /* Number of matching command line args */ + struct tm* tmval; /* Array of parsed time values */ +} arg_date_t; -enum {ARG_ELIMIT=1, ARG_EMALLOC, ARG_ENOMATCH, ARG_ELONGOPT, ARG_EMISSARG}; -struct arg_end -{ - struct arg_hdr hdr; /* The mandatory argtable header struct */ - int count; /* Number of errors encountered */ - int *error; /* Array of error codes */ - void **parent; /* Array of pointers to offending arg_xxx struct */ - const char **argval; /* Array of pointers to offending argv[] string */ -}; +enum { ARG_ELIMIT = 1, ARG_EMALLOC, ARG_ENOMATCH, ARG_ELONGOPT, ARG_EMISSARG }; +typedef struct arg_end { + struct arg_hdr hdr; /* The mandatory argtable header struct */ + int count; /* Number of errors encountered */ + int* error; /* Array of error codes */ + void** parent; /* Array of pointers to offending arg_xxx struct */ + const char** argval; /* Array of pointers to offending argv[] string */ +} arg_end_t; +typedef struct arg_cmd_info { + char name[ARG_CMD_NAME_LEN]; + char description[ARG_CMD_DESCRIPTION_LEN]; + arg_cmdfn* proc; +} arg_cmd_info_t; /**** arg_xxx constructor functions *********************************/ -struct arg_rem* arg_rem(const char* datatype, const char* glossary); +ARG_EXTERN struct arg_rem* arg_rem(const char* datatype, const char* glossary); -struct arg_lit* arg_lit0(const char* shortopts, - const char* longopts, - const char* glossary); -struct arg_lit* arg_lit1(const char* shortopts, - const char* longopts, - const char *glossary); -struct arg_lit* arg_litn(const char* shortopts, - const char* longopts, - int mincount, - int maxcount, - const char *glossary); +ARG_EXTERN struct arg_lit* arg_lit0(const char* shortopts, const char* longopts, const char* glossary); +ARG_EXTERN struct arg_lit* arg_lit1(const char* shortopts, const char* longopts, const char* glossary); +ARG_EXTERN struct arg_lit* arg_litn(const char* shortopts, const char* longopts, int mincount, int maxcount, const char* glossary); -struct arg_key* arg_key0(const char* keyword, - int flags, - const char* glossary); -struct arg_key* arg_key1(const char* keyword, - int flags, - const char* glossary); -struct arg_key* arg_keyn(const char* keyword, - int flags, - int mincount, - int maxcount, - const char* glossary); +ARG_EXTERN struct arg_int* arg_int0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_int* arg_int1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_int* arg_intn(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary); -struct arg_int* arg_int0(const char* shortopts, - const char* longopts, - const char* datatype, - const char* glossary); -struct arg_int* arg_int1(const char* shortopts, - const char* longopts, - const char* datatype, - const char *glossary); -struct arg_int* arg_intn(const char* shortopts, - const char* longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary); +ARG_EXTERN struct arg_dbl* arg_dbl0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_dbl* arg_dbl1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_dbl* arg_dbln(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary); -struct arg_dbl* arg_dbl0(const char* shortopts, - const char* longopts, - const char* datatype, - const char* glossary); -struct arg_dbl* arg_dbl1(const char* shortopts, - const char* longopts, - const char* datatype, - const char *glossary); -struct arg_dbl* arg_dbln(const char* shortopts, - const char* longopts, - const char *datatype, - int mincount, - int maxcount, - const char *glossary); +ARG_EXTERN struct arg_str* arg_str0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_str* arg_str1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_str* arg_strn(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary); -struct arg_str* arg_str0(const char* shortopts, - const char* longopts, - const char* datatype, - const char* glossary); -struct arg_str* arg_str1(const char* shortopts, - const char* longopts, - const char* datatype, - const char *glossary); -struct arg_str* arg_strn(const char* shortopts, - const char* longopts, - const char* datatype, - int mincount, - int maxcount, - const char *glossary); +ARG_EXTERN struct arg_rex* arg_rex0(const char* shortopts, const char* longopts, const char* pattern, const char* datatype, int flags, const char* glossary); +ARG_EXTERN struct arg_rex* arg_rex1(const char* shortopts, const char* longopts, const char* pattern, const char* datatype, int flags, const char* glossary); +ARG_EXTERN struct arg_rex* arg_rexn(const char* shortopts, + const char* longopts, + const char* pattern, + const char* datatype, + int mincount, + int maxcount, + int flags, + const char* glossary); -struct arg_rex* arg_rex0(const char* shortopts, - const char* longopts, - const char* pattern, - const char* datatype, - int flags, - const char* glossary); -struct arg_rex* arg_rex1(const char* shortopts, - const char* longopts, - const char* pattern, - const char* datatype, - int flags, - const char *glossary); -struct arg_rex* arg_rexn(const char* shortopts, - const char* longopts, - const char* pattern, - const char* datatype, - int mincount, - int maxcount, - int flags, - const char *glossary); +ARG_EXTERN struct arg_file* arg_file0(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_file* arg_file1(const char* shortopts, const char* longopts, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_file* arg_filen(const char* shortopts, const char* longopts, const char* datatype, int mincount, int maxcount, const char* glossary); -struct arg_file* arg_file0(const char* shortopts, - const char* longopts, - const char* datatype, - const char* glossary); -struct arg_file* arg_file1(const char* shortopts, - const char* longopts, - const char* datatype, - const char *glossary); -struct arg_file* arg_filen(const char* shortopts, - const char* longopts, - const char* datatype, - int mincount, - int maxcount, - const char *glossary); +ARG_EXTERN struct arg_date* arg_date0(const char* shortopts, const char* longopts, const char* format, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_date* arg_date1(const char* shortopts, const char* longopts, const char* format, const char* datatype, const char* glossary); +ARG_EXTERN struct arg_date* arg_daten(const char* shortopts, const char* longopts, const char* format, const char* datatype, int mincount, int maxcount, const char* glossary); -struct arg_date* arg_date0(const char* shortopts, - const char* longopts, - const char* format, - const char* datatype, - const char* glossary); -struct arg_date* arg_date1(const char* shortopts, - const char* longopts, - const char* format, - const char* datatype, - const char *glossary); -struct arg_date* arg_daten(const char* shortopts, - const char* longopts, - const char* format, - const char* datatype, - int mincount, - int maxcount, - const char *glossary); - -struct arg_end* arg_end(int maxerrors); +ARG_EXTERN struct arg_end* arg_end(int maxerrors); +#define ARG_DSTR_STATIC ((arg_dstr_freefn*)0) +#define ARG_DSTR_VOLATILE ((arg_dstr_freefn*)1) +#define ARG_DSTR_DYNAMIC ((arg_dstr_freefn*)3) /**** other functions *******************************************/ -int arg_nullcheck(void **argtable); -int arg_parse(int argc, char **argv, void **argtable); -void arg_print_option(FILE *fp, const char *shortopts, const char *longopts, const char *datatype, const char *suffix); -void arg_print_syntax(FILE *fp, void **argtable, const char *suffix); -void arg_print_syntaxv(FILE *fp, void **argtable, const char *suffix); -void arg_print_glossary(FILE *fp, void **argtable, const char *format); -void arg_print_glossary_gnu(FILE *fp, void **argtable); -void arg_print_errors(FILE* fp, struct arg_end* end, const char* progname); -void arg_freetable(void **argtable, size_t n); +ARG_EXTERN int arg_nullcheck(void** argtable); +ARG_EXTERN int arg_parse(int argc, char** argv, void** argtable); +ARG_EXTERN void arg_print_option(FILE* fp, const char* shortopts, const char* longopts, const char* datatype, const char* suffix); +ARG_EXTERN void arg_print_syntax(FILE* fp, void** argtable, const char* suffix); +ARG_EXTERN void arg_print_syntaxv(FILE* fp, void** argtable, const char* suffix); +ARG_EXTERN void arg_print_glossary(FILE* fp, void** argtable, const char* format); +ARG_EXTERN void arg_print_glossary_gnu(FILE* fp, void** argtable); +ARG_EXTERN void arg_print_errors(FILE* fp, struct arg_end* end, const char* progname); +ARG_EXTERN void arg_print_option_ds(arg_dstr_t ds, const char* shortopts, const char* longopts, const char* datatype, const char* suffix); +ARG_EXTERN void arg_print_syntax_ds(arg_dstr_t ds, void** argtable, const char* suffix); +ARG_EXTERN void arg_print_syntaxv_ds(arg_dstr_t ds, void** argtable, const char* suffix); +ARG_EXTERN void arg_print_glossary_ds(arg_dstr_t ds, void** argtable, const char* format); +ARG_EXTERN void arg_print_glossary_gnu_ds(arg_dstr_t ds, void** argtable); +ARG_EXTERN void arg_print_errors_ds(arg_dstr_t ds, struct arg_end* end, const char* progname); +ARG_EXTERN void arg_freetable(void** argtable, size_t n); + +ARG_EXTERN arg_dstr_t arg_dstr_create(void); +ARG_EXTERN void arg_dstr_destroy(arg_dstr_t ds); +ARG_EXTERN void arg_dstr_reset(arg_dstr_t ds); +ARG_EXTERN void arg_dstr_free(arg_dstr_t ds); +ARG_EXTERN void arg_dstr_set(arg_dstr_t ds, char* str, arg_dstr_freefn* free_proc); +ARG_EXTERN void arg_dstr_cat(arg_dstr_t ds, const char* str); +ARG_EXTERN void arg_dstr_catc(arg_dstr_t ds, char c); +ARG_EXTERN void arg_dstr_catf(arg_dstr_t ds, const char* fmt, ...); +ARG_EXTERN char* arg_dstr_cstr(arg_dstr_t ds); + +ARG_EXTERN void arg_cmd_init(void); +ARG_EXTERN void arg_cmd_uninit(void); +ARG_EXTERN void arg_cmd_register(const char* name, arg_cmdfn* proc, const char* description); +ARG_EXTERN void arg_cmd_unregister(const char* name); +ARG_EXTERN int arg_cmd_dispatch(const char* name, int argc, char* argv[], arg_dstr_t res); +ARG_EXTERN unsigned int arg_cmd_count(void); +ARG_EXTERN arg_cmd_info_t* arg_cmd_info(const char* name); +ARG_EXTERN arg_cmd_itr_t arg_cmd_itr_create(void); +ARG_EXTERN void arg_cmd_itr_destroy(arg_cmd_itr_t itr); +ARG_EXTERN int arg_cmd_itr_advance(arg_cmd_itr_t itr); +ARG_EXTERN char* arg_cmd_itr_key(arg_cmd_itr_t itr); +ARG_EXTERN arg_cmd_info_t* arg_cmd_itr_value(arg_cmd_itr_t itr); +ARG_EXTERN int arg_cmd_itr_search(arg_cmd_itr_t itr, void* k); +ARG_EXTERN void arg_mgsort(void* data, int size, int esize, int i, int k, arg_comparefn* comparefn); +ARG_EXTERN void arg_make_get_help_msg(arg_dstr_t res); +ARG_EXTERN void arg_make_help_msg(arg_dstr_t ds, char* cmd_name, void** argtable); +ARG_EXTERN void arg_make_syntax_err_msg(arg_dstr_t ds, void** argtable, struct arg_end* end); +ARG_EXTERN int arg_make_syntax_err_help_msg(arg_dstr_t ds, char* name, int help, int nerrors, void** argtable, struct arg_end* end, int* exitcode); +ARG_EXTERN void arg_set_module_name(const char* name); +ARG_EXTERN void arg_set_module_version(int major, int minor, int patch, const char* tag); /**** deprecated functions, for back-compatibility only ********/ -void arg_free(void **argtable); +ARG_EXTERN void arg_free(void** argtable); #ifdef __cplusplus } diff --git a/client/cliparser/cliparser.c b/client/cliparser/cliparser.c index 56be2ca6..95422039 100644 --- a/client/cliparser/cliparser.c +++ b/client/cliparser/cliparser.c @@ -153,23 +153,14 @@ void CLIParserFree() { // convertors int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen) { *datalen = 0; - if (!argstr->count) - return 0; - char buf[256] = {0}; int ibuf = 0; + uint8_t buf[256] = {0}; + int res = CLIParamStrToBuf(argstr, buf, maxdatalen * 2, &ibuf); // *2 because here HEX + if (res || !ibuf) + return res; - for (int i = 0; i < argstr->count; i++) { - int len = strlen(argstr->sval[i]); - memcpy(&buf[ibuf], argstr->sval[i], len); - ibuf += len; - } - buf[ibuf] = 0; - - if (!ibuf) - return 0; - - switch(param_gethex_to_eol(buf, 0, data, maxdatalen, datalen)) { + switch(param_gethex_to_eol((char *)buf, 0, data, maxdatalen, datalen)) { case 1: printf("Parameter error: Invalid HEX value.\n"); return 1; @@ -184,5 +175,31 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int return 0; } +int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen) { + *datalen = 0; + if (!argstr->count) + return 0; + + uint8_t buf[256] = {0}; + int ibuf = 0; + + for (int i = 0; i < argstr->count; i++) { + int len = strlen(argstr->sval[i]); + memcpy(&buf[ibuf], argstr->sval[i], len); + ibuf += len; + } + buf[ibuf] = 0; + + if (!ibuf) + return 0; + + if (ibuf > maxdatalen) + return 2; + + memcpy(data, buf, ibuf); + *datalen = ibuf; + + return 0; +} diff --git a/client/cliparser/cliparser.h b/client/cliparser/cliparser.h index 7c1ced20..05910ea4 100644 --- a/client/cliparser/cliparser.h +++ b/client/cliparser/cliparser.h @@ -17,7 +17,9 @@ #define arg_getsize(a) (sizeof(a) / sizeof(a[0])) #define arg_get_lit(n)(((struct arg_lit*)argtable[n])->count) +#define arg_get_int_count(n)(((struct arg_int*)argtable[n])->count) #define arg_get_int(n)(((struct arg_int*)argtable[n])->ival[0]) +#define arg_get_int_def(n,def)(arg_get_int_count(n)?(arg_get_int(n)):(def)) #define arg_get_str(n)((struct arg_str*)argtable[n]) #define arg_get_str_len(n)(strlen(((struct arg_str*)argtable[n])->sval[0])) @@ -25,8 +27,9 @@ #define arg_strx0(shortopts, longopts, datatype, glossary) (arg_strn((shortopts), (longopts), (datatype), 0, 250, (glossary))) #define CLIExecWithReturn(cmd, atbl, ifempty) if (CLIParserParseString(cmd, atbl, arg_getsize(atbl), ifempty)){CLIParserFree();return 0;} -#define CLIGetStrBLessWithReturn(paramnum, data, datalen, delta) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data) - (delta), datalen)) {CLIParserFree();return 1;} -#define CLIGetStrWithReturn(paramnum, data, datalen) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} +#define CLIGetHexBLessWithReturn(paramnum, data, datalen, delta) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data) - (delta), datalen)) {CLIParserFree();return 1;} +#define CLIGetHexWithReturn(paramnum, data, datalen) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} +#define CLIGetStrWithReturn(paramnum, data, datalen) if (CLIParamStrToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} extern int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp); extern int CLIParserParseString(const char* str, void* argtable[], size_t vargtableLen, bool allowEmptyExec); @@ -35,3 +38,4 @@ extern int CLIParserParseArg(int argc, char **argv, void* argtable[], size_t var extern void CLIParserFree(); extern int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen); +extern int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen); diff --git a/client/cmddata.c b/client/cmddata.c index c4f0e8a3..f5416fee 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -37,7 +37,7 @@ static int CmdHelp(const char *Cmd); //by marshmellow void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx) { - if (buff == NULL) + if (buff == NULL) return; if ( size > MAX_DEMOD_BUF_LEN - startIdx) @@ -102,7 +102,7 @@ int usage_data_printdemodbuf(){ PrintAndLog(" x output in hex (omit for binary output)"); PrintAndLog(" o enter offset in # of bits"); PrintAndLog(" l enter length to print in # of bits or hex characters respectively"); - return 0; + return 0; } //by marshmellow @@ -162,7 +162,7 @@ int CmdPrintDemodBuff(const char *Cmd) } //Validations if(errors) return usage_data_printdemodbuf(); - length = (length > (DemodBufferLen-offset)) ? DemodBufferLen-offset : length; + length = (length > (DemodBufferLen-offset)) ? DemodBufferLen-offset : length; int numBits = (length) & 0x00FFC; //make sure we don't exceed our string if (hexMode){ @@ -170,7 +170,7 @@ int CmdPrintDemodBuff(const char *Cmd) numBits = (numBits > sizeof(hex)) ? sizeof(hex) : numBits; numBits = binarraytohex(hex, buf, numBits); if (numBits==0) return 0; - PrintAndLog("DemodBuffer: %s",hex); + PrintAndLog("DemodBuffer: %s",hex); } else { PrintAndLog("DemodBuffer:\n%s", sprint_bin_break(DemodBuffer+offset,numBits,16)); } @@ -199,7 +199,7 @@ int CmdGetBitStream(const char *Cmd) // (amp may not be needed anymore) //verbose will print results and demoding messages //emSearch will auto search for EM410x format in bitstream -//askType switches decode: ask/raw = 0, ask/manchester = 1 +//askType switches decode: ask/raw = 0, ask/manchester = 1 int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, bool *stCheck) { int invert=0; int clk=0; @@ -225,7 +225,7 @@ int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, int foundclk = 0; //amp before ST check if (amp == 'a' || amp == 'A') { - askAmp(BitStream, BitLen); + askAmp(BitStream, BitLen); } bool st = false; size_t ststart = 0, stend = 0; @@ -263,7 +263,7 @@ int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, else PrintAndLog("ASK/Raw - Clock: %d - Decoded bitstream:",clk); // Now output the bitstream to the scrollback by line of 16 bits printDemodBuff(); - + } uint64_t lo = 0; uint32_t hi = 0; @@ -301,7 +301,7 @@ int Cmdaskmandemod(const char *Cmd) return 0; } bool st = true; - if (Cmd[0]=='s') + if (Cmd[0]=='s') return ASKDemod_ext(Cmd++, true, false, 1, &st); else if (Cmd[1] == 's') return ASKDemod_ext(Cmd+=2, true, false, 1, &st); @@ -324,8 +324,8 @@ int Cmdmandecoderaw(const char *Cmd) PrintAndLog("Usage: data manrawdecode [invert] [maxErr]"); PrintAndLog(" Takes 10 and 01 and converts to 0 and 1 respectively"); PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)"); - PrintAndLog(" [invert] invert output"); - PrintAndLog(" [maxErr] set number of errors allowed (default = 20)"); + PrintAndLog(" [invert] invert output"); + PrintAndLog(" [maxErr] set number of errors allowed (default = 20)"); PrintAndLog(""); PrintAndLog(" sample: data manrawdecode = decode manchester bitstream from the demodbuffer"); return 0; @@ -367,18 +367,20 @@ int Cmdmandecoderaw(const char *Cmd) return 1; } -//by marshmellow -//biphase decode -//take 01 or 10 = 0 and 11 or 00 = 1 -//takes 2 arguments "offset" default = 0 if 1 it will shift the decode by one bit -// and "invert" default = 0 if 1 it will invert output -// the argument offset allows us to manually shift if the output is incorrect - [EDIT: now auto detects] +/** + * @author marshmellow + * biphase decode + * decdoes 01 or 10 to 0 and 11 or 00 to 1 + * param offset adjust start position + * param invert invert output + * param maxErr maximum tolerated errors + */ int CmdBiphaseDecodeRaw(const char *Cmd) { size_t size=0; int offset=0, invert=0, maxErr=20, errCnt=0; char cmdp = param_getchar(Cmd, 0); - if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') { + if (strlen(Cmd) > 7 || cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: data biphaserawdecode [offset] [invert] [maxErr]"); PrintAndLog(" Converts 10 or 01 to 1 and 11 or 00 to 0"); PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)"); @@ -416,7 +418,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd) PrintAndLog("Biphase Decoded using offset: %d - # invert:%d - data:",offset,invert); PrintAndLog("%s", sprint_bin_break(BitStream, size, 16)); - + if (offset) setDemodBuf(DemodBuffer,DemodBufferLen-offset, offset); //remove first bit from raw demod setClockGrid(g_DemodClock, g_DemodStartIdx + g_DemodClock*offset/2); return 1; @@ -427,17 +429,17 @@ int CmdBiphaseDecodeRaw(const char *Cmd) int ASKbiphaseDemod(const char *Cmd, bool verbose) { //ask raw demod GraphBuffer first - int offset=0, clk=0, invert=0, maxErr=0; + int offset=0, clk=0, invert=0, maxErr=100; sscanf(Cmd, "%i %i %i %i", &offset, &clk, &invert, &maxErr); - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]; + uint8_t BitStream[MAX_GRAPH_TRACE_LEN]; size_t size = getFromGraphBuf(BitStream); int startIdx = 0; //invert here inverts the ask raw demoded bits which has no effect on the demod, but we need the pointer - int errCnt = askdemod_ext(BitStream, &size, &clk, &invert, maxErr, 0, 0, &startIdx); - if ( errCnt < 0 || errCnt > maxErr ) { - if (g_debugMode) PrintAndLog("DEBUG: no data or error found %d, clock: %d", errCnt, clk); - return 0; + int errCnt = askdemod_ext(BitStream, &size, &clk, &invert, maxErr, 0, 0, &startIdx); + if ( errCnt < 0 || errCnt > maxErr ) { + if (g_debugMode) PrintAndLog("DEBUG: no data or error found %d, clock: %d", errCnt, clk); + return 0; } //attempt to Biphase decode BitStream @@ -551,7 +553,7 @@ int AutoCorrelate(const int *in, int *out, size_t len, int window, bool SaveGrph if (SaveGrph) { //GraphTraceLen = GraphTraceLen - window; memcpy(out, CorrelBuffer, len * sizeof(int)); - RepaintGraphWindow(); + RepaintGraphWindow(); } return Correlation; } @@ -570,7 +572,7 @@ int usage_data_autocorr(void) int CmdAutoCorr(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); - if (cmdp == 'h' || cmdp == 'H') + if (cmdp == 'h' || cmdp == 'H') return usage_data_autocorr(); int window = 4000; //set default char grph=0; @@ -675,9 +677,9 @@ int CmdGraphShiftZero(const char *Cmd) int shiftedVal=0; for(int i = 0; i127) + if (shiftedVal>127) shiftedVal=127; - else if (shiftedVal<-127) + else if (shiftedVal<-127) shiftedVal=-127; GraphBuffer[i]= shiftedVal; } @@ -699,13 +701,13 @@ int AskEdgeDetect(const int *in, int *out, int len, int threshold) { //by marshmellow //use large jumps in read samples to identify edges of waves and then amplify that wave to max -//similar to dirtheshold, threshold commands +//similar to dirtheshold, threshold commands //takes a threshold length which is the measured length between two samples then determines an edge int CmdAskEdgeDetect(const char *Cmd) { int thresLen = 25; int ans = 0; - sscanf(Cmd, "%i", &thresLen); + sscanf(Cmd, "%i", &thresLen); ans = AskEdgeDetect(GraphBuffer, GraphBuffer, GraphTraceLen, thresLen); RepaintGraphWindow(); @@ -813,7 +815,7 @@ int FSKrawDemod(const char *Cmd, bool verbose) setDemodBuf(BitStream,size,0); setClockGrid(rfLen, startIdx); - // Now output the bitstream to the scrollback by line of 16 bits + // Now output the bitstream to the scrollback by line of 16 bits if (verbose || g_debugMode) { PrintAndLog("\nUsing Clock:%u, invert:%u, fchigh:%u, fclow:%u", (unsigned int)rfLen, (unsigned int)invert, (unsigned int)fchigh, (unsigned int)fclow); PrintAndLog("%s decoded bitstream:",GetFSKType(fchigh,fclow,invert)); @@ -843,7 +845,7 @@ int CmdFSKrawdemod(const char *Cmd) PrintAndLog(""); PrintAndLog(" sample: data rawdemod fs = demod an fsk tag from GraphBuffer using autodetect"); PrintAndLog(" : data rawdemod fs 32 = demod an fsk tag from GraphBuffer using a clock of RF/32, autodetect fc"); - PrintAndLog(" : data rawdemod fs 1 = demod an fsk tag from GraphBuffer using autodetect, invert output"); + PrintAndLog(" : data rawdemod fs 1 = demod an fsk tag from GraphBuffer using autodetect, invert output"); PrintAndLog(" : data rawdemod fs 32 1 = demod an fsk tag from GraphBuffer using a clock of RF/32, invert output, autodetect fc"); PrintAndLog(" : data rawdemod fs 64 0 8 5 = demod an fsk1 RF/64 tag from GraphBuffer"); PrintAndLog(" : data rawdemod fs 50 0 10 8 = demod an fsk2 RF/50 tag from GraphBuffer"); @@ -878,7 +880,7 @@ int PSKDemod(const char *Cmd, bool verbose) if (errCnt > maxErr){ if (g_debugMode || verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; - } + } if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) if (g_debugMode || verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; @@ -923,7 +925,7 @@ int NRZrawDemod(const char *Cmd, bool verbose) if (errCnt > maxErr){ if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; - } + } if (errCnt<0 || BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first) if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt); return 0; @@ -940,7 +942,7 @@ int NRZrawDemod(const char *Cmd, bool verbose) // Now output the bitstream to the scrollback by line of 16 bits printDemodBuff(); } - return 1; + return 1; } int CmdNRZrawDemod(const char *Cmd) @@ -986,10 +988,10 @@ int CmdPSK1rawDemod(const char *Cmd) ans = PSKDemod(Cmd, true); //output if (!ans){ - if (g_debugMode) PrintAndLog("Error demoding: %d",ans); + if (g_debugMode) PrintAndLog("Error demoding: %d",ans); return 0; } - + PrintAndLog("PSK1 demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits printDemodBuff(); @@ -1017,13 +1019,13 @@ int CmdPSK2rawDemod(const char *Cmd) } ans=PSKDemod(Cmd, true); if (!ans){ - if (g_debugMode) PrintAndLog("Error demoding: %d",ans); + if (g_debugMode) PrintAndLog("Error demoding: %d",ans); return 0; - } + } psk1TOpsk2(DemodBuffer, DemodBufferLen); PrintAndLog("PSK2 demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); + printDemodBuff(); return 1; } @@ -1034,10 +1036,10 @@ int CmdRawDemod(const char *Cmd) if (strlen(Cmd) > 35 || cmdp == 'h' || cmdp == 'H' || strlen(Cmd)<2) { PrintAndLog("Usage: data rawdemod [modulation] |"); - PrintAndLog(" [modulation] as 2 char, 'ab' for ask/biphase, 'am' for ask/manchester, 'ar' for ask/raw, 'fs' for fsk, ..."); + PrintAndLog(" [modulation] as 2 char, 'ab' for ask/biphase, 'am' for ask/manchester, 'ar' for ask/raw, 'fs' for fsk, ..."); PrintAndLog(" 'nr' for nrz/direct, 'p1' for psk1, 'p2' for psk2"); - PrintAndLog(" as 'h', prints the help for the specific modulation"); - PrintAndLog(" see specific modulation help for optional parameters"); + PrintAndLog(" as 'h', prints the help for the specific modulation"); + PrintAndLog(" see specific modulation help for optional parameters"); PrintAndLog(""); PrintAndLog(" sample: data rawdemod fs h = print help specific to fsk demod"); PrintAndLog(" : data rawdemod fs = demod GraphBuffer using: fsk - autodetect"); @@ -1065,7 +1067,7 @@ int CmdRawDemod(const char *Cmd) ans = CmdPSK1rawDemod(Cmd+2); } else if(cmdp == 'p' && cmdp2 == '2'){ ans = CmdPSK2rawDemod(Cmd+2); - } else { + } else { PrintAndLog("unknown modulation entered - see help ('h') for parameter structure"); } return ans; @@ -1204,13 +1206,16 @@ int getSamples(int n, bool silent) uint8_t bits_per_sample = 8; //Old devices without this feature would send 0 at arg[0] - if(response.arg[0] > 0) - { + if(response.arg[0] > 0) { + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Waddress-of-packed-member" sample_config *sc = (sample_config *) response.d.asBytes; + #pragma GCC diagnostic pop if (!silent) PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample , sc->decimation); bits_per_sample = sc->bits_per_sample; } + if(bits_per_sample < 8) { if (!silent) PrintAndLog("Unpacking..."); @@ -1330,7 +1335,7 @@ int CmdLoad(const char *Cmd) len = strlen(Cmd); if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); - + FILE *f = fopen(filename, "r"); if (!f) { PrintAndLog("couldn't open '%s'", filename); @@ -1426,7 +1431,7 @@ int CmdSave(const char *Cmd) len = strlen(Cmd); if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); - + FILE *f = fopen(filename, "w"); if(!f) { @@ -1638,7 +1643,7 @@ void GetHiLoTone(int *LowTone, int *HighTone, int clk, int LowToneFC, int HighTo //int HighToneMod = clk mod HighToneFC; int LeftHalfFCCnt = (LowToneFC % 2) + (LowToneFC/2); //truncate int FCs_per_clk = clk/LowToneFC; - + // need to correctly split up the clock to field clocks. // First attempt uses modifiers on each end to make up for when FCs don't evenly divide into Clk @@ -1692,7 +1697,7 @@ void GetHiLoTone(int *LowTone, int *HighTone, int clk, int LowToneFC, int HighTo } } -//old CmdFSKdemod adapted by marshmellow +//old CmdFSKdemod adapted by marshmellow //converts FSK to clear NRZ style wave. (or demodulates) int FSKToNRZ(int *data, int *dataLen, int clk, int LowToneFC, int HighToneFC) { uint8_t ans=0; @@ -1713,7 +1718,7 @@ int FSKToNRZ(int *data, int *dataLen, int clk, int LowToneFC, int HighToneFC) { int LowTone[clk]; int HighTone[clk]; GetHiLoTone(LowTone, HighTone, clk, LowToneFC, HighToneFC); - + int i, j; // loop through ([all samples] - clk) @@ -1733,7 +1738,7 @@ int FSKToNRZ(int *data, int *dataLen, int clk, int LowToneFC, int HighToneFC) { } // now we have the abs( [average sample value per clk] * 100 ) for each tone - // loop through again [all samples] - clk - 16 + // loop through again [all samples] - clk - 16 // note why 16??? is 16 the largest FC? changed to LowToneFC as that should be the > fc for(i = 0; i < *dataLen - clk - LowToneFC; ++i) { int lowTot = 0, highTot = 0; @@ -1746,8 +1751,8 @@ int FSKToNRZ(int *data, int *dataLen, int clk, int LowToneFC, int HighToneFC) { highTot += (data[i + j] >> 16); } - // subtract the sum of lowTone averages by the sum of highTone averages as it - // and write back the new graph value + // subtract the sum of lowTone averages by the sum of highTone averages as it + // and write back the new graph value data[i] = lowTot - highTot; } // update dataLen to what we put back to the data sample buffer @@ -1762,11 +1767,11 @@ int usage_data_fsktonrz() { PrintAndLog(" c enter the a clock (omit to autodetect)"); PrintAndLog(" l enter a field clock (omit to autodetect)"); PrintAndLog(" f enter a field clock (omit to autodetect)"); - return 0; + return 0; } int CmdFSKToNRZ(const char *Cmd) { - // take clk, fc_low, fc_high + // take clk, fc_low, fc_high // blank = auto; bool errors = false; int clk = 0; @@ -1839,7 +1844,7 @@ static command_t CommandTable[] = {"norm", CmdNorm, 1, "Normalize max/min to +/-128"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, {"printdemodbuffer",CmdPrintDemodBuff, 1, "[x] [o] [l] -- print the data in the DemodBuffer - 'x' for hex output"}, - {"rawdemod", CmdRawDemod, 1, "[modulation] ... -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, + {"rawdemod", CmdRawDemod, 1, "[modulation] ... -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, {"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"}, {"save", CmdSave, 1, " -- Save trace (from graph window)"}, {"setgraphmarkers", CmdSetGraphMarkers, 1, "[orange_marker] [blue_marker] (in graph window)"}, diff --git a/client/cmdhf.c b/client/cmdhf.c index b973354d..5aeb7ce4 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -11,16 +11,12 @@ #include "cmdhf.h" -#include -#include -#include +#include +#include "usb_cmd.h" #include "comms.h" -#include "util.h" #include "ui.h" -#include "iso14443crc.h" -#include "parity.h" -#include "cmdmain.h" #include "cmdparser.h" +#include "cliparser/cliparser.h" #include "cmdhf14a.h" #include "cmdhf14b.h" #include "cmdhf15.h" @@ -28,11 +24,14 @@ #include "cmdhflegic.h" #include "cmdhficlass.h" #include "cmdhfmf.h" +#include "cmdhfmfp.h" #include "cmdhfmfu.h" #include "cmdhftopaz.h" -#include "protocols.h" -#include "emv/cmdemv.h" #include "cmdhflist.h" +#include "cmdhffido.h" +#include "cmddata.h" +#include "graph.h" +#include "fpga.h" static int CmdHelp(const char *Cmd); @@ -43,510 +42,6 @@ int CmdHFTune(const char *Cmd) return 0; } -/** - * @brief iso14443B_CRC_check Checks CRC in command or response - * @param isResponse - * @param data - * @param len - * @return 0 : CRC-command, CRC not ok - * 1 : CRC-command, CRC ok - * 2 : Not crc-command - */ - -uint8_t iso14443B_CRC_check(bool isResponse, uint8_t* data, uint8_t len) -{ - uint8_t b1,b2; - - if(len <= 2) return 2; - - ComputeCrc14443(CRC_14443_B, data, len-2, &b1, &b2); - if(b1 != data[len-2] || b2 != data[len-1]) { - return 0; - } else { - return 1; - } -} - -/** - * @brief iclass_CRC_Ok Checks CRC in command or response - * @param isResponse - * @param data - * @param len - * @return 0 : CRC-command, CRC not ok - * 1 : CRC-command, CRC ok - * 2 : Not crc-command - */ -uint8_t iclass_CRC_check(bool isResponse, uint8_t* data, uint8_t len) -{ - if(len < 4) return 2;//CRC commands (and responses) are all at least 4 bytes - - uint8_t b1, b2; - - if(!isResponse)//Commands to tag - { - /** - These commands should have CRC. Total length leftmost - 4 READ - 4 READ4 - 12 UPDATE - unsecured, ends with CRC16 - 14 UPDATE - secured, ends with signature instead - 4 PAGESEL - **/ - if(len == 4 || len == 12)//Covers three of them - { - //Don't include the command byte - ComputeCrc14443(CRC_ICLASS, (data+1), len-3, &b1, &b2); - return b1 == data[len -2] && b2 == data[len-1]; - } - return 2; - }else{ - /** - These tag responses should have CRC. Total length leftmost - - 10 READ data[8] crc[2] - 34 READ4 data[32]crc[2] - 10 UPDATE data[8] crc[2] - 10 SELECT csn[8] crc[2] - 10 IDENTIFY asnb[8] crc[2] - 10 PAGESEL block1[8] crc[2] - 10 DETECT csn[8] crc[2] - - These should not - - 4 CHECK chip_response[4] - 8 READCHECK data[8] - 1 ACTALL sof[1] - 1 ACT sof[1] - - In conclusion, without looking at the command; any response - of length 10 or 34 should have CRC - **/ - if(len != 10 && len != 34) return true; - - ComputeCrc14443(CRC_ICLASS, data, len-2, &b1, &b2); - return b1 == data[len -2] && b2 == data[len-1]; - } -} - - -bool is_last_record(uint16_t tracepos, uint8_t *trace, uint16_t traceLen) -{ - return(tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) >= traceLen); -} - - -bool next_record_is_response(uint16_t tracepos, uint8_t *trace) -{ - uint16_t next_records_datalen = *((uint16_t *)(trace + tracepos + sizeof(uint32_t) + sizeof(uint16_t))); - - return(next_records_datalen & 0x8000); -} - - -bool merge_topaz_reader_frames(uint32_t timestamp, uint32_t *duration, uint16_t *tracepos, uint16_t traceLen, uint8_t *trace, uint8_t *frame, uint8_t *topaz_reader_command, uint16_t *data_len) -{ - -#define MAX_TOPAZ_READER_CMD_LEN 16 - - uint32_t last_timestamp = timestamp + *duration; - - if ((*data_len != 1) || (frame[0] == TOPAZ_WUPA) || (frame[0] == TOPAZ_REQA)) return false; - - memcpy(topaz_reader_command, frame, *data_len); - - while (!is_last_record(*tracepos, trace, traceLen) && !next_record_is_response(*tracepos, trace)) { - uint32_t next_timestamp = *((uint32_t *)(trace + *tracepos)); - *tracepos += sizeof(uint32_t); - uint16_t next_duration = *((uint16_t *)(trace + *tracepos)); - *tracepos += sizeof(uint16_t); - uint16_t next_data_len = *((uint16_t *)(trace + *tracepos)) & 0x7FFF; - *tracepos += sizeof(uint16_t); - uint8_t *next_frame = (trace + *tracepos); - *tracepos += next_data_len; - if ((next_data_len == 1) && (*data_len + next_data_len <= MAX_TOPAZ_READER_CMD_LEN)) { - memcpy(topaz_reader_command + *data_len, next_frame, next_data_len); - *data_len += next_data_len; - last_timestamp = next_timestamp + next_duration; - } else { - // rewind and exit - *tracepos = *tracepos - next_data_len - sizeof(uint16_t) - sizeof(uint16_t) - sizeof(uint32_t); - break; - } - uint16_t next_parity_len = (next_data_len-1)/8 + 1; - *tracepos += next_parity_len; - } - - *duration = last_timestamp - timestamp; - - return true; -} - - -uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, uint8_t protocol, bool showWaitCycles, bool markCRCBytes) -{ - bool isResponse; - uint16_t data_len, parity_len; - uint32_t duration; - uint8_t topaz_reader_command[9]; - uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp; - char explanation[30] = {0}; - uint8_t mfData[32] = {0}; - size_t mfDataLen = 0; - - if (tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) > traceLen) return traceLen; - - first_timestamp = *((uint32_t *)(trace)); - timestamp = *((uint32_t *)(trace + tracepos)); - - tracepos += 4; - duration = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - data_len = *((uint16_t *)(trace + tracepos)); - tracepos += 2; - - if (data_len & 0x8000) { - data_len &= 0x7fff; - isResponse = true; - } else { - isResponse = false; - } - parity_len = (data_len-1)/8 + 1; - - if (tracepos + data_len + parity_len > traceLen) { - return traceLen; - } - uint8_t *frame = trace + tracepos; - tracepos += data_len; - uint8_t *parityBytes = trace + tracepos; - tracepos += parity_len; - - if (protocol == TOPAZ && !isResponse) { - // topaz reader commands come in 1 or 9 separate frames with 7 or 8 Bits each. - // merge them: - if (merge_topaz_reader_frames(timestamp, &duration, &tracepos, traceLen, trace, frame, topaz_reader_command, &data_len)) { - frame = topaz_reader_command; - } - } - - //Check the CRC status - uint8_t crcStatus = 2; - - if (data_len > 2) { - switch (protocol) { - case ICLASS: - crcStatus = iclass_CRC_check(isResponse, frame, data_len); - break; - case ISO_14443B: - case TOPAZ: - crcStatus = iso14443B_CRC_check(isResponse, frame, data_len); - break; - case PROTO_MIFARE: - crcStatus = mifare_CRC_check(isResponse, frame, data_len); - break; - case ISO_14443A: - crcStatus = iso14443A_CRC_check(isResponse, frame, data_len); - break; - default: - break; - } - } - //0 CRC-command, CRC not ok - //1 CRC-command, CRC ok - //2 Not crc-command - - //--- Draw the data column - //char line[16][110]; - char line[16][110]; - - for (int j = 0; j < data_len && j/16 < 16; j++) { - - uint8_t parityBits = parityBytes[j>>3]; - if (protocol != ISO_14443B && (isResponse || protocol == ISO_14443A) && (oddparity8(frame[j]) != ((parityBits >> (7-(j&0x0007))) & 0x01))) { - snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]); - } else { - snprintf(line[j/16]+(( j % 16) * 4), 110, " %02x ", frame[j]); - } - - } - - if (markCRCBytes) { - if(crcStatus == 0 || crcStatus == 1) - {//CRC-command - char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4); - (*pos1) = '['; - char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4); - sprintf(pos2, "%c", ']'); - } - } - - if(data_len == 0) - { - if(data_len == 0){ - sprintf(line[0],""); - } - } - //--- Draw the CRC column - - char *crc = (crcStatus == 0 ? "!crc" : (crcStatus == 1 ? " ok " : " ")); - - EndOfTransmissionTimestamp = timestamp + duration; - - if (protocol == PROTO_MIFARE) - annotateMifare(explanation, sizeof(explanation), frame, data_len, parityBytes, parity_len, isResponse); - - if(!isResponse) - { - switch(protocol) { - case ICLASS: annotateIclass(explanation,sizeof(explanation),frame,data_len); break; - case ISO_14443A: annotateIso14443a(explanation,sizeof(explanation),frame,data_len); break; - case ISO_14443B: annotateIso14443b(explanation,sizeof(explanation),frame,data_len); break; - case TOPAZ: annotateTopaz(explanation,sizeof(explanation),frame,data_len); break; - default: break; - } - } - - int num_lines = MIN((data_len - 1)/16 + 1, 16); - for (int j = 0; j < num_lines ; j++) { - if (j == 0) { - PrintAndLog(" %10d | %10d | %s |%-64s | %s| %s", - (timestamp - first_timestamp), - (EndOfTransmissionTimestamp - first_timestamp), - (isResponse ? "Tag" : "Rdr"), - line[j], - (j == num_lines-1) ? crc : " ", - (j == num_lines-1) ? explanation : ""); - } else { - PrintAndLog(" | | |%-64s | %s| %s", - line[j], - (j == num_lines-1) ? crc : " ", - (j == num_lines-1) ? explanation : ""); - } - } - - if (DecodeMifareData(frame, data_len, parityBytes, isResponse, mfData, &mfDataLen)) { - memset(explanation, 0x00, sizeof(explanation)); - if (!isResponse) { - explanation[0] = '>'; - annotateIso14443a(&explanation[1], sizeof(explanation) - 1, mfData, mfDataLen); - } - uint8_t crcc = iso14443A_CRC_check(isResponse, mfData, mfDataLen); - PrintAndLog(" | * | dec |%-64s | %-4s| %s", - sprint_hex(mfData, mfDataLen), - (crcc == 0 ? "!crc" : (crcc == 1 ? " ok " : " ")), - (true) ? explanation : ""); - }; - - if (is_last_record(tracepos, trace, traceLen)) return traceLen; - - if (showWaitCycles && !isResponse && next_record_is_response(tracepos, trace)) { - uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); - PrintAndLog(" %10d | %10d | %s | fdt (Frame Delay Time): %d", - (EndOfTransmissionTimestamp - first_timestamp), - (next_timestamp - first_timestamp), - " ", - (next_timestamp - EndOfTransmissionTimestamp)); - } - - return tracepos; -} - - -int CmdHFList(const char *Cmd) -{ - #ifdef WITH_SMARTCARD - PrintAndLog("TEST_WITH_SMARTCARD"); - #endif - #ifdef WITH_TEST - PrintAndLog("TEST_WITH_TEST"); - #endif - bool showWaitCycles = false; - bool markCRCBytes = false; - bool loadFromFile = false; - bool saveToFile = false; - char param1 = '\0'; - char param2 = '\0'; - char param3 = '\0'; - char type[40] = {0}; - char filename[FILE_PATH_SIZE] = {0}; - uint8_t protocol = 0; - - // parse command line - int tlen = param_getstr(Cmd, 0, type, sizeof(type)); - if (param_getlength(Cmd, 1) == 1) { - param1 = param_getchar(Cmd, 1); - } else { - param_getstr(Cmd, 1, filename, sizeof(filename)); - } - if (param_getlength(Cmd, 2) == 1) { - param2 = param_getchar(Cmd, 2); - } else if (strlen(filename) == 0) { - param_getstr(Cmd, 2, filename, sizeof(filename)); - } - if (param_getlength(Cmd, 3) == 1) { - param3 = param_getchar(Cmd, 3); - } else if (strlen(filename) == 0) { - param_getstr(Cmd, 3, filename, sizeof(filename)); - } - - // Validate param1 - bool errors = false; - - if(tlen == 0) { - errors = true; - } - - if(param1 == 'h' - || (param1 != 0 && param1 != 'f' && param1 != 'c' && param1 != 'l') - || (param2 != 0 && param2 != 'f' && param2 != 'c' && param2 != 'l') - || (param3 != 0 && param3 != 'f' && param3 != 'c' && param3 != 'l')) { - errors = true; - } - - if(!errors) { - if(strcmp(type, "iclass") == 0) { - protocol = ICLASS; - } else if(strcmp(type, "mf") == 0) { - protocol = PROTO_MIFARE; - } else if(strcmp(type, "14a") == 0) { - protocol = ISO_14443A; - } else if(strcmp(type, "14b") == 0) { - protocol = ISO_14443B; - } else if(strcmp(type,"topaz") == 0) { - protocol = TOPAZ; - } else if(strcmp(type,"raw") == 0) { - protocol = -1; //No crc, no annotations - } else if (strcmp(type, "save") == 0) { - saveToFile = true; - } else { - errors = true; - } - } - - if (param1 == 'f' || param2 == 'f' || param3 == 'f') { - showWaitCycles = true; - } - - if (param1 == 'c' || param2 == 'c' || param3 == 'c') { - markCRCBytes = true; - } - - if (param1 == 'l' || param2 == 'l' || param3 == 'l') { - loadFromFile = true; - } - - if ((loadFromFile || saveToFile) && strlen(filename) == 0) { - errors = true; - } - - if (loadFromFile && saveToFile) { - errors = true; - } - - if (errors) { - PrintAndLog("List or save protocol data."); - PrintAndLog("Usage: hf list [f] [c] [l ]"); - PrintAndLog(" hf list save "); - PrintAndLog(" f - show frame delay times as well"); - PrintAndLog(" c - mark CRC bytes"); - PrintAndLog(" l - load data from file instead of trace buffer"); - PrintAndLog(" save - save data to file"); - PrintAndLog("Supported values:"); - PrintAndLog(" raw - just show raw data without annotations"); - PrintAndLog(" 14a - interpret data as iso14443a communications"); - PrintAndLog(" mf - interpret data as iso14443a communications and decrypt crypto1 stream"); - PrintAndLog(" 14b - interpret data as iso14443b communications"); - PrintAndLog(" iclass - interpret data as iclass communications"); - PrintAndLog(" topaz - interpret data as topaz communications"); - PrintAndLog(""); - PrintAndLog("example: hf list 14a f"); - PrintAndLog("example: hf list iclass"); - PrintAndLog("example: hf list save myCardTrace.trc"); - PrintAndLog("example: hf list 14a l myCardTrace.trc"); - return 0; - } - - - uint8_t *trace; - uint32_t tracepos = 0; - uint32_t traceLen = 0; - - if (loadFromFile) { - #define TRACE_CHUNK_SIZE (1<<16) // 64K to start with. Will be enough for BigBuf and some room for future extensions - FILE *tracefile = NULL; - size_t bytes_read; - trace = malloc(TRACE_CHUNK_SIZE); - if (trace == NULL) { - PrintAndLog("Cannot allocate memory for trace"); - return 2; - } - if ((tracefile = fopen(filename,"rb")) == NULL) { - PrintAndLog("Could not open file %s", filename); - free(trace); - return 0; - } - while (!feof(tracefile)) { - bytes_read = fread(trace+traceLen, 1, TRACE_CHUNK_SIZE, tracefile); - traceLen += bytes_read; - if (!feof(tracefile)) { - uint8_t *p = realloc(trace, traceLen + TRACE_CHUNK_SIZE); - if (p == NULL) { - PrintAndLog("Cannot allocate memory for trace"); - free(trace); - fclose(tracefile); - return 2; - } - trace = p; - } - } - fclose(tracefile); - } else { - trace = malloc(USB_CMD_DATA_SIZE); - // Query for the size of the trace - UsbCommand response; - GetFromBigBuf(trace, USB_CMD_DATA_SIZE, 0, &response, -1, false); - traceLen = response.arg[2]; - if (traceLen > USB_CMD_DATA_SIZE) { - uint8_t *p = realloc(trace, traceLen); - if (p == NULL) { - PrintAndLog("Cannot allocate memory for trace"); - free(trace); - return 2; - } - trace = p; - GetFromBigBuf(trace, traceLen, 0, NULL, -1, false); - } - } - - if (saveToFile) { - FILE *tracefile = NULL; - if ((tracefile = fopen(filename,"wb")) == NULL) { - PrintAndLog("Could not create file %s", filename); - return 1; - } - fwrite(trace, 1, traceLen, tracefile); - PrintAndLog("Recorded Activity (TraceLen = %d bytes) written to file %s", traceLen, filename); - fclose(tracefile); - } else { - PrintAndLog("Recorded Activity (TraceLen = %d bytes)", traceLen); - PrintAndLog(""); - PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); - PrintAndLog("iso14443a - All times are in carrier periods (1/13.56Mhz)"); - PrintAndLog("iClass - Timings are not as accurate"); - PrintAndLog(""); - PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC | Annotation |"); - PrintAndLog("------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|"); - - ClearAuthData(); - while(tracepos < traceLen) - { - tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles, markCRCBytes); - } - } - - free(trace); - return 0; -} - int CmdHFSearch(const char *Cmd){ int ans = 0; PrintAndLog(""); @@ -555,7 +50,7 @@ int CmdHFSearch(const char *Cmd){ PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n"); return ans; } - ans = HFiClassReader("", false, false); + ans = HFiClassReader(false, false); if (ans) { PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n"); return ans; @@ -566,11 +61,16 @@ int CmdHFSearch(const char *Cmd){ return ans; } //14b is longest test currently (and rarest chip type) ... put last - ans = HF14BInfo(false); + ans = infoHF14B(false); if (ans) { PrintAndLog("\nValid ISO14443B Tag Found - Quiting Search\n"); return ans; } + ans = CmdLegicRFRead(""); + if (ans == 0) { + PrintAndLog("\nValid Legic Tag Found - Quiting Search\n"); + return ans; + } PrintAndLog("\nno known/supported 13.56 MHz tags found\n"); return 0; } @@ -583,30 +83,83 @@ int CmdHFSnoop(const char *Cmd) return 0; } -static command_t CommandTable[] = + +// static void InterpolateShannon(int *source, size_t source_len, int *dest, size_t dest_len) +// { + // int *buf = (int*)malloc(source_len * sizeof(int)); + // memcpy(buf, source, source_len * sizeof(int)); + // for (int i = 0; i < source_len; i++) { + // buf[i] += 128; + // } + // for (int i = 0; i < dest_len; i++) { + // float value = 0.0; + // for (int j = 0; j < source_len; j++) { + // if (i * source_len == j * dest_len) { // sin(0) / 0 = 1 + // value += (float)buf[j]; + // } else { + // value += (float)buf[j] * sin(((float)i*source_len/dest_len-j)*3.1415) / (((float)i*source_len/dest_len-j)*3.1415); + // } + // } + // dest[i] = value - 128; + // } + // free(buf); +// } + + +static int CmdHFPlot(const char *Cmd) { - {"help", CmdHelp, 1, "This help"}, - {"14a", CmdHF14A, 1, "{ ISO14443A RFIDs... }"}, - {"14b", CmdHF14B, 1, "{ ISO14443B RFIDs... }"}, - {"15", CmdHF15, 1, "{ ISO15693 RFIDs... }"}, - {"epa", CmdHFEPA, 1, "{ German Identification Card... }"}, - {"emv", CmdHFEMV, 1, "{ EMV cards... }"}, - {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, - {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, - {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, - {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, - {"topaz", CmdHFTopaz, 1, "{ TOPAZ (NFC Type 1) RFIDs... }"}, - {"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, - {"list", CmdHFList, 1, "List protocol data in trace buffer"}, - {"search", CmdHFSearch, 1, "Search for known HF tags [preliminary]"}, + CLIParserInit("hf plot", + "Plots HF signal after RF signal path and A/D conversion.", + "This can be used after any hf command and will show the last few milliseconds of the HF signal.\n" + "Note: If the last hf command terminated because of a timeout you will most probably see nothing.\n"); + void* argtable[] = { + arg_param_begin, + arg_param_end + }; + CLIExecWithReturn(Cmd, argtable, true); + + uint8_t buf[FPGA_TRACE_SIZE]; + + if (GetFromFpgaRAM(buf, FPGA_TRACE_SIZE)) { + for (size_t i = 0; i < FPGA_TRACE_SIZE; i++) { + GraphBuffer[i] = (int)buf[i] - 128; + } + GraphTraceLen = FPGA_TRACE_SIZE; + // InterpolateShannon(GraphBuffer, FPGA_TRACE_SIZE, GraphBuffer, FPGA_TRACE_SIZE*8/7); + // GraphTraceLen = FPGA_TRACE_SIZE*8/7; + ShowGraphWindow(); + RepaintGraphWindow(); + } + return 0; +} + + +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1, "This help"}, + {"14a", CmdHF14A, 0, "{ ISO14443A RFIDs... }"}, + {"14b", CmdHF14B, 0, "{ ISO14443B RFIDs... }"}, + {"15", CmdHF15, 1, "{ ISO15693 RFIDs... }"}, + {"epa", CmdHFEPA, 0, "{ German Identification Card... }"}, + {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, + {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, + {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, + {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, + {"mfp", CmdHFMFP, 0, "{ MIFARE Plus RFIDs... }"}, + {"topaz", CmdHFTopaz, 0, "{ TOPAZ (NFC Type 1) RFIDs... }"}, + {"fido", CmdHFFido, 0, "{ FIDO and FIDO2 authenticators... }"}, + {"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, + {"list", CmdHFList, 1, "List protocol data in trace buffer"}, + {"plot", CmdHFPlot, 0, "Plot signal"}, + {"search", CmdHFSearch, 0, "Search for known HF tags [preliminary]"}, {"snoop", CmdHFSnoop, 0, " Generic HF Snoop"}, - {NULL, NULL, 0, NULL} + {NULL, NULL, 0, NULL} }; int CmdHF(const char *Cmd) { CmdsParse(CommandTable, Cmd); - return 0; + return 0; } int CmdHelp(const char *Cmd) diff --git a/client/cmdhf.h b/client/cmdhf.h index 026357b5..ff20a950 100644 --- a/client/cmdhf.h +++ b/client/cmdhf.h @@ -13,5 +13,5 @@ int CmdHF(const char *Cmd); int CmdHFTune(const char *Cmd); -int CmdHFList(const char *Cmd); + #endif diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 94eb8ff3..58315582 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -1,6 +1,6 @@ //----------------------------------------------------------------------------- -// 2011, 2017 Merlok // Copyright (C) 2010 iZsh , Hagen Fritsch +// 2011, 2017 - 2019 Merlok // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -27,108 +27,18 @@ #include "cmdmain.h" #include "mifare.h" #include "cmdhfmfu.h" -#include "mifarehost.h" +#include "mifare/mifarehost.h" #include "cliparser/cliparser.h" #include "emv/apduinfo.h" #include "emv/emvcore.h" +#include "taginfo.h" static int CmdHelp(const char *Cmd); static int waitCmd(uint8_t iLen); -// structure and database for uid -> tagtype lookups -typedef struct { - uint8_t uid; - char* desc; -} manufactureName; - -static const manufactureName manufactureMapping[] = { - // ID, "Vendor Country" - { 0x01, "Motorola UK" }, - { 0x02, "ST Microelectronics SA France" }, - { 0x03, "Hitachi, Ltd Japan" }, - { 0x04, "NXP Semiconductors Germany" }, - { 0x05, "Infineon Technologies AG Germany" }, - { 0x06, "Cylink USA" }, - { 0x07, "Texas Instrument France" }, - { 0x08, "Fujitsu Limited Japan" }, - { 0x09, "Matsushita Electronics Corporation, Semiconductor Company Japan" }, - { 0x0A, "NEC Japan" }, - { 0x0B, "Oki Electric Industry Co. Ltd Japan" }, - { 0x0C, "Toshiba Corp. Japan" }, - { 0x0D, "Mitsubishi Electric Corp. Japan" }, - { 0x0E, "Samsung Electronics Co. Ltd Korea" }, - { 0x0F, "Hynix / Hyundai, Korea" }, - { 0x10, "LG-Semiconductors Co. Ltd Korea" }, - { 0x11, "Emosyn-EM Microelectronics USA" }, - { 0x12, "INSIDE Technology France" }, - { 0x13, "ORGA Kartensysteme GmbH Germany" }, - { 0x14, "SHARP Corporation Japan" }, - { 0x15, "ATMEL France" }, - { 0x16, "EM Microelectronic-Marin SA Switzerland" }, - { 0x17, "KSW Microtec GmbH Germany" }, - { 0x18, "ZMD AG Germany" }, - { 0x19, "XICOR, Inc. USA" }, - { 0x1A, "Sony Corporation Japan Identifier Company Country" }, - { 0x1B, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" }, - { 0x1C, "Emosyn USA" }, - { 0x1D, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" }, - { 0x1E, "Magellan Technology Pty Limited Australia" }, - { 0x1F, "Melexis NV BO Switzerland" }, - { 0x20, "Renesas Technology Corp. Japan" }, - { 0x21, "TAGSYS France" }, - { 0x22, "Transcore USA" }, - { 0x23, "Shanghai belling corp., ltd. China" }, - { 0x24, "Masktech Germany Gmbh Germany" }, - { 0x25, "Innovision Research and Technology Plc UK" }, - { 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" }, - { 0x27, "Cypak AB Sweden" }, - { 0x28, "Ricoh Japan" }, - { 0x29, "ASK France" }, - { 0x2A, "Unicore Microsystems, LLC Russian Federation" }, - { 0x2B, "Dallas Semiconductor/Maxim USA" }, - { 0x2C, "Impinj, Inc. USA" }, - { 0x2D, "RightPlug Alliance USA" }, - { 0x2E, "Broadcom Corporation USA" }, - { 0x2F, "MStar Semiconductor, Inc Taiwan, ROC" }, - { 0x30, "BeeDar Technology Inc. USA" }, - { 0x31, "RFIDsec Denmark" }, - { 0x32, "Schweizer Electronic AG Germany" }, - { 0x33, "AMIC Technology Corp Taiwan" }, - { 0x34, "Mikron JSC Russia" }, - { 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" }, - { 0x36, "IDS Microchip AG Switzerland" }, - { 0x37, "Kovio USA" }, - { 0x38, "HMT Microelectronic Ltd Switzerland Identifier Company Country" }, - { 0x39, "Silicon Craft Technology Thailand" }, - { 0x3A, "Advanced Film Device Inc. Japan" }, - { 0x3B, "Nitecrest Ltd UK" }, - { 0x3C, "Verayo Inc. USA" }, - { 0x3D, "HID Global USA" }, - { 0x3E, "Productivity Engineering Gmbh Germany" }, - { 0x3F, "Austriamicrosystems AG (reserved) Austria" }, - { 0x40, "Gemalto SA France" }, - { 0x41, "Renesas Electronics Corporation Japan" }, - { 0x42, "3Alogics Inc Korea" }, - { 0x43, "Top TroniQ Asia Limited Hong Kong" }, - { 0x44, "Gentag Inc (USA) USA" }, - { 0x00, "no tag-info available" } // must be the last entry -}; - -// get a product description based on the UID -// uid[8] tag uid -// returns description of the best match -char* getTagInfo(uint8_t uid) { - - int i; - int len = sizeof(manufactureMapping) / sizeof(manufactureName); - - for ( i = 0; i < len; ++i ) - if ( uid == manufactureMapping[i].uid) - return manufactureMapping[i].desc; - - //No match, return default - return manufactureMapping[len-1].desc; -} +// iso14a apdu input frame length +static uint16_t frameLength = 0; +uint16_t atsFSC[] = {16, 24, 32, 40, 48, 64, 96, 128, 256}; int CmdHF14AList(const char *Cmd) { @@ -136,10 +46,49 @@ int CmdHF14AList(const char *Cmd) return 0; } +int Hf14443_4aGetCardData(iso14a_card_select_t *card) { + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}}; + SendCommand(&c); + + UsbCommand resp; + WaitForResponse(CMD_NACK, &resp); + + memcpy(card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); + + uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + + if (select_status == 0) { + PrintAndLog("E->iso14443a card select failed"); + return 1; + } + + if (select_status == 2) { + PrintAndLog("E->Card doesn't support iso14443-4 mode"); + return 1; + } + + if (select_status == 3) { + PrintAndLog("E->Card doesn't support standard iso14443-3 anticollision"); + PrintAndLog("\tATQA : %02x %02x", card->atqa[1], card->atqa[0]); + return 1; + } + + PrintAndLog(" UID: %s", sprint_hex(card->uid, card->uidlen)); + PrintAndLog("ATQA: %02x %02x", card->atqa[1], card->atqa[0]); + PrintAndLog(" SAK: %02x [%" PRIu64 "]", card->sak, resp.arg[0]); + if(card->ats_len < 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes + PrintAndLog("E-> Error ATS length(%d) : %s", card->ats_len, sprint_hex(card->ats, card->ats_len)); + return 1; + } + PrintAndLog(" ATS: %s", sprint_hex(card->ats, card->ats_len)); + + return 0; +} + int CmdHF14AReader(const char *Cmd) { uint32_t cm = ISO14A_CONNECT; bool leaveSignalON = false; - + CLIParserInit("hf 14a reader", "Executes ISO1443A anticollision-select group of commands.", NULL); void* argtable[] = { arg_param_begin, @@ -152,7 +101,7 @@ int CmdHF14AReader(const char *Cmd) { CLIParserFree(); return 0; } - + leaveSignalON = arg_get_lit(1); if (arg_get_lit(2)) { cm = cm - ISO14A_CONNECT; @@ -160,24 +109,24 @@ int CmdHF14AReader(const char *Cmd) { if (arg_get_lit(3)) { cm |= ISO14A_NO_RATS; } - + CLIParserFree(); - + if (leaveSignalON) - cm |= ISO14A_NO_DISCONNECT; - + cm |= ISO14A_NO_DISCONNECT; + UsbCommand c = {CMD_READER_ISO_14443a, {cm, 0, 0}}; SendCommand(&c); if (ISO14A_CONNECT & cm) { UsbCommand resp; WaitForResponse(CMD_ACK,&resp); - + iso14a_card_select_t card; memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); - uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision - + uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + if(select_status == 0) { PrintAndLog("iso14443a card select failed"); return 1; @@ -192,7 +141,7 @@ int CmdHF14AReader(const char *Cmd) { PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen)); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); PrintAndLog(" SAK : %02x [%" PRIu64 "]", card.sak, resp.arg[0]); - if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes + if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes PrintAndLog(" ATS : %s", sprint_hex(card.ats, card.ats_len)); } if (leaveSignalON) { @@ -203,24 +152,28 @@ int CmdHF14AReader(const char *Cmd) { if (!leaveSignalON) { PrintAndLog("Field dropped."); } - + return 0; } -int CmdHF14AInfo(const char *Cmd) -{ + +int CmdHF14AInfo(const char *Cmd) { + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; SendCommand(&c); UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); + if (!WaitForResponseTimeout(CMD_NACK, &resp, 500)) { + if (Cmd[0] != 's') PrintAndLog("Error: No response from Proxmark.\n"); + return 0; + } iso14a_card_select_t card; memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); - uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision - - if(select_status == 0) { + uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + + if (select_status == 0) { if (Cmd[0] != 's') PrintAndLog("iso14443a card select failed"); // disconnect c.arg[0] = 0; @@ -247,7 +200,7 @@ int CmdHF14AInfo(const char *Cmd) bool isMifareClassic = true; switch (card.sak) { - case 0x00: + case 0x00: isMifareClassic = false; //***************************************test**************** @@ -256,7 +209,7 @@ int CmdHF14AInfo(const char *Cmd) c.arg[1] = 0; c.arg[2] = 0; SendCommand(&c); - + uint32_t tagT = GetHF14AMfU_Type(); ul_print_type(tagT, 0); @@ -268,13 +221,13 @@ int CmdHF14AInfo(const char *Cmd) SendCommand(&c); UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); - + WaitForResponse(CMD_NACK,&resp); + memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); - select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS - - if(select_status == 0) { + select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS + + if (select_status == 0) { //PrintAndLog("iso14443a card select failed"); // disconnect c.arg[0] = 0; @@ -301,7 +254,7 @@ int CmdHF14AInfo(const char *Cmd) // UL-EV1, size, check version[6] == 0x0b (smaller) 0x0b * 4 == 48 case 0x0A:PrintAndLog("TYPE : NXP MIFARE Ultralight EV1 %d bytes", (version[6] == 0xB) ? 48 : 128);break; case 0x01:PrintAndLog("TYPE : NXP MIFARE Ultralight C");break; - case 0x00:PrintAndLog("TYPE : NXP MIFARE Ultralight");break; + case 0x00:PrintAndLog("TYPE : NXP MIFARE Ultralight");break; } */ break; @@ -323,8 +276,8 @@ int CmdHF14AInfo(const char *Cmd) // Double & triple sized UID, can be mapped to a manufacturer. // HACK: does this apply for Ultralight cards? - if ( card.uidlen > 4 ) { - PrintAndLog("MANUFACTURER : %s", getTagInfo(card.uid[0])); + if (card.uidlen > 4) { + PrintAndLog("MANUFACTURER : %s", getManufacturerName(card.uid[0])); } // try to request ATS even if tag claims not to support it @@ -336,12 +289,12 @@ int CmdHF14AInfo(const char *Cmd) memcpy(c.d.asBytes, rats, 2); SendCommand(&c); WaitForResponse(CMD_ACK,&resp); - - memcpy(card.ats, resp.d.asBytes, resp.arg[0]); - card.ats_len = resp.arg[0]; // note: ats_len includes CRC Bytes - } - if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes + memcpy(card.ats, resp.d.asBytes, resp.arg[0]); + card.ats_len = resp.arg[0]; // note: ats_len includes CRC Bytes + } + + if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes bool ta1 = 0, tb1 = 0, tc1 = 0; int pos; @@ -353,8 +306,8 @@ int CmdHF14AInfo(const char *Cmd) if (card.ats[0] != card.ats_len - 2) { PrintAndLog("ATS may be corrupted. Length of ATS (%d bytes incl. 2 Bytes CRC) doesn't match TL", card.ats_len); } - - if (card.ats[0] > 1) { // there is a format byte (T0) + + if (card.ats[0] > 1) { // there is a format byte (T0) ta1 = (card.ats[1] & 0x10) == 0x10; tb1 = (card.ats[1] & 0x20) == 0x20; tc1 = (card.ats[1] & 0x40) == 0x40; @@ -363,10 +316,7 @@ int CmdHF14AInfo(const char *Cmd) "TC1 is%s present, FSCI is %d (FSC = %ld)", (ta1 ? "" : " NOT"), (tb1 ? "" : " NOT"), (tc1 ? "" : " NOT"), fsci, - fsci < 5 ? (fsci - 2) * 8 : - fsci < 8 ? (fsci - 3) * 32 : - fsci == 8 ? 256 : - -1 + fsci < sizeof(atsFSC) ? atsFSC[fsci] : -1 ); } pos = 2; @@ -412,7 +362,7 @@ int CmdHF14AInfo(const char *Cmd) } else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) { tip = "-> MIFARE Plus S 2K or 4K"; } - } + } PrintAndLog(" - HB : %s%s", sprint_hex(card.ats + pos, card.ats[0] - pos), tip); if (card.ats[pos] == 0xC1) { PrintAndLog(" c1 -> Mifare or (multiple) virtual cards of various type"); @@ -479,23 +429,23 @@ int CmdHF14AInfo(const char *Cmd) PrintAndLog("proprietary non iso14443-4 card found, RATS not supported"); } - + // try to see if card responses to "chinese magic backdoor" commands. (void)mfCIdentify(); - - if (isMifareClassic) { - switch(DetectClassicPrng()) { + + if (isMifareClassic) { + switch (DetectClassicPrng()) { case 0: - PrintAndLog("Prng detection: HARDENED (hardnested)"); + PrintAndLog("Prng detection: HARDENED (hardnested)"); break; case 1: PrintAndLog("Prng detection: WEAK"); break; default: - PrintAndLog("Prng detection error."); + PrintAndLog("Prng detection error."); } } - + return select_status; } @@ -514,9 +464,9 @@ int CmdHF14ACUIDs(const char *Cmd) // execute anticollision procedure UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_RATS, 0, 0}}; SendCommand(&c); - + UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); + WaitForResponse(CMD_NACK,&resp); iso14a_card_select_t *card = (iso14a_card_select_t *) resp.d.asBytes; @@ -541,10 +491,10 @@ int CmdHF14ACUIDs(const char *Cmd) int CmdHF14ASim(const char *Cmd) { UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{0,0,0}}; - + // Retrieve the tag type uint8_t tagtype = param_get8ex(Cmd,0,0,10); - + // When no argument was given, just print help message if (tagtype == 0) { PrintAndLog(""); @@ -555,15 +505,15 @@ int CmdHF14ASim(const char *Cmd) PrintAndLog(" 2 = MIFARE Ultralight"); PrintAndLog(" 3 = MIFARE Desfire"); PrintAndLog(" 4 = ISO/IEC 14443-4"); - PrintAndLog(" 5 = MIFARE Tnp3xxx"); + PrintAndLog(" 5 = MIFARE Tnp3xxx"); PrintAndLog(""); return 1; } - + // Store the tag type c.arg[0] = tagtype; - - // Retrieve the full 4 or 7 byte long uid + + // Retrieve the full 4 or 7 byte long uid uint64_t long_uid = param_get64ex(Cmd,1,0,16); // Are we handling the (optional) second part uid? @@ -586,7 +536,7 @@ int CmdHF14ASim(const char *Cmd) if (c.arg[1] == 0) { PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]); } - + switch (c.arg[0]) { case 1: { PrintAndLog("Emulating ISO/IEC 14443-3 type A tag with 4 byte UID"); @@ -602,25 +552,26 @@ int CmdHF14ASim(const char *Cmd) return 1; } break; - } + } */ /* unsigned int hi = 0, lo = 0; int n = 0, i = 0; while (sscanf(&Cmd[i++], "%1x", &n ) == 1) { - hi= (hi << 4) | (lo >> 28); - lo= (lo << 4) | (n & 0xf); + hi= (hi << 4) | (lo >> 28); + lo= (lo << 4) | (n & 0xf); } */ -// UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)}; +// UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)}; // PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]); SendCommand(&c); return 0; } + int CmdHF14ASnoop(const char *Cmd) { int param = 0; - + uint8_t ctmp = param_getchar(Cmd, 0) ; if (ctmp == 'h' || ctmp == 'H') { PrintAndLog("It get data from the field and saves it into command buffer."); @@ -630,8 +581,8 @@ int CmdHF14ASnoop(const char *Cmd) { PrintAndLog("r - triggered by first 7-bit request from reader (REQ,WUP,...)"); PrintAndLog("sample: hf 14a snoop c r"); return 0; - } - + } + for (int i = 0; i < 2; i++) { ctmp = param_getchar(Cmd, i); if (ctmp == 'c' || ctmp == 'C') param |= 0x01; @@ -643,60 +594,236 @@ int CmdHF14ASnoop(const char *Cmd) { return 0; } + void DropField() { - UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; + UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; SendCommand(&c); } -int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + +int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + static bool responseNum = false; uint16_t cmdc = 0; - + *dataoutlen = 0; + if (activateField) { - cmdc |= ISO14A_CONNECT | ISO14A_CLEAR_TRACE; + responseNum = false; + UsbCommand resp; + + // Anticollision + SELECT card + UsbCommand ca = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_CLEAR_TRACE, 0, 0}}; + SendCommand(&ca); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLog("14aRAW ERROR: Proxmark connection timeout."); + return 1; + } + + // check result + if (resp.arg[0] == 0) { + PrintAndLog("14aRAW ERROR: No card in field."); + return 1; + } + + if (resp.arg[0] != 1 && resp.arg[0] != 2) { + PrintAndLog("14aRAW ERROR: card not in iso14443-4. res=%d.", resp.arg[0]); + return 1; + } + + if (resp.arg[0] == 2) { // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + // get ATS + UsbCommand cr = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT, 2, 0}}; + uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0 + memcpy(cr.d.asBytes, rats, 2); + SendCommand(&cr); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLog("14aRAW ERROR: Proxmark connection timeout."); + return 1; + } + + if (resp.arg[0] <= 0) { // ats_len + PrintAndLog("14aRAW ERROR: Can't get ATS."); + return 1; + } + } } + if (leaveSignalON) cmdc |= ISO14A_NO_DISCONNECT; + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF) + 2, 0}}; + uint8_t header[] = {0x0a | responseNum, 0x00}; + responseNum ^= 1; + memcpy(c.d.asBytes, header, 2); + memcpy(&c.d.asBytes[2], datain, datainlen); + SendCommand(&c); + + uint8_t *recv; + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + recv = resp.d.asBytes; + int iLen = resp.arg[0]; + + if(!iLen) { + PrintAndLog("14aRAW ERROR: No card response."); + return 1; + } + + *dataoutlen = iLen - 2; + if (*dataoutlen < 0) + *dataoutlen = 0; + + if (maxdataoutlen && *dataoutlen > maxdataoutlen) { + PrintAndLog("14aRAW ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen); + return 2; + } + + if (recv[0] != header[0]) { + PrintAndLog("14aRAW ERROR: iso14443-4 framing error. Card send %2x must be %2x", dataout[0], header[0]); + return 2; + } + + memcpy(dataout, &recv[2], *dataoutlen); + + // CRC Check + if (iLen == -1) { + PrintAndLog("14aRAW ERROR: ISO 14443A CRC error."); + return 3; + } + + + } else { + PrintAndLog("14aRAW ERROR: Reply timeout."); + return 4; + } + + return 0; +} + + +static int SelectCard14443_4(bool disconnect, iso14a_card_select_t *card) { + UsbCommand resp; + + frameLength = 0; + + if (card) + memset(card, 0, sizeof(iso14a_card_select_t)); + + DropField(); + + // Anticollision + SELECT card + UsbCommand ca = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; + SendCommand(&ca); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLogEx(ERR, "Proxmark connection timeout."); + return 1; + } + + // check result + if (resp.arg[0] == 0) { + PrintAndLogEx(ERR, "No card in field."); + return 1; + } + + if (resp.arg[0] != 1 && resp.arg[0] != 2) { + PrintAndLogEx(ERR, "Card not in iso14443-4. res=%d.", resp.arg[0]); + return 1; + } + + if (resp.arg[0] == 2) { // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + // try to get ATS although SAK indicated that it is not ISO14443-4 compliant + UsbCommand cr = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT, 2, 0}}; + uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0 + memcpy(cr.d.asBytes, rats, 2); + SendCommand(&cr); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLogEx(ERR, "Proxmark connection timeout."); + return 1; + } + + if (resp.arg[0] <= 0) { // ats_len + PrintAndLogEx(ERR, "Can't get ATS."); + return 1; + } + } + + // get frame length from ATS + iso14a_card_select_t *vcard = (iso14a_card_select_t *) resp.d.asBytes; + if (vcard->ats_len > 1) { + uint8_t fsci = vcard->ats[1] & 0x0f; + if (fsci < sizeof(atsFSC)) + frameLength = atsFSC[fsci]; + } + + if (card) { + memcpy(card, vcard, sizeof(iso14a_card_select_t)); + } + + if (disconnect) { + DropField(); + } + + return 0; +} + + +static int ExchangeAPDU(bool chainingin, uint8_t *datain, int datainlen, bool activateField, uint8_t *dataout, int maxdataoutlen, int *dataoutlen, bool *chainingout) +{ + *chainingout = false; + + if (activateField) { + // select with no disconnect and set frameLength + int selres = SelectCard14443_4(false, NULL); + if (selres) + return selres; + } + + uint16_t cmdc = 0; + if (chainingin) + cmdc = ISO14A_SEND_CHAINING; + // "Command APDU" length should be 5+255+1, but javacard's APDU buffer might be smaller - 133 bytes // https://stackoverflow.com/questions/32994936/safe-max-java-card-apdu-data-command-and-respond-size // here length USB_CMD_DATA_SIZE=512 // timeout must be authomatically set by "get ATS" - UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | cmdc, (datainlen & 0xFFFF), 0}}; + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | ISO14A_NO_DISCONNECT | cmdc, (datainlen & 0xFFFF), 0}}; memcpy(c.d.asBytes, datain, datainlen); SendCommand(&c); - - uint8_t *recv; - UsbCommand resp; - if (activateField) { - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - PrintAndLog("APDU ERROR: Proxmark connection timeout."); - return 1; - } - if (resp.arg[0] != 1) { - PrintAndLog("APDU ERROR: Proxmark error %d.", resp.arg[0]); - return 1; - } - } + uint8_t *recv; + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + recv = resp.d.asBytes; + int iLen = resp.arg[0]; + uint8_t res = resp.arg[1]; + + int dlen = iLen - 2; + if (dlen < 0) + dlen = 0; + *dataoutlen += dlen; - if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - recv = resp.d.asBytes; - int iLen = resp.arg[0]; - - *dataoutlen = iLen - 2; - if (*dataoutlen < 0) - *dataoutlen = 0; - if (maxdataoutlen && *dataoutlen > maxdataoutlen) { PrintAndLog("APDU ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen); return 2; } - - memcpy(dataout, recv, *dataoutlen); - - if(!iLen) { + + // I-block ACK + if ((res & 0xf2) == 0xa2) { + *dataoutlen = 0; + *chainingout = true; + return 0; + } + + if(!iLen) { PrintAndLog("APDU ERROR: No APDU response."); - return 1; + return 1; + } + + // check apdu length + if (iLen < 2 && iLen >= 0) { + PrintAndLog("APDU ERROR: Small APDU response. Len=%d", iLen); + return 2; } // check block TODO @@ -704,24 +831,93 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea PrintAndLog("APDU ERROR: Block type mismatch."); return 2; } - + + memcpy(dataout, recv, dlen); + + // chaining + if ((res & 0x10) != 0) { + *chainingout = true; + } + // CRC Check if (iLen == -1) { PrintAndLog("APDU ERROR: ISO 14443A CRC error."); return 3; } - - // check apdu length - if (iLen < 4) { - PrintAndLog("APDU ERROR: Small APDU response. Len=%d", iLen); - return 2; - } - - } else { - PrintAndLog("APDU ERROR: Reply timeout."); + } else { + PrintAndLog("APDU ERROR: Reply timeout."); return 4; - } - + } + + return 0; +} + + +int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + *dataoutlen = 0; + bool chaining = false; + int res; + + // 3 byte here - 1b framing header, 2b crc16 + if ( (frameLength && (datainlen > frameLength - 3)) || (datainlen > USB_CMD_DATA_SIZE - 3) ) { + int clen = 0; + + bool vActivateField = activateField; + + do { + int vlen = MIN(frameLength - 3, datainlen - clen); + bool chainBlockNotLast = ((clen + vlen) < datainlen); + + *dataoutlen = 0; + res = ExchangeAPDU(chainBlockNotLast, &datain[clen], vlen, vActivateField, dataout, maxdataoutlen, dataoutlen, &chaining); + if (res) { + if (!leaveSignalON) + DropField(); + + return 200; + } + + // check R-block ACK + if ((*dataoutlen == 0) && (*dataoutlen != 0 || chaining != chainBlockNotLast)) { + if (!leaveSignalON) + DropField(); + + return 201; + } + + clen += vlen; + vActivateField = false; + if (*dataoutlen) { + if (clen != datainlen) + PrintAndLogEx(WARNING, "APDU: I-block/R-block sequence error. Data len=%d, Sent=%d, Last packet len=%d", datainlen, clen, *dataoutlen); + break; + } + } while (clen < datainlen); + } else { + res = ExchangeAPDU(false, datain, datainlen, activateField, dataout, maxdataoutlen, dataoutlen, &chaining); + if (res) { + if (!leaveSignalON) + DropField(); + + return res; + } + } + + while (chaining) { + // I-block with chaining + res = ExchangeAPDU(false, NULL, 0, false, &dataout[*dataoutlen], maxdataoutlen, dataoutlen, &chaining); + + if (res) { + if (!leaveSignalON) + DropField(); + + return 100; + } + } + + if (!leaveSignalON) + DropField(); + return 0; } @@ -729,49 +925,119 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea int CmdHF14AAPDU(const char *cmd) { uint8_t data[USB_CMD_DATA_SIZE]; int datalen = 0; + uint8_t header[5]; + int headerlen = 0; bool activateField = false; bool leaveSignalON = false; bool decodeTLV = false; + bool decodeAPDU = false; + bool makeAPDU = false; + bool extendedAPDU = false; + int le = 0; + int res = 0; - CLIParserInit("hf 14a apdu", - "Sends an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol (T=CL)", - "Sample:\n\thf 14a apdu -st 00A404000E325041592E5359532E444446303100\n"); + CLIParserInit("hf 14a apdu", + "Sends an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol (T=CL). Works with all APDU types from ISO 7816-4:2013", + "Examples:\n\thf 14a apdu -st 00A404000E325041592E5359532E444446303100\n" + "\thf 14a apdu -sd 00A404000E325041592E5359532E444446303100 - decode APDU\n" + "\thf 14a apdu -sm 00A40400 325041592E5359532E4444463031 -l 256 - encode standard APDU\n" + "\thf 14a apdu -sm 00A40400 325041592E5359532E4444463031 -el 65536 - encode extended APDU\n"); void* argtable[] = { arg_param_begin, - arg_lit0("sS", "select", "activate field and select card"), - arg_lit0("kK", "keep", "leave the signal field ON after receive response"), - arg_lit0("tT", "tlv", "executes TLV decoder if it possible"), - arg_strx1(NULL, NULL, "", NULL), + arg_lit0("sS", "select", "activate field and select card"), + arg_lit0("kK", "keep", "leave the signal field ON after receive response"), + arg_lit0("tT", "tlv", "executes TLV decoder if it possible"), + arg_lit0("dD", "decapdu", "decode APDU request if it possible"), + arg_str0("mM", "make", "", "make APDU with head from this field and data from data field. Must be 4 bytes length: "), + arg_lit0("eE", "extended", "make extended length APDU (requires `-m`)"), + arg_int0("lL", "le", "", "Le APDU parameter (requires `-m`)"), + arg_strx1(NULL, NULL, "", "APDU (without `-m`), or data (with `-m`)"), arg_param_end }; CLIExecWithReturn(cmd, argtable, false); - + activateField = arg_get_lit(1); leaveSignalON = arg_get_lit(2); decodeTLV = arg_get_lit(3); - // len = data + PCB(1b) + CRC(2b) - CLIGetStrBLessWithReturn(4, data, &datalen, 1 + 2); + decodeAPDU = arg_get_lit(4); + res = CLIParamHexToBuf(arg_get_str(5), header, sizeof(header), &headerlen); + makeAPDU = headerlen > 0; + if (res || (makeAPDU && headerlen != 4)) { + PrintAndLogEx(ERR, "header length must be exactly 4 bytes"); + CLIParserFree(); + return 1; + } + extendedAPDU = arg_get_lit(6); + le = arg_get_int_def(7, 0); + + if (makeAPDU) { + uint8_t apdudata[USB_CMD_DATA_SIZE] = {0}; + int apdudatalen = 0; + + CLIGetHexBLessWithReturn(8, apdudata, &apdudatalen, 1 + 2); + + APDUStruct apdu; + apdu.cla = header[0]; + apdu.ins = header[1]; + apdu.p1 = header[2]; + apdu.p2 = header[3]; + + apdu.lc = apdudatalen; + apdu.data = apdudata; + + apdu.extended_apdu = extendedAPDU; + apdu.le = le; + + if (APDUEncode(&apdu, data, &datalen)) { + PrintAndLogEx(ERR, "can't make apdu with provided parameters."); + CLIParserFree(); + return 2; + } + } else { + if (extendedAPDU) { + PrintAndLogEx(ERR, "`-e` without `-m`."); + CLIParserFree(); + return 3; + } + if (le > 0) { + PrintAndLogEx(ERR, "`-l` without `-m`."); + CLIParserFree(); + return 3; + } + + // len = data + PCB(1b) + CRC(2b) + CLIGetHexBLessWithReturn(8, data, &datalen, 1 + 2); + } CLIParserFree(); -// PrintAndLog("---str [%d] %s", arg_get_str(4)->count, arg_get_str(4)->sval[0]); - PrintAndLog(">>>>[%s%s%s] %s", activateField ? "sel ": "", leaveSignalON ? "keep ": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen)); - - int res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, USB_CMD_DATA_SIZE, &datalen); +// PrintAndLog("---str [%d] %s", arg_get_str(4)->count, arg_get_str(4)->sval[0]); + PrintAndLogEx(NORMAL, ">>>>[%s%s%s] %s", activateField ? "sel ": "", leaveSignalON ? "keep ": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen)); + + if (decodeAPDU) { + APDUStruct apdu; + + if (APDUDecode(data, datalen, &apdu) == 0) + APDUPrint(apdu); + else + PrintAndLogEx(WARNING, "can't decode APDU."); + } + + res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, USB_CMD_DATA_SIZE, &datalen); if (res) return res; PrintAndLog("<<<< %s", sprint_hex(data, datalen)); - - PrintAndLog("APDU response: %02x %02x - %s", data[datalen - 2], data[datalen - 1], GetAPDUCodeDescription(data[datalen - 2], data[datalen - 1])); + + PrintAndLog("APDU response: %02x %02x - %s", data[datalen - 2], data[datalen - 1], GetAPDUCodeDescription(data[datalen - 2], data[datalen - 1])); // TLV decoder if (decodeTLV && datalen > 4) { TLVPrintFromBuffer(data, datalen - 2); } - + return 0; } @@ -791,7 +1057,7 @@ int CmdHF14ACmdRaw(const char *cmd) { int datalen = 0; // extract parameters - CLIParserInit("hf 14a raw", "Send raw hex data to tag", + CLIParserInit("hf 14a raw", "Send raw hex data to tag", "Sample:\n"\ "\thf 14a raw -pa -b7 -t1000 52 -- execute WUPA\n"\ "\thf 14a raw -p 9320 -- anticollision\n"\ @@ -813,12 +1079,12 @@ int CmdHF14ACmdRaw(const char *cmd) { // defaults arg_get_int(6) = 0; arg_get_int(7) = 0; - + if (CLIParserParseString(cmd, argtable, arg_getsize(argtable), false)){ CLIParserFree(); return 0; } - + reply = !arg_get_lit(1); crc = arg_get_lit(2); power = arg_get_lit(3); @@ -826,7 +1092,7 @@ int CmdHF14ACmdRaw(const char *cmd) { active_select = arg_get_lit(5); numbits = arg_get_int(6) & 0xFFFF; timeout = arg_get_int(7); - bTimeout = (timeout > 0); + bTimeout = (timeout > 0); topazmode = arg_get_lit(8); no_rats = arg_get_lit(9); // len = data + CRC(2b) @@ -834,10 +1100,10 @@ int CmdHF14ACmdRaw(const char *cmd) { CLIParserFree(); return 1; } - - CLIParserFree(); - - // logic + + CLIParserFree(); + + // logic if(crc && datalen>0 && datalen MAX_TIMEOUT) { timeout = MAX_TIMEOUT; @@ -901,13 +1167,13 @@ int CmdHF14ACmdRaw(const char *cmd) { static int waitCmd(uint8_t iSelect) { - uint8_t *recv; - UsbCommand resp; - char *hexout; + uint8_t *recv; + UsbCommand resp; + char *hexout; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - recv = resp.d.asBytes; - uint8_t iLen = resp.arg[0]; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + recv = resp.d.asBytes; + uint8_t iLen = resp.arg[0]; if (iSelect){ iLen = resp.arg[1]; if (iLen){ @@ -918,38 +1184,38 @@ static int waitCmd(uint8_t iSelect) { } else { PrintAndLog("received %i bytes:", iLen); } - if(!iLen) - return 1; - hexout = (char *)malloc(iLen * 3 + 1); - if (hexout != NULL) { - for (int i = 0; i < iLen; i++) { // data in hex - sprintf(&hexout[i * 3], "%02X ", recv[i]); - } - PrintAndLog("%s", hexout); - free(hexout); - } else { - PrintAndLog("malloc failed your client has low memory?"); + if(!iLen) + return 1; + hexout = (char *)malloc(iLen * 3 + 1); + if (hexout != NULL) { + for (int i = 0; i < iLen; i++) { // data in hex + sprintf(&hexout[i * 3], "%02X ", recv[i]); + } + PrintAndLog("%s", hexout); + free(hexout); + } else { + PrintAndLog("malloc failed your client has low memory?"); return 2; - } - } else { - PrintAndLog("timeout while waiting for reply."); + } + } else { + PrintAndLog("timeout while waiting for reply."); return 3; - } + } return 0; } -static command_t CommandTable[] = +static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, - {"reader", CmdHF14AReader, 0, "Start acting like an ISO14443 Type A reader"}, - {"info", CmdHF14AInfo, 0, "Reads card and shows information about it"}, - {"cuids", CmdHF14ACUIDs, 0, " Collect n>0 ISO14443 Type A UIDs in one go"}, - {"sim", CmdHF14ASim, 0, " -- Simulate ISO 14443a tag"}, - {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"}, - {"apdu", CmdHF14AAPDU, 0, "Send an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol"}, - {"raw", CmdHF14ACmdRaw, 0, "Send raw hex data to tag"}, - {NULL, NULL, 0, NULL} + {"help", CmdHelp, 1, "This help"}, + {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, + {"reader", CmdHF14AReader, 0, "Start acting like an ISO14443 Type A reader"}, + {"info", CmdHF14AInfo, 0, "Reads card and shows information about it"}, + {"cuids", CmdHF14ACUIDs, 0, " Collect n>0 ISO14443 Type A UIDs in one go"}, + {"sim", CmdHF14ASim, 0, " -- Simulate ISO 14443a tag"}, + {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"}, + {"apdu", CmdHF14AAPDU, 0, "Send an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol"}, + {"raw", CmdHF14ACmdRaw, 0, "Send raw hex data to tag"}, + {NULL, NULL, 0, NULL} }; int CmdHF14A(const char *Cmd) { diff --git a/client/cmdhf14a.h b/client/cmdhf14a.h index 71007f95..d1669f3a 100644 --- a/client/cmdhf14a.h +++ b/client/cmdhf14a.h @@ -14,17 +14,21 @@ #include #include +#include "mifare.h" -int CmdHF14A(const char *Cmd); -int CmdHF14AList(const char *Cmd); -int CmdHF14AMifare(const char *Cmd); -int CmdHF14AReader(const char *Cmd); +extern int CmdHF14A(const char *Cmd); +extern int CmdHF14AMfDbg(const char* cmd); +extern int CmdHF14AList(const char *Cmd); +extern int CmdHF14AMifare(const char *Cmd); +extern int CmdHF14AReader(const char *Cmd); extern int CmdHF14AInfo(const char *Cmd); -int CmdHF14ASim(const char *Cmd); -int CmdHF14ASnoop(const char *Cmd); -char* getTagInfo(uint8_t uid); +extern int CmdHF14ASim(const char *Cmd); +extern int CmdHF14ASnoop(const char *Cmd); extern void DropField(); + +extern int Hf14443_4aGetCardData(iso14a_card_select_t * card); +extern int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); #endif diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index ff0bf7c9..2ad35251 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "iso14443crc.h" #include "comms.h" #include "graph.h" @@ -22,103 +23,113 @@ #include "ui.h" #include "cmdparser.h" #include "cmdmain.h" -#include "cmdhf14a.h" +#include "taginfo.h" -static int CmdHelp(const char *Cmd); -int CmdHF14BList(const char *Cmd) -{ +int CmdHF14BList(const char *Cmd) { PrintAndLog("Deprecated command, use 'hf list 14b' instead"); - return 0; } -int CmdHF14BSim(const char *Cmd) -{ + +int CmdHF14BSim(const char *Cmd) { UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B}; clearCommandBuffer(); SendCommand(&c); return 0; } -int CmdHF14BSnoop(const char *Cmd) -{ + +int CmdHF14BSnoop(const char *Cmd) { UsbCommand c = {CMD_SNOOP_ISO_14443B}; clearCommandBuffer(); SendCommand(&c); return 0; } + /* New command to read the contents of a SRI512 tag * SRI512 tags are ISO14443-B modulated memory tags, * this command just dumps the contents of the memory */ -int CmdSri512Read(const char *Cmd) -{ +int CmdSri512Read(const char *Cmd) { UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}}; clearCommandBuffer(); SendCommand(&c); return 0; } + /* New command to read the contents of a SRIX4K tag * SRIX4K tags are ISO14443-B modulated memory tags, * this command just dumps the contents of the memory/ */ -int CmdSrix4kRead(const char *Cmd) -{ +int CmdSrix4kRead(const char *Cmd) { UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}}; clearCommandBuffer(); SendCommand(&c); return 0; } -int rawClose(void){ + +static bool switch_off_field_14b(void) { UsbCommand resp; UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; clearCommandBuffer(); SendCommand(&c); - if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) { - return 0; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + return false; } - return 0; + return false; } -int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datalen, bool verbose){ + +int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datalen, bool verbose) { UsbCommand resp; UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv,power - if(*crc) - { + if (*crc) { uint8_t first, second; ComputeCrc14443(CRC_14443_B, data, *datalen, &first, &second); data[*datalen] = first; data[*datalen + 1] = second; *datalen += 2; } - + c.arg[0] = *datalen; c.arg[1] = reply; c.arg[2] = power; - memcpy(c.d.asBytes,data,*datalen); + memcpy(c.d.asBytes,data, *datalen); clearCommandBuffer(); SendCommand(&c); - - if (!reply) return 1; - if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (!reply) return 1; + + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { if (verbose) PrintAndLog("timeout while waiting for reply."); return 0; } - *datalen = resp.arg[0]; - if (verbose) PrintAndLog("received %u octets", *datalen); - if(*datalen<2) return 0; + + int ret = resp.arg[0]; + if (verbose) { + if (ret < 0) { + PrintAndLog("tag didn't respond"); + } else if (ret == 0) { + PrintAndLog("received SOF only (maybe iCLASS/Picopass)"); + } else { + PrintAndLog("received %u octets", ret); + } + } + + *datalen = ret; + + if (ret < 2) return 0; memcpy(data, resp.d.asBytes, *datalen); if (verbose) PrintAndLog("%s", sprint_hex(data, *datalen)); uint8_t first, second; ComputeCrc14443(CRC_14443_B, data, *datalen-2, &first, &second); - if(data[*datalen-2] == first && data[*datalen-1] == second) { + if (data[*datalen-2] == first && data[*datalen-1] == second) { if (verbose) PrintAndLog("CRC OK"); *crc = true; } else { @@ -128,7 +139,8 @@ int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datal return 1; } -int CmdHF14BCmdRaw (const char *Cmd) { + +static int CmdHF14BCmdRaw (const char *Cmd) { bool reply = true; bool crc = false; bool power = false; @@ -139,7 +151,7 @@ int CmdHF14BCmdRaw (const char *Cmd) { uint8_t datalen = 0; unsigned int temp; int i = 0; - if (strlen(Cmd)<3) { + if (strlen(Cmd) < 2) { PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] [-s || -ss] <0A 0B 0C ... hex>"); PrintAndLog(" -r do not read response"); PrintAndLog(" -c calculate and append CRC"); @@ -150,28 +162,28 @@ int CmdHF14BCmdRaw (const char *Cmd) { } // strip - while (*Cmd==' ' || *Cmd=='\t') Cmd++; - - while (Cmd[i]!='\0') { - if (Cmd[i]==' ' || Cmd[i]=='\t') { i++; continue; } - if (Cmd[i]=='-') { + while (*Cmd == ' ' || *Cmd == '\t') Cmd++; + + while (Cmd[i] != '\0') { + if (Cmd[i] == ' ' || Cmd[i] == '\t') { i++; continue; } + if (Cmd[i] == '-') { switch (Cmd[i+1]) { - case 'r': - case 'R': + case 'r': + case 'R': reply = false; break; case 'c': - case 'C': + case 'C': crc = true; break; - case 'p': - case 'P': + case 'p': + case 'P': power = true; break; case 's': case 'S': select = true; - if (Cmd[i+2]=='s' || Cmd[i+2]=='S') { + if (Cmd[i+2] == 's' || Cmd[i+2] == 'S') { SRx = true; i++; } @@ -180,34 +192,33 @@ int CmdHF14BCmdRaw (const char *Cmd) { PrintAndLog("Invalid option"); return 0; } - i+=2; + i += 2; continue; } - if ((Cmd[i]>='0' && Cmd[i]<='9') || - (Cmd[i]>='a' && Cmd[i]<='f') || - (Cmd[i]>='A' && Cmd[i]<='F') ) { - buf[strlen(buf)+1]=0; - buf[strlen(buf)]=Cmd[i]; + if ((Cmd[i] >= '0' && Cmd[i] <= '9') || + (Cmd[i] >= 'a' && Cmd[i] <= 'f') || + (Cmd[i] >= 'A' && Cmd[i] <= 'F') ) { + buf[strlen(buf)+1] = 0; + buf[strlen(buf)] = Cmd[i]; i++; - - if (strlen(buf)>=2) { - sscanf(buf,"%x",&temp); - data[datalen++]=(uint8_t)(temp & 0xff); - *buf=0; + + if (strlen(buf) >= 2) { + sscanf(buf, "%x", &temp); + data[datalen++] = (uint8_t)(temp & 0xff); + *buf = 0; } continue; } PrintAndLog("Invalid char on input"); return 0; } - if (datalen == 0) - { + if (datalen == 0) { PrintAndLog("Missing data input"); return 0; } - if (select){ //auto select 14b tag - uint8_t cmd2[16]; + if (select) { //auto select 14b tag + uint8_t cmd2[16]; bool crc2 = true; uint8_t cmdLen; @@ -224,11 +235,14 @@ int CmdHF14BCmdRaw (const char *Cmd) { cmd2[2] = 0x08; } - if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b(); + + if (SRx) { + if (cmdLen != 3 || !crc2) return switch_off_field_14b(); + } else { + if (cmd2[0] != 0x50 || cmdLen != 14 || !crc2) return switch_off_field_14b(); + } - if ( SRx && (cmdLen != 3 || !crc2) ) return rawClose(); - else if (cmd2[0] != 0x50 || cmdLen != 14 || !crc2) return rawClose(); - uint8_t chipID = 0; if (SRx) { // select @@ -238,7 +252,7 @@ int CmdHF14BCmdRaw (const char *Cmd) { cmdLen = 2; } else { // attrib - cmd2[0] = 0x1D; + cmd2[0] = 0x1D; // UID from cmd2[1 - 4] cmd2[5] = 0x00; cmd2[6] = 0x08; @@ -247,39 +261,42 @@ int CmdHF14BCmdRaw (const char *Cmd) { cmdLen = 9; } - if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b(); - if (cmdLen != 3 || !crc2) return rawClose(); - if (SRx && cmd2[0] != chipID) return rawClose(); + if (cmdLen != 3 || !crc2) return switch_off_field_14b(); + if (SRx && cmd2[0] != chipID) return switch_off_field_14b(); } + return HF14BCmdRaw(reply, &crc, power, data, &datalen, true); + } + // print full atqb info -static void print_atqb_resp(uint8_t *data){ +static void print_atqb_resp(uint8_t *data) { //PrintAndLog (" UID: %s", sprint_hex(data+1,4)); - PrintAndLog (" App Data: %s", sprint_hex(data+5,4)); - PrintAndLog (" Protocol: %s", sprint_hex(data+9,3)); + PrintAndLog(" App Data: %s", sprint_hex(data+5,4)); + PrintAndLog(" Protocol: %s", sprint_hex(data+9,3)); uint8_t BitRate = data[9]; - if (!BitRate) + if (!BitRate) PrintAndLog (" Bit Rate: 106 kbit/s only PICC <-> PCD"); if (BitRate & 0x10) PrintAndLog (" Bit Rate: 212 kbit/s PICC -> PCD supported"); if (BitRate & 0x20) - PrintAndLog (" Bit Rate: 424 kbit/s PICC -> PCD supported"); + PrintAndLog (" Bit Rate: 424 kbit/s PICC -> PCD supported"); if (BitRate & 0x40) - PrintAndLog (" Bit Rate: 847 kbit/s PICC -> PCD supported"); + PrintAndLog (" Bit Rate: 847 kbit/s PICC -> PCD supported"); if (BitRate & 0x01) PrintAndLog (" Bit Rate: 212 kbit/s PICC <- PCD supported"); if (BitRate & 0x02) - PrintAndLog (" Bit Rate: 424 kbit/s PICC <- PCD supported"); + PrintAndLog (" Bit Rate: 424 kbit/s PICC <- PCD supported"); if (BitRate & 0x04) - PrintAndLog (" Bit Rate: 847 kbit/s PICC <- PCD supported"); - if (BitRate & 0x80) + PrintAndLog (" Bit Rate: 847 kbit/s PICC <- PCD supported"); + if (BitRate & 0x80) PrintAndLog (" Same bit rate <-> required"); - uint16_t maxFrame = data[10]>>4; - if (maxFrame < 5) + uint16_t maxFrame = data[10] >> 4; + if (maxFrame < 5) maxFrame = 8*maxFrame + 16; else if (maxFrame == 5) maxFrame = 64; @@ -292,7 +309,7 @@ static void print_atqb_resp(uint8_t *data){ else maxFrame = 257; - PrintAndLog ("Max Frame Size: %u%s",maxFrame, (maxFrame == 257) ? "+ RFU" : ""); + PrintAndLog ("Max Frame Size: %u%s", maxFrame, (maxFrame == 257) ? "+ RFU" : ""); uint8_t protocolT = data[10] & 0xF; PrintAndLog (" Protocol Type: Protocol is %scompliant with ISO/IEC 14443-4",(protocolT) ? "" : "not " ); @@ -301,50 +318,32 @@ static void print_atqb_resp(uint8_t *data){ PrintAndLog (" Frame Options: NAD is %ssupported",(data[11]&2) ? "" : "not "); PrintAndLog (" Frame Options: CID is %ssupported",(data[11]&1) ? "" : "not "); PrintAndLog ("Max Buf Length: %u (MBLI) %s",data[14]>>4, (data[14] & 0xF0) ? "" : "not supported"); - + return; } -// get SRx chip model (from UID) // from ST Microelectronics -char *get_ST_Chip_Model(uint8_t data){ - static char model[20]; - char *retStr = model; - memset(model,0, sizeof(model)); - switch (data) { - case 0x0: sprintf(retStr, "SRIX4K (Special)"); break; - case 0x2: sprintf(retStr, "SR176"); break; - case 0x3: sprintf(retStr, "SRIX4K"); break; - case 0x4: sprintf(retStr, "SRIX512"); break; - case 0x6: sprintf(retStr, "SRI512"); break; - case 0x7: sprintf(retStr, "SRI4K"); break; - case 0xC: sprintf(retStr, "SRT512"); break; - default : sprintf(retStr, "Unknown"); break; - } - return retStr; -} - -int print_ST_Lock_info(uint8_t model){ +int print_ST_Lock_info(uint8_t model) { //assume connection open and tag selected... uint8_t data[16] = {0x00}; uint8_t datalen = 2; bool crc = true; uint8_t resplen; - uint8_t blk1; + uint8_t blk1; data[0] = 0x08; - if (model == 0x2) { //SR176 has special command: - data[1] = 0xf; - resplen = 4; + if (model == 0x02) { //SR176 has special command: + data[1] = 0x0f; + resplen = 4; } else { data[1] = 0xff; resplen = 6; } //std read cmd - if (HF14BCmdRaw(true, &crc, true, data, &datalen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) == 0) return switch_off_field_14b(); - if (datalen != resplen || !crc) return rawClose(); + if (datalen != resplen || !crc) return switch_off_field_14b(); PrintAndLog("Chip Write Protection Bits:"); // now interpret the data @@ -356,7 +355,7 @@ int print_ST_Lock_info(uint8_t model){ blk1 = 9; PrintAndLog(" raw: %s",printBits(1,data+3)); PrintAndLog(" 07/08:%slocked", (data[3] & 1) ? " not " : " " ); - for (uint8_t i = 1; i<8; i++){ + for (uint8_t i = 1; i < 8; i++){ PrintAndLog(" %02u:%slocked", blk1, (data[3] & (1 << i)) ? " not " : " " ); blk1++; } @@ -366,9 +365,9 @@ int print_ST_Lock_info(uint8_t model){ case 0xC: // (SRT512) //need data[2] and data[3] blk1 = 0; - PrintAndLog(" raw: %s",printBits(2,data+2)); - for (uint8_t b=2; b<4; b++){ - for (uint8_t i=0; i<8; i++){ + PrintAndLog(" raw: %s", printBits(2,data+2)); + for (uint8_t b = 2; b < 4; b++) { + for (uint8_t i = 0; i < 8; i++) { PrintAndLog(" %02u:%slocked", blk1, (data[b] & (1 << i)) ? " not " : " " ); blk1++; } @@ -377,29 +376,31 @@ int print_ST_Lock_info(uint8_t model){ case 0x2: // (SR176) //need data[2] blk1 = 0; - PrintAndLog(" raw: %s",printBits(1,data+2)); - for (uint8_t i = 0; i<8; i++){ + PrintAndLog(" raw: %s",printBits(1, data+2)); + for (uint8_t i = 0; i < 8; i++){ PrintAndLog(" %02u/%02u:%slocked", blk1, blk1+1, (data[2] & (1 << i)) ? " " : " not " ); - blk1+=2; + blk1 += 2; } break; default: - return rawClose(); + return switch_off_field_14b(); } return 1; } + // print UID info from SRx chips (ST Microelectronics) -static void print_st_general_info(uint8_t *data){ +static void print_st_general_info(uint8_t *data) { //uid = first 8 bytes in data - PrintAndLog(" UID: %s", sprint_hex(SwapEndian64(data,8,8),8)); - PrintAndLog(" MFG: %02X, %s", data[6], getTagInfo(data[6])); - PrintAndLog(" Chip: %02X, %s", data[5]>>2, get_ST_Chip_Model(data[5]>>2)); + PrintAndLog(" UID: %s", sprint_hex(SwapEndian64(data, 8, 8), 8)); + PrintAndLog(" MFG: %02X, %s", data[6], getManufacturerName(data[6])); + PrintAndLog(" Chip: %02X, %s", data[5], getChipInfo(data[6], data[5])); return; } + // 14b get and print UID only (general info) -int HF14BStdReader(uint8_t *data, uint8_t *datalen){ +int HF14BStdReader(uint8_t *data, uint8_t *datalen) { //05 00 00 = find one tag in field //1d xx xx xx xx 00 08 01 00 = attrib xx=UID (resp 10 [f9 e0]) //a3 = ? (resp 03 [e2 c2]) @@ -424,18 +425,18 @@ int HF14BStdReader(uint8_t *data, uint8_t *datalen){ data[1] = 0x00; data[2] = 0x08; - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b(); - if (data[0] != 0x50 || *datalen != 14 || !crc) return rawClose(); + if (data[0] != 0x50 || *datalen != 14 || !crc) return switch_off_field_14b(); PrintAndLog ("\n14443-3b tag found:"); - PrintAndLog (" UID: %s", sprint_hex(data+1,4)); + PrintAndLog (" UID: %s", sprint_hex(data+1, 4)); - uint8_t cmd2[16]; + uint8_t cmd2[16]; uint8_t cmdLen = 3; bool crc2 = true; - cmd2[0] = 0x1D; + cmd2[0] = 0x1D; // UID from data[1 - 4] cmd2[1] = data[1]; cmd2[2] = data[2]; @@ -448,28 +449,29 @@ int HF14BStdReader(uint8_t *data, uint8_t *datalen){ cmdLen = 9; // attrib - if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b(); - if (cmdLen != 3 || !crc2) return rawClose(); + if (cmdLen != 3 || !crc2) return switch_off_field_14b(); // add attrib responce to data data[14] = cmd2[0]; - rawClose(); + switch_off_field_14b(); return 1; } + // 14b get and print Full Info (as much as we know) -int HF14BStdInfo(uint8_t *data, uint8_t *datalen){ - if (!HF14BStdReader(data,datalen)) return 0; +static bool HF14B_Std_Info(uint8_t *data, uint8_t *datalen) { + if (!HF14BStdReader(data, datalen)) return false; //add more info here print_atqb_resp(data); - - return 1; + return true; } + // SRx get and print general info about SRx chip from UID -int HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){ +static bool HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){ bool crc = true; *datalen = 2; //wake cmd @@ -478,9 +480,9 @@ int HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){ //leave power on // verbose on for now for testing - turn off when functional - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b(); - if (*datalen != 3 || !crc) return rawClose(); + if (*datalen != 3 || !crc) return switch_off_field_14b(); uint8_t chipID = data[0]; // select @@ -489,118 +491,142 @@ int HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){ *datalen = 2; //leave power on - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b(); - if (*datalen != 3 || !crc || data[0] != chipID) return rawClose(); + if (*datalen != 3 || !crc || data[0] != chipID) return switch_off_field_14b(); // get uid data[0] = 0x0B; *datalen = 1; //leave power on - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose(); + if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b(); - if (*datalen != 10 || !crc) return rawClose(); + if (*datalen != 10 || !crc) return switch_off_field_14b(); //power off ? - if (closeCon) rawClose(); + if (closeCon) switch_off_field_14b(); PrintAndLog("\n14443-3b ST tag found:"); print_st_general_info(data); return 1; } -// SRx get and print full info (needs more info...) -int HF14B_ST_Info(uint8_t *data, uint8_t *datalen){ - if (!HF14B_ST_Reader(data, datalen, false)) return 0; - - //add locking bit information here. - if (print_ST_Lock_info(data[5]>>2)) - rawClose(); - return 1; +// SRx get and print full info (needs more info...) +static bool HF14B_ST_Info(bool verbose) { + uint8_t data[100]; + uint8_t datalen; + + if (!HF14B_ST_Reader(data, &datalen, false)) return false; + + //add locking bit information here. + if (print_ST_Lock_info(data[5] >> 2)) + switch_off_field_14b(); + + return true; } + // test for other 14b type tags (mimic another reader - don't have tags to identify) -int HF14B_Other_Reader(uint8_t *data, uint8_t *datalen){ +static bool HF14B_Other_Reader(uint8_t *data, bool verbose) { + uint8_t datalen; bool crc = true; - *datalen = 4; + //std read cmd data[0] = 0x00; data[1] = 0x0b; data[2] = 0x3f; data[3] = 0x80; + datalen = 4; - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) { - if (*datalen > 2 || !crc) { + if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) { + if (datalen > 2 || !crc) { PrintAndLog ("\n14443-3b tag found:"); - PrintAndLog ("Unknown tag type answered to a 0x000b3f80 command ans:"); - PrintAndLog ("%s",sprint_hex(data,*datalen)); - rawClose(); - return 1; + PrintAndLog ("Unknown tag type answered to a 0x000b3f80 command:"); + PrintAndLog ("%s", sprint_hex(data, datalen)); + switch_off_field_14b(); + return true; } } crc = false; - *datalen = 1; + datalen = 1; data[0] = 0x0a; - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) { - if (*datalen > 0) { + if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) { + if (datalen > 0) { PrintAndLog ("\n14443-3b tag found:"); - PrintAndLog ("Unknown tag type answered to a 0x0A command ans:"); - PrintAndLog ("%s",sprint_hex(data,*datalen)); - rawClose(); - return 1; + PrintAndLog ("Unknown tag type answered to a 0x0A command:"); + PrintAndLog ("%s", sprint_hex(data, datalen)); + switch_off_field_14b(); + return true; } } - + crc = false; - *datalen = 1; + datalen = 1; data[0] = 0x0c; - if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) { - if (*datalen > 0) { + if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) { + if (datalen > 0) { PrintAndLog ("\n14443-3b tag found:"); - PrintAndLog ("Unknown tag type answered to a 0x0C command ans:"); - PrintAndLog ("%s",sprint_hex(data,*datalen)); - rawClose(); - return 1; + PrintAndLog ("Unknown tag type answered to a 0x0C command:"); + PrintAndLog ("%s", sprint_hex(data, datalen)); + switch_off_field_14b(); + return true; } } - rawClose(); + switch_off_field_14b(); + return false; +} + + +// get and print all info known about any known 14b tag +static int usage_hf_14b_info(void) { + PrintAndLogEx(NORMAL, "Usage: hf 14b info [h] [s]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h this help"); + PrintAndLogEx(NORMAL, " s silently"); + PrintAndLogEx(NORMAL, "Example:"); + PrintAndLogEx(NORMAL, " hf 14b info"); return 0; } -// get and print all info known about any known 14b tag -int HF14BInfo(bool verbose){ +int infoHF14B(bool verbose) { uint8_t data[100]; - uint8_t datalen = 5; - + uint8_t datalen; + // try std 14b (atqb) - if (HF14BStdInfo(data, &datalen)) return 1; + if (HF14B_Std_Info(data, &datalen)) return 1; // try st 14b - if (HF14B_ST_Info(data, &datalen)) return 1; + if (HF14B_ST_Info(verbose)) return 1; // try unknown 14b read commands (to be identified later) // could be read of calypso, CEPAS, moneo, or pico pass. - if (HF14B_Other_Reader(data, &datalen)) return 1; + if (HF14B_Other_Reader(data, verbose)) return 1; if (verbose) PrintAndLog("no 14443B tag found"); return 0; } + // menu command to get and print all info known about any known 14b tag -int CmdHF14Binfo(const char *Cmd){ - return HF14BInfo(true); +static int CmdHF14Binfo(const char *Cmd){ + char cmdp = tolower(param_getchar(Cmd, 0)); + if (cmdp == 'h') return usage_hf_14b_info(); + + bool verbose = !(cmdp == 's'); + return infoHF14B(verbose); } + // get and print general info about all known 14b chips -int HF14BReader(bool verbose){ +int readHF14B(bool verbose){ uint8_t data[100]; uint8_t datalen = 5; - + // try std 14b (atqb) if (HF14BStdReader(data, &datalen)) return 1; @@ -609,33 +635,49 @@ int HF14BReader(bool verbose){ // try unknown 14b read commands (to be identified later) // could be read of calypso, CEPAS, moneo, or pico pass. - if (HF14B_Other_Reader(data, &datalen)) return 1; + if (HF14B_Other_Reader(data, verbose)) return 1; if (verbose) PrintAndLog("no 14443B tag found"); return 0; } + // menu command to get and print general info about all known 14b chips -int CmdHF14BReader(const char *Cmd){ - return HF14BReader(true); +static int usage_hf_14b_reader(void) { + PrintAndLogEx(NORMAL, "Usage: hf 14b reader [h] [s]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h this help"); + PrintAndLogEx(NORMAL, " s silently"); + PrintAndLogEx(NORMAL, "Example:"); + PrintAndLogEx(NORMAL, " hf 14b reader"); + return 0; } -int CmdSriWrite( const char *Cmd){ + +static int CmdHF14BReader(const char *Cmd) { + char cmdp = tolower(param_getchar(Cmd, 0)); + if (cmdp == 'h') return usage_hf_14b_reader(); + + bool verbose = !(cmdp == 's'); + return readHF14B(verbose); +} + + +int CmdSriWrite(const char *Cmd) { /* * For SRIX4K blocks 00 - 7F * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata * * For SR512 blocks 00 - 0F * hf 14b raw -c -p 09 $sr512wblock $sr512wdata - * + * * Special block FF = otp_lock_reg block. * Data len 4 bytes- */ - char cmdp = param_getchar(Cmd, 0); + char cmdp = param_getchar(Cmd, 0); uint8_t blockno = -1; uint8_t data[4] = {0x00}; bool isSrix4k = true; - char str[20]; if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: hf 14b write <1|2> "); @@ -651,43 +693,47 @@ int CmdSriWrite( const char *Cmd){ if ( cmdp == '2' ) isSrix4k = false; - + //blockno = param_get8(Cmd, 1); - - if ( param_gethex(Cmd,1, &blockno, 2) ) { + + if (param_gethex(Cmd,1, &blockno, 2) ) { PrintAndLog("Block number must include 2 HEX symbols"); return 0; } - - if ( isSrix4k ){ - if ( blockno > 0x7f && blockno != 0xff ){ + + if (isSrix4k) { + if (blockno > 0x7f && blockno != 0xff){ PrintAndLog("Block number out of range"); return 0; - } + } } else { - if ( blockno > 0x0f && blockno != 0xff ){ + if (blockno > 0x0f && blockno != 0xff){ PrintAndLog("Block number out of range"); return 0; - } + } } - + if (param_gethex(Cmd, 2, data, 8)) { PrintAndLog("Data must include 8 HEX symbols"); return 0; } - - if ( blockno == 0xff) - PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512" , blockno, sprint_hex(data,4) ); + + if (blockno == 0xff) + PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data, 4)); else - PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) ); - - sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]); + PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data, 4)); + + char str[22]; + sprintf(str, "-ss -c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]); CmdHF14BCmdRaw(str); return 0; } -static command_t CommandTable[] = + +static int CmdHelp(const char *Cmd); + +static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"info", CmdHF14Binfo, 0, "Find and print details about a 14443B tag"}, diff --git a/client/cmdhf14b.h b/client/cmdhf14b.h index 4fcae927..4897d879 100644 --- a/client/cmdhf14b.h +++ b/client/cmdhf14b.h @@ -21,6 +21,6 @@ int CmdHF14BSnoop(const char *Cmd); int CmdSri512Read(const char *Cmd); int CmdSrix4kRead(const char *Cmd); int CmdHF14BWrite( const char *cmd); -int HF14BInfo(bool verbose); +int infoHF14B(bool verbose); #endif diff --git a/client/cmdhf15.c b/client/cmdhf15.c index c116b001..cc86841b 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -35,229 +35,87 @@ #include "util.h" #include "cmdparser.h" #include "iso15693tools.h" +#include "protocols.h" #include "cmdmain.h" - -#define FrameSOF Iso15693FrameSOF -#define Logic0 Iso15693Logic0 -#define Logic1 Iso15693Logic1 -#define FrameEOF Iso15693FrameEOF +#include "taginfo.h" #define Crc(data,datalen) Iso15693Crc(data,datalen) #define AddCrc(data,datalen) Iso15693AddCrc(data,datalen) #define sprintUID(target,uid) Iso15693sprintUID(target,uid) -// structure and database for uid -> tagtype lookups -typedef struct { - uint64_t uid; - int mask; // how many MSB bits used - char* desc; -} productName; +// SOF defined as +// 1) Unmodulated time of 56.64us +// 2) 24 pulses of 423.75khz +// 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz) +static const int Iso15693FrameSOF[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, + 1, 1, 1, 1 +}; +static const int Iso15693Logic0[] = { + 1, 1, 1, 1, + 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1 +}; +static const int Iso15693Logic1[] = { + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, + 1, 1, 1, 1 +}; -const productName uidmapping[] = { +// EOF defined as +// 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us) +// 2) 24 pulses of 423.75khz +// 3) Unmodulated time of 56.64us - // UID, #significant Bits, "Vendor(+Product)" - { 0xE001000000000000LL, 16, "Motorola UK" }, - - // E0 02 xx - // 02 = ST Microelectronics - // XX = IC id (Chip ID Family) - { 0xE002000000000000LL, 16, "ST Microelectronics SA France" }, - { 0xE002050000000000LL, 24, "ST Microelectronics; LRI64 [IC id = 05]"}, - { 0xE002080000000000LL, 24, "ST Microelectronics; LRI2K [IC id = 08]"}, - { 0xE0020A0000000000LL, 24, "ST Microelectronics; LRIS2K [IC id = 10]"}, - { 0xE002440000000000LL, 24, "ST Microelectronics; LRIS64K [IC id = 68]"}, - - { 0xE003000000000000LL, 16, "Hitachi, Ltd Japan" }, - - // E0 04 xx - // 04 = Manufacturer code (Philips/NXP) - // XX = IC id (Chip ID Family) - //I-Code SLI SL2 ICS20 [IC id = 01] - //I-Code SLI-S [IC id = 02] - //I-Code SLI-L [IC id = 03] - //I-Code SLIX [IC id = 01 + bit36 set to 1 (starting from bit0 - different from normal SLI)] - //I-Code SLIX-S [IC id = 02 + bit36 set to 1] - //I-Code SLIX-L [IC id = 03 + bit36 set to 1] - { 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" }, - { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" }, - { 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" }, - { 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" }, - - // E0 05 XX .. .. .. - // 05 = Manufacturer code (Infineon) - // XX = IC id (Chip ID Family) - { 0xE005000000000000LL, 16, "Infineon Technologies AG Germany" }, - { 0xE005A10000000000LL, 24, "Infineon; SRF55V01P [IC id = 161] plain mode 1kBit"}, - { 0xE005A80000000000LL, 24, "Infineon; SRF55V01P [IC id = 168] pilot series 1kBit"}, - { 0xE005400000000000LL, 24, "Infineon; SRF55V02P [IC id = 64] plain mode 2kBit"}, - { 0xE005000000000000LL, 24, "Infineon; SRF55V10P [IC id = 00] plain mode 10KBit"}, - { 0xE005500000000000LL, 24, "Infineon; SRF55V02S [IC id = 80] secure mode 2kBit"}, - { 0xE005100000000000LL, 24, "Infineon; SRF55V10S [IC id = 16] secure mode 10KBit"}, - { 0xE0051E0000000000LL, 23, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"}, - { 0xE005200000000000LL, 21, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"}, - - { 0xE006000000000000LL, 16, "Cylink USA" }, - - - // E0 07 xx - // 07 = Texas Instruments - // XX = from bit 41 to bit 43 = product configuration - from bit 44 to bit 47 IC id (Chip ID Family) - //Tag IT RFIDType-I Plus, 2kBit, TI Inlay - //Tag-it HF-I Plus Inlay [IC id = 00] -> b'0000 000 2kBit - //Tag-it HF-I Plus Chip [IC id = 64] -> b'1000 000 2kBit - //Tag-it HF-I Standard Chip / Inlays [IC id = 96] -> b'1100 000 256Bit - //Tag-it HF-I Pro Chip / Inlays [IC id = 98] -> b'1100 010 256Bit, Password protection - { 0xE007000000000000LL, 16, "Texas Instrument France" }, - { 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" }, - { 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" }, - { 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" }, - { 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" }, - { 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" }, - - { 0xE008000000000000LL, 16, "Fujitsu Limited Japan" }, - { 0xE009000000000000LL, 16, "Matsushita Electronics Corporation, Semiconductor Company Japan" }, - { 0xE00A000000000000LL, 16, "NEC Japan" }, - { 0xE00B000000000000LL, 16, "Oki Electric Industry Co. Ltd Japan" }, - { 0xE00C000000000000LL, 16, "Toshiba Corp. Japan" }, - { 0xE00D000000000000LL, 16, "Mitsubishi Electric Corp. Japan" }, - { 0xE00E000000000000LL, 16, "Samsung Electronics Co. Ltd Korea" }, - { 0xE00F000000000000LL, 16, "Hynix / Hyundai, Korea" }, - { 0xE010000000000000LL, 16, "LG-Semiconductors Co. Ltd Korea" }, - { 0xE011000000000000LL, 16, "Emosyn-EM Microelectronics USA" }, - - { 0xE012000000000000LL, 16, "HID Corporation" }, - { 0xE012000000000000LL, 16, "INSIDE Technology France" }, - { 0xE013000000000000LL, 16, "ORGA Kartensysteme GmbH Germany" }, - { 0xE014000000000000LL, 16, "SHARP Corporation Japan" }, - { 0xE015000000000000LL, 16, "ATMEL France" }, - - { 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)"}, - { 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034 [IC id = 01] (Read/Write - no AFI)"}, - { 0xE0160C0000000000LL, 24, "EM-Marin SA (Skidata); EM4035 [IC id = 03] (Read/Write - replaced by 4233)"}, - { 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135 [IC id = 04] (Read/Write - replaced by 4233) 36x64bit start page 13"}, - { 0xE016140000000000LL, 24, "EM-Marin SA (Skidata); EM4036 [IC id = 05] 28pF"}, - { 0xE016180000000000LL, 24, "EM-Marin SA (Skidata); EM4006 [IC id = 06] (Read Only)"}, - { 0xE0161C0000000000LL, 24, "EM-Marin SA (Skidata); EM4133 [IC id = 07] 23,5pF (Read/Write)"}, - { 0xE016200000000000LL, 24, "EM-Marin SA (Skidata); EM4033 [IC id = 08] 23,5pF (Read Only - no AFI / no DSFID / no security blocks)"}, - { 0xE016240000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 09] 23,5pF CustomerID-102"}, - { 0xE016280000000000LL, 24, "EM-Marin SA (Skidata); EM4233 SLIC [IC id = 10] 23,5pF (1Kb flash memory - not provide High Security mode and QuietStorage feature)" }, - { 0xE0163C0000000000LL, 24, "EM-Marin SA (Skidata); EM4237 [IC id = 15] 23,5pF"}, - { 0xE0167C0000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 31] 95pF"}, - { 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); EM4036 [IC id = 37] 95pF 51x64bit "}, - { 0xE0169c0000000000LL, 24, "EM-Marin SA (Skidata); EM4133 [IC id = 39] 95pF (Read/Write)" }, - { 0xE016A80000000000LL, 24, "EM-Marin SA (Skidata); EM4233 SLIC [IC id = 42] 97pF" }, - { 0xE016BC0000000000LL, 24, "EM-Marin SA (Skidata); EM4237 [IC id = 47] 97pF" }, - - { 0xE017000000000000LL, 16, "KSW Microtec GmbH Germany" }, - { 0xE018000000000000LL, 16, "ZMD AG Germany" }, - { 0xE019000000000000LL, 16, "XICOR, Inc. USA" }, - { 0xE01A000000000000LL, 16, "Sony Corporation Japan Identifier Company Country" }, - { 0xE01B000000000000LL, 16, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" }, - { 0xE01C000000000000LL, 16, "Emosyn USA" }, - { 0xE01D000000000000LL, 16, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" }, - { 0xE01E000000000000LL, 16, "Magellan Technology Pty Limited Australia" }, - { 0xE01F000000000000LL, 16, "Melexis NV BO Switzerland" }, - { 0xE020000000000000LL, 16, "Renesas Technology Corp. Japan" }, - { 0xE021000000000000LL, 16, "TAGSYS France" }, - { 0xE022000000000000LL, 16, "Transcore USA" }, - { 0xE023000000000000LL, 16, "Shanghai belling corp., ltd. China" }, - { 0xE024000000000000LL, 16, "Masktech Germany Gmbh Germany" }, - { 0xE025000000000000LL, 16, "Innovision Research and Technology Plc UK" }, - { 0xE026000000000000LL, 16, "Hitachi ULSI Systems Co., Ltd. Japan" }, - { 0xE027000000000000LL, 16, "Cypak AB Sweden" }, - { 0xE028000000000000LL, 16, "Ricoh Japan" }, - { 0xE029000000000000LL, 16, "ASK France" }, - { 0xE02A000000000000LL, 16, "Unicore Microsystems, LLC Russian Federation" }, - { 0xE02B000000000000LL, 16, "Dallas Semiconductor/Maxim USA" }, - { 0xE02C000000000000LL, 16, "Impinj, Inc. USA" }, - { 0xE02D000000000000LL, 16, "RightPlug Alliance USA" }, - { 0xE02E000000000000LL, 16, "Broadcom Corporation USA" }, - { 0xE02F000000000000LL, 16, "MStar Semiconductor, Inc Taiwan, ROC" }, - { 0xE030000000000000LL, 16, "BeeDar Technology Inc. USA" }, - { 0xE031000000000000LL, 16, " RFIDsec Denmark" }, - { 0xE032000000000000LL, 16, " Schweizer Electronic AG Germany" }, - { 0xE033000000000000LL, 16, " AMIC Technology Corp Taiwan" }, - { 0xE034000000000000LL, 16, "Mikron JSC Russia" }, - { 0xE035000000000000LL, 16, "Fraunhofer Institute for Photonic Microsystems Germany" }, - { 0xE036000000000000LL, 16, "IDS Microchip AG Switzerland" }, - { 0xE037000000000000LL, 16, "Kovio USA" }, - { 0xE038000000000000LL, 16, "HMT Microelectronic Ltd Switzerland Identifier Company Country" }, - { 0xE039000000000000LL, 16, "Silicon Craft Technology Thailand" }, - { 0xE03A000000000000LL, 16, "Advanced Film Device Inc. Japan" }, - { 0xE03B000000000000LL, 16, "Nitecrest Ltd UK" }, - { 0xE03C000000000000LL, 16, "Verayo Inc. USA" }, - { 0xE03D000000000000LL, 16, "HID Global USA" }, - { 0xE03E000000000000LL, 16, "Productivity Engineering Gmbh Germany" }, - { 0xE03F000000000000LL, 16, "Austriamicrosystems AG (reserved) Austria" }, - { 0xE040000000000000LL, 16, "Gemalto SA France" }, - { 0xE041000000000000LL, 16, "Renesas Electronics Corporation Japan" }, - { 0xE042000000000000LL, 16, "3Alogics Inc Korea" }, - { 0xE043000000000000LL, 16, "Top TroniQ Asia Limited Hong Kong" }, - { 0xE044000000000000LL, 16, "Gentag Inc (USA) USA" }, - { 0,0,"no tag-info available" } // must be the last entry +static const int Iso15693FrameEOF[] = { + 1, 1, 1, 1, + 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }; // fast method to just read the UID of a tag (collission detection not supported) // *buf should be large enough to fit the 64bit uid -// returns 1 if suceeded -int getUID(uint8_t *buf) -{ +// returns true if suceeded +static bool getUID(uint8_t *buf) { UsbCommand resp; uint8_t *recv; UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? - uint8_t *req=c.d.asBytes; + uint8_t *req = c.d.asBytes; int reqlen=0; - for (int retry=0;retry<3; retry++) { // don't give up the at the first try - - req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1; - req[1]=ISO15_CMD_INVENTORY; - req[2]=0; // mask length - reqlen=AddCrc(req,3); - c.arg[0]=reqlen; + for (int retry = 0;retry < 3; retry++) { // don't give up the at the first try + req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1; + req[1] = ISO15693_INVENTORY; + req[2] = 0; // mask length + reqlen = AddCrc(req, 3); + c.arg[0] = reqlen; SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { recv = resp.d.asBytes; - if (resp.arg[0]>=12 && ISO15_CRC_CHECK==Crc(recv,12)) { - memcpy(buf,&recv[2],8); - return 1; + if (resp.arg[0] >= 12 && ISO15693_CRC_CHECK == Crc(recv, 12)) { + memcpy(buf, &recv[2], 8); + return true; } } } // retry - return 0; -} - - - -// get a product description based on the UID -// uid[8] tag uid -// returns description of the best match -static char* getTagInfo(uint8_t *uid) { - uint64_t myuid,mask; - int i=0, best=-1; - memcpy(&myuid,uid,sizeof(uint64_t)); - while (uidmapping[i].mask>0) { - mask=(~0LL) <<(64-uidmapping[i].mask); - if ((myuid & mask) == uidmapping[i].uid) { - if (best==-1) { - best=i; - } else { - if (uidmapping[i].mask>uidmapping[best].mask) { - best=i; - } - } - } - i++; - } - - if (best>=0) return uidmapping[best].desc; - - return uidmapping[i].desc; + return false; } @@ -279,8 +137,7 @@ static char* TagErrorStr(uint8_t error) { // Mode 3 -int CmdHF15Demod(const char *Cmd) -{ +static int CmdHF15Demod(const char *Cmd) { // The sampling rate is 106.353 ksps/s, for T = 18.8 us int i, j; @@ -293,8 +150,8 @@ int CmdHF15Demod(const char *Cmd) // First, correlate for SOF for (i = 0; i < 200; i++) { int corr = 0; - for (j = 0; j < arraylen(FrameSOF); j += skip) { - corr += FrameSOF[j] * GraphBuffer[i + (j / skip)]; + for (j = 0; j < arraylen(Iso15693FrameSOF); j += skip) { + corr += Iso15693FrameSOF[j] * GraphBuffer[i + (j / skip)]; } if (corr > max) { max = corr; @@ -302,28 +159,28 @@ int CmdHF15Demod(const char *Cmd) } } PrintAndLog("SOF at %d, correlation %d", maxPos, - max / (arraylen(FrameSOF) / skip)); + max / (arraylen(Iso15693FrameSOF) / skip)); - i = maxPos + arraylen(FrameSOF) / skip; + i = maxPos + arraylen(Iso15693FrameSOF) / skip; int k = 0; uint8_t outBuf[20]; memset(outBuf, 0, sizeof(outBuf)); uint8_t mask = 0x01; for (;;) { int corr0 = 0, corr00 = 0, corr01 = 0, corr1 = 0, corrEOF = 0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr0 += Logic0[j]*GraphBuffer[i+(j/skip)]; + for(j = 0; j < arraylen(Iso15693Logic0); j += skip) { + corr0 += Iso15693Logic0[j]*GraphBuffer[i+(j/skip)]; } corr01 = corr00 = corr0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr00 += Logic0[j]*GraphBuffer[i+arraylen(Logic0)/skip+(j/skip)]; - corr01 += Logic1[j]*GraphBuffer[i+arraylen(Logic0)/skip+(j/skip)]; + for(j = 0; j < arraylen(Iso15693Logic0); j += skip) { + corr00 += Iso15693Logic0[j]*GraphBuffer[i+arraylen(Iso15693Logic0)/skip+(j/skip)]; + corr01 += Iso15693Logic1[j]*GraphBuffer[i+arraylen(Iso15693Logic0)/skip+(j/skip)]; } - for(j = 0; j < arraylen(Logic1); j += skip) { - corr1 += Logic1[j]*GraphBuffer[i+(j/skip)]; + for(j = 0; j < arraylen(Iso15693Logic1); j += skip) { + corr1 += Iso15693Logic1[j]*GraphBuffer[i+(j/skip)]; } - for(j = 0; j < arraylen(FrameEOF); j += skip) { - corrEOF += FrameEOF[j]*GraphBuffer[i+(j/skip)]; + for(j = 0; j < arraylen(Iso15693FrameEOF); j += skip) { + corrEOF += Iso15693FrameEOF[j]*GraphBuffer[i+(j/skip)]; } // Even things out by the length of the target waveform. corr00 *= 2; @@ -335,17 +192,17 @@ int CmdHF15Demod(const char *Cmd) PrintAndLog("EOF at %d", i); break; } else if (corr1 > corr0) { - i += arraylen(Logic1) / skip; + i += arraylen(Iso15693Logic1) / skip; outBuf[k] |= mask; } else { - i += arraylen(Logic0) / skip; + i += arraylen(Iso15693Logic0) / skip; } mask <<= 1; if (mask == 0) { k++; mask = 0x01; } - if ((i + (int)arraylen(FrameEOF)) >= GraphTraceLen) { + if ((i + (int)arraylen(Iso15693FrameEOF)) >= GraphTraceLen) { PrintAndLog("ran off end!"); break; } @@ -364,26 +221,23 @@ int CmdHF15Demod(const char *Cmd) } - // * Acquire Samples as Reader (enables carrier, sends inquiry) -int CmdHF15Read(const char *Cmd) -{ +static int CmdHF15Read(const char *Cmd) { UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693}; SendCommand(&c); return 0; } + // Record Activity without enabling carrier -// TODO: currently it DOES enable the carrier -int CmdHF15Record(const char *Cmd) -{ - UsbCommand c = {CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693}; +static int CmdHF15Snoop(const char *Cmd) { + UsbCommand c = {CMD_SNOOP_ISO_15693}; SendCommand(&c); return 0; } -int HF15Reader(const char *Cmd, bool verbose) -{ + +int HF15Reader(const char *Cmd, bool verbose) { uint8_t uid[8]; if (!getUID(uid)) { @@ -391,21 +245,22 @@ int HF15Reader(const char *Cmd, bool verbose) return 0; } - PrintAndLog("Tag UID : %s",sprintUID(NULL,uid)); - PrintAndLog("Tag Info: %s",getTagInfo(uid)); + PrintAndLog("UID: %s", sprintUID(NULL,uid)); + PrintAndLog("Manufacturer byte: %02X, %s", uid[6], getManufacturerName(uid[6])); + PrintAndLog("Chip ID: %02X, %s", uid[5], getChipInfo(uid[6], uid[5])); return 1; } -int CmdHF15Reader(const char *Cmd) -{ + +static int CmdHF15Reader(const char *Cmd) { UsbCommand c = {CMD_READER_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}}; SendCommand(&c); return 0; } + // Simulation is still not working very good -int CmdHF15Sim(const char *Cmd) -{ +static int CmdHF15Sim(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); uint8_t uid[8] = {0x00}; @@ -424,6 +279,7 @@ int CmdHF15Sim(const char *Cmd) PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X", uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]); + PrintAndLog("Press the button to stop simulation"); UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}}; memcpy(c.d.asBytes,uid,8); @@ -432,17 +288,18 @@ int CmdHF15Sim(const char *Cmd) return 0; } + // finds the AFI (Application Family Idendifier) of a card, by trying all values // (There is no standard way of reading the AFI, allthough some tags support this) -int CmdHF15Afi(const char *Cmd) -{ +static int CmdHF15Afi(const char *Cmd) { UsbCommand c = {CMD_ISO_15693_FIND_AFI, {strtol(Cmd, NULL, 0), 0, 0}}; SendCommand(&c); return 0; } + // Reads all memory pages -int CmdHF15DumpMem(const char*Cmd) { +static int CmdHF15DumpMem(const char*Cmd) { UsbCommand resp; uint8_t uid[8]; uint8_t *recv=NULL; @@ -457,25 +314,26 @@ int CmdHF15DumpMem(const char*Cmd) { return 0; } - PrintAndLog("Reading memory from tag UID=%s",sprintUID(NULL,uid)); - PrintAndLog("Tag Info: %s",getTagInfo(uid)); + PrintAndLog("Reading memory from tag"); + PrintAndLog("UID: %s", sprintUID(NULL,uid)); + PrintAndLog("Manufacturer byte: %02X, %s", uid[6], getManufacturerName(uid[6])); + PrintAndLog("Chip ID: %02X, %s", uid[5], getChipInfo(uid[6], uid[5])); for (int retry=0; retry<5; retry++) { - req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; - req[1]=ISO15_CMD_READ; + req[0]= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS; + req[1] = ISO15693_READBLOCK; memcpy(&req[2],uid,8); - req[10]=blocknum; - reqlen=AddCrc(req,11); - c.arg[0]=reqlen; + req[10] = blocknum; + reqlen = AddCrc(req,11); + c.arg[0] = reqlen; SendCommand(&c); if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { recv = resp.d.asBytes; - if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) { - if (!(recv[0] & ISO15_RES_ERROR)) { + if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) { + if (!(recv[0] & ISO15693_RES_ERROR)) { retry=0; *output=0; // reset outputstring sprintf(output, "Block %02x ",blocknum); @@ -499,7 +357,7 @@ int CmdHF15DumpMem(const char*Cmd) { // TODO: need fix // if (resp.arg[0]<3) // PrintAndLog("Lost Connection"); -// else if (ISO15_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0])) +// else if (ISO15693_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0])) // PrintAndLog("CRC Failed"); // else // PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); @@ -507,60 +365,27 @@ int CmdHF15DumpMem(const char*Cmd) { } -// "HF 15" interface - -static command_t CommandTable15[] = -{ - {"help", CmdHF15Help, 1, "This help"}, - {"demod", CmdHF15Demod, 1, "Demodulate ISO15693 from tag"}, - {"read", CmdHF15Read, 0, "Read HF tag (ISO 15693)"}, - {"record", CmdHF15Record, 0, "Record Samples (ISO 15693)"}, // atrox - {"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"}, - {"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"}, - {"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"}, - {"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"}, - {"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"}, - {NULL, NULL, 0, NULL} -}; - -int CmdHF15(const char *Cmd) -{ - CmdsParse(CommandTable15, Cmd); - return 0; -} - -int CmdHF15Help(const char *Cmd) -{ - CmdsHelp(CommandTable15); - return 0; -} - - -// "HF 15 Cmd" Interface -// Allows direct communication with the tag on command level - -int CmdHF15CmdInquiry(const char *Cmd) -{ +static int CmdHF15CmdInquiry(const char *Cmd) { UsbCommand resp; uint8_t *recv; UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? uint8_t *req=c.d.asBytes; int reqlen=0; - req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1; - req[1]=ISO15_CMD_INVENTORY; - req[2]=0; // mask length + req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1; + req[1] = ISO15693_INVENTORY; + req[2] = 0; // mask length reqlen=AddCrc(req,3); - c.arg[0]=reqlen; + c.arg[0] = reqlen; SendCommand(&c); if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { if (resp.arg[0]>=12) { - recv = resp.d.asBytes; - PrintAndLog("UID=%s",sprintUID(NULL,&recv[2])); - PrintAndLog("Tag Info: %s",getTagInfo(&recv[2])); + recv = resp.d.asBytes; + PrintAndLog("UID: %s", sprintUID(NULL,recv+2)); + PrintAndLog("Manufacturer byte: %02X, %s", recv[8], getManufacturerName(recv[8])); + PrintAndLog("Chip ID: %02X, %s", recv[7], getChipInfo(recv[8], recv[7])); } else { PrintAndLog("Response to short, just %i bytes. No tag?\n",resp.arg[0]); } @@ -572,7 +397,7 @@ int CmdHF15CmdInquiry(const char *Cmd) // Turns debugging on(1)/off(0) -int CmdHF15CmdDebug( const char *cmd) { +static int CmdHF15CmdDebug( const char *cmd) { int debug = atoi(cmd); if (strlen(cmd) < 1) { PrintAndLog("Usage: hf 15 debug <0|1>"); @@ -587,7 +412,7 @@ int CmdHF15CmdDebug( const char *cmd) { } -int CmdHF15CmdRaw (const char *cmd) { +static int CmdHF15CmdRaw (const char *cmd) { UsbCommand resp; uint8_t *recv; UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? @@ -601,7 +426,7 @@ int CmdHF15CmdRaw (const char *cmd) { char *hexout; - if (strlen(cmd)<3) { + if (strlen(cmd)<2) { PrintAndLog("Usage: hf 15 cmd raw [-r] [-2] [-c] <0A 0B 0C ... hex>"); PrintAndLog(" -r do not read response"); PrintAndLog(" -2 use slower '1 out of 256' mode"); @@ -663,22 +488,31 @@ int CmdHF15CmdRaw (const char *cmd) { SendCommand(&c); if (reply) { - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { recv = resp.d.asBytes; - PrintAndLog("received %i octets",resp.arg[0]); - hexout = (char *)malloc(resp.arg[0] * 3 + 1); - if (hexout != NULL) { - for (int i = 0; i < resp.arg[0]; i++) { // data in hex - sprintf(&hexout[i * 3], "%02X ", recv[i]); + int recv_len = resp.arg[0]; + if (recv_len == 0) { + PrintAndLog("received SOF only. Maybe Picopass/iCLASS?"); + } else if (recv_len > 0) { + PrintAndLog("received %i octets", recv_len); + hexout = (char *)malloc(resp.arg[0] * 3 + 1); + if (hexout != NULL) { + for (int i = 0; i < resp.arg[0]; i++) { // data in hex + sprintf(&hexout[i * 3], "%02X ", recv[i]); + } + PrintAndLog("%s", hexout); + free(hexout); } - PrintAndLog("%s", hexout); - free(hexout); + } else if (recv_len == -1) { + PrintAndLog("card didn't respond"); + } else if (recv_len == -2) { + PrintAndLog("receive buffer overflow"); } } else { PrintAndLog("timeout while waiting for reply."); } - - } // if reply + } + return 0; } @@ -688,30 +522,30 @@ int CmdHF15CmdRaw (const char *cmd) { * Parameters: * **cmd command line */ -int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) { +static int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) { int temp; - uint8_t *req=c->d.asBytes; + uint8_t *req = c->d.asBytes; uint8_t uid[8] = {0x00}; - uint32_t reqlen=0; + uint32_t reqlen = 0; // strip while (**cmd==' ' || **cmd=='\t') (*cmd)++; - if (strstr(*cmd,"-2")==*cmd) { - c->arg[1]=0; // use 1of256 - (*cmd)+=2; + if (strstr(*cmd, "-2") == *cmd) { + c->arg[1] = 0; // use 1of256 + (*cmd) += 2; } // strip - while (**cmd==' ' || **cmd=='\t') (*cmd)++; + while (**cmd == ' ' || **cmd == '\t') (*cmd)++; - if (strstr(*cmd,"-o")==*cmd) { - req[reqlen]=ISO15_REQ_OPTION; - (*cmd)+=2; + if (strstr(*cmd, "-o") == *cmd) { + req[reqlen] = ISO15693_REQ_OPTION; + (*cmd) += 2; } // strip - while (**cmd==' ' || **cmd=='\t') (*cmd)++; + while (**cmd == ' ' || **cmd == '\t') (*cmd)++; switch (**cmd) { case 0: @@ -721,59 +555,55 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle case 's': case 'S': // you must have selected the tag earlier - req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_NONINVENTORY | ISO15_REQ_SELECT; - memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen); - reqlen+=iso15cmdlen; + req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_SELECT; + memcpy(&req[reqlen], &iso15cmd[0], iso15cmdlen); + reqlen += iso15cmdlen; break; case 'u': case 'U': // unaddressed mode may not be supported by all vendors - req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_NONINVENTORY; - memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen); - reqlen+=iso15cmdlen; + req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH; + memcpy(&req[reqlen], &iso15cmd[0], iso15cmdlen); + reqlen += iso15cmdlen; break; case '*': // we scan for the UID ourself - req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; - memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen); - reqlen+=iso15cmdlen; - if (!getUID(uid)) { - PrintAndLog("No Tag found"); - return 0; - } - memcpy(req+reqlen,uid,8); - PrintAndLog("Detected UID %s",sprintUID(NULL,uid)); - reqlen+=8; + req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS; + memcpy(&req[reqlen], &iso15cmd[0], iso15cmdlen); + reqlen += iso15cmdlen; + if (!getUID(uid)) { + PrintAndLog("No Tag found"); + return 0; + } + memcpy(req+reqlen ,uid, 8); + PrintAndLog("Detected UID %s",sprintUID(NULL,uid)); + reqlen += 8; break; default: - req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | - ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; - memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen); - reqlen+=iso15cmdlen; + req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS; + memcpy(&req[reqlen], &iso15cmd[0], iso15cmdlen); + reqlen += iso15cmdlen; /* sscanf(cmd,"%hX%hX%hX%hX%hX%hX%hX%hX", (short unsigned int *)&uid[7],(short unsigned int *)&uid[6], (short unsigned int *)&uid[5],(short unsigned int *)&uid[4], (short unsigned int *)&uid[3],(short unsigned int *)&uid[2], (short unsigned int *)&uid[1],(short unsigned int *)&uid[0]); */ - for (int i=0;i<8 && (*cmd)[i*2] && (*cmd)[i*2+1];i++) { // parse UID + for (int i=0; i<8 && (*cmd)[i*2] && (*cmd)[i*2+1]; i++) { // parse UID sscanf((char[]){(*cmd)[i*2],(*cmd)[i*2+1],0},"%X",&temp); uid[7-i]=temp&0xff; } - PrintAndLog("Using UID %s",sprintUID(NULL,uid)); - memcpy(&req[reqlen],&uid[0],8); - reqlen+=8; + PrintAndLog("Using UID %s", sprintUID(NULL, uid)); + memcpy(&req[reqlen], &uid[0], 8); + reqlen += 8; } // skip to next space - while (**cmd!=' ' && **cmd!='\t') (*cmd)++; + while (**cmd != ' ' && **cmd != '\t') (*cmd)++; // skip over the space - while (**cmd==' ' || **cmd=='\t') (*cmd)++; + while (**cmd == ' ' || **cmd == '\t') (*cmd)++; - c->arg[0]=reqlen; + c->arg[0] = reqlen; return 1; } @@ -781,7 +611,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle * Commandline handling: HF15 CMD SYSINFO * get system information from tag/VICC */ -int CmdHF15CmdSysinfo(const char *Cmd) { +static int CmdHF15CmdSysinfo(const char *Cmd) { UsbCommand resp; uint8_t *recv; UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? @@ -809,7 +639,7 @@ int CmdHF15CmdSysinfo(const char *Cmd) { return 0; } - prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_SYSINFO},1); + prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_GET_SYSTEM_INFO},1); reqlen=c.arg[0]; reqlen=AddCrc(req,reqlen); @@ -817,20 +647,14 @@ int CmdHF15CmdSysinfo(const char *Cmd) { SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1000) && resp.arg[0] > 2) { recv = resp.d.asBytes; - if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) { - if (!(recv[0] & ISO15_RES_ERROR)) { + if (ISO15693_CRC_CHECK == Crc(recv, resp.arg[0])) { + if (!(recv[0] & ISO15693_RES_ERROR)) { *output=0; // reset outputstring - for ( i=1; i2) { recv = resp.d.asBytes; - if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) { - if (!(recv[0] & ISO15_RES_ERROR)) { + if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) { + if (!(recv[0] & ISO15693_RES_ERROR)) { *output=0; // reset outputstring for ( int i=1; i2) { recv = resp.d.asBytes; - if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) { - if (!(recv[0] & ISO15_RES_ERROR)) { + if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) { + if (!(recv[0] & ISO15693_RES_ERROR)) { *output=0; // reset outputstring //sprintf(output, "Block %2i ",blocknum); for ( int i=1; i "); PrintAndLog(" options:"); PrintAndLog(" -2 use slower '1 out of 256' mode"); @@ -1051,84 +876,207 @@ int CmdHF15CmdWrite(const char *Cmd) { return 0; } - prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_WRITE},1); - reqlen=c.arg[0]; + prepareHF15Cmd(&cmd, &c, (uint8_t[]){ISO15693_WRITEBLOCK}, 1); + reqlen = c.arg[0]; // *cmd -> page num ; *cmd2 -> data - cmd2=cmd; - while (*cmd2!=' ' && *cmd2!='\t' && *cmd2) cmd2++; - *cmd2=0; + cmd2 = cmd; + while (*cmd2 != ' ' && *cmd2 != '\t' && *cmd2) cmd2++; + *cmd2 = 0; cmd2++; - pagenum=strtol(cmd,NULL,0); + pagenum = strtol(cmd, NULL, 0); /*if (pagenum<0) { PrintAndLog("invalid pagenum"); return 0; } */ - req[reqlen++]=(uint8_t)pagenum; + req[reqlen++] = (uint8_t)pagenum; while (cmd2[0] && cmd2[1]) { // hexdata, read by 2 hexchars - if (*cmd2==' ') { + if (*cmd2 == ' ') { cmd2++; continue; } - sscanf((char[]){cmd2[0],cmd2[1],0},"%X",&temp); - req[reqlen++]=temp & 0xff; - cmd2+=2; + sscanf((char[]){cmd2[0], cmd2[1], 0}, "%X", &temp); + req[reqlen++] = temp & 0xff; + cmd2 += 2; } - reqlen=AddCrc(req,reqlen); - - c.arg[0]=reqlen; + reqlen = AddCrc(req, reqlen); + c.arg[0] = reqlen; SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK,&resp,2000) && resp.arg[0]>2) { - recv = resp.d.asBytes; - if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) { - if (!(recv[0] & ISO15_RES_ERROR)) { - PrintAndLog("OK"); - } else { - PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); - } + if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + int recv_len = resp.arg[0]; + uint8_t *recv = resp.d.asBytes; + if (recv_len == 0) { + PrintAndLog("Received SOF only. Maybe Picopass/iCLASS?"); + } else if (recv_len == -1) { + PrintAndLog("Tag didn't respond"); + } else if (recv_len == -2) { + PrintAndLog("Receive buffer overflow"); + } else if (ISO15693_CRC_CHECK != Crc(recv, resp.arg[0])) { + PrintAndLog("CRC check failed on Tag response"); + } else if (!(recv[0] & ISO15693_RES_ERROR)) { + PrintAndLog("Tag returned OK"); } else { - PrintAndLog("CRC failed"); + PrintAndLog("Tag returned Error %i: %s", recv[1], TagErrorStr(recv[1])); } } else { - PrintAndLog("timeout: no answer - data may be written anyway"); + PrintAndLog("No answer from Proxmark"); } return 0; } +static int CmdHF15CSetUID(const char *Cmd) { + uint8_t uid[8] = {0x00}; + uint8_t oldUid[8], newUid[8] = {0x00}; + + uint8_t needHelp = 0; + char cmdp = 1; + + if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 16)) { + PrintAndLog("UID must include 16 HEX symbols"); + return 1; + } + + if (uid[0] != 0xe0) { + PrintAndLog("UID must begin with the byte 'E0'"); + return 1; + } + + while (param_getchar(Cmd, cmdp) != 0x00) { + switch (param_getchar(Cmd, cmdp)) { + case 'h': + case 'H': + needHelp = 1; + break; + default: + PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + needHelp = 1; + break; + } + cmdp++; + } + + if (strlen(Cmd) < 1 || needHelp) { + PrintAndLog(""); + PrintAndLog("Usage: hf 15 csetuid "); + PrintAndLog("sample: hf 15 csetuid E004013344556677"); + PrintAndLog("Set UID for magic Chinese card (only works with such cards)"); + return 0; + } + + PrintAndLog("Using backdoor Magic tag function"); + + if (!getUID(oldUid)) { + PrintAndLog("Can't get old UID."); + return 1; + } + + UsbCommand c = {CMD_CSETUID_ISO_15693, {0, 0, 0}}; + memcpy(c.d.asBytes, uid, 8); + + SendCommand(&c); + + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + int recv_len = resp.arg[0]; + uint8_t *recv = resp.d.asBytes; + if (recv_len == 0) { + PrintAndLog("Received SOF only. Maybe Picopass/iCLASS?"); + } else if (recv_len == -1) { + PrintAndLog("Tag didn't respond"); + } else if (recv_len == -2) { + PrintAndLog("Receive buffer overflow"); + } else if (ISO15693_CRC_CHECK != Crc(recv, recv_len)) { + PrintAndLog("CRC check failed on Tag response"); + } else if (!(recv[0] & ISO15693_RES_ERROR)) { + PrintAndLog("Tag returned OK"); + } else { + PrintAndLog("Tag returned Error %i: %s", recv[1], TagErrorStr(recv[1])); + } + } else { + PrintAndLog("No answer from Proxmark"); + } + + if (!getUID(newUid)) { + PrintAndLog("Can't get new UID."); + return 1; + } + + PrintAndLog(""); + PrintAndLog("old UID : %02X %02X %02X %02X %02X %02X %02X %02X", oldUid[7], oldUid[6], oldUid[5], oldUid[4], oldUid[3], oldUid[2], oldUid[1], oldUid[0]); + PrintAndLog("new UID : %02X %02X %02X %02X %02X %02X %02X %02X", newUid[7], newUid[6], newUid[5], newUid[4], newUid[3], newUid[2], newUid[1], newUid[0]); + return 0; +} -static command_t CommandTable15Cmd[] = -{ - {"help", CmdHF15CmdHelp, 1, "This Help"}, - {"inquiry", CmdHF15CmdInquiry, 0, "Search for tags in range"}, + +// "HF 15 Cmd" Interface +// Allows direct communication with the tag on command level + +static int CmdHF15CmdHelp(const char*Cmd); + +static command_t CommandTable15Cmd[] = { + {"help", CmdHF15CmdHelp, 1, "This Help"}, + {"inquiry", CmdHF15CmdInquiry, 0, "Search for tags in range"}, /* - {"select", CmdHF15CmdSelect, 0, "Select an tag with a specific UID for further commands"}, + {"select", CmdHF15CmdSelect, 0, "Select an tag with a specific UID for further commands"}, */ - {"read", CmdHF15CmdRead, 0, "Read a block"}, - {"write", CmdHF15CmdWrite, 0, "Write a block"}, - {"readmulti",CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"}, - {"sysinfo",CmdHF15CmdSysinfo, 0, "Get Card Information"}, - {"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"}, - {"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"}, - {NULL, NULL, 0, NULL} + {"read", CmdHF15CmdRead, 0, "Read a block"}, + {"write", CmdHF15CmdWrite, 0, "Write a block"}, + {"readmulti", CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"}, + {"sysinfo", CmdHF15CmdSysinfo, 0, "Get Card Information"}, + {"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"}, + {"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"}, + {NULL, NULL, 0, NULL} }; -int CmdHF15Cmd(const char *Cmd) -{ + +static int CmdHF15Cmd(const char *Cmd) { CmdsParse(CommandTable15Cmd, Cmd); return 0; } - -int CmdHF15CmdHelp(const char *Cmd) -{ + + +static int CmdHF15CmdHelp(const char *Cmd) { CmdsHelp(CommandTable15Cmd); return 0; } + +// "HF 15" interface + +static int CmdHF15Help(const char*Cmd); + +static command_t CommandTable15[] = { + {"help", CmdHF15Help, 1, "This help"}, + {"demod", CmdHF15Demod, 1, "Demodulate ISO15693 from tag"}, + {"read", CmdHF15Read, 0, "Read HF tag (ISO 15693)"}, + {"snoop", CmdHF15Snoop, 0, "Eavesdrop ISO 15693 communications"}, + {"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"}, + {"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"}, + {"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"}, + {"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"}, + {"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"}, + {"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"}, + {NULL, NULL, 0, NULL} +}; + + +int CmdHF15(const char *Cmd) { + CmdsParse(CommandTable15, Cmd); + return 0; +} + + +static int CmdHF15Help(const char *Cmd) { + CmdsHelp(CommandTable15); + return 0; +} + + diff --git a/client/cmdhf15.h b/client/cmdhf15.h index d0517fe5..89cbd259 100644 --- a/client/cmdhf15.h +++ b/client/cmdhf15.h @@ -13,16 +13,7 @@ #include -int CmdHF15(const char *Cmd); - -int CmdHF15Demod(const char *Cmd); -int CmdHF15Read(const char *Cmd); -int HF15Reader(const char *Cmd, bool verbose); -int CmdHF15Reader(const char *Cmd); -int CmdHF15Sim(const char *Cmd); -int CmdHF15Record(const char *Cmd); -int CmdHF15Cmd(const char*Cmd); -int CmdHF15CmdHelp(const char*Cmd); -int CmdHF15Help(const char*Cmd); +extern int CmdHF15(const char *Cmd); +extern int HF15Reader(const char *Cmd, bool verbose); #endif diff --git a/client/cmdhffido.c b/client/cmdhffido.c new file mode 100644 index 00000000..25862445 --- /dev/null +++ b/client/cmdhffido.c @@ -0,0 +1,926 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency MIFARE Plus commands +//----------------------------------------------------------------------------- +// +// Documentation here: +// +// FIDO Alliance specifications +// https://fidoalliance.org/download/ +// FIDO NFC Protocol Specification v1.0 +// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-nfc-protocol-v1.2-ps-20170411.html +// FIDO U2F Raw Message Formats +// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html +//----------------------------------------------------------------------------- + + +#include "cmdhffido.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "comms.h" +#include "cmdmain.h" +#include "util.h" +#include "ui.h" +#include "proxmark3.h" +#include "mifare.h" +#include "emv/emvcore.h" +#include "emv/emvjson.h" +#include "emv/dump.h" +#include "emv/apduinfo.h" +#include "cliparser/cliparser.h" +#include "crypto/asn1utils.h" +#include "crypto/libpcrypto.h" +#include "fido/cbortools.h" +#include "fido/fidocore.h" +#include "fido/cose.h" + +static int CmdHelp(const char *Cmd); + +int CmdHFFidoInfo(const char *cmd) { + + if (cmd && strlen(cmd) > 0) + PrintAndLog("WARNING: command don't have any parameters.\n"); + + // info about 14a part + CmdHF14AInfo(""); + + // FIDO info + PrintAndLog("--------------------------------------------"); + SetAPDULogging(false); + + uint8_t buf[APDU_RESPONSE_LEN] = {0}; + size_t len = 0; + uint16_t sw = 0; + int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); + + if (res) { + DropField(); + return res; + } + + if (sw != 0x9000) { + if (sw) + PrintAndLog("Not a FIDO card! APDU response: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + else + PrintAndLog("APDU exchange error. Card returns 0x0000."); + + DropField(); + return 0; + } + + if (!strncmp((char *)buf, "U2F_V2", 7)) { + if (!strncmp((char *)buf, "FIDO_2_0", 8)) { + PrintAndLog("FIDO2 authenricator detected. Version: %.*s", len, buf); + } else { + PrintAndLog("FIDO authenricator detected (not standard U2F)."); + PrintAndLog("Non U2F authenticator version:"); + dump_buffer((const unsigned char *)buf, len, NULL, 0); + } + } else { + PrintAndLog("FIDO U2F authenricator detected. Version: %.*s", len, buf); + } + + res = FIDO2GetInfo(buf, sizeof(buf), &len, &sw); + DropField(); + if (res) { + return res; + } + if (sw != 0x9000) { + PrintAndLog("FIDO2 version not exists (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + + return 0; + } + + if(buf[0]) { + PrintAndLog("FIDO2 ger version error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); + return 0; + } + + if (len > 1) { +// if (false) { +// PrintAndLog("FIDO2 version: (len=%d)", len); +// dump_buffer((const unsigned char *)buf, len, NULL, 0); +// } + + PrintAndLog("FIDO2 version CBOR decoded:"); + TinyCborPrintFIDOPackage(fido2CmdGetInfo, true, &buf[1], len - 1); + } else { + PrintAndLog("FIDO2 version length error"); + } + + return 0; +} + +json_t *OpenJson(int paramnum, char *fname, void* argtable[], bool *err) { + json_t *root = NULL; + json_error_t error; + *err = false; + + uint8_t jsonname[250] ={0}; + char *cjsonname = (char *)jsonname; + int jsonnamelen = 0; + + // CLIGetStrWithReturn(paramnum, jsonname, &jsonnamelen); + if (CLIParamStrToBuf(arg_get_str(paramnum), jsonname, sizeof(jsonname), &jsonnamelen)) { + CLIParserFree(); + return NULL; + } + + // current path + file name + if (!strstr(cjsonname, ".json")) + strcat(cjsonname, ".json"); + + if (jsonnamelen) { + strcpy(fname, get_my_executable_directory()); + strcat(fname, cjsonname); + if (access(fname, F_OK) != -1) { + root = json_load_file(fname, 0, &error); + if (!root) { + PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); + *err = true; + return NULL; + } + + if (!json_is_object(root)) { + PrintAndLog("ERROR: Invalid json format. root must be an object."); + json_decref(root); + *err = true; + return NULL; + } + + } else { + root = json_object(); + } + } + return root; +} + +int CmdHFFidoRegister(const char *cmd) { + uint8_t data[64] = {0}; + int chlen = 0; + uint8_t cdata[250] = {0}; + int applen = 0; + uint8_t adata[250] = {0}; + json_t *root = NULL; + + CLIParserInit("hf fido reg", + "Initiate a U2F token registration. Needs two 32-byte hash number. \nchallenge parameter (32b) and application parameter (32b).", + "Usage:\n\thf fido reg -> execute command with 2 parameters, filled 0x00\n" + "\thf fido reg 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters" + "\thf fido reg -p s0 s1 -> execute command with plain parameters"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("aA", "apdu", "show APDU reqests and responses"), + arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), + arg_lit0("pP", "plain", "send plain ASCII to challenge and application parameters instead of HEX"), + arg_lit0("tT", "tlv", "Show DER certificate contents in TLV representation"), + arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), + arg_str0(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool APDULogging = arg_get_lit(1); + bool verbose = arg_get_lit(2); + bool verbose2 = arg_get_lit(2) > 1; + bool paramsPlain = arg_get_lit(3); + bool showDERTLV = arg_get_lit(4); + + char fname[250] = {0}; + bool err; + root = OpenJson(5, fname, argtable, &err); + if(err) + return 1; + if (root) { + size_t jlen; + JsonLoadBufAsHex(root, "$.ChallengeParam", data, 32, &jlen); + JsonLoadBufAsHex(root, "$.ApplicationParam", &data[32], 32, &jlen); + } + + if (paramsPlain) { + memset(cdata, 0x00, 32); + CLIGetStrWithReturn(6, cdata, &chlen); + if (chlen && chlen > 16) { + PrintAndLog("ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", chlen); + return 1; + } + } else { + CLIGetHexWithReturn(6, cdata, &chlen); + if (chlen && chlen != 32) { + PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); + return 1; + } + } + if (chlen) + memmove(data, cdata, 32); + + + if (paramsPlain) { + memset(adata, 0x00, 32); + CLIGetStrWithReturn(7, adata, &applen); + if (applen && applen > 16) { + PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", applen); + return 1; + } + } else { + CLIGetHexWithReturn(7, adata, &applen); + if (applen && applen != 32) { + PrintAndLog("ERROR: application parameter length must be 32 bytes only."); + return 1; + } + } + if (applen) + memmove(&data[32], adata, 32); + + CLIParserFree(); + + SetAPDULogging(APDULogging); + + // challenge parameter [32 bytes] - The challenge parameter is the SHA-256 hash of the Client Data, a stringified JSON data structure that the FIDO Client prepares + // application parameter [32 bytes] - The application parameter is the SHA-256 hash of the UTF-8 encoding of the application identity + + uint8_t buf[2048] = {0}; + size_t len = 0; + uint16_t sw = 0; + + DropField(); + int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); + + if (res) { + PrintAndLog("Can't select authenticator. res=%x. Exit...", res); + DropField(); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return 2; + } + + res = FIDORegister(data, buf, sizeof(buf), &len, &sw); + DropField(); + if (res) { + PrintAndLog("Can't execute register command. res=%x. Exit...", res); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("ERROR execute register command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + return 3; + } + + PrintAndLog(""); + if (APDULogging) + PrintAndLog("---------------------------------------------------------------"); + PrintAndLog("data len: %d", len); + if (verbose2) { + PrintAndLog("--------------data----------------------"); + dump_buffer((const unsigned char *)buf, len, NULL, 0); + PrintAndLog("--------------data----------------------"); + } + + if (buf[0] != 0x05) { + PrintAndLog("ERROR: First byte must be 0x05, but it %2x", buf[0]); + return 5; + } + PrintAndLog("User public key: %s", sprint_hex(&buf[1], 65)); + + uint8_t keyHandleLen = buf[66]; + PrintAndLog("Key handle[%d]: %s", keyHandleLen, sprint_hex(&buf[67], keyHandleLen)); + + int derp = 67 + keyHandleLen; + int derLen = (buf[derp + 2] << 8) + buf[derp + 3] + 4; + if (verbose2) { + PrintAndLog("DER certificate[%d]:\n------------------DER-------------------", derLen); + dump_buffer_simple((const unsigned char *)&buf[derp], derLen, NULL); + PrintAndLog("\n----------------DER---------------------"); + } else { + if (verbose) + PrintAndLog("------------------DER-------------------"); + PrintAndLog("DER certificate[%d]: %s...", derLen, sprint_hex(&buf[derp], 20)); + } + + // check and print DER certificate + uint8_t public_key[65] = {0}; + + // print DER certificate in TLV view + if (showDERTLV) { + PrintAndLog("----------------DER TLV-----------------"); + asn1_print(&buf[derp], derLen, " "); + PrintAndLog("----------------DER TLV-----------------"); + } + + FIDOCheckDERAndGetKey(&buf[derp], derLen, verbose, public_key, sizeof(public_key)); + + // get hash + int hashp = 1 + 65 + 1 + keyHandleLen + derLen; + PrintAndLog("Hash[%d]: %s", len - hashp, sprint_hex(&buf[hashp], len - hashp)); + + // check ANSI X9.62 format ECDSA signature (on P-256) + uint8_t rval[300] = {0}; + uint8_t sval[300] = {0}; + res = ecdsa_asn1_get_signature(&buf[hashp], len - hashp, rval, sval); + if (!res) { + if (verbose) { + PrintAndLog(" r: %s", sprint_hex(rval, 32)); + PrintAndLog(" s: %s", sprint_hex(sval, 32)); + } + + uint8_t xbuf[4096] = {0}; + size_t xbuflen = 0; + res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, + "\x00", 1, + &data[32], 32, // application parameter + &data[0], 32, // challenge parameter + &buf[67], keyHandleLen, // keyHandle + &buf[1], 65, // user public key + NULL, 0); + //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); + res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[hashp], len - hashp, true); + if (res) { + if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { + PrintAndLog("Signature is NOT VALID."); + } else { + PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); + } + } else { + PrintAndLog("Signature is OK."); + } + + } else { + PrintAndLog("Invalid signature. res=%d.", res); + } + + PrintAndLog("\nauth command: "); + printf("hf fido auth %s%s", paramsPlain?"-p ":"", sprint_hex_inrow(&buf[67], keyHandleLen)); + if(chlen || applen) + printf(" %s", paramsPlain?(char *)cdata:sprint_hex_inrow(cdata, 32)); + if(applen) + printf(" %s", paramsPlain?(char *)adata:sprint_hex_inrow(adata, 32)); + printf("\n"); + + if (root) { + JsonSaveBufAsHex(root, "ChallengeParam", data, 32); + JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); + JsonSaveBufAsHexCompact(root, "PublicKey", &buf[1], 65); + JsonSaveInt(root, "KeyHandleLen", keyHandleLen); + JsonSaveBufAsHexCompact(root, "KeyHandle", &buf[67], keyHandleLen); + JsonSaveBufAsHexCompact(root, "DER", &buf[67 + keyHandleLen], derLen); + + res = json_dump_file(root, fname, JSON_INDENT(2)); + if (res) { + PrintAndLog("ERROR: can't save the file: %s", fname); + return 200; + } + PrintAndLog("File `%s` saved.", fname); + + // free json object + json_decref(root); + } + + return 0; +}; + +int CmdHFFidoAuthenticate(const char *cmd) { + uint8_t data[512] = {0}; + uint8_t hdata[250] = {0}; + bool public_key_loaded = false; + uint8_t public_key[65] = {0}; + int hdatalen = 0; + uint8_t keyHandleLen = 0; + json_t *root = NULL; + + CLIParserInit("hf fido auth", + "Initiate a U2F token authentication. Needs key handle and two 32-byte hash number. \nkey handle(var 0..255), challenge parameter (32b) and application parameter (32b).", + "Usage:\n\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with 2 parameters, filled 0x00 and key handle\n" + "\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f " + "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("aA", "apdu", "show APDU reqests and responses"), + arg_lit0("vV", "verbose", "show technical data"), + arg_lit0("pP", "plain", "send plain ASCII to challenge and application parameters instead of HEX"), + arg_rem("default mode:", "dont-enforce-user-presence-and-sign"), + arg_lit0("uU", "user", "mode: enforce-user-presence-and-sign"), + arg_lit0("cC", "check", "mode: check-only"), + arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), + arg_str0("kK", "key", "public key to verify signature", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool APDULogging = arg_get_lit(1); + bool verbose = arg_get_lit(2); + bool paramsPlain = arg_get_lit(3); + uint8_t controlByte = 0x08; + if (arg_get_lit(5)) + controlByte = 0x03; + if (arg_get_lit(6)) + controlByte = 0x07; + + char fname[250] = {0}; + bool err; + root = OpenJson(7, fname, argtable, &err); + if(err) + return 1; + if (root) { + size_t jlen; + JsonLoadBufAsHex(root, "$.ChallengeParam", data, 32, &jlen); + JsonLoadBufAsHex(root, "$.ApplicationParam", &data[32], 32, &jlen); + JsonLoadBufAsHex(root, "$.KeyHandle", &data[65], 512 - 67, &jlen); + keyHandleLen = jlen & 0xff; + data[64] = keyHandleLen; + JsonLoadBufAsHex(root, "$.PublicKey", public_key, 65, &jlen); + public_key_loaded = (jlen > 0); + } + + // public key + CLIGetHexWithReturn(8, hdata, &hdatalen); + if (hdatalen && hdatalen != 65) { + PrintAndLog("ERROR: public key length must be 65 bytes only."); + return 1; + } + if (hdatalen) { + memmove(public_key, hdata, hdatalen); + public_key_loaded = true; + } + + CLIGetHexWithReturn(9, hdata, &hdatalen); + if (hdatalen > 255) { + PrintAndLog("ERROR: application parameter length must be less than 255."); + return 1; + } + if (hdatalen) { + keyHandleLen = hdatalen; + data[64] = keyHandleLen; + memmove(&data[65], hdata, keyHandleLen); + } + + if (paramsPlain) { + memset(hdata, 0x00, 32); + CLIGetStrWithReturn(9, hdata, &hdatalen); + if (hdatalen && hdatalen > 16) { + PrintAndLog("ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); + return 1; + } + } else { + CLIGetHexWithReturn(10, hdata, &hdatalen); + if (hdatalen && hdatalen != 32) { + PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); + return 1; + } + } + if (hdatalen) + memmove(data, hdata, 32); + + if (paramsPlain) { + memset(hdata, 0x00, 32); + CLIGetStrWithReturn(11, hdata, &hdatalen); + if (hdatalen && hdatalen > 16) { + PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); + return 1; + } + } else { + CLIGetHexWithReturn(10, hdata, &hdatalen); + if (hdatalen && hdatalen != 32) { + PrintAndLog("ERROR: application parameter length must be 32 bytes only."); + return 1; + } + } + if (hdatalen) + memmove(&data[32], hdata, 32); + + CLIParserFree(); + + SetAPDULogging(APDULogging); + + // (in parameter) conrtol byte 0x07 - check only, 0x03 - user presense + cign. 0x08 - sign only + // challenge parameter [32 bytes] + // application parameter [32 bytes] + // key handle length [1b] = N + // key handle [N] + + uint8_t datalen = 32 + 32 + 1 + keyHandleLen; + + uint8_t buf[2048] = {0}; + size_t len = 0; + uint16_t sw = 0; + + DropField(); + int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); + + if (res) { + PrintAndLog("Can't select authenticator. res=%x. Exit...", res); + DropField(); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return 2; + } + + res = FIDOAuthentication(data, datalen, controlByte, buf, sizeof(buf), &len, &sw); + DropField(); + if (res) { + PrintAndLog("Can't execute authentication command. res=%x. Exit...", res); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("ERROR execute authentication command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + return 3; + } + + PrintAndLog("---------------------------------------------------------------"); + PrintAndLog("User presence: %s", (buf[0]?"verified":"not verified")); + uint32_t cntr = (uint32_t)bytes_to_num(&buf[1], 4); + PrintAndLog("Counter: %d", cntr); + PrintAndLog("Hash[%d]: %s", len - 5, sprint_hex(&buf[5], len - 5)); + + // check ANSI X9.62 format ECDSA signature (on P-256) + uint8_t rval[300] = {0}; + uint8_t sval[300] = {0}; + res = ecdsa_asn1_get_signature(&buf[5], len - 5, rval, sval); + if (!res) { + if (verbose) { + PrintAndLog(" r: %s", sprint_hex(rval, 32)); + PrintAndLog(" s: %s", sprint_hex(sval, 32)); + } + if (public_key_loaded) { + uint8_t xbuf[4096] = {0}; + size_t xbuflen = 0; + res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, + &data[32], 32, // application parameter + &buf[0], 1, // user presence + &buf[1], 4, // counter + data, 32, // challenge parameter + NULL, 0); + //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); + res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[5], len - 5, true); + if (res) { + if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { + PrintAndLog("Signature is NOT VALID."); + } else { + PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); + } + } else { + PrintAndLog("Signature is OK."); + } + } else { + PrintAndLog("No public key provided. can't check signature."); + } + } else { + PrintAndLog("Invalid signature. res=%d.", res); + } + + if (root) { + JsonSaveBufAsHex(root, "ChallengeParam", data, 32); + JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); + JsonSaveInt(root, "KeyHandleLen", keyHandleLen); + JsonSaveBufAsHexCompact(root, "KeyHandle", &data[65], keyHandleLen); + JsonSaveInt(root, "Counter", cntr); + + res = json_dump_file(root, fname, JSON_INDENT(2)); + if (res) { + PrintAndLog("ERROR: can't save the file: %s", fname); + return 200; + } + PrintAndLog("File `%s` saved.", fname); + + // free json object + json_decref(root); + } + return 0; +}; + +void CheckSlash(char *fileName) { + if ((fileName[strlen(fileName) - 1] != '/') && + (fileName[strlen(fileName) - 1] != '\\')) + strcat(fileName, "/"); +} + +int GetExistsFileNameJson(char *prefixDir, char *reqestedFileName, char *fileName) { + fileName[0] = 0x00; + strcpy(fileName, get_my_executable_directory()); + CheckSlash(fileName); + + strcat(fileName, prefixDir); + CheckSlash(fileName); + + strcat(fileName, reqestedFileName); + if (!strstr(fileName, ".json")) + strcat(fileName, ".json"); + + if (access(fileName, F_OK) < 0) { + strcpy(fileName, get_my_executable_directory()); + CheckSlash(fileName); + + strcat(fileName, reqestedFileName); + if (!strstr(fileName, ".json")) + strcat(fileName, ".json"); + + if (access(fileName, F_OK) < 0) { + return 1; // file not found + } + } + return 0; +} + +int CmdHFFido2MakeCredential(const char *cmd) { + json_error_t error; + json_t *root = NULL; + char fname[300] = {0}; + + CLIParserInit("hf fido make", + "Execute a FIDO2 Make Credentional command. Needs json file with parameters. Sample file `fido2.json`. File can be placed in proxmark directory or in `proxmark/fido` directory.", + "Usage:\n\thf fido make -> execute command default parameters file `fido2.json`\n" + "\thf fido make test.json -> execute command with parameters file `text.json`"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("aA", "apdu", "show APDU reqests and responses"), + arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), + arg_lit0("tT", "tlv", "Show DER certificate contents in TLV representation"), + arg_lit0("cC", "cbor", "show CBOR decoded data"), + arg_str0(NULL, NULL, "", "JSON input / output file name for parameters. Default `fido2.json`"), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool APDULogging = arg_get_lit(1); + bool verbose = arg_get_lit(2); + bool verbose2 = arg_get_lit(2) > 1; + bool showDERTLV = arg_get_lit(3); + bool showCBOR = arg_get_lit(4); + + uint8_t jsonname[250] ={0}; + char *cjsonname = (char *)jsonname; + int jsonnamelen = 0; + CLIGetStrWithReturn(5, jsonname, &jsonnamelen); + + if (!jsonnamelen) { + strcat(cjsonname, "fido2"); + jsonnamelen = strlen(cjsonname); + } + + CLIParserFree(); + + SetAPDULogging(APDULogging); + + int res = GetExistsFileNameJson("fido", cjsonname, fname); + if(res) { + PrintAndLog("ERROR: Can't found the json file."); + return res; + } + PrintAndLog("fname: %s\n", fname); + root = json_load_file(fname, 0, &error); + if (!root) { + PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); + return 1; + } + + uint8_t data[2048] = {0}; + size_t datalen = 0; + uint8_t buf[2048] = {0}; + size_t len = 0; + uint16_t sw = 0; + + DropField(); + res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); + + if (res) { + PrintAndLog("Can't select authenticator. res=%x. Exit...", res); + DropField(); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return 2; + } + + res = FIDO2CreateMakeCredentionalReq(root, data, sizeof(data), &datalen); + if (res) + return res; + + if (showCBOR) { + PrintAndLog("CBOR make credentional request:"); + PrintAndLog("---------------- CBOR ------------------"); + TinyCborPrintFIDOPackage(fido2CmdMakeCredential, false, data, datalen); + PrintAndLog("---------------- CBOR ------------------"); + } + + res = FIDO2MakeCredential(data, datalen, buf, sizeof(buf), &len, &sw); + DropField(); + if (res) { + PrintAndLog("Can't execute make credential command. res=%x. Exit...", res); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("ERROR execute make credential command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + return 3; + } + + if(buf[0]) { + PrintAndLog("FIDO2 make credential error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); + return 0; + } + + PrintAndLog("MakeCredential result (%d b) OK.", len); + if (showCBOR) { + PrintAndLog("CBOR make credentional response:"); + PrintAndLog("---------------- CBOR ------------------"); + TinyCborPrintFIDOPackage(fido2CmdMakeCredential, true, &buf[1], len - 1); + PrintAndLog("---------------- CBOR ------------------"); + } + + // parse returned cbor + FIDO2MakeCredentionalParseRes(root, &buf[1], len - 1, verbose, verbose2, showCBOR, showDERTLV); + + if (root) { + res = json_dump_file(root, fname, JSON_INDENT(2)); + if (res) { + PrintAndLog("ERROR: can't save the file: %s", fname); + return 200; + } + PrintAndLog("File `%s` saved.", fname); + } + + json_decref(root); + + return 0; +}; + +int CmdHFFido2GetAssertion(const char *cmd) { + json_error_t error; + json_t *root = NULL; + char fname[300] = {0}; + + CLIParserInit("hf fido assert", + "Execute a FIDO2 Get Assertion command. Needs json file with parameters. Sample file `fido2.json`. File can be placed in proxmark directory or in `proxmark/fido` directory.", + "Usage:\n\thf fido assert -> execute command default parameters file `fido2.json`\n" + "\thf fido assert test.json -l -> execute command with parameters file `text.json` and add to request CredentialId"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("aA", "apdu", "show APDU reqests and responses"), + arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), + arg_lit0("cC", "cbor", "show CBOR decoded data"), + arg_lit0("lL", "list", "add CredentialId from json to allowList. Needs if `rk` option is `false` (authenticator don't store credential to its memory)"), + arg_str0(NULL, NULL, "", "JSON input / output file name for parameters. Default `fido2.json`"), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool APDULogging = arg_get_lit(1); + bool verbose = arg_get_lit(2); + bool verbose2 = arg_get_lit(2) > 1; + bool showCBOR = arg_get_lit(3); + bool createAllowList = arg_get_lit(4); + + uint8_t jsonname[250] ={0}; + char *cjsonname = (char *)jsonname; + int jsonnamelen = 0; + CLIGetStrWithReturn(5, jsonname, &jsonnamelen); + + if (!jsonnamelen) { + strcat(cjsonname, "fido2"); + jsonnamelen = strlen(cjsonname); + } + + CLIParserFree(); + + SetAPDULogging(APDULogging); + + int res = GetExistsFileNameJson("fido", "fido2", fname); + if(res) { + PrintAndLog("ERROR: Can't found the json file."); + return res; + } + PrintAndLog("fname: %s\n", fname); + root = json_load_file(fname, 0, &error); + if (!root) { + PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); + return 1; + } + + uint8_t data[2048] = {0}; + size_t datalen = 0; + uint8_t buf[2048] = {0}; + size_t len = 0; + uint16_t sw = 0; + + DropField(); + res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); + + if (res) { + PrintAndLog("Can't select authenticator. res=%x. Exit...", res); + DropField(); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return 2; + } + + res = FIDO2CreateGetAssertionReq(root, data, sizeof(data), &datalen, createAllowList); + if (res) + return res; + + if (showCBOR) { + PrintAndLog("CBOR get assertion request:"); + PrintAndLog("---------------- CBOR ------------------"); + TinyCborPrintFIDOPackage(fido2CmdGetAssertion, false, data, datalen); + PrintAndLog("---------------- CBOR ------------------"); + } + + res = FIDO2GetAssertion(data, datalen, buf, sizeof(buf), &len, &sw); + DropField(); + if (res) { + PrintAndLog("Can't execute get assertion command. res=%x. Exit...", res); + return res; + } + + if (sw != 0x9000) { + PrintAndLog("ERROR execute get assertion command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + return 3; + } + + if(buf[0]) { + PrintAndLog("FIDO2 get assertion error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); + return 0; + } + + PrintAndLog("GetAssertion result (%d b) OK.", len); + if (showCBOR) { + PrintAndLog("CBOR get assertion response:"); + PrintAndLog("---------------- CBOR ------------------"); + TinyCborPrintFIDOPackage(fido2CmdGetAssertion, true, &buf[1], len - 1); + PrintAndLog("---------------- CBOR ------------------"); + } + + // parse returned cbor + FIDO2GetAssertionParseRes(root, &buf[1], len - 1, verbose, verbose2, showCBOR); + + if (root) { + res = json_dump_file(root, fname, JSON_INDENT(2)); + if (res) { + PrintAndLog("ERROR: can't save the file: %s", fname); + return 200; + } + PrintAndLog("File `%s` saved.", fname); + } + + json_decref(root); + + return 0; +}; + +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1, "This help."}, + {"info", CmdHFFidoInfo, 0, "Info about FIDO tag."}, + {"reg", CmdHFFidoRegister, 0, "FIDO U2F Registration Message."}, + {"auth", CmdHFFidoAuthenticate, 0, "FIDO U2F Authentication Message."}, + {"make", CmdHFFido2MakeCredential, 0, "FIDO2 MakeCredential command."}, + {"assert", CmdHFFido2GetAssertion, 0, "FIDO2 GetAssertion command."}, + {NULL, NULL, 0, NULL} +}; + +int CmdHFFido(const char *Cmd) { + (void)WaitForResponseTimeout(CMD_ACK,NULL,100); + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd) { + CmdsHelp(CommandTable); + return 0; +} diff --git a/client/cmdhffido.h b/client/cmdhffido.h new file mode 100644 index 00000000..2460a170 --- /dev/null +++ b/client/cmdhffido.h @@ -0,0 +1,27 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency FIDO U2F and FIDO2 contactless authenticators +//----------------------------------------------------------------------------- +// +// Documentation here: +// +// FIDO Alliance specifications +// https://fidoalliance.org/download/ +// FIDO NFC Protocol Specification v1.0 +// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-nfc-protocol-v1.2-ps-20170411.html +// FIDO U2F Raw Message Formats +// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html +//----------------------------------------------------------------------------- + +#ifndef CMDHFFIDO_H__ +#define CMDHFFIDO_H__ + +extern int CmdHFFido(const char *Cmd); + + +#endif \ No newline at end of file diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 499f7aae..93e46b67 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -2,6 +2,7 @@ // Copyright (C) 2010 iZsh , Hagen Fritsch // Copyright (C) 2011 Gerhard de Koning Gans // Copyright (C) 2014 Midnitesnake & Andy Davies & Martin Holst Swende +// Copyright (C) 2019 piwi // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -18,12 +19,13 @@ #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type #include "comms.h" #include "ui.h" +#include "cliparser/cliparser.h" #include "cmdparser.h" #include "cmdhficlass.h" #include "common.h" #include "util.h" #include "cmdmain.h" -#include "polarssl/des.h" +#include "mbedtls/des.h" #include "loclass/cipherutils.h" #include "loclass/cipher.h" #include "loclass/ikeys.h" @@ -33,8 +35,8 @@ #include "usb_cmd.h" #include "cmdhfmfu.h" #include "util_posix.h" +#include "cmdhf14a.h" // DropField() -static int CmdHelp(const char *Cmd); #define ICLASS_KEYS_MAX 8 static uint8_t iClass_Key_Table[ICLASS_KEYS_MAX][8] = { @@ -48,12 +50,109 @@ static uint8_t iClass_Key_Table[ICLASS_KEYS_MAX][8] = { { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } }; -typedef struct iclass_block { - uint8_t d[8]; -} iclass_block_t; -int usage_hf_iclass_chk(void) { - PrintAndLog("Checkkeys loads a dictionary text file with 8byte hex keys to test authenticating against a iClass tag"); +// iclass / picopass chip config structures and shared routines +typedef struct { + uint8_t app_limit; //[8] + uint8_t otp[2]; //[9-10] + uint8_t block_writelock;//[11] + uint8_t chip_config; //[12] + uint8_t mem_config; //[13] + uint8_t eas; //[14] + uint8_t fuses; //[15] +} picopass_conf_block; + +typedef struct { + uint8_t csn[8]; + picopass_conf_block conf; + uint8_t epurse[8]; + uint8_t key_d[8]; + uint8_t key_c[8]; + uint8_t app_issuer_area[8]; +} picopass_hdr; + + +static void fuse_config(const picopass_hdr *hdr) { + uint8_t fuses = hdr->conf.fuses; + + if (fuses & FUSE_FPERS) + PrintAndLog(" Mode: Personalization [Programmable]"); + else + PrintAndLog(" Mode: Application [Locked]"); + + if (fuses & FUSE_CODING1) + PrintAndLog("Coding: RFU"); + else { + if (fuses & FUSE_CODING0) + PrintAndLog("Coding: ISO 14443-2 B/ISO 15693"); + else + PrintAndLog("Coding: ISO 14443B only"); + } + if ((fuses & FUSE_CRYPT1) && (fuses & FUSE_CRYPT0)) PrintAndLog(" Crypt: Secured page, keys not locked"); + if ((fuses & FUSE_CRYPT1) && !(fuses & FUSE_CRYPT0)) PrintAndLog(" Crypt: Secured page, keys locked"); + if (!(fuses & FUSE_CRYPT1) && (fuses & FUSE_CRYPT0)) PrintAndLog(" Crypt: Non secured page"); + if (!(fuses & FUSE_CRYPT1) && !(fuses & FUSE_CRYPT0)) PrintAndLog(" Crypt: No auth possible. Read only if RA is enabled"); + + if (fuses & FUSE_RA) + PrintAndLog(" RA: Read access enabled"); + else + PrintAndLog(" RA: Read access not enabled"); +} + + +static void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) { + // mem-bit 5, mem-bit 7, chip-bit 4: defines chip type + if((chip_cfg & 0x10) && !(mem_cfg & 0x80) && !(mem_cfg & 0x20)) { + *kb = 2; + *app_areas = 2; + *max_blk = 31; + } else if((chip_cfg & 0x10) && (mem_cfg & 0x80) && !(mem_cfg & 0x20)) { + *kb = 16; + *app_areas = 2; + *max_blk = 255; //16kb + } else if(!(chip_cfg & 0x10) && !(mem_cfg & 0x80) && !(mem_cfg & 0x20)) { + *kb = 16; + *app_areas = 16; + *max_blk = 255; //16kb + } else if((chip_cfg & 0x10) && (mem_cfg & 0x80) && (mem_cfg & 0x20)) { + *kb = 32; + *app_areas = 3; + *max_blk = 255; //16kb + } else if(!(chip_cfg & 0x10) && !(mem_cfg & 0x80) && (mem_cfg & 0x20)) { + *kb = 32; + *app_areas = 17; + *max_blk = 255; //16kb + } else { + *kb = 32; + *app_areas = 2; + *max_blk = 255; + } +} + + +static void mem_app_config(const picopass_hdr *hdr) { + uint8_t mem = hdr->conf.mem_config; + uint8_t chip = hdr->conf.chip_config; + uint8_t applimit = hdr->conf.app_limit; + if (applimit < 6) applimit = 26; + uint8_t kb = 2; + uint8_t app_areas = 2; + uint8_t max_blk = 31; + getMemConfig(mem, chip, &max_blk, &app_areas, &kb); + PrintAndLog(" Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk+1, mem); + PrintAndLog(" AA1: blocks 06-%02X", applimit); + PrintAndLog(" AA2: blocks %02X-%02X", applimit+1, max_blk); +} + + +static void printIclassDumpInfo(uint8_t* iclass_dump) { + fuse_config((picopass_hdr*)iclass_dump); + mem_app_config((picopass_hdr*)iclass_dump); +} + + +static void usage_hf_iclass_chk(void) { + PrintAndLog("Checkkeys loads a dictionary text file with 8byte hex keys to test authenticating against a iClass tag"); PrintAndLog("Usage: hf iclass chk [h|e|r] "); PrintAndLog("Options:"); PrintAndLog("h Show this help"); @@ -61,31 +160,46 @@ int usage_hf_iclass_chk(void) { PrintAndLog(" e target Elite / High security key scheme"); PrintAndLog(" r interpret dictionary file as raw (diversified keys)"); PrintAndLog("Samples:"); - PrintAndLog(" hf iclass chk f default_iclass_keys.dic"); - PrintAndLog(" hf iclass chk f default_iclass_keys.dic e"); - return 0; + PrintAndLog(" hf iclass chk f default_iclass_keys.dic"); + PrintAndLog(" hf iclass chk f default_iclass_keys.dic e"); } -int xorbits_8(uint8_t val) { - uint8_t res = val ^ (val >> 1); //1st pass - res = res ^ (res >> 1); // 2nd pass - res = res ^ (res >> 2); // 3rd pass - res = res ^ (res >> 4); // 4th pass - return res & 1; -} -int CmdHFiClassList(const char *Cmd) { +static int CmdHFiClassList(const char *Cmd) { PrintAndLog("Deprecated command, use 'hf list iclass' instead"); return 0; } -int CmdHFiClassSnoop(const char *Cmd) { - UsbCommand c = {CMD_SNOOP_ICLASS}; + +static int CmdHFiClassSnoop(const char *Cmd) { + + CLIParserInit("hf iclass snoop", "\nSnoop a communication between an iClass Reader and an iClass Tag.", NULL); + void* argtable[] = { + arg_param_begin, + arg_lit0("j", "jam", "Jam (prevent) e-purse Updates"), + arg_param_end + }; + if (CLIParserParseString(Cmd, argtable, arg_getsize(argtable), true)){ + CLIParserFree(); + return 0; + } + + bool jam_epurse_update = arg_get_lit(1); + + const uint8_t update_epurse_sequence[2] = {0x87, 0x02}; + + UsbCommand c = {CMD_SNOOP_ICLASS, {0}}; + if (jam_epurse_update) { + c.arg[0] = sizeof(update_epurse_sequence); + memcpy(c.d.asBytes, update_epurse_sequence, sizeof(update_epurse_sequence)); + } SendCommand(&c); + return 0; } -int usage_hf_iclass_sim(void) { + +static void usage_hf_iclass_sim(void) { PrintAndLog("Usage: hf iclass sim