dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A lot of changes...

Browse Source 
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities,   (not a proper DEMOD, but a start)
.. GetCountUS  better precision from @pwpivi
.. bin2hex,  hex2bin  from @holiman

...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler,   nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block...  See Issue #136  https://github.com/Proxmark/proxmark3/issues/136    Not solved yet.

...
Started add SHA256..   not working yet..
This commit is contained in:
iceman1001
2015-10-04 18:01:33 +02:00
parent 05beaa8dd8
commit 0de8e3874d
41 changed files with 2222 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
armsrc/appmain.c
View File

@@ -301,39 +301,42 @@ void SendVersion(void)
// measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
// Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included.
void printUSBSpeed(uint32_t SpeedTestBufferSize)
void printUSBSpeed(void)
{
Dbprintf("USB Speed:");
Dbprintf(" Sending %d bytes payload...", SpeedTestBufferSize);
Dbprintf(" Sending USB packets to client...");
#define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds
uint8_t *test_data = BigBuf_get_addr();
uint32_t end_time;
uint32_t start_time = GetTickCount();
uint32_t start_time = end_time = GetTickCount();
uint32_t bytes_transferred = 0;
LED_B_ON();
for(size_t i=0; i < SpeedTestBufferSize; i += USB_CMD_DATA_SIZE) {
size_t len = MIN((SpeedTestBufferSize - i), USB_CMD_DATA_SIZE);
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,0,len,0,test_data,len);
while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) {
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE);
end_time = GetTickCount();
bytes_transferred += USB_CMD_DATA_SIZE;
}
LED_B_OFF();
uint32_t end_time = GetTickCount();
Dbprintf(" Time elapsed: %dms, USB Transfer Speed PM3 -> Client = %d Bytes/s",
end_time - start_time,
1000* SpeedTestBufferSize / (end_time - start_time));
Dbprintf(" Time elapsed: %dms", end_time - start_time);
Dbprintf(" Bytes transferred: %d", bytes_transferred);
Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s",
1000 * bytes_transferred / (end_time - start_time));
}
/**
* Prints runtime information about the PM3.
**/
void SendStatus(uint32_t SpeedTestBufferSize)
void SendStatus(void)
{
BigBuf_print_status();
Fpga_print_status();
printConfig(); //LF Sampling config
printUSBSpeed(SpeedTestBufferSize);
printUSBSpeed();
Dbprintf("Various");
Dbprintf(" MF_DBGLEVEL........%d", MF_DBGLEVEL);
Dbprintf(" ToSendMax..........%d", ToSendMax);
@@ -998,6 +1001,11 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
break;
case CMD_VIKING_CLONE_TAG:
CopyViKingtoT55x7(c->arg[0],c->arg[1]);
break;
#endif
#ifdef WITH_HITAG
@@ -1232,8 +1240,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
LED_B_ON();
uint8_t *BigBuf = BigBuf_get_addr();
size_t len = 0;
for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
}
// Trigger a finish downloading signal with an ACK frame
@@ -1269,7 +1278,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
SendVersion();
break;
case CMD_STATUS:
SendStatus(c->arg[0]);
SendStatus();
break;
case CMD_PING:
cmd_send(CMD_ACK,0,0,0,0,0);

1
armsrc/apps.h
View File

@@ -191,6 +191,7 @@ void ReaderIClass(uint8_t arg0);
void ReaderIClass_Replay(uint8_t arg0,uint8_t *MAC);
void IClass_iso14443A_GetPublic(uint8_t arg0);
void CopyViKingtoT55x7(uint32_t block1,uint32_t block2);
// hitag2.h
void SnoopHitag(uint32_t type);
void SimulateHitagTag(bool tag_mem_supplied, byte_t* data);

102
armsrc/iso14443a.c
View File

@@ -1047,7 +1047,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
response3a[0] = sak & 0xFB;
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
uint8_t response5[] = { 0x01, 0x01, 0x01, 0x01 }; // Very random tag nonce
uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce
uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS:
// Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present,
// TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
@@ -1151,9 +1151,9 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
} else if(receivedCmd[0] == 0x30) { // Received a (plain) READ
uint8_t block = receivedCmd[1];
if ( tagType == 7 ) {
uint8_t start = 4 * block;
uint16_t start = 4 * block;
if ( block < 4 ) {
/*if ( block < 4 ) {
//NTAG 215
uint8_t blockdata[50] = {
data[0],data[1],data[2], 0x88 ^ data[0] ^ data[1] ^ data[2],
@@ -1167,12 +1167,12 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
0x00,0x00};
AppendCrc14443a(blockdata+start, 16);
EmSendCmdEx( blockdata+start, MAX_MIFARE_FRAME_SIZE, false);
} else {
} else {*/
uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt( emdata, start, 16);
AppendCrc14443a(emdata, 16);
EmSendCmdEx(emdata, sizeof(emdata), false);
}
//}
p_response = NULL;
} else {
@@ -1417,9 +1417,11 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
BigBuf_free_keep_EM();
LED_A_OFF();
if (MF_DBGLEVEL >= 4){
Dbprintf("-[ Wake ups after halt [%d]", happened);
Dbprintf("-[ Messages after halt [%d]", happened2);
Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
}
}
@@ -2194,7 +2196,7 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
nttmp1 = nt1;
nttmp2 = nt2;
for (i = 1; i < 32768; i++) {
for (i = 1; i < 0xFFFF; i++) {
nttmp1 = prng_successor(nttmp1, 1);
if (nttmp1 == nt2) return i;
nttmp2 = prng_successor(nttmp2, 1);
@@ -2204,6 +2206,28 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
return(-99999); // either nt1 or nt2 are invalid nonces
}
int32_t dist_nt_ex32(uint32_t nt1, uint32_t nt2, bool *result) {
uint16_t i;
uint32_t nttmp1, nttmp2;
if (nt1 == nt2) return 0;
nttmp1 = nt1;
nttmp2 = nt2;
*result = true;
for (i = 1; i < 0xFFFFFFFF; i++) {
nttmp1 = prng_successor(nttmp1, 1);
if (nttmp1 == nt2) return i;
nttmp2 = prng_successor(nttmp2, 1);
if (nttmp2 == nt1) return -i;
}
*result = false;
return(-99999); // either nt1 or nt2 are invalid nonces
}
//-----------------------------------------------------------------------------
// Recover several bits of the cypher stream. This implements (first stages of)
@@ -2244,6 +2268,7 @@ void ReaderMifare(bool first_try)
byte_t par_list[8] = {0x00};
byte_t ks_list[8] = {0x00};
#define PRNG_SEQUENCE_LENGTH (1 << 16);
static uint32_t sync_time = 0;
static uint32_t sync_cycles = 0;
int catch_up_cycles = 0;
@@ -2254,7 +2279,7 @@ void ReaderMifare(bool first_try)
if (first_try) {
mf_nr_ar3 = 0;
sync_time = GetCountSspClk() & 0xfffffff8;
sync_cycles = 65536; // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
sync_cycles = PRNG_SEQUENCE_LENGTH; //65536; //0x10000 // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
nt_attacked = 0;
nt = 0;
par[0] = 0;
@@ -2271,8 +2296,12 @@ void ReaderMifare(bool first_try)
LED_C_OFF();
#define DARKSIDE_MAX_TRIES 32 // number of tries to sync on PRNG cycle. Then give up.
uint16_t unsuccessfull_tries = 0;
#define MAX_UNEXPECTED_RANDOM 5 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up.
#define MAX_SYNC_TRIES 16
uint16_t unexpected_random = 0;
uint16_t sync_tries = 0;
int16_t debug_info_nr = -1;
uint32_t debug_info[MAX_SYNC_TRIES];
for(uint16_t i = 0; TRUE; i++) {
@@ -2290,16 +2319,20 @@ void ReaderMifare(bool first_try)
continue;
}
sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
catch_up_cycles = 0;
if (debug_info_nr == -1) {
sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
catch_up_cycles = 0;
// if we missed the sync time already, advance to the next nonce repeat
while(GetCountSspClk() > sync_time) {
sync_time = (sync_time & 0xfffffff8) + sync_cycles;
}
// if we missed the sync time already, advance to the next nonce repeat
while(GetCountSspClk() > sync_time) {
sync_time = (sync_time & 0xfffffff8) + sync_cycles;
}
// Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
// Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
} else {
ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
}
// Receive the (4 Byte) "random" nonce
if (!ReaderReceive(receivedAnswer, receivedAnswerPar)) {
@@ -2317,19 +2350,32 @@ void ReaderMifare(bool first_try)
int nt_distance = dist_nt(previous_nt, nt);
if (nt_distance == 0) {
nt_attacked = nt;
}
else {
} else {
if (nt_distance == -99999) { // invalid nonce received
unsuccessfull_tries++;
if (!nt_attacked && unsuccessfull_tries > DARKSIDE_MAX_TRIES) {
unexpected_random++;
if (!nt_attacked && unexpected_random > MAX_UNEXPECTED_RANDOM) {
isOK = -3; // Card has an unpredictable PRNG. Give up
break;
} else {
continue; // continue trying...
}
}
if (++sync_tries > MAX_SYNC_TRIES) {
if (sync_tries > 2 * MAX_SYNC_TRIES) {
isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly
break;
} else { // continue for a while, just to collect some debug info
debug_info[++debug_info_nr] = nt_distance;
continue;
}
}
sync_cycles = (sync_cycles - nt_distance);
if (MF_DBGLEVEL >= 3) Dbprintf("calibrating in cycle %d. nt_distance=%d, Sync_cycles: %d\n", i, nt_distance, sync_cycles);
if (sync_cycles <= 0) {
sync_cycles += PRNG_SEQUENCE_LENGTH;
}
if (MF_DBGLEVEL >= 3) {
Dbprintf("calibrating in cycle %d. nt_distance=%d, Sync_cycles: %d\n", i, nt_distance, sync_cycles);
}
continue;
}
}
@@ -2401,8 +2447,15 @@ void ReaderMifare(bool first_try)
mf_nr_ar[3] &= 0x1F;
byte_t buf[28] = {0x00};
if (isOK == -4) {
if (MF_DBGLEVEL >= 3) {
for(uint16_t i = 0; i < MAX_SYNC_TRIES; i++) {
Dbprintf("collected debug info[%d] = %d\n", i, debug_info[i]);
}
}
}
byte_t buf[28];
memcpy(buf + 0, uid, 4);
num_to_bytes(nt, 4, buf + 4);
memcpy(buf + 8, par_list, 8);
@@ -2418,8 +2471,7 @@ void ReaderMifare(bool first_try)
set_tracing(FALSE);
}
/*
/**
*MIFARE 1K simulate.
*
*@param flags :

89
armsrc/lfops.c
View File

@@ -90,9 +90,9 @@ void ReadTItag(void)
// when we read a TI tag we sample the zerocross line at 2Mhz
// TI tags modulate a 1 as 16 cycles of 123.2Khz
// TI tags modulate a 0 as 16 cycles of 134.2Khz
#define FSAMPLE 2000000
#define FREQLO 123200
#define FREQHI 134200
#define FSAMPLE 2000000
#define FREQLO 123200
#define FREQHI 134200
signed char *dest = (signed char *)BigBuf_get_addr();
uint16_t n = BigBuf_max_traceLen();
@@ -1080,14 +1080,14 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
*/
/* T55x7 configuration register definitions */
#define T55x7_POR_DELAY 0x00000001
#define T55x7_ST_TERMINATOR 0x00000008
#define T55x7_PWD 0x00000010
#define T55x7_POR_DELAY 0x00000001
#define T55x7_ST_TERMINATOR 0x00000008
#define T55x7_PWD 0x00000010
#define T55x7_MAXBLOCK_SHIFT 5
#define T55x7_AOR 0x00000200
#define T55x7_PSKCF_RF_2 0
#define T55x7_PSKCF_RF_4 0x00000400
#define T55x7_PSKCF_RF_8 0x00000800
#define T55x7_AOR 0x00000200
#define T55x7_PSKCF_RF_2 0
#define T55x7_PSKCF_RF_4 0x00000400
#define T55x7_PSKCF_RF_8 0x00000800
#define T55x7_MODULATION_DIRECT 0
#define T55x7_MODULATION_PSK1 0x00001000
#define T55x7_MODULATION_PSK2 0x00002000
@@ -1098,17 +1098,18 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
#define T55x7_MODULATION_FSK2a 0x00007000
#define T55x7_MODULATION_MANCHESTER 0x00008000
#define T55x7_MODULATION_BIPHASE 0x00010000
#define T55x7_BITRATE_RF_8 0
#define T55x7_BITRATE_RF_16 0x00040000
#define T55x7_BITRATE_RF_32 0x00080000
#define T55x7_BITRATE_RF_40 0x000C0000
#define T55x7_BITRATE_RF_50 0x00100000
#define T55x7_BITRATE_RF_64 0x00140000
//#define T55x7_MODULATION_BIPHASE57 0x00011000
#define T55x7_BITRATE_RF_8 0
#define T55x7_BITRATE_RF_16 0x00040000
#define T55x7_BITRATE_RF_32 0x00080000
#define T55x7_BITRATE_RF_40 0x000C0000
#define T55x7_BITRATE_RF_50 0x00100000
#define T55x7_BITRATE_RF_64 0x00140000
#define T55x7_BITRATE_RF_100 0x00180000
#define T55x7_BITRATE_RF_128 0x001C0000
/* T5555 (Q5) configuration register definitions */
#define T5555_ST_TERMINATOR 0x00000001
#define T5555_ST_TERMINATOR 0x00000001
#define T5555_MAXBLOCK_SHIFT 0x00000001
#define T5555_MODULATION_MANCHESTER 0
#define T5555_MODULATION_PSK1 0x00000010
@@ -1118,22 +1119,23 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
#define T5555_MODULATION_FSK2 0x00000050
#define T5555_MODULATION_BIPHASE 0x00000060
#define T5555_MODULATION_DIRECT 0x00000070
#define T5555_INVERT_OUTPUT 0x00000080
#define T5555_PSK_RF_2 0
#define T5555_PSK_RF_4 0x00000100
#define T5555_PSK_RF_8 0x00000200
#define T5555_USE_PWD 0x00000400
#define T5555_USE_AOR 0x00000800
#define T5555_BITRATE_SHIFT 12
#define T5555_FAST_WRITE 0x00004000
#define T5555_PAGE_SELECT 0x00008000
#define T5555_INVERT_OUTPUT 0x00000080
#define T5555_PSK_RF_2 0
#define T5555_PSK_RF_4 0x00000100
#define T5555_PSK_RF_8 0x00000200
#define T5555_USE_PWD 0x00000400
#define T5555_USE_AOR 0x00000800
#define T5555_BITRATE_SHIFT 12
#define T5555_FAST_WRITE 0x00004000
#define T5555_PAGE_SELECT 0x00008000
/*
* Relevant times in microsecond
* To compensate antenna falling times shorten the write times
* and enlarge the gap ones.
*/
#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
#define START_GAP 50*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
@@ -1157,7 +1159,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
// Write one bit to card
void T55xxWriteBit(int bit)
{
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
//FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
if (!bit)
@@ -1176,7 +1178,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
// Set up FPGA, 125kHz
// Wait for config.. (192+8190xPOW)x8 == 67ms
LFSetupFPGAForADC(0, true);
// Now start writting
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
@@ -1211,7 +1213,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
void TurnReadLFOn(){
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Give it a bit of time for the resonant antenna to settle.
SpinDelayUs(8*150);
SpinDelayUs(300);
}
@@ -1229,7 +1231,21 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
// Set up FPGA, 125kHz
// Wait for config.. (192+8190xPOW)x8 == 67ms
LFSetupFPGAForADC(0, true);
//LFSetupFPGAForADC(0, true);
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Now set up the SSC to get the ADC samples that are now streaming at us.
FpgaSetupSsc();
// Give it a bit of time for the resonant antenna to settle.
//SpinDelayUs(8*200); //192FC
SpinDelay(50);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
@@ -2098,3 +2114,14 @@ void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_D_OFF();
}
void CopyViKingtoT55x7(uint32_t block1,uint32_t block2)
{
LED_D_ON();
T55xxWriteBlock(block1,1,0,0);
T55xxWriteBlock(block2,2,0,0);
T55xxWriteBlock(T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 2 << T5555_MAXBLOCK_SHIFT,0,0,1);
LED_D_OFF();
DbpString("DONE!");
}

3
armsrc/mifarecmd.c
View File

@@ -908,7 +908,8 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
emlSetMem(datain, arg0, arg1); // data, block num, blocks count
//emlSetMem(datain, arg0, arg1); // data, block num, blocks count
emlSetMem_xt(datain, arg0, arg1, arg2); // data, block num, blocks count, block byte width
}
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){

8
armsrc/mifareutil.c
View File

@@ -272,7 +272,7 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){
if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]);
len = mifare_sendcmd(0x1B, key, sizeof(key), resp, respPar, NULL);
//len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);
if (len != 4) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);
return 0;
@@ -556,8 +556,12 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
// work with emulator memory
void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
emlSetMem_xt(data, blockNum, blocksCount, 16);
}
void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth) {
uint8_t* emCARD = BigBuf_get_EM_addr();
memcpy(emCARD + blockNum * 16, data, blocksCount * 16);
memcpy(emCARD + blockNum * blockBtWidth, data, blocksCount * blockBtWidth);
}
void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {

1
armsrc/mifareutil.h
View File

@@ -90,6 +90,7 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo);
// emulator functions
void emlClearMem(void);
void emlSetMem(uint8_t *data, int blockNum, int blocksCount);
void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth);
void emlGetMem(uint8_t *data, int blockNum, int blocksCount);
void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount);
uint64_t emlGetKey(int sectorNum, int keyType);

4
armsrc/util.c
View File

@@ -345,7 +345,9 @@ void StartCountUS()
}
uint32_t RAMFUNC GetCountUS(){
return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV / 15) * 10);
//return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV / 15) * 10);
// By suggestion from PwPiwi, http://www.proxmark.org/forum/viewtopic.php?pid=17548#p17548
return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV * 2) / 3);
}
static uint32_t GlobalUsCounter = 0;