dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix.

Browse Source 
ADD:  added the "t55x7" refactoring by @marshmellow42
This commit is contained in:
iceman1001
2015-10-27 21:47:21 +01:00
parent 1c8fbeb93e
commit 1d0ccbe04b
24 changed files with 704 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
armsrc/Makefile
View File

@@ -10,12 +10,12 @@ APP_INCLUDES = apps.h
#remove one of the following defines and comment out the relevant line
#in the next section to remove that particular feature from compilation
APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE \
APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE -DWITH_HFSNOOP \
-fno-strict-aliasing -ffunction-sections -fdata-sections
#-DWITH_LCD
#SRC_LCD = fonts.c LCD.c
SRC_LF = lfops.c hitag2.c lfsampling.c pcf7931.c
SRC_LF = lfops.c hitag2.c lfsampling.c pcf7931.c lfdemod.c protocols.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443b.c
@@ -52,7 +52,6 @@ THUMBSRC = start.c \
# These are to be compiled in ARM mode
ARMSRC = fpgaloader.c \
legicrf.c \
lfdemod.c \
$(SRC_ISO14443a) \
$(SRC_ISO14443b) \
$(SRC_CRAPTO1) \
@@ -60,7 +59,8 @@ ARMSRC = fpgaloader.c \
legic_prng.c \
iclass.c \
BigBuf.c \
optimized_cipher.c
optimized_cipher.c \
hfsnoop.c
# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
include ../common/Makefile.common

10
armsrc/appmain.c
View File

@@ -985,9 +985,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
case CMD_T55XX_READ_TRACE:
T55xxReadTrace();
break;
case CMD_T55XX_WAKEUP:
T55xxWakeUp(c->arg[0]);
break;
@@ -1236,6 +1233,11 @@ void UsbPacketReceived(uint8_t *packet, int len)
iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
break;
#endif
#ifdef WITH_HFSNOOP
case CMD_HF_SNIFFER:
HfSnoop(c->arg[0], c->arg[1]);
break;
#endif
case CMD_BUFF_CLEAR:
BigBuf_Clear();
@@ -1372,7 +1374,7 @@ void __attribute__((noreturn)) AppMain(void)
AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
// PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
AT91C_PMC_PRES_CLK_4;
AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
// Reset SPI

6
armsrc/apps.h
View File

@@ -86,11 +86,10 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioPro
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(int hi, int lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7); // Clone Indala 224-bit tag by UID to T55x7
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxReadTrace(void);
void T55xxWakeUp(uint32_t Pwd);
void TurnReadLFOn();
void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode);
@@ -208,5 +207,6 @@ bool cmd_receive(UsbCommand* cmd);
bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);
/// util.h
void HfSnoop(int , int);
#endif

1
armsrc/fpgaloader.h
View File

@@ -43,6 +43,7 @@ void SetAdcMuxFor(uint32_t whichGpio);
#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (1<<5)
#define FPGA_MAJOR_MODE_HF_SIMULATOR (2<<5)
#define FPGA_MAJOR_MODE_HF_ISO14443A (3<<5)
#define FPGA_MAJOR_MODE_HF_SNOOP (4<<5)
// BOTH
#define FPGA_MAJOR_MODE_OFF (7<<5)
// Options for LF_ADC

76
armsrc/hfsnoop.c Normal file
View File

@@ -0,0 +1,76 @@
#include "proxmark3.h"
#include "apps.h"
#include "BigBuf.h"
#include "util.h"
static void RAMFUNC optimizedSnoop(void);
static void RAMFUNC optimizedSnoop(void)
{
BigBuf_free();
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
uint16_t *dest = (uint16_t *)BigBuf_get_addr();
uint16_t *destend = dest + n;
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
// Reading data loop
while(dest <= destend)
{
if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)
{
*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
dest = dest + 1;
}
}
//Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
}
void HfSnoop(int samplesToSkip, int triggersToSkip)
{
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
bool trigger_cnt;
LED_D_ON();
// Select correct configs
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Set up the synchronous serial port
FpgaSetupSsc();
// connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
SpinDelay(100);
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
trigger_cnt = 0;
uint16_t r = 0;
while(!BUTTON_PRESS()) {
WDT_HIT();
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
if (!(trigger_cnt == triggersToSkip) && ( (r >> 8) >= 240))
{
Dbprintf("Trigger kicked! Value: %d.", r >> 8);
trigger_cnt++;
break;
}
}
}
if(!BUTTON_PRESS()) {
Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r >> 8);
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
while(waitcount != 0) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
waitcount--;
}
}
optimizedSnoop();
}
DbpString("HF Snoop end");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
}

392
armsrc/lfops.c
View File

@@ -16,8 +16,8 @@
#include "string.h"
#include "lfdemod.h"
#include "lfsampling.h"
#include "usb_cdc.h"
#include "protocols.h"
#include "usb_cdc.h" //test
/**
* Function to do a modulation and then get samples.
@@ -1053,61 +1053,9 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
/*------------------------------
* T5555/T5557/T5567 routines
*------------------------------
*/
/* T55x7 configuration register definitions */
#define T55x7_POR_DELAY 0x00000001
#define T55x7_ST_TERMINATOR 0x00000008
#define T55x7_PWD 0x00000010
#define T55x7_MAXBLOCK_SHIFT 5
#define T55x7_AOR 0x00000200
#define T55x7_PSKCF_RF_2 0
#define T55x7_PSKCF_RF_4 0x00000400
#define T55x7_PSKCF_RF_8 0x00000800
#define T55x7_MODULATION_DIRECT 0
#define T55x7_MODULATION_PSK1 0x00001000
#define T55x7_MODULATION_PSK2 0x00002000
#define T55x7_MODULATION_PSK3 0x00003000
#define T55x7_MODULATION_FSK1 0x00004000
#define T55x7_MODULATION_FSK2 0x00005000
#define T55x7_MODULATION_FSK1a 0x00006000
#define T55x7_MODULATION_FSK2a 0x00007000
#define T55x7_MODULATION_MANCHESTER 0x00008000
#define T55x7_MODULATION_BIPHASE 0x00010000
#define T55x7_MODULATION_DIPHASE 0x00018000
//#define T55x7_MODULATION_BIPHASE57 0x00011000
#define T55x7_BITRATE_RF_8 0
#define T55x7_BITRATE_RF_16 0x00040000
#define T55x7_BITRATE_RF_32 0x00080000
#define T55x7_BITRATE_RF_40 0x000C0000
#define T55x7_BITRATE_RF_50 0x00100000
#define T55x7_BITRATE_RF_64 0x00140000
#define T55x7_BITRATE_RF_100 0x00180000
#define T55x7_BITRATE_RF_128 0x001C0000
/* T5555 (Q5) configuration register definitions */
#define T5555_ST_TERMINATOR 0x00000001
#define T5555_MAXBLOCK_SHIFT 0x00000001
#define T5555_MODULATION_MANCHESTER 0
#define T5555_MODULATION_PSK1 0x00000010
#define T5555_MODULATION_PSK2 0x00000020
#define T5555_MODULATION_PSK3 0x00000030
#define T5555_MODULATION_FSK1 0x00000040
#define T5555_MODULATION_FSK2 0x00000050
#define T5555_MODULATION_BIPHASE 0x00000060
#define T5555_MODULATION_DIRECT 0x00000070
#define T5555_INVERT_OUTPUT 0x00000080
#define T5555_PSK_RF_2 0
#define T5555_PSK_RF_4 0x00000100
#define T5555_PSK_RF_8 0x00000200
#define T5555_USE_PWD 0x00000400
#define T5555_USE_AOR 0x00000800
#define T5555_BITRATE_SHIFT 12
#define T5555_FAST_WRITE 0x00004000
#define T5555_PAGE_SELECT 0x00008000
/*
* Relevant times in microsecond
* NOTE: T55x7/T5555 configuration register definitions moved to protocols.h
*
* Relevant communication times in microsecond
* To compensate antenna falling times shorten the write times
* and enlarge the gap ones.
* Q5 tags seems to have issues when these values changes.
@@ -1136,24 +1084,29 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
void TurnReadLFOn(int delay) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Give it a bit of time for the resonant antenna to settle.
SpinDelayUs(delay); //155*8 //50*8
// measure antenna strength.
//int adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
// where to save it
SpinDelayUs(delay);
}
// Write one bit to card
void T55xxWriteBit(int bit) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
if (!bit)
SpinDelayUs(WRITE_0);
TurnReadLFOn(WRITE_0);
else
SpinDelayUs(WRITE_1);
TurnReadLFOn(WRITE_1);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(WRITE_GAP);
}
// Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) {
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
LED_A_ON();
bool PwdMode = arg & 0x1;
uint8_t Page = (arg & 0x2)>>1;
uint32_t i = 0;
// Set up FPGA, 125kHz
@@ -1165,8 +1118,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
// Opcode 10
T55xxWriteBit(1);
T55xxWriteBit(0); //Page 0
T55xxWriteBit(Page); //Page 0
if (PwdMode){
// Send Pwd
for (i = 0x80000000; i != 0; i >>= 1)
@@ -1186,20 +1138,24 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
// so wait a little more)
TurnReadLFOn(20 * 1000);
//could attempt to do a read to confirm write took
// as the tag should repeat back the new block
// until it is reset, but to confirm it we would
// need to know the current block 0 config mode
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,0,0,0,0,0);
LED_A_OFF();
LED_B_OFF();
}
// Read one card block in page 0
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
LED_A_ON();
uint8_t PwdMode = arg0 & 0x01;
uint8_t Page = arg0 & 0x02;
bool PwdMode = arg0 & 0x1;
uint8_t Page = (arg0 & 0x2) >> 1;
uint32_t i = 0;
bool RegReadMode = (Block == 0xFF);
//clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
@@ -1207,14 +1163,14 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
//make sure block is at max 7
Block &= 0x7;
// Set up FPGA, 125kHz
// Set up FPGA, 125kHz to power up the tag
LFSetupFPGAForADC(95, true);
// Trigger T55x7 Direct Access Mode
// Trigger T55x7 Direct Access Mode with start gap
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
// Opcode 10
// Opcode 1[page]
T55xxWriteBit(1);
T55xxWriteBit(Page); //Page 0
@@ -1223,11 +1179,11 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Pwd & i);
}
// Send a zero bit separation
T55xxWriteBit(0);
// Send Block number
// Send Block number (if direct access mode)
if (!RegReadMode)
for (i = 0x04; i != 0; i >>= 1)
T55xxWriteBit(Block & i);
@@ -1237,54 +1193,10 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
// Acquisition
doT55x7Acquisition();
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
cmd_send(CMD_ACK,0,0,0,0,0);
LED_A_OFF();
LED_B_OFF();
}
// Read card traceability data (page 1)
void T55xxReadTrace(void){
// LED_A_ON();
// uint8_t PwdMode = arg0 & 0xFF;
// uint32_t i = 0;
// //clear buffer now so it does not interfere with timing later
// BigBuf_Clear_ext(false);
// // Set up FPGA, 125kHz
// LFSetupFPGAForADC(95, true);
// // Trigger T55x7 Direct Access Mode
// FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// SpinDelayUs(START_GAP);
// // Opcode 11
// T55xxWriteBit(1);
// T55xxWriteBit(1); //Page 1
// if (PwdMode){
// // Send Pwd
// for (i = 0x80000000; i != 0; i >>= 1)
// T55xxWriteBit(Pwd & i);
// }
// // Send a zero bit separation
// T55xxWriteBit(0);
// // Turn field on to read the response
// TurnReadLFOn(READ_GAP);
// // Acquisition
// doT55x7Acquisition();
// // turn field off
// FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// cmd_send(CMD_ACK,0,0,0,0,0);
// LED_A_OFF();
// LED_B_OFF();
}
void T55xxWakeUp(uint32_t Pwd){
@@ -1306,16 +1218,23 @@ void T55xxWakeUp(uint32_t Pwd){
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Pwd & i);
// Turn field on to read the response
// Turn and leave field on to let the begin repeating transmission
TurnReadLFOn(20*1000);
}
/*-------------- Cloning routines -----------*/
void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
// write last block first and config block last (if included)
for (uint8_t i = numblocks; i > startblock; i--)
T55xxWriteBlock(blockdata[i-1],i-1,0,0);
}
// Copy HID id to card and setup block 0 config
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
{
int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
int last_block = 0;
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
uint32_t data[] = {0,0,0,0,0,0,0};
//int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
uint8_t last_block = 0;
if (longFMT){
// Ensure no more than 84 bits supplied
@@ -1325,108 +1244,34 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
}
// Build the 6 data blocks for supplied 84bit ID
last_block = 6;
data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded)
for (int i=0;i<4;i++) {
if (hi2 & (1<<(19-i)))
data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10
else
data1 |= (1<<((3-i)*2)); // 0 -> 01
}
data2 = 0;
for (int i=0;i<16;i++) {
if (hi2 & (1<<(15-i)))
data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data2 |= (1<<((15-i)*2)); // 0 -> 01
}
data3 = 0;
for (int i=0;i<16;i++) {
if (hi & (1<<(31-i)))
data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data3 |= (1<<((15-i)*2)); // 0 -> 01
}
data4 = 0;
for (int i=0;i<16;i++) {
if (hi & (1<<(15-i)))
data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data4 |= (1<<((15-i)*2)); // 0 -> 01
}
data5 = 0;
for (int i=0;i<16;i++) {
if (lo & (1<<(31-i)))
data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data5 |= (1<<((15-i)*2)); // 0 -> 01
}
data6 = 0;
for (int i=0;i<16;i++) {
if (lo & (1<<(15-i)))
data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data6 |= (1<<((15-i)*2)); // 0 -> 01
}
}
else {
// load preamble (1D) & long format identifier (9E manchester encoded)
data[1] = 0x1D96A900 | manchesterEncode2Bytes((hi2 >> 16) & 0xF);
// load raw id from hi2, hi, lo to data blocks (manchester encoded)
data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
data[3] = manchesterEncode2Bytes(hi >> 16);
data[4] = manchesterEncode2Bytes(hi & 0xFFFF);
data[5] = manchesterEncode2Bytes(lo >> 16);
data[6] = manchesterEncode2Bytes(lo & 0xFFFF);
} else {
// Ensure no more than 44 bits supplied
if (hi>0xFFF) {
DbpString("Tags can only have 44 bits.");
return;
}
// Build the 3 data blocks for supplied 44bit ID
last_block = 3;
data1 = 0x1D000000; // load preamble
for (int i=0;i<12;i++) {
if (hi & (1<<(11-i)))
data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10
else
data1 |= (1<<((11-i)*2)); // 0 -> 01
}
data2 = 0;
for (int i=0;i<16;i++) {
if (lo & (1<<(31-i)))
data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data2 |= (1<<((15-i)*2)); // 0 -> 01
}
data3 = 0;
for (int i=0;i<16;i++) {
if (lo & (1<<(15-i)))
data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
else
data3 |= (1<<((15-i)*2)); // 0 -> 01
}
// load preamble
data[1] = 0x1D000000 | manchesterEncode2Bytes(hi & 0xFFF);
data[2] = manchesterEncode2Bytes(lo >> 16);
data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
}
// load chip config block
data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT;
LED_D_ON();
// Program the data blocks for supplied ID
// and the block 0 for HID format
T55xxWriteBlock(data1,1,0,0);
T55xxWriteBlock(data2,2,0,0);
T55xxWriteBlock(data3,3,0,0);
if (longFMT) { // if long format there are 6 blocks
T55xxWriteBlock(data4,4,0,0);
T55xxWriteBlock(data5,5,0,0);
T55xxWriteBlock(data6,6,0,0);
}
// Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long)
T55xxWriteBlock(T55x7_BITRATE_RF_50 |
T55x7_MODULATION_FSK2a |
last_block << T55x7_MAXBLOCK_SHIFT,
0,0,0);
WriteT55xx(data, 0, last_block+1);
LED_D_OFF();
@@ -1435,24 +1280,42 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT)
{
int data1=0, data2=0; //up to six blocks for long format
data1 = hi; // load preamble
data2 = lo;
uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
LED_D_ON();
// Program the data blocks for supplied ID
// and the block 0 for HID format
T55xxWriteBlock(data1,1,0,0);
T55xxWriteBlock(data2,2,0,0);
// and the block 0 config
WriteT55xx(data, 0, 3);
//Config Block
T55xxWriteBlock(0x00147040,0,0,0);
LED_D_OFF();
DbpString("DONE!");
}
// Clone Indala 64-bit tag by UID to T55x7
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
//Program the 2 data blocks for supplied 64bit UID
// and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
WriteT55xx(data, 0, 3);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
// T5567WriteBlock(0x603E1042,0);
DbpString("DONE!");
}
// Clone Indala 224-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7)
{
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);
DbpString("DONE!");
}
// Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40
@@ -1518,94 +1381,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
LED_D_ON();
// Write EM410x ID
T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0);
T55xxWriteBlock((uint32_t)id, 2, 0, 0);
// Config for EM410x (RF/64, Manchester, Maxblock=2)
uint32_t data[] = {0, id>>32, id & 0xFFFF};
if (card) {
// Clock rate is stored in bits 8-15 of the card value
clock = (card & 0xFF00) >> 8;
clock = (clock == 0) ? 64 : clock;
Dbprintf("Clock rate: %d", clock);
switch (clock) {
case 50:
clock = T55x7_BITRATE_RF_50;
case 40:
clock = T55x7_BITRATE_RF_40;
case 32:
clock = T55x7_BITRATE_RF_32;
break;
case 16:
clock = T55x7_BITRATE_RF_16;
break;
case 0:
// A value of 0 is assumed to be 64 for backwards-compatibility
// Fall through...
case 64:
clock = T55x7_BITRATE_RF_64;
break;
default:
clock = GetT55xxClockBit(clock);
if (clock == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return;
}
// Writing configuration for T55x7 tag
T55xxWriteBlock(clock |
T55x7_MODULATION_MANCHESTER |
2 << T55x7_MAXBLOCK_SHIFT,
0, 0, 0);
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else {
data[0] = (0x1F << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
}
else
// Writing configuration for T5555(Q5) tag
T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT |
T5555_MODULATION_MANCHESTER |
2 << T5555_MAXBLOCK_SHIFT,
0, 0, 0);
WriteT55xx(data, 0, 3);
LED_D_OFF();
Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555",
(uint32_t)(id >> 32), (uint32_t)id);
}
// Clone Indala 64-bit tag by UID to T55x7
void CopyIndala64toT55x7(int hi, int lo)
{
//Program the 2 data blocks for supplied 64bit UID
// and the block 0 for Indala64 format
T55xxWriteBlock(hi,1,0,0);
T55xxWriteBlock(lo,2,0,0);
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2)
T55xxWriteBlock(T55x7_BITRATE_RF_32 |
T55x7_MODULATION_PSK1 |
2 << T55x7_MAXBLOCK_SHIFT,
0, 0, 0);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
// T5567WriteBlock(0x603E1042,0);
DbpString("DONE!");
}
void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
{
//Program the 7 data blocks for supplied 224bit UID
// and the block 0 for Indala224 format
T55xxWriteBlock(uid1,1,0,0);
T55xxWriteBlock(uid2,2,0,0);
T55xxWriteBlock(uid3,3,0,0);
T55xxWriteBlock(uid4,4,0,0);
T55xxWriteBlock(uid5,5,0,0);
T55xxWriteBlock(uid6,6,0,0);
T55xxWriteBlock(uid7,7,0,0);
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
T55xxWriteBlock(T55x7_BITRATE_RF_32 |
T55x7_MODULATION_PSK1 |
7 << T55x7_MAXBLOCK_SHIFT,
0,0,0);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);
DbpString("DONE!");
}
//-----------------------------------
// EM4469 / EM4305 routines
//-----------------------------------

36
armsrc/lfsampling.c
View File

@@ -255,9 +255,8 @@ uint32_t SnoopLF() {
void doT55x7Acquisition(void){
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
#define T55xx_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_TOL 5
#define T55xx_LOWER_THRESHOLD 128-40 //-50
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
@@ -265,40 +264,43 @@ void doT55x7Acquisition(void){
if ( bufsize > T55xx_SAMPLES_SIZE )
bufsize = T55xx_SAMPLES_SIZE;
//int adcval = 0;
uint16_t i = 0;
bool startFound = false;
bool highFound = false;
uint8_t sample = 0;
uint8_t curSample = 0;
uint8_t firstSample = 0;
while(!BUTTON_PRESS()) {
uint16_t skipCnt = 0;
while(!BUTTON_PRESS() && skipCnt<1000) {
WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x00;
AT91C_BASE_SSC->SSC_THR = 0x43;
LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
LED_D_OFF();
// find first high sample
if (!startFound && sample > T55xx_UPPER_THRESHOLD) {
if (sample > firstSample)
firstSample = sample;
highFound = TRUE;
if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
if (curSample > firstSample)
firstSample = curSample;
highFound = true;
} else if (!highFound) {
skipCnt++;
continue;
}
// skip until samples begin to change
if (startFound || sample < firstSample - T55xx_READ_TOL){
if (startFound || curSample < firstSample-T55xx_READ_TOL){
if (!startFound)
dest[i++] = firstSample;
startFound = TRUE;
dest[i++] = sample;
// exit condition.
if (i >= bufsize) break;
startFound = true;
dest[i++] = curSample;
if (i >= bufsize-1) break;
}
}
}
}
}