MERGED: @holimans changes

MERGED: @piwi changes
MERGED: @marshmellows changes.

I'm not even gonna try write up all that stuff..

ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32.   It is also inside the "hf 14a sim" with the "x" parameter.

armsrc/BigBuf.c

@@ -88,6 +88,16 @@ void BigBuf_free_keep_EM(void)
 	}
 }
 
+void BigBuf_print_status(void)
+{
+	Dbprintf("Memory");
+	Dbprintf("  BIGBUF_SIZE.............%d", BIGBUF_SIZE);
+	Dbprintf("  BigBuf_hi  .............%d", BigBuf_hi);
+	Dbprintf("Tracing");
+	Dbprintf("  tracing ................%d", tracing);
+	Dbprintf("  traceLen ...............%d", traceLen);
+}
+
 
 // return the maximum trace length (i.e. the unallocated size of BigBuf)
 uint16_t BigBuf_max_traceLen(void)
@@ -168,8 +178,12 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_
 	traceLen += iLen;
 
 	// parity bytes
-	if (parity != NULL && iLen != 0) {
+	if (iLen != 0) {
+		if (parity != NULL) {
 			memcpy(trace + traceLen, parity, num_paritybytes);
+		} else {
+			memset(trace + traceLen, 0x00, num_paritybytes);
+		}
 	}
 	traceLen += num_paritybytes;
 
@@ -218,6 +232,7 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP
 
 	return TRUE;
 }
+
 // Emulator memory
 uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
 	uint8_t* mem = BigBuf_get_EM_addr();

armsrc/BigBuf.h

@@ -28,9 +28,9 @@ extern void BigBuf_Clear(void);
 extern uint8_t *BigBuf_malloc(uint16_t);
 extern void BigBuf_free(void);
 extern void BigBuf_free_keep_EM(void);
-
+extern void BigBuf_print_status(void);
 extern uint16_t BigBuf_get_traceLen(void);
-extern void clear_trace();
+extern void clear_trace(void);
 extern void set_tracing(bool enable);
 extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
 extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);

armsrc/Makefile

@@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
 
 #remove one of the following defines and comment out the relevant line
 #in the next section to remove that particular feature from compilation  
-APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE \
+APP_CFLAGS	= -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE \
 				-fno-strict-aliasing -ffunction-sections -fdata-sections
 #-DWITH_LCD 
 

armsrc/appmain.c

@@ -25,10 +25,16 @@
 #include <hitag2.h>
 #include "lfsampling.h"
 #include "BigBuf.h"
+#include "mifareutil.h"
 #ifdef WITH_LCD
  #include "LCD.h"
 #endif
 
+// Craig Young - 14a stand-alone code
+#ifdef WITH_ISO14443a_StandAlone
+ #include "iso14443a.h"
+#endif
+
 #define abs(x) ( ((x)<0) ? -(x) : (x) )
 
 //=============================================================================
@@ -39,7 +45,7 @@
 
 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2)  // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits 
 uint8_t ToSend[TOSEND_BUFFER_SIZE];
-int ToSendMax;
+int ToSendMax = 0;
 static int ToSendBit;
 struct common_area common_area __attribute__((section(".commonarea")));
 
@@ -180,7 +186,7 @@ void MeasureAntennaTuning(void)
 	int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0 
 	int vLf125 = 0, vLf134 = 0, vHf = 0;	// in mV
 
-  LED_B_ON();
+	LED_B_ON();
 
 /*
  * Sweeps the useful LF range of the proxmark from
@@ -212,17 +218,17 @@ void MeasureAntennaTuning(void)
 
 	for (i=18; i >= 0; i--) LF_Results[i] = 0;
 	
-  LED_A_ON();
+	LED_A_ON();
 	// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
-  	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
 	SpinDelay(20);
 	vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
 
 	cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-  LED_A_OFF();
-  LED_B_OFF();
+	LED_A_OFF();
+	LED_B_OFF();
   return;
 }
 
@@ -292,19 +298,27 @@ void SendVersion(void)
 	uint32_t compressed_data_section_size = common_area.arg1;
 	cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
 }
-
-#ifdef WITH_LF
-// samy's sniff and repeat routine
-void SamyRun()
+/**
+  * Prints runtime information about the PM3.
+**/
+void SendStatus(void)
 {
-	DbpString("Stand-alone mode! No PC necessary.");
-	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+	BigBuf_print_status();
+	Fpga_print_status();
+	printConfig(); //LF Sampling config
+	Dbprintf("Various");
+	Dbprintf("  MF_DBGLEVEL......%d", MF_DBGLEVEL);
+	Dbprintf("  ToSendMax........%d",ToSendMax);
+	Dbprintf("  ToSendBit........%d",ToSendBit);
+}
+
+#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
 
-	// 3 possible options? no just 2 for now
 #define OPTS 2
 
-	int high[OPTS], low[OPTS];
-
+void StandAloneMode()
+{
+	DbpString("Stand-alone mode! No PC necessary.");
 	// Oooh pretty -- notify user we're in elite samy mode now
 	LED(LED_RED,	200);
 	LED(LED_ORANGE, 200);
@@ -316,6 +330,216 @@ void SamyRun()
 	LED(LED_ORANGE, 200);
 	LED(LED_RED,	200);
 
+}
+
+#endif
+
+
+
+#ifdef WITH_ISO14443a_StandAlone
+void StandAloneMode14a()
+{
+	StandAloneMode();
+	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+	int selected = 0;
+	int playing = 0;
+	int cardRead[OPTS] = {0};
+	uint8_t readUID[10] = {0};
+	uint32_t uid_1st[OPTS]={0};
+	uint32_t uid_2nd[OPTS]={0};
+
+	LED(selected + 1, 0);
+
+	for (;;)
+	{
+		usb_poll();
+		WDT_HIT();
+
+		// Was our button held down or pressed?
+		int button_pressed = BUTTON_HELD(1000);
+		SpinDelay(300);
+
+		// Button was held for a second, begin recording
+		if (button_pressed > 0 && cardRead[selected] == 0)
+		{
+			LEDsoff();
+			LED(selected + 1, 0);
+			LED(LED_RED2, 0);
+
+			// record
+			Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
+
+			// wait for button to be released
+			while(BUTTON_PRESS())
+				WDT_HIT();
+			/* need this delay to prevent catching some weird data */
+			SpinDelay(500);
+			/* Code for reading from 14a tag */
+			uint8_t uid[10]  ={0};
+			uint32_t cuid;
+			iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+
+			for ( ; ; )
+			{
+				WDT_HIT();
+				if (!iso14443a_select_card(uid, NULL, &cuid))
+					continue;
+				else
+				{
+					Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
+					memcpy(readUID,uid,10*sizeof(uint8_t));
+					uint8_t *dst = (uint8_t *)&uid_1st[selected];
+					// Set UID byte order
+					for (int i=0; i<4; i++)
+						dst[i] = uid[3-i];
+					dst = (uint8_t *)&uid_2nd[selected];
+					for (int i=0; i<4; i++)
+						dst[i] = uid[7-i];
+					break;
+				}
+			}
+			LEDsoff();
+			LED(LED_GREEN,  200);
+			LED(LED_ORANGE, 200);
+			LED(LED_GREEN,  200);
+			LED(LED_ORANGE, 200);
+
+			LEDsoff();
+			LED(selected + 1, 0);
+			// Finished recording
+
+			// If we were previously playing, set playing off
+			// so next button push begins playing what we recorded
+			playing = 0;
+
+			cardRead[selected] = 1;
+
+		}
+		/* MF UID clone */
+		else if (button_pressed > 0 && cardRead[selected] == 1)
+		{
+					LEDsoff();
+					LED(selected + 1, 0);
+					LED(LED_ORANGE, 250);
+
+
+					// record
+					Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
+
+					// wait for button to be released
+					while(BUTTON_PRESS())
+					{
+						// Delay cloning until card is in place
+						WDT_HIT();
+					}
+					Dbprintf("Starting clone. [Bank: %u]", selected);
+					// need this delay to prevent catching some weird data
+					SpinDelay(500);
+					// Begin clone function here:
+					/* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
+							UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
+							memcpy(c.d.asBytes, data, 16);
+							SendCommand(&c);
+
+						Block read is similar:
+							UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
+						We need to imitate that call with blockNo 0 to set a uid.
+
+						The get and set commands are handled in this file:
+							// Work with "magic Chinese" card
+							case CMD_MIFARE_CSETBLOCK:
+									MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+									break;
+							case CMD_MIFARE_CGETBLOCK:
+									MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+													//
+									break;
+
+						mfCSetUID provides example logic for UID set workflow:
+							-Read block0 from card in field with MifareCGetBlock()
+							-Configure new values without replacing reserved bytes
+									memcpy(block0, uid, 4); // Copy UID bytes from byte array
+									// Mifare UID BCC
+									block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
+									Bytes 5-7 are reserved SAK and ATQA for mifare classic
+							-Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
+					*/
+					uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
+					// arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
+					MifareCGetBlock(0x1F, 1, 0, oldBlock0);
+					Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
+					memcpy(newBlock0,oldBlock0,16);
+					// Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
+
+					newBlock0[0] = uid_1st[selected]>>24;
+					newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
+					newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
+					newBlock0[3] = 0xFF & (uid_1st[selected]);
+					newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
+					// arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
+					MifareCSetBlock(0, 0xFF,0, newBlock0);
+					MifareCGetBlock(0x1F, 1, 0, testBlock0);
+					if (memcmp(testBlock0,newBlock0,16)==0)
+					{
+						DbpString("Cloned successfull!");
+						cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
+					}
+					LEDsoff();
+					LED(selected + 1, 0);
+					// Finished recording
+
+					// If we were previously playing, set playing off
+					// so next button push begins playing what we recorded
+					playing = 0;
+
+		}
+		// Change where to record (or begin playing)
+		else if (button_pressed && cardRead[selected])
+		{
+			// Next option if we were previously playing
+			if (playing)
+				selected = (selected + 1) % OPTS;
+			playing = !playing;
+
+			LEDsoff();
+			LED(selected + 1, 0);
+
+			// Begin transmitting
+			if (playing)
+			{
+				LED(LED_GREEN, 0);
+				DbpString("Playing");
+				while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec
+						Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
+						SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL);
+					}
+				//cardRead[selected] = 1;
+				Dbprintf("Done playing [Bank: %u]",selected);
+
+				/* We pressed a button so ignore it here with a delay */
+				SpinDelay(300);
+
+				// when done, we're done playing, move to next option
+				selected = (selected + 1) % OPTS;
+				playing = !playing;
+				LEDsoff();
+				LED(selected + 1, 0);
+			}
+			else
+				while(BUTTON_PRESS())
+					WDT_HIT();
+		}
+	}
+}
+#elif WITH_LF
+// samy's sniff and repeat routine
+void SamyRun()
+{
+	StandAloneMode();
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+	int high[OPTS], low[OPTS];
 	int selected = 0;
 	int playing = 0;
 	int cardRead = 0;
@@ -439,8 +663,8 @@ void SamyRun()
 		}
 	}
 }
-#endif
 
+#endif
 /*
 OBJECTIVE
 Listen and detect an external reader. Determine the best location
@@ -667,6 +891,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		case CMD_T55XX_WRITE_BLOCK:
 			T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
+			cmd_send(CMD_ACK,0,0,0,0,0);
 			break;
 		case CMD_T55XX_READ_TRACE:
 			T55xxReadTrace();
@@ -954,7 +1179,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_VERSION:
 			SendVersion();
 			break;
-
+		case CMD_STATUS:
+			SendStatus();
+			break;
+		case CMD_PING:
+			cmd_send(CMD_ACK,0,0,0,0,0);
+			break;
 #ifdef WITH_LCD
 		case CMD_LCD_RESET:
 			LCDReset();
@@ -1053,8 +1283,16 @@ void  __attribute__((noreturn)) AppMain(void)
 		WDT_HIT();
 
 #ifdef WITH_LF
+#ifndef WITH_ISO14443a_StandAlone
 		if (BUTTON_HELD(1000) > 0)
 			SamyRun();
+#endif
+#endif
+#ifdef WITH_ISO14443a
+#ifdef WITH_ISO14443a_StandAlone
+		if (BUTTON_HELD(1000) > 0)
+			StandAloneMode14a();
+#endif
 #endif
 	}
 }

armsrc/apps.h

@@ -15,11 +15,10 @@
 #include <stdint.h>
 #include <stddef.h>
 #include <stdlib.h>
-#include <sys/types.h>
-#include <string.h>
-#include <strings.h>
-#include "../common/crc32.h"
-#include "../common/lfdemod.h"
+#include <sys/types.h> 
+#include "common.h"
+#include "crc32.h"
+#include "lfdemod.h"
 #include "BigBuf.h"
 #include "fpgaloader.h"
 #include "hitag2.h"

armsrc/des.c

@@ -409,7 +409,6 @@ void tdes_dec(void* out, void* in, const uint8_t* key){
 
 	uint8_t i;
 	unsigned char temp[8];
-
 	uint8_t* tin = (uint8_t*) in;
 	uint8_t* tout = (uint8_t*) out;
 	
@@ -432,6 +431,7 @@ void tdes_dec(void* out, void* in, const uint8_t* key){
 	}
  }
 
+
 /******************************************************************************/
 
 

armsrc/desfire_crypto.c

@@ -27,9 +27,8 @@
  */
 #include "desfire_crypto.h"
 
-static void      xor (const uint8_t *ivect, uint8_t *data, const size_t len);
-
-static size_t    key_macing_length (desfirekey_t key);
+static void xor (const uint8_t *ivect, uint8_t *data, const size_t len);
+static size_t key_macing_length (desfirekey_t key);
 
 static void xor (const uint8_t *ivect, uint8_t *data, const size_t len) {
     for (size_t i = 0; i < len; i++) {

armsrc/fpgaloader.c

@@ -560,3 +560,11 @@ void SetAdcMuxFor(uint32_t whichGpio)
 
 	HIGH(whichGpio);
 }
+
+void Fpga_print_status(void)
+{
+	Dbprintf("Fgpa");
+	if(downloaded_bitstream == FPGA_BITSTREAM_HF) Dbprintf("  mode.............HF");
+	else if(downloaded_bitstream == FPGA_BITSTREAM_LF) Dbprintf("  mode.............LF");
+	else Dbprintf("  mode.............%d", downloaded_bitstream);
+}

armsrc/fpgaloader.h

@@ -17,6 +17,7 @@ void FpgaGatherVersion(int bitstream_version, char *dst, int len);
 void FpgaSetupSsc(void);
 void SetupSpi(int mode);
 bool FpgaSetupSscDma(uint8_t *buf, int len);
+void Fpga_print_status();
 #define FpgaDisableSscDma(void)	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
 #define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
 void SetAdcMuxFor(uint32_t whichGpio);

armsrc/iso14443a.c

@@ -565,16 +565,18 @@ void RAMFUNC SniffIso14443a(uint8_t param) {
 	// param:
 	// bit 0 - trigger from first card answer
 	// bit 1 - trigger from first reader 7-bit request
-	
 	LEDsoff();
 
-
 	iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
 	
 	// Allocate memory from BigBuf for some buffers
 	// free all previous allocations first
 	BigBuf_free();
-
+	
+	// init trace buffer
+	clear_trace();
+	set_tracing(TRUE);
+	
 	// The command (reader -> tag) that we're receiving.
 	uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
 	uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
@@ -586,10 +588,6 @@ void RAMFUNC SniffIso14443a(uint8_t param) {
 	// The DMA buffer, used to stream samples from the FPGA
 	uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
 
-	// init trace buffer
-	clear_trace();
-	set_tracing(TRUE);
-
 	uint8_t *data = dmaBuf;
 	uint8_t previous_data = 0;
 	int maxDataLen = 0;
@@ -715,12 +713,11 @@ void RAMFUNC SniffIso14443a(uint8_t param) {
 		}
 	} // main cycle
 
-	DbpString("COMMAND FINISHED");
-
 	FpgaDisableSscDma();
+	LEDsoff();
+
 	Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len);
 	Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]);
-	LEDsoff();
 }
 
 //-----------------------------------------------------------------------------
@@ -1276,6 +1273,16 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data)
 								ar_nr_responses[8], // AR2
 								ar_nr_responses[9]  // NR2
 							);
+							Dbprintf("../tools/mfkey/mfkey32v2 %06x%08x %08x %08x %08x %08x %08x %08x",
+								ar_nr_responses[0], // UID1
+								ar_nr_responses[1], // UID2
+								ar_nr_responses[2], // NT1
+								ar_nr_responses[3], // AR1
+								ar_nr_responses[4], // NR1
+								ar_nr_responses[7], // NT2
+								ar_nr_responses[8], // AR2
+								ar_nr_responses[9]  // NR2
+								);
 					}
 					uint8_t len = ar_nr_collected*5*4;
 					cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,len,0,&ar_nr_responses,len);
@@ -1298,9 +1305,15 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data)
 		else {
 			// Check for ISO 14443A-4 compliant commands, look at left nibble
 			switch (receivedCmd[0]) {
-
+				case 0x02:
+				case 0x03: {  // IBlock (command no CID)
+					dynamic_response_info.response[0] = receivedCmd[0];
+					dynamic_response_info.response[1] = 0x90;
+					dynamic_response_info.response[2] = 0x00;
+					dynamic_response_info.response_n = 3;
+				} break;
 				case 0x0B:
-				case 0x0A: { // IBlock (command)
+				case 0x0A: { // IBlock (command CID)
 				  dynamic_response_info.response[0] = receivedCmd[0];
 				  dynamic_response_info.response[1] = 0x00;
 				  dynamic_response_info.response[2] = 0x90;
@@ -1320,15 +1333,17 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data)
 				  dynamic_response_info.response_n = 2;
 				} break;
 				  
-				case 0xBA: { //
-				  memcpy(dynamic_response_info.response,"\xAB\x00",2);
-				  dynamic_response_info.response_n = 2;
+				case 0xBA: { // ping / pong
+					dynamic_response_info.response[0] = 0xAB;
+					dynamic_response_info.response[1] = 0x00;
+					dynamic_response_info.response_n = 2;
 				} break;
 
 				case 0xCA:
 				case 0xC2: { // Readers sends deselect command
-				  memcpy(dynamic_response_info.response,"\xCA\x00",2);
-				  dynamic_response_info.response_n = 2;
+					dynamic_response_info.response[0] = 0xCA;
+					dynamic_response_info.response[1] = 0x00;
+					dynamic_response_info.response_n = 2;
 				} break;
 
 				default: {
@@ -1815,7 +1830,6 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
 	}
 }
 
-
 void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
 {
 	CodeIso14443aBitsAsReaderPar(frame, bits, par);
@@ -1831,13 +1845,11 @@ void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t
 	}
 }
 
-
 void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
 {
   ReaderTransmitBitsPar(frame, len*8, par, timing);
 }
 
-
 void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
 {
   // Generate parity and redirect
@@ -1846,7 +1858,6 @@ void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
   ReaderTransmitBitsPar(frame, len, par, timing);
 }
 
-
 void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
 {
   // Generate parity and redirect
@@ -2914,6 +2925,16 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 					ar_nr_responses[8], // AR2
 					ar_nr_responses[9]  // NR2
 					);
+			Dbprintf("../tools/mfkey/mfkey32v2 %06x%08x %08x %08x %08x %08x %08x %08x",
+					ar_nr_responses[0], // UID1
+					ar_nr_responses[1], // UID2
+					ar_nr_responses[2], // NT1
+					ar_nr_responses[3], // AR1
+					ar_nr_responses[4], // NR1
+					ar_nr_responses[7], // NT2
+					ar_nr_responses[8], // AR2
+					ar_nr_responses[9]  // NR2
+					);
 		} else {
 			Dbprintf("Failed to obtain two AR/NR pairs!");
 			if(ar_nr_collected > 0 ) {
@@ -3067,6 +3088,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
 					// And reset the Miller decoder including its (now outdated) input buffer
 					UartInit(receivedCmd, receivedCmdPar);
+					// why not UartReset?
 				}
 				TagIsActive = (Demod.state != DEMOD_UNSYNCD);
 			}
@@ -3081,11 +3103,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
 	} // main cycle
 
-	DbpString("COMMAND FINISHED");
-
 	FpgaDisableSscDma();
 	MfSniffEnd();
-	
-	Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len);
 	LEDsoff();
+	Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len);
 }

armsrc/iso14443a.h

@@ -12,8 +12,8 @@
 
 #ifndef __ISO14443A_H
 #define __ISO14443A_H
-#include "../include/common.h"
-#include "../include/mifare.h"
+#include "common.h"
+#include "mifare.h"
 #include "mifaresniff.h"
 
 typedef struct {

armsrc/iso14443b.c

@@ -525,6 +525,7 @@ static struct {
  *          false if we are still waiting for some more
  *
  */
+ #define abs(x) ( ((x)<0) ? -(x) : (x) )
 static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq)
 {
 	int v = 0;

armsrc/legicrf.c

@@ -8,14 +8,14 @@
 // LEGIC RF simulation code
 //-----------------------------------------------------------------------------
 
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
 #include "apps.h"
 #include "util.h"
 #include "string.h"
 
 #include "legicrf.h"
-#include "../include/legic_prng.h"
-#include "../common/crc.h"
+#include "legic_prng.h"
+#include "crc.h"
 
 static struct legic_frame {
 	int bits;

armsrc/lfops.c

@@ -402,7 +402,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 	for(;;) {
 		//wait until SSC_CLK goes HIGH
 		while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
-			if(BUTTON_PRESS() || usb_poll()) {
+			if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
 				DbpString("Stopped");
 				return;
 			}

armsrc/lfsampling.c

@@ -17,7 +17,7 @@ sample_config config = { 1, 8, 1, 95, 0 } ;
 
 void printConfig()
 {
-	Dbprintf("Sampling config: ");
+	Dbprintf("LF Sampling config: ");
 	Dbprintf("  [q] divisor:           %d ", config.divisor);
 	Dbprintf("  [b] bps:               %d ", config.bits_per_sample);
 	Dbprintf("  [d] decimation:        %d ", config.decimation);

armsrc/lfsampling.h

@@ -56,4 +56,8 @@ void LFSetupFPGAForADC(int divisor, bool lf_field);
 void setSamplingConfig(sample_config *sc);
 
 sample_config * getSamplingConfig();
+
+void printConfig();
+
+
 #endif // LFSAMPLING_H

armsrc/mifarecmd.h

@@ -13,15 +13,16 @@
 #ifndef __MIFARECMD_H
 #define __MIFARECMD_H
 
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
 #include "apps.h"
 #include "util.h"
 #include "string.h"
 
-#include "../common/iso14443crc.h"
+#include "iso14443crc.h"
 #include "iso14443a.h"
 #include "crapto1.h"
 #include "mifareutil.h"
-#include "../include/common.h"
+#include "common.h"
+
 
 #endif

armsrc/mifaresniff.h

@@ -11,16 +11,16 @@
 #ifndef __MIFARESNIFF_H
 #define __MIFARESNIFF_H
 
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
 #include "apps.h"
 #include "util.h"
 #include "string.h"
 
-#include "../common/iso14443crc.h"
+#include "iso14443crc.h"
 #include "iso14443a.h"
 #include "crapto1.h"
 #include "mifareutil.h"
-#include "../include/common.h"
+#include "common.h"
 
 #define SNF_INIT				0
 #define SNF_NO_FIELD		1

armsrc/mifareutil.h

@@ -8,6 +8,7 @@
 //-----------------------------------------------------------------------------
 // code for work with mifare cards.
 //-----------------------------------------------------------------------------
+#include "crapto1.h"
 
 #ifndef __MIFAREUTIL_H
 #define __MIFAREUTIL_H