ADD: the option to simulate tnp3xxx inthe command "hf mf sim"

ADD: found some new default keys ADD: changed alot of memorys buffers to use constant values. like usbbuffer sizes, tracelogs, etc etc ADD: all changes Peter filmoore has in his pull request.
2014-11-26 13:52:39 +01:00
parent 463ca973e7
commit 95e635947b
21 changed files with 106 additions and 75 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -311,7 +311,7 @@ extern struct version_information version_information;
 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
 void SendVersion(void)
 {
-	char temp[256]; /* Limited data payload in USB packets */
+	char temp[512]; /* Limited data payload in USB packets */
 	DbpString("Prox/RFID mark3 RFID instrument");

 	/* Try to find the bootrom version information. Expect to find a pointer at
@@ -367,9 +367,8 @@ void SamyRun()

 	for (;;)
 	{
-//		UsbPoll(FALSE);
 		usb_poll();
-    WDT_HIT();
+		WDT_HIT();

 		// Was our button held down or pressed?
 		int button_pressed = BUTTON_HELD(1000);
@@ -792,10 +791,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_SIMULATE_TAG_ISO_14443a:
 			SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);  // ## Simulate iso14443a tag - pass tag type & UID
 			break;
+			
 		case CMD_EPA_PACE_COLLECT_NONCE:
 			EPA_PACE_Collect_Nonce(c);
 			break;
 			
+		// case CMD_EPA_:
+		//	EpaFoo(c);
+		// break;
+			
 		case CMD_READER_MIFARE:
            ReaderMifare(c->arg[0]);
 			break;
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -32,10 +32,13 @@

 // The large multi-purpose buffer, typically used to hold A/D samples,
 // maybe processed in some way.
-uint32_t BigBuf[10000];
+//#define BIG_BUFF_SIZE 10000  // PM3 w. 256KB ram
+#define BIG_BUFF_SIZE 10000  // PM3 w. 512KB ram
+
+uint32_t BigBuf[BIG_BUFF_SIZE];
 // BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT
 #define TRACE_OFFSET          0
-#define TRACE_SIZE         3000
+#define TRACE_SIZE         4096
 #define RECV_CMD_OFFSET    3032
 #define RECV_CMD_SIZE        64
 #define RECV_RES_OFFSET    3096
@@ -45,7 +48,7 @@ uint32_t BigBuf[10000];
 #define FREE_BUFFER_OFFSET 7256
 #define FREE_BUFFER_SIZE   2744

-extern const uint8_t OddByteParity[256];
+//extern const uint8_t OddByteParity[256];
 extern uint8_t *trace; // = (uint8_t *) BigBuf;
 extern int traceLen;   // = 0;
 extern int rsamples;   // = 0;
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -228,7 +228,8 @@ static RAMFUNC int OutOfNDecoding(int bit)

 							// Calculate the parity bit for the client...
 							Uart.parityBits <<= 1;
-							Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+							//Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+							Uart.parityBits ^= oddparity(Uart.shiftReg & 0xff);

 							Uart.bitCnt = 0;
 							Uart.shiftReg = 0;
@@ -251,7 +252,8 @@ static RAMFUNC int OutOfNDecoding(int bit)

 					// Calculate the parity bit for the client...
 					Uart.parityBits <<= 1;
-					Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+					//Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+					Uart.parityBits ^= oddparity((Uart.dropPosition & 0xff));

 					Uart.bitCnt = 0;
 					Uart.shiftReg = 0;
@@ -452,8 +454,7 @@ static RAMFUNC int ManchesterDecoding(int v)
 	else {
 		modulation = bit & Demod.syncBit;
 		modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-		//modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-
+	
 		Demod.samples += 4;

 		if(Demod.posCount==0) {
@@ -488,7 +489,8 @@ static RAMFUNC int ManchesterDecoding(int v)
 					Demod.output[Demod.len] = 0x0f;
 					Demod.len++;
 					Demod.parityBits <<= 1;
-					Demod.parityBits ^= OddByteParity[0x0f];
+					//Demod.parityBits ^= OddByteParity[0x0f];
+					Demod.parityBits ^= oddparity(0x0f);
 					Demod.state = DEMOD_UNSYNCD;
 //					error = 0x0f;
 					return TRUE;
@@ -613,7 +615,8 @@ static RAMFUNC int ManchesterDecoding(int v)

 				// FOR ISO15639 PARITY NOT SEND OTA, JUST CALCULATE IT FOR THE CLIENT
 				Demod.parityBits <<= 1;
-				Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+				//Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+				Demod.parityBits ^= oddparity((Demod.shiftReg & 0xff));

 				Demod.bitCount = 0;
 				Demod.shiftReg = 0;
@@ -870,10 +873,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
        }
        if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
            uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			/*if(OutOfNDecoding((b & 0xf0) >> 4)) {
-				*len = Uart.byteCnt;
-				return TRUE;
-			}*/
+
 			if(OutOfNDecoding(b & 0x0f)) {
 				*len = Uart.byteCnt;
 				return TRUE;
@@ -1395,7 +1395,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
  int par = 0;

  // This is tied to other size changes
-  // 	uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
  CodeIClassCommand(frame,len);

  // Select the card
@@ -1435,7 +1434,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 	for(;;) {
 		WDT_HIT();

-	        if(BUTTON_PRESS()) return FALSE;
+	    if(BUTTON_PRESS()) return FALSE;

 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
 			AT91C_BASE_SSC->SSC_THR = 0x00;  // To make use of exact timing of next command from reader!!
@@ -1446,10 +1445,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 			b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 			skip = !skip;
 			if(skip) continue;
-			/*if(ManchesterDecoding((b>>4) & 0xf)) {
-				*samples = ((c - 1) << 3) + 4;
-				return TRUE;
-			}*/
+		
 			if(ManchesterDecoding(b & 0x0f)) {
 				*samples = c << 3;
 				return  TRUE;
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -124,6 +124,8 @@ uint32_t LastProxToAirDuration;
 #define	SEC_Y 0x00
 #define	SEC_Z 0xc0

+//replaced large parity table with small parity generation function - saves flash code
+/*
 const uint8_t OddByteParity[256] = {
  1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
  0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
@@ -142,7 +144,7 @@ const uint8_t OddByteParity[256] = {
  0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
  1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
 };
-
+*/

 void iso14a_set_trigger(bool enable) {
 	trigger = enable;
@@ -165,10 +167,12 @@ void iso14a_set_timeout(uint32_t timeout) {
 // Generate the parity value for a byte sequence
 //
 //-----------------------------------------------------------------------------
+/*
 byte_t oddparity (const byte_t bt)
 {
 	return OddByteParity[bt];
 }
+*/

 uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 {
@@ -178,7 +182,8 @@ uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 	// Generate the parity bits
 	for (i = 0; i < iLen; i++) {
 		// and save them to a 32Bit word
-		dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+		//dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+		dwPar |= (oddparity(pbtCmd[i]) << i);
 	}
 	return dwPar;
 }
@@ -683,7 +688,8 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, int len, uint32_t dwParity
 		}

 		// Get the parity bit
-		if ((dwParity >> i) & 0x01) {
+		//if ((dwParity >> i) & 0x01) {
+		if (oddparity(cmd[i]) & 0x01) {
 			ToSend[++ToSendMax] = SEC_D;
 			LastProxToAirDuration = 8 * ToSendMax - 4;
 		} else {
@@ -891,6 +897,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 			response1[1] = 0x00;
 			sak = 0x28;
 		} break;
+		case 5: { // MIFARE TNP3XXX
+			// Says: I am a toy
+			response1[0] = 0x01;
+			response1[1] = 0x0f;
+			sak = 0x01;
+		} break;		
 		default: {
 			Dbprintf("Error: unkown tagtype (%d)",tagType);
 			return;
@@ -1695,7 +1707,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
 		memcpy(uid_resp,resp,4);
 	}
 	uid_resp_len = 4;
-       // Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
+

    // calculate crypto UID. Always use last 4 Bytes.
    if(cuid_ptr) {
@@ -1713,6 +1725,8 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
    if (!ReaderReceive(resp)) return 0;
    sak = resp[0];

+	//Dbprintf("SAK: %02x",resp[0]);
+	
    // Test if more parts of the uid are comming
    if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
      // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
@@ -1770,8 +1784,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

 	// Signal field is on with the appropriate LED
-	if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD
-		|| fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
+	if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD	|| fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
 		LED_D_ON();
 	} else {
 		LED_D_OFF();
@@ -1859,10 +1872,10 @@ void ReaderIso14443a(UsbCommand *c)
 		if(param & ISO14A_APPEND_CRC) {
 			AppendCrc14443a(cmd,len);
 			len += 2;
-			lenbits += 16; 
+			if(lenbits>0) 
+				lenbits += 16; 
 		}
-		if(lenbits>0) {
-
+		if(lenbits>0) {			
 			ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
 		} else {
 			ReaderTransmit(cmd,len, NULL);
@@ -1937,8 +1950,8 @@ void ReaderMifare(bool first_try)
 	uint32_t nt = 0;
 	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
-	byte_t par_list[8] = {0,0,0,0,0,0,0,0};
-	byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+	byte_t par_list[8] = {0x00};
+	byte_t ks_list[8] = {0x00};

 	static uint32_t sync_time;
 	static uint32_t sync_cycles;
@@ -1947,8 +1960,6 @@ void ReaderMifare(bool first_try)
 	uint16_t consecutive_resyncs = 0;
 	int isOK = 0;

-
-
 	if (first_try) { 
 		mf_nr_ar3 = 0;
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
@@ -1971,6 +1982,7 @@ void ReaderMifare(bool first_try)
 	LED_C_OFF();
 	
  
+    Dbprintf("Mifare: Before loopen");
 	for(uint16_t i = 0; TRUE; i++) {
 		
 		WDT_HIT();
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@@ -75,7 +75,7 @@ typedef struct {



-extern byte_t oddparity (const byte_t bt);
+//extern byte_t oddparity (const byte_t bt);
 extern uint32_t GetParity(const uint8_t *pbtCmd, int iLen);
 extern void AppendCrc14443a(uint8_t *data, int len);

--- a/armsrc/mifareutil.h
+++ b/armsrc/mifareutil.h
@@ -53,7 +53,7 @@ extern int MF_DBGLEVEL;
 #define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();

 //functions
-uint8_t* mifare_get_bigbufptr(void);
+
 int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing);
 int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing);
 int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint32_t *timing);
--- a/armsrc/string.h
+++ b/armsrc/string.h
@@ -16,9 +16,9 @@
 #include <util.h>

 int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
 void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC  int memcmp(const void *av, const void *bv, int len);
 void memxor(uint8_t * dest, uint8_t * src, size_t len);
 char *strncat(char *dest, const char *src, unsigned int n);
 char *strcat(char *dest, const char *src);
--- a/armsrc/util.c
+++ b/armsrc/util.c
@@ -85,6 +85,15 @@ int32_t le24toh (uint8_t data[3])
    return (data[2] << 16) | (data[1] << 8) | data[0];
 }

+//added here for parity calulations
+uint8_t oddparity(uint8_t bt)
+{
+   uint16_t v = bt;
+   v ^= v >> 4;
+   v &= 0xF;
+   return ((0x9669 >> v) & 1);
+}
+
 void LEDsoff()
 {
 	LED_A_OFF();
--- a/armsrc/util.h
+++ b/armsrc/util.h
@@ -35,6 +35,8 @@ uint64_t bytes_to_num(uint8_t* src, size_t len);
 void rol(uint8_t *data, const size_t len);
 void lsl (uint8_t *data, size_t len);
 int32_t le24toh (uint8_t data[3]);
+//added parity generation function here
+uint8_t oddparity(uint8_t bt);

 void SpinDelay(int ms);
 void SpinDelayUs(int us);