dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into dev_em4x50_info_write

Browse Source 
merge conflict
This commit is contained in:
tharexde
2020-06-22 21:04:48 +02:00
parent 1a9ca5a1e3 bc00b29a64
commit cdb57c9c2b
43 changed files with 773 additions and 614 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
armsrc/BigBuf.c
View File

@@ -19,7 +19,7 @@ extern uint8_t _stack_start, __bss_end__;
// BigBuf is the large multi-purpose buffer, typically used to hold A/D samples or traces.
// Also used to hold various smaller buffers and the Mifare Emulator Memory.
// We know that bss is aligned to 4 bytes.
static uint8_t* BigBuf = &__bss_end__;
static uint8_t *BigBuf = &__bss_end__;
/* BigBuf memory layout:
Pointer to highest available memory: BigBuf_hi

2
armsrc/Standalone/lf_em4100rswb.c
View File

@@ -256,7 +256,7 @@ static int ExecuteMode(int mode, int slot) {
//default first mode is simulate
case LF_RWSB_MODE_READ:
Dbprintf("[=] >> Read mode started <<");
CmdEM410xdemod(1, &high[slot], &low[slot], 0);
CmdEM410xdemod(1, &high[slot], &low[slot]);
LED_Update(mode, slot);
Dbprintf("[=] >> Tag found. Saving. <<");
FlashLEDs(100, 5);

2
armsrc/Standalone/lf_em4100rwc.c
View File

@@ -161,7 +161,7 @@ void RunMod(void) {
state = 3;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - exit to select mode
CmdEM410xdemod(1, &high[selected], &low[selected], 0);
CmdEM410xdemod(1, &high[selected], &low[selected]);
FlashLEDs(100, 5);
#ifdef WITH_FLASH
SaveIDtoFlash(selected, low[selected]);

19
armsrc/Standalone/lf_icehid.c
View File

@@ -231,7 +231,8 @@ static uint32_t IceHIDDemod(void) {
uint32_t hi2 = 0, hi = 0, lo = 0;
// large enough to catch 2 sequences of largest format
size_t size = 50 * 128 * 2; // 12800 bytes
// size_t size = 50 * 128 * 2; // 12800 bytes
size_t size = MIN(12800, BigBuf_max_traceLen());
//uint8_t *dest = BigBuf_malloc(size);
uint8_t *dest = BigBuf_get_addr();
@@ -350,30 +351,32 @@ void RunMod(void) {
uint32_t res;
// since we steal 12800 from bigbuffer, no need to sample it.
DoAcquisition_config(false, 28000);
// since we steal 12800 from bigbuffer, no need to sample it.
size_t size = MIN(28000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
res = IceHIDDemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 28000);
DoAcquisition_config(false, size);
res = IceAWIDdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 20000);
res = IceEM410xdemod();
DoAcquisition_config(false, size);
res = IceIOdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 28000);
res = IceIOdemod();
size = MIN(20000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
res = IceEM410xdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;

74
armsrc/appmain.c
View File

@@ -243,6 +243,16 @@ static uint32_t MeasureAntennaTuningLfData(void) {
return (MAX_ADC_LF_VOLTAGE * (SumAdc(ADC_CHAN_LF, 32) >> 1)) >> 14;
}
void print_stack_usage(void) {
// pointer arithmetic is times 4. (two shifts to the left)
for (uint32_t *p = &_stack_start; ; ++p) {
if (*p != 0xdeadbeef) {
Dbprintf(" Max stack usage.........%d / %d bytes", (&_stack_end - p) << 2, (&_stack_end - &_stack_start) << 2);
break;
}
}
}
void ReadMem(int addr) {
const uint8_t *data = ((uint8_t *)addr);
@@ -362,13 +372,9 @@ static void SendStatus(void) {
#endif
printConnSpeed();
DbpString(_CYAN_("Various"));
// pointer arithmetic is times 4. (two shifts to the left)
for (uint32_t *p = &_stack_start; ; ++p) {
if (*p != 0xdeadbeef) {
Dbprintf(" Max stack usage.........%d / %d bytes", (&_stack_end - p) << 2, (&_stack_end - &_stack_start) << 2);
break;
}
}
print_stack_usage();
Dbprintf(" DBGLEVEL................%d", DBGLEVEL);
Dbprintf(" ToSendMax...............%d", ToSendMax);
Dbprintf(" ToSendBit...............%d", ToSendBit);
@@ -784,9 +790,10 @@ static void PacketReceived(PacketCommandNG *packet) {
reply_mix(CMD_ACK, bits, 0, 0, 0, 0);
break;
}
case CMD_LF_HID_DEMOD: {
case CMD_LF_HID_WATCH: {
uint32_t high, low;
CmdHIDdemodFSK(0, &high, &low, 1);
int res = lf_hid_watch(0, &high, &low);
reply_ng(CMD_LF_HID_WATCH, res, NULL, 0);
break;
}
case CMD_LF_HID_SIMULATE: {
@@ -818,19 +825,29 @@ static void PacketReceived(PacketCommandNG *packet) {
CopyHIDtoT55x7(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]);
break;
}
case CMD_LF_IO_DEMOD: {
case CMD_LF_IO_WATCH: {
uint32_t high, low;
CmdIOdemodFSK(0, &high, &low, 1);
int res = lf_io_watch(0, &high, &low);
reply_ng(CMD_LF_IO_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_DEMOD: {
case CMD_LF_EM410X_WATCH: {
uint32_t high;
uint64_t low;
CmdEM410xdemod(packet->oldarg[0], &high, &low, 1);
int res = lf_em410x_watch(0, &high, &low);
reply_ng(CMD_LF_EM410X_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_WRITE: {
WriteEM410x(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]);
struct p {
uint8_t card;
uint8_t clock;
uint32_t high;
uint32_t low;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low);
reply_ng(CMD_LF_EM410X_WRITE, res, NULL, 0);
break;
}
case CMD_LF_TI_READ: {
@@ -932,10 +949,10 @@ static void PacketReceived(PacketCommandNG *packet) {
EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd);
break;
}
case CMD_LF_AWID_DEMOD: {
case CMD_LF_AWID_WATCH: {
uint32_t high, low;
// Set realtime AWID demodulation
CmdAWIDdemodFSK(0, &high, &low, 1);
int res = lf_awid_watch(0, &high, &low);
reply_ng(CMD_LF_AWID_WATCH, res, NULL, 0);
break;
}
case CMD_LF_VIKING_CLONE: {
@@ -1431,7 +1448,20 @@ static void PacketReceived(PacketCommandNG *packet) {
#ifdef WITH_HFSNIFF
case CMD_HF_SNIFF: {
HfSniff(packet->oldarg[0], packet->oldarg[1]);
struct p {
uint32_t samplesToSkip;
uint32_t triggersToSkip;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
uint16_t len = 0;
int res = HfSniff(payload->samplesToSkip, payload->triggersToSkip, &len);
struct {
uint16_t len;
} PACKED retval;
retval.len = len;
reply_ng(CMD_HF_SNIFF, res, (uint8_t *)&retval, sizeof(retval));
break;
}
#endif
@@ -2087,10 +2117,10 @@ void __attribute__((noreturn)) AppMain(void) {
SpinDelay(100);
BigBuf_initialize();
for (uint32_t * p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) {
for (uint32_t *p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) {
*p = 0xdeadbeef;
}
if (common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
/* Initialize common area */
memset(&common_area, 0, sizeof(common_area));
@@ -2157,7 +2187,9 @@ void __attribute__((noreturn)) AppMain(void) {
WDT_HIT();
if (_stack_start != 0xdeadbeef) {
Dbprintf("Stack overflow detected! Please increase stack size.");
Dbprintf("Stack overflow detected! Please increase stack size, currently %d bytes", (&_stack_end - &_stack_start) << 2);
Dbprintf("Unplug your device now.");
while (1);
}
// Check if there is a packet available

1
armsrc/appmain.h
View File

@@ -39,5 +39,6 @@ void ToSendReset(void);
void ListenReaderField(uint8_t limit);
void StandAloneMode(void);
void printStandAloneModes(void);
void print_stack_usage(void);
#endif

81
armsrc/hfsnoop.c
View File

@@ -18,29 +18,21 @@
#include "appmain.h"
#include "cmd.h"
static void RAMFUNC optimizedSniff(void) {
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
uint16_t *dest = (uint16_t *)BigBuf_get_addr();
uint16_t *destend = dest + n - 1;
// Reading data loop
while (dest <= destend) {
static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {
while (dsize > 0) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
dest++;
dsize -= sizeof(dsize);
}
}
//setting tracelen - important! it was set by buffer overflow before
set_tracelen(BigBuf_max_traceLen());
}
void HfSniff(int samplesToSkip, int triggersToSkip) {
int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) {
BigBuf_free();
BigBuf_Clear();
BigBuf_Clear_ext(false);
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
int trigger_cnt = 0;
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);
LED_D_ON();
@@ -57,37 +49,68 @@ void HfSniff(int samplesToSkip, int triggersToSkip) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
SpinDelay(100);
uint16_t r = 0;
while (!BUTTON_PRESS() && !data_available()) {
*len = (BigBuf_max_traceLen() & 0xFFFE);
uint8_t *mem = BigBuf_malloc(*len);
uint32_t trigger_cnt = 0;
uint16_t r = 0, interval = 0;
bool pressed = false;
while (pressed == false) {
WDT_HIT();
// cancel w usb command.
if (interval == 2000) {
if (data_available())
break;
interval = 0;
} else {
interval++;
}
// check if trigger is reached
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
r = MAX(r & 0xff, r >> 8);
if (r >= 180) { // 0xB4 ??
if (++trigger_cnt > triggersToSkip)
r = MAX(r & 0xFF, r >> 8);
// 180 (0xB4) arbitary value to see if a strong RF field is near.
if (r > 180) {
if (++trigger_cnt > triggersToSkip) {
break;
}
}
}
pressed = BUTTON_PRESS();
}
if (!BUTTON_PRESS()) {
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
while (waitcount != 0) {
if (pressed == false) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY))
waitcount--;
// skip samples loop
while (samplesToSkip != 0) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
samplesToSkip--;
}
}
optimizedSniff((uint16_t*)mem, *len);
if (DBGLEVEL >= DBG_INFO) {
Dbprintf("Trigger kicked in (%d >= 180)", r);
Dbprintf("Collected %u samples", *len);
}
optimizedSniff();
Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r);
}
//Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
DbpString("HF Sniffing end");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;
}
void HfPlotDownload(void) {

4
armsrc/hfsnoop.h
View File

@@ -12,6 +12,8 @@
#ifndef __HFSNOOP_H
#define __HFSNOOP_H
void HfSniff(int, int);
#include "proxmark3_arm.h"
int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len);
void HfPlotDownload(void);
#endif

4
armsrc/i2c.c
View File

@@ -47,7 +47,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) {
#define I2C_DELAY_2CLK I2CSpinDelayClk(2)
#define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3)
#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3)
#define I2C_DELAY_600us I2CSpinDelayClk( 600 / 3)
#define I2C_DELAY_10ms I2CSpinDelayClk( 10 * 1000 / 3 )
#define I2C_DELAY_30ms I2CSpinDelayClk( 30 * 1000 / 3 )
@@ -440,7 +440,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
// extra wait 500us (514us measured)
// 200us (xx measured)
// WaitUS(600);
// WaitUS(600);
I2C_DELAY_600us;
bool bBreak = true;

11
armsrc/iso14443a.c
View File

@@ -889,7 +889,7 @@ bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffe
// Make sure we do not exceed the free buffer space
if (ToSendMax > max_buffer_size) {
Dbprintf("Out of memory, when modulating bits for tag answer:");
Dbprintf("ToSend buffer, Out-of-bound, when modulating bits for tag answer:");
Dbhexdump(response_info->response_n, response_info->response, false);
return false;
}
@@ -988,7 +988,7 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i
counters[i] = le24toh(mfu_header->counter_tearing[i]);
if (mfu_header->counter_tearing[i][3] != 0x00) {
tearings[i] = mfu_header->counter_tearing[i][3];
tearings[i] = mfu_header->counter_tearing[i][3];
}
}
@@ -2027,13 +2027,6 @@ int EmSendPrecompiledCmd(tag_response_info_t *p_response) {
LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG,
(LastTimeProxToAirStart + p_response->ProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG,
par);
if (DBGLEVEL >= DBG_EXTENDED) {
Dbprintf("response_info->response %02X", p_response->response);
Dbprintf("response_info->response_n %02X", p_response->response_n);
Dbprintf("response_info->par %02X", &(p_response->par));
}
return ret;
}

199
armsrc/lfops.c
View File

@@ -171,7 +171,7 @@ t55xx_configurations_t T55xx_Timing = {
#define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference
// ATA55xx shared presets & routines
static uint32_t GetT55xxClockBit(uint32_t clock) {
static uint32_t GetT55xxClockBit(uint8_t clock) {
switch (clock) {
case 128:
return T55x7_BITRATE_RF_128;
@@ -1224,32 +1224,52 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
size_t size;
uint32_t hi2 = 0, hi = 0, lo = 0;
int dummyIdx = 0;
// Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true);
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
//clear read buffer
BigBuf_Clear_keep_EM();
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
// FSK demodulator
size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format
// 50 * 128 * 2 - big enough to catch 2 sequences of largest format
size = MIN(12800, BigBuf_max_traceLen());
int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
if (idx < 0) continue;
if (idx > 0 && lo > 0 && (size == 96 || size == 192)) {
// go over previously decoded manchester data and decode into usable tag ID
if (hi2 != 0) { //extra large HID tags 88/192 bits
Dbprintf("TAG ID: %x%08x%08x (%d)",
Dbprintf("TAG ID: " _GREEN_("%x%08x%08x") " (%d)",
hi2,
hi,
lo,
@@ -1311,25 +1331,40 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
hi2 = hi = lo = idx = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("HID fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
uint8_t *dest = BigBuf_get_addr();
size_t size;
int dummyIdx = 0;
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
// FSK demodulator
@@ -1380,20 +1415,19 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
uint32_t fac = bytebits_to_byte(dest + 9, 8);
uint32_t cardnum = bytebits_to_byte(dest + 17, 16);
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") ", FC: " _GREEN_("%d") ", Card: " _GREEN_("%d") " - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
} else {
uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16);
if (fmtLen > 32) {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32);
uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
} else {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
}
}
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = rawHi;
*low = rawLo;
break;
@@ -1401,26 +1435,40 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("AWID fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
size_t size, idx = 0;
int clk = 0, invert = 0, maxErr = 20;
uint32_t hi = 0;
uint64_t lo = 0;
uint8_t *dest = BigBuf_get_addr();
clear_trace();
set_tracing(false);
BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
@@ -1428,14 +1476,14 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
//askdemod and manchester decode
int errCnt = askdemod(dest, &size, &clk, &invert, maxErr, 0, 1);
WDT_HIT();
if (errCnt > 50) continue;
WDT_HIT();
errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
if (errCnt == 1) {
if (size == 128) {
Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)",
Dbprintf("EM XL TAG ID: " _GREEN_("%06x%08x%08x") " - ( %05d_%03d_%08d )",
hi,
(uint32_t)(lo >> 32),
(uint32_t)lo,
@@ -1443,7 +1491,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
(uint32_t)((lo >> 16LL) & 0xFF),
(uint32_t)(lo & 0xFFFFFF));
} else {
Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",
Dbprintf("EM TAG ID: " _GREEN_("%02x%08x") " - ( %05d_%03d_%08d )",
(uint32_t)(lo >> 32),
(uint32_t)lo,
(uint32_t)(lo & 0xFFFF),
@@ -1452,7 +1500,6 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = hi;
*low = lo;
break;
@@ -1463,33 +1510,46 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("EM man/ask demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
int dummyIdx = 0;
uint32_t code = 0, code2 = 0;
uint8_t version = 0, facilitycode = 0, crc = 0;
uint16_t number = 0, calccrc = 0;
size_t size = BigBuf_max_traceLen();
uint8_t version = 0, facilitycode = 0;
uint16_t number = 0;
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
// Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
size = MIN(12000, BigBuf_max_traceLen());
size_t size = MIN(12000, BigBuf_max_traceLen());
//fskdemod and get start index
int idx = detectIOProx(dest, &size, &dummyIdx);
@@ -1529,18 +1589,9 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
facilitycode = bytebits_to_byte(dest + idx + 18, 8);
number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9
crc = bytebits_to_byte(dest + idx + 54, 8);
for (uint8_t i = 1; i < 6; ++i)
calccrc += bytebits_to_byte(dest + idx + 9 * i, 8);
calccrc &= 0xff;
calccrc = 0xff - calccrc;
Dbprintf("IO Prox " _GREEN_("XSF(%02d)%02x:%05d") " (%08x%08x) (%s)", version, facilitycode, number, code, code2);
const char *crcStr = (crc == calccrc) ? "ok" : "!crc";
Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]", version, facilitycode, number, code, code2, crc, crcStr);
// if we're only looking for one tag
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = code;
*low = code2;
break;
@@ -1548,12 +1599,11 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
code = code2 = 0;
version = facilitycode = 0;
number = 0;
calccrc = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("IOProx fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
/*------------------------------
@@ -2006,12 +2056,12 @@ void T55xx_ChkPwds(uint8_t flags) {
DbpString("[+] T55XX Check pwds using flashmemory starting");
uint8_t ret = 0;
// First get baseline and setup LF mode.
// tends to mess up BigBuf
uint8_t *buf = BigBuf_get_addr();
uint32_t b1, baseline = 0;
uint8_t downlink_mode = (flags >> 3) & 0x03;
uint8_t *buf = BigBuf_get_addr();
uint8_t ret = 0;
uint8_t downlink_mode = (flags >> 3) & 0x03;
uint32_t b1, baseline = 0;
// collect baseline for failed attempt
uint8_t x = 32;
@@ -2190,17 +2240,26 @@ void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
}
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo) {
// Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
uint32_t clockbits = 0;
if (card == 1) { //t55x7
clockbits = GetT55xxClockBit(clock);
if (clockbits == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return PM3_EINVARG;
}
}
int i;
uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID
int c_parity[4]; // column parity
int r_parity = 0; // row parity
uint32_t clock = 0;
// Reverse ID bits given as parameter (for simpler operations)
for (i = 0; i < EM410X_ID_LENGTH; ++i) {
@@ -2250,33 +2309,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
// Add stop bit
id <<= 1;
Dbprintf("Started writing %s tag ...", card ? "T55x7" : "T5555");
LED_D_ON();
// Write EM410x ID
uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)};
clock = (card & 0xFF00) >> 8;
// default to 64
clock = (clock == 0) ? 64 : clock;
Dbprintf("Clock rate: %d", clock);
if (card & 0xFF) { //t55x7
clock = GetT55xxClockBit(clock);
if (clock == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return;
}
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { //t5555 (Q5)
if (card == 1) { // T55x7
data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { // T5555 (Q5)
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
}
WriteT55xx(data, 0, 3);
LED_D_OFF();
LEDsoff();
Dbprintf("Tag %s written with 0x%08x%08x\n",
card ? "T55x7" : "T5555",
(uint32_t)(id >> 32),
(uint32_t)id);
return PM3_SUCCESS;
}
//-----------------------------------

14
armsrc/lfops.h
View File

@@ -35,13 +35,17 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c
void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low);
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low); // Realtime demodulation mode for AWID26
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);
void T55xxResetRead(uint8_t flags);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxWriteBlock(uint8_t *data);

7
armsrc/lfsampling.c
View File

@@ -132,6 +132,8 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
} else {
if (*sample_size == 0) {
*sample_size = BigBuf_max_traceLen();
} else {
*sample_size = MIN(*sample_size, BigBuf_max_traceLen());
}
data.buffer = BigBuf_get_addr();
}
@@ -256,11 +258,11 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
uint32_t cancel_counter = 0;
int16_t checked = 0;
while (!BUTTON_PRESS()) {
while (BUTTON_PRESS() == false) {
// only every 1000th times, in order to save time when collecting samples.
// interruptible only when logging not yet triggered
if ((checked == 1000) && (trigger_threshold > 0)) {
if ((checked == 2000) && (trigger_threshold > 0)) {
if (data_available()) {
checked = -1;
break;
@@ -273,7 +275,6 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
// AT91C_BASE_SSC->SSC_THR = 0x43;
LED_D_ON();
}