]> cvs.zerfleddert.de Git - proxmark3-svn/blame - armsrc/appmain.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Adds `lf hid pack` and `lf hid unpack` offline commands. (#614)
[proxmark3-svn] / armsrc / appmain.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
15c4dc5a 2// Jonathan Westhues, Mar 2006
3// Edits by Gerhard de Koning Gans, Sep 2007 (##)
bd20f8f4 4//
5// This code is licensed to you under the terms of the GNU GPL, version 2 or,
6// at your option, any later version. See the LICENSE.txt file for the text of
7// the license.
8//-----------------------------------------------------------------------------
9// The main application code. This is the first thing called after start.c
10// executes.
15c4dc5a 11//-----------------------------------------------------------------------------
12
b8e461ff 13#include <stdarg.h>
14
902cb3c0 15#include "usb_cdc.h"
16#include "cmd.h"
e30c654b 17#include "proxmark3.h"
15c4dc5a 18#include "apps.h"
f7e3ed82 19#include "util.h"
9ab7a6c7 20#include "printf.h"
21#include "string.h"
15c4dc5a 22#include "legicrf.h"
b8e461ff 23#include "hitag2.h"
24#include "hitagS.h"
31abe49f 25#include "lfsampling.h"
3000dc4e 26#include "BigBuf.h"
c89274cc 27#include "mifareutil.h"
d10e08ae 28#include "pcf7931.h"
15c4dc5a 29#ifdef WITH_LCD
902cb3c0 30 #include "LCD.h"
15c4dc5a 31#endif
32
e46fe044 33// Craig Young - 14a stand-alone code
854fdf15 34#ifdef WITH_ISO14443a
e46fe044
CY		 35 #include "iso14443a.h"
36#endif
37
15c4dc5a 38//=============================================================================
39// A buffer where we can queue things up to be sent through the FPGA, for
40// any purpose (fake tag, as reader, whatever). We go MSB first, since that
41// is the order in which they go out on the wire.
42//=============================================================================
43
6a1f2d82 44#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
45uint8_t ToSend[TOSEND_BUFFER_SIZE];
15c4dc5a 46int ToSendMax;
47static int ToSendBit;
48struct common_area common_area __attribute__((section(".commonarea")));
49
15c4dc5a 50void ToSendReset(void)
51{
52 ToSendMax = -1;
53 ToSendBit = 8;
54}
55
56void ToSendStuffBit(int b)
57{
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
6a1f2d82 70 if(ToSendMax >= sizeof(ToSend)) {
15c4dc5a 71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74}
75
76//=============================================================================
77// Debug print functions, to go out over USB, to the usual PC-side client.
78//=============================================================================
79
80void DbpString(char *str)
81{
9440213d 82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
15c4dc5a 84}
85
86#if 0
87void DbpIntegers(int x1, int x2, int x3)
88{
902cb3c0 89 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
15c4dc5a 90}
91#endif
92
93void Dbprintf(const char *fmt, ...) {
94// should probably limit size here; oh well, let's just use a big buffer
95 char output_string[128];
96 va_list ap;
97
98 va_start(ap, fmt);
99 kvsprintf(fmt, output_string, 10, ap);
100 va_end(ap);
e30c654b 101
15c4dc5a 102 DbpString(output_string);
103}
104
9455b51c 105// prints HEX & ASCII
d19929cb 106void Dbhexdump(int len, uint8_t *d, bool bAsci) {
9455b51c 107 int l=0,i;
108 char ascii[9];
d19929cb 109
9455b51c 110 while (len>0) {
111 if (len>8) l=8;
112 else l=len;
113
114 memcpy(ascii,d,l);
d19929cb 115 ascii[l]=0;
9455b51c 116
117 // filter safe ascii
d19929cb 118 for (i=0;i<l;i++)
9455b51c 119 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
d19929cb 120
121 if (bAsci) {
122 Dbprintf("%-8s %*D",ascii,l,d," ");
123 } else {
124 Dbprintf("%*D",l,d," ");
125 }
126
9455b51c 127 len-=8;
128 d+=8;
129 }
130}
131
15c4dc5a 132//-----------------------------------------------------------------------------
133// Read an ADC channel and block till it completes, then return the result
134// in ADC units (0 to 1023). Also a routine to average 32 samples and
135// return that.
136//-----------------------------------------------------------------------------
137static int ReadAdc(int ch)
2d51da38 138{
3b692427 139 // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
9b32625c 140 // AMPL_HI is are high impedance (10MOhm || 1MOhm) output, the input capacitance of the ADC is 12pF (typical). This results in a time constant
141 // of RC = (0.91MOhm) * 12pF = 10.9us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
3b692427 142 //
143 // The maths are:
144 // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
145 //
9b32625c 146 // v_cap = v_in * (1 - exp(-SHTIM/RC)) = v_in * (1 - exp(-40us/10.9us)) = v_in * 0,97 (i.e. an error of 3%)
15c4dc5a 147
2d51da38
I		 148 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
149 AT91C_BASE_ADC->ADC_MR =
9b32625c 150 ADC_MODE_PRESCALE(63) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
151 ADC_MODE_STARTUP_TIME(1) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
152 ADC_MODE_SAMPLE_HOLD_TIME(15); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
3b692427 153
2d51da38
I		 154 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
155 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
15c4dc5a 156
2d51da38
I		 157 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) {};
158
159 return AT91C_BASE_ADC->ADC_CDR[ch];
15c4dc5a 160}
161
9ca155ba 162int AvgAdc(int ch) // was static - merlok
15c4dc5a 163{
164 int i;
165 int a = 0;
166
167 for(i = 0; i < 32; i++) {
168 a += ReadAdc(ch);
169 }
170
171 return (a + 15) >> 5;
172}
173
fdcfbdcc 174void MeasureAntennaTuningLfOnly(int *vLf125, int *vLf134, int *peakf, int *peakv, uint8_t LF_Results[])
15c4dc5a 175{
9b32625c 176 int i, adcval = 0, peak = 0;
15c4dc5a 177
178/*
179 * Sweeps the useful LF range of the proxmark from
180 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
181 * read the voltage in the antenna, the result left
182 * in the buffer is a graph which should clearly show
183 * the resonating frequency of your LF antenna
184 * ( hopefully around 95 if it is tuned to 125kHz!)
185 */
fdcfbdcc
RAB		 186
187 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
b014c96d 188 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
2d51da38
I		 189 SpinDelay(50);
190
2bdd68c3 191 for (i=255; i>=19; i--) {
fdcfbdcc 192 WDT_HIT();
15c4dc5a 193 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
194 SpinDelay(20);
3b692427 195 adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
fdcfbdcc
RAB		 196 if (i==95) *vLf125 = adcval; // voltage at 125Khz
197 if (i==89) *vLf134 = adcval; // voltage at 134Khz
15c4dc5a 198
2d51da38 199 LF_Results[i] = adcval >> 9; // scale int to fit in byte for graphing purposes
2bdd68c3 200 if(LF_Results[i] > peak) {
fdcfbdcc 201 *peakv = adcval;
2bdd68c3 202 peak = LF_Results[i];
fdcfbdcc 203 *peakf = i;
9f693930 204 //ptr = i;
15c4dc5a 205 }
206 }
207
2bdd68c3 208 for (i=18; i >= 0; i--) LF_Results[i] = 0;
fdcfbdcc
RAB		 209
210 return;
211}
212
213void MeasureAntennaTuningHfOnly(int *vHf)
214{
15c4dc5a 215 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
fdcfbdcc
RAB		 216 LED_A_ON();
217 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 218 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
219 SpinDelay(20);
fdcfbdcc
RAB		 220 *vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
221 LED_A_OFF();
222
223 return;
224}
225
226void MeasureAntennaTuning(int mode)
227{
228 uint8_t LF_Results[256] = {0};
229 int peakv = 0, peakf = 0;
230 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
231
232 LED_B_ON();
233
234 if (((mode & FLAG_TUNE_ALL) == FLAG_TUNE_ALL) && (FpgaGetCurrent() == FPGA_BITSTREAM_HF)) {
235 // Reverse "standard" order if HF already loaded, to avoid unnecessary swap.
236 MeasureAntennaTuningHfOnly(&vHf);
237 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
238 } else {
239 if (mode & FLAG_TUNE_LF) {
240 MeasureAntennaTuningLfOnly(&vLf125, &vLf134, &peakf, &peakv, LF_Results);
241 }
242 if (mode & FLAG_TUNE_HF) {
243 MeasureAntennaTuningHfOnly(&vHf);
244 }
245 }
15c4dc5a 246
d040cb90 247 cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125>>1 | (vLf134>>1<<16), vHf, peakf | (peakv>>1<<16), LF_Results, 256);
d19929cb 248 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2bdd68c3 249 LED_B_OFF();
250 return;
15c4dc5a 251}
252
253void MeasureAntennaTuningHf(void)
254{
255 int vHf = 0; // in mV
256
257 DbpString("Measuring HF antenna, press button to exit");
258
3b692427 259 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
260 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
261 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
262
15c4dc5a 263 for (;;) {
15c4dc5a 264 SpinDelay(20);
3b692427 265 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
e30c654b 266
15c4dc5a 267 Dbprintf("%d mV",vHf);
268 if (BUTTON_PRESS()) break;
269 }
270 DbpString("cancelled");
3b692427 271
272 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
273
15c4dc5a 274}
275
276
15c4dc5a 277void ReadMem(int addr)
278{
f7e3ed82 279 const uint8_t *data = ((uint8_t *)addr);
15c4dc5a 280
281 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
282 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
283}
284
285/* osimage version information is linked in */
286extern struct version_information version_information;
287/* bootrom version information is pointed to from _bootphase1_version_pointer */
0fa01ec7 288extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__;
15c4dc5a 289void SendVersion(void)
290{
8e074056 291 char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */
292 char VersionString[USB_CMD_DATA_SIZE] = { '\0' };
e30c654b 293
294 /* Try to find the bootrom version information. Expect to find a pointer at
15c4dc5a 295 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
296 * pointer, then use it.
297 */
298 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
299 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
8e074056 300 strcat(VersionString, "bootrom version information appears invalid\n");
15c4dc5a 301 } else {
302 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
8e074056 303 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
15c4dc5a 304 }
e30c654b 305
15c4dc5a 306 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
8e074056 307 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
e30c654b 308
e6153040 309 FpgaGatherVersion(FPGA_BITSTREAM_LF, temp, sizeof(temp));
8e074056 310 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
e6153040 311 FpgaGatherVersion(FPGA_BITSTREAM_HF, temp, sizeof(temp));
8e074056 312 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
0fa01ec7 313
e6153040 314 // Send Chip ID and used flash memory
0fa01ec7 315 uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start;
316 uint32_t compressed_data_section_size = common_area.arg1;
8e074056 317 cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
15c4dc5a 318}
319
bfb01844 320// measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
321// Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included.
67b7d6fa 322void printUSBSpeed(void)
bfb01844 323{
324 Dbprintf("USB Speed:");
67b7d6fa 325 Dbprintf(" Sending USB packets to client...");
bfb01844 326
67b7d6fa 327 #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds
bfb01844 328 uint8_t *test_data = BigBuf_get_addr();
67b7d6fa 329 uint32_t end_time;
bfb01844 330
67b7d6fa 331 uint32_t start_time = end_time = GetTickCount();
332 uint32_t bytes_transferred = 0;
333
bfb01844 334 LED_B_ON();
67b7d6fa 335 while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) {
336 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE);
337 end_time = GetTickCount();
338 bytes_transferred += USB_CMD_DATA_SIZE;
bfb01844 339 }
340 LED_B_OFF();
341
67b7d6fa 342 Dbprintf(" Time elapsed: %dms", end_time - start_time);
343 Dbprintf(" Bytes transferred: %d", bytes_transferred);
344 Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s",
345 1000 * bytes_transferred / (end_time - start_time));
bfb01844 346
347}
348
c89274cc
CY		 349/**
350 * Prints runtime information about the PM3.
351**/
67b7d6fa 352void SendStatus(void)
c89274cc
CY		 353{
354 BigBuf_print_status();
355 Fpga_print_status();
356 printConfig(); //LF Sampling config
67b7d6fa 357 printUSBSpeed();
c89274cc
CY		 358 Dbprintf("Various");
359 Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL);
360 Dbprintf(" ToSendMax........%d",ToSendMax);
361 Dbprintf(" ToSendBit........%d",ToSendBit);
bfb01844 362
363 cmd_send(CMD_ACK,1,0,0,0,0);
c89274cc 364}
15c4dc5a 365
86a83668 366#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
15c4dc5a 367
15c4dc5a 368#define OPTS 2
369
86a83668
MHS		 370void StandAloneMode()
371{
372 DbpString("Stand-alone mode! No PC necessary.");
15c4dc5a 373 // Oooh pretty -- notify user we're in elite samy mode now
374 LED(LED_RED, 200);
375 LED(LED_ORANGE, 200);
376 LED(LED_GREEN, 200);
377 LED(LED_ORANGE, 200);
378 LED(LED_RED, 200);
379 LED(LED_ORANGE, 200);
380 LED(LED_GREEN, 200);
381 LED(LED_ORANGE, 200);
382 LED(LED_RED, 200);
383
86a83668
MHS		 384}
385
386#endif
387
388
389
390#ifdef WITH_ISO14443a_StandAlone
391void StandAloneMode14a()
392{
393 StandAloneMode();
394 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
395
15c4dc5a 396 int selected = 0;
44964fd1 397 bool playing = false, GotoRecord = false, GotoClone = false;
398 bool cardRead[OPTS] = {false};
86a83668
MHS		 399 uint8_t readUID[10] = {0};
400 uint32_t uid_1st[OPTS]={0};
401 uint32_t uid_2nd[OPTS]={0};
c89274cc
CY		 402 uint32_t uid_tmp1 = 0;
403 uint32_t uid_tmp2 = 0;
404 iso14a_card_select_t hi14a_card[OPTS];
15c4dc5a 405
15c4dc5a 406 LED(selected + 1, 0);
407
408 for (;;)
409 {
6e82300d 410 usb_poll();
86a83668 411 WDT_HIT();
15c4dc5a 412 SpinDelay(300);
413
44964fd1 414 if (GotoRecord || !cardRead[selected])
15c4dc5a 415 {
44964fd1 416 GotoRecord = false;
15c4dc5a 417 LEDsoff();
418 LED(selected + 1, 0);
419 LED(LED_RED2, 0);
420
421 // record
86a83668 422 Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
15c4dc5a 423 /* need this delay to prevent catching some weird data */
424 SpinDelay(500);
86a83668
MHS		 425 /* Code for reading from 14a tag */
426 uint8_t uid[10] ={0};
427 uint32_t cuid;
428 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
15c4dc5a 429
86a83668
MHS		 430 for ( ; ; )
431 {
432 WDT_HIT();
c89274cc
CY		 433 if (BUTTON_PRESS()) {
434 if (cardRead[selected]) {
435 Dbprintf("Button press detected -- replaying card in bank[%d]", selected);
436 break;
437 }
438 else if (cardRead[(selected+1)%OPTS]) {
439 Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS);
440 selected = (selected+1)%OPTS;
44964fd1 441 break;
c89274cc
CY		 442 }
443 else {
444 Dbprintf("Button press detected but no stored tag to play. (Ignoring button)");
445 SpinDelay(300);
446 }
447 }
c04a4b60 448 if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0, true))
86a83668
MHS		 449 continue;
450 else
451 {
452 Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
453 memcpy(readUID,uid,10*sizeof(uint8_t));
c89274cc 454 uint8_t *dst = (uint8_t *)&uid_tmp1;
86a83668
MHS		 455 // Set UID byte order
456 for (int i=0; i<4; i++)
457 dst[i] = uid[3-i];
c89274cc 458 dst = (uint8_t *)&uid_tmp2;
86a83668
MHS		 459 for (int i=0; i<4; i++)
460 dst[i] = uid[7-i];
c89274cc
CY		 461 if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) {
462 Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping.");
463 }
464 else {
465 if (uid_tmp2) {
466 Dbprintf("Bank[%d] received a 7-byte UID",selected);
467 uid_1st[selected] = (uid_tmp1)>>8;
468 uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8);
469 }
470 else {
471 Dbprintf("Bank[%d] received a 4-byte UID",selected);
472 uid_1st[selected] = uid_tmp1;
473 uid_2nd[selected] = uid_tmp2;
474 }
475 break;
476 }
86a83668
MHS		 477 }
478 }
c89274cc
CY		 479 Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]);
480 Dbprintf("SAK = %02X",hi14a_card[selected].sak);
86a83668
MHS		 481 LEDsoff();
482 LED(LED_GREEN, 200);
483 LED(LED_ORANGE, 200);
484 LED(LED_GREEN, 200);
485 LED(LED_ORANGE, 200);
15c4dc5a 486
487 LEDsoff();
488 LED(selected + 1, 0);
15c4dc5a 489
c89274cc 490 // Next state is replay:
44964fd1 491 playing = true;
3fe4ff4f 492
44964fd1 493 cardRead[selected] = true;
86a83668 494 }
c89274cc 495 /* MF Classic UID clone */
44964fd1 496 else if (GotoClone)
3fe4ff4f 497 {
44964fd1 498 GotoClone=false;
c89274cc
CY		 499 LEDsoff();
500 LED(selected + 1, 0);
501 LED(LED_ORANGE, 250);
3fe4ff4f 502
3fe4ff4f 503
c89274cc
CY		 504 // record
505 Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
3fe4ff4f 506
c89274cc
CY		 507 // wait for button to be released
508 while(BUTTON_PRESS())
509 {
510 // Delay cloning until card is in place
511 WDT_HIT();
512 }
513 Dbprintf("Starting clone. [Bank: %u]", selected);
514 // need this delay to prevent catching some weird data
515 SpinDelay(500);
516 // Begin clone function here:
517 /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
518 UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
519 memcpy(c.d.asBytes, data, 16);
520 SendCommand(&c);
521
522 Block read is similar:
523 UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
524 We need to imitate that call with blockNo 0 to set a uid.
525
526 The get and set commands are handled in this file:
527 // Work with "magic Chinese" card
528 case CMD_MIFARE_CSETBLOCK:
529 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
530 break;
531 case CMD_MIFARE_CGETBLOCK:
532 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
533 break;
534
535 mfCSetUID provides example logic for UID set workflow:
536 -Read block0 from card in field with MifareCGetBlock()
537 -Configure new values without replacing reserved bytes
538 memcpy(block0, uid, 4); // Copy UID bytes from byte array
539 // Mifare UID BCC
540 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
541 Bytes 5-7 are reserved SAK and ATQA for mifare classic
542 -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
543 */
544 uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
545 // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
546 MifareCGetBlock(0x3F, 1, 0, oldBlock0);
547 if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) {
548 Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected);
44964fd1 549 playing = true;
c89274cc
CY		 550 }
551 else {
552 Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
553 memcpy(newBlock0,oldBlock0,16);
554 // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
555
556 newBlock0[0] = uid_1st[selected]>>24;
557 newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
558 newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
559 newBlock0[3] = 0xFF & (uid_1st[selected]);
560 newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
561 // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
562 MifareCSetBlock(0, 0xFF,0, newBlock0);
563 MifareCGetBlock(0x3F, 1, 0, testBlock0);
564 if (memcmp(testBlock0,newBlock0,16)==0)
565 {
566 DbpString("Cloned successfull!");
44964fd1 567 cardRead[selected] = false; // Only if the card was cloned successfully should we clear it
568 playing = false;
569 GotoRecord = true;
c89274cc
CY		 570 selected = (selected+1) % OPTS;
571 }
572 else {
573 Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected);
44964fd1 574 playing = true;
c89274cc
CY		 575 }
576 }
577 LEDsoff();
578 LED(selected + 1, 0);
15c4dc5a 579
86a83668 580 }
15c4dc5a 581 // Change where to record (or begin playing)
44964fd1 582 else if (playing) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected])
15c4dc5a 583 {
15c4dc5a 584 LEDsoff();
585 LED(selected + 1, 0);
586
587 // Begin transmitting
44964fd1 588 LED(LED_GREEN, 0);
589 DbpString("Playing");
590 for ( ; ; ) {
591 WDT_HIT();
592 int button_action = BUTTON_HELD(1000);
593 if (button_action == 0) { // No button action, proceed with sim
594 uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break
595 Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
596 if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) {
597 DbpString("Mifare Classic");
598 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); // Mifare Classic
c89274cc 599 }
44964fd1 600 else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) {
601 DbpString("Mifare Ultralight");
602 SimulateIso14443aTag(2,uid_1st[selected],uid_2nd[selected],data); // Mifare Ultralight
15c4dc5a 603 }
44964fd1 604 else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) {
605 DbpString("Mifare DESFire");
606 SimulateIso14443aTag(3,uid_1st[selected],uid_2nd[selected],data); // Mifare DESFire
607 }
608 else {
609 Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
610 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data);
c89274cc 611 }
c89274cc 612 }
44964fd1 613 else if (button_action == BUTTON_SINGLE_CLICK) {
614 selected = (selected + 1) % OPTS;
615 Dbprintf("Done playing. Switching to record mode on bank %d",selected);
616 GotoRecord = true;
617 break;
618 }
619 else if (button_action == BUTTON_HOLD) {
620 Dbprintf("Playtime over. Begin cloning...");
621 GotoClone = true;
622 break;
623 }
624 WDT_HIT();
15c4dc5a 625 }
44964fd1 626
627 /* We pressed a button so ignore it here with a delay */
628 SpinDelay(300);
629 LEDsoff();
630 LED(selected + 1, 0);
15c4dc5a 631 }
632 }
633}
86a83668
MHS		 634#elif WITH_LF
635// samy's sniff and repeat routine
636void SamyRun()
e46fe044 637{
86a83668
MHS		 638 StandAloneMode();
639 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
e46fe044 640
86a83668 641 int high[OPTS], low[OPTS];
15c4dc5a 642 int selected = 0;
643 int playing = 0;
3fe4ff4f 644 int cardRead = 0;
15c4dc5a 645
646 // Turn on selected LED
647 LED(selected + 1, 0);
648
649 for (;;)
650 {
6e82300d 651 usb_poll();
86a83668 652 WDT_HIT();
15c4dc5a 653
654 // Was our button held down or pressed?
655 int button_pressed = BUTTON_HELD(1000);
656 SpinDelay(300);
657
658 // Button was held for a second, begin recording
3fe4ff4f 659 if (button_pressed > 0 && cardRead == 0)
15c4dc5a 660 {
661 LEDsoff();
662 LED(selected + 1, 0);
663 LED(LED_RED2, 0);
664
665 // record
666 DbpString("Starting recording");
667
668 // wait for button to be released
669 while(BUTTON_PRESS())
670 WDT_HIT();
671
672 /* need this delay to prevent catching some weird data */
673 SpinDelay(500);
674
675 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
098015eb 676 Dbprintf("Recorded %x %x%08x", selected, high[selected], low[selected]);
15c4dc5a 677
678 LEDsoff();
679 LED(selected + 1, 0);
680 // Finished recording
681
682 // If we were previously playing, set playing off
683 // so next button push begins playing what we recorded
684 playing = 0;
3fe4ff4f 685
686 cardRead = 1;
687
688 }
689
690 else if (button_pressed > 0 && cardRead == 1)
691 {
692 LEDsoff();
693 LED(selected + 1, 0);
694 LED(LED_ORANGE, 0);
695
696 // record
098015eb 697 Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 698
699 // wait for button to be released
700 while(BUTTON_PRESS())
701 WDT_HIT();
702
703 /* need this delay to prevent catching some weird data */
704 SpinDelay(500);
705
098015eb 706 CopyHIDtoT55x7(0, high[selected], low[selected], 0);
707 Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]);
3fe4ff4f 708
709 LEDsoff();
710 LED(selected + 1, 0);
711 // Finished recording
712
713 // If we were previously playing, set playing off
714 // so next button push begins playing what we recorded
715 playing = 0;
716
717 cardRead = 0;
718
15c4dc5a 719 }
720
721 // Change where to record (or begin playing)
722 else if (button_pressed)
723 {
724 // Next option if we were previously playing
725 if (playing)
726 selected = (selected + 1) % OPTS;
727 playing = !playing;
728
729 LEDsoff();
730 LED(selected + 1, 0);
731
732 // Begin transmitting
733 if (playing)
734 {
735 LED(LED_GREEN, 0);
736 DbpString("Playing");
737 // wait for button to be released
738 while(BUTTON_PRESS())
739 WDT_HIT();
098015eb 740 Dbprintf("%x %x%08x", selected, high[selected], low[selected]);
15c4dc5a 741 CmdHIDsimTAG(high[selected], low[selected], 0);
742 DbpString("Done playing");
743 if (BUTTON_HELD(1000) > 0)
744 {
745 DbpString("Exiting");
746 LEDsoff();
747 return;
748 }
749
750 /* We pressed a button so ignore it here with a delay */
751 SpinDelay(300);
752
753 // when done, we're done playing, move to next option
754 selected = (selected + 1) % OPTS;
755 playing = !playing;
756 LEDsoff();
757 LED(selected + 1, 0);
758 }
759 else
760 while(BUTTON_PRESS())
761 WDT_HIT();
762 }
763 }
764}
15c4dc5a 765
e46fe044 766#endif
15c4dc5a 767/*
768OBJECTIVE
769Listen and detect an external reader. Determine the best location
770for the antenna.
771
772INSTRUCTIONS:
773Inside the ListenReaderField() function, there is two mode.
774By default, when you call the function, you will enter mode 1.
775If you press the PM3 button one time, you will enter mode 2.
776If you press the PM3 button a second time, you will exit the function.
777
778DESCRIPTION OF MODE 1:
779This mode just listens for an external reader field and lights up green
780for HF and/or red for LF. This is the original mode of the detectreader
781function.
782
783DESCRIPTION OF MODE 2:
784This mode will visually represent, using the LEDs, the actual strength of the
785current compared to the maximum current detected. Basically, once you know
786what kind of external reader is present, it will help you spot the best location to place
787your antenna. You will probably not get some good results if there is a LF and a HF reader
788at the same place! :-)
789
790LIGHT SCHEME USED:
791*/
792static const char LIGHT_SCHEME[] = {
793 0x0, /* ---- | No field detected */
794 0x1, /* X--- | 14% of maximum current detected */
795 0x2, /* -X-- | 29% of maximum current detected */
796 0x4, /* --X- | 43% of maximum current detected */
797 0x8, /* ---X | 57% of maximum current detected */
798 0xC, /* --XX | 71% of maximum current detected */
799 0xE, /* -XXX | 86% of maximum current detected */
800 0xF, /* XXXX | 100% of maximum current detected */
801};
802static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
803
804void ListenReaderField(int limit)
805{
3b692427 806 int lf_av, lf_av_new, lf_baseline= 0, lf_max;
807 int hf_av, hf_av_new, hf_baseline= 0, hf_max;
15c4dc5a 808 int mode=1, display_val, display_max, i;
809
3b692427 810#define LF_ONLY 1
811#define HF_ONLY 2
812#define REPORT_CHANGE 10 // report new values only if they have changed at least by REPORT_CHANGE
813
814
815 // switch off FPGA - we don't want to measure our own signal
816 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
817 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
15c4dc5a 818
819 LEDsoff();
820
3b692427 821 lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
15c4dc5a 822
823 if(limit != HF_ONLY) {
3b692427 824 Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
15c4dc5a 825 lf_baseline = lf_av;
826 }
827
3b692427 828 hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
15c4dc5a 829
830 if (limit != LF_ONLY) {
3b692427 831 Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
15c4dc5a 832 hf_baseline = hf_av;
833 }
834
835 for(;;) {
836 if (BUTTON_PRESS()) {
837 SpinDelay(500);
838 switch (mode) {
839 case 1:
840 mode=2;
841 DbpString("Signal Strength Mode");
842 break;
843 case 2:
844 default:
845 DbpString("Stopped");
846 LEDsoff();
847 return;
848 break;
849 }
850 }
851 WDT_HIT();
852
853 if (limit != HF_ONLY) {
3b692427 854 if(mode == 1) {
cf194819 855 if (ABS(lf_av - lf_baseline) > REPORT_CHANGE)
3b692427 856 LED_D_ON();
857 else
858 LED_D_OFF();
15c4dc5a 859 }
e30c654b 860
3b692427 861 lf_av_new = AvgAdc(ADC_CHAN_LF);
15c4dc5a 862 // see if there's a significant change
cf194819 863 if(ABS(lf_av - lf_av_new) > REPORT_CHANGE) {
3b692427 864 Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
15c4dc5a 865 lf_av = lf_av_new;
866 if (lf_av > lf_max)
867 lf_max = lf_av;
15c4dc5a 868 }
869 }
870
871 if (limit != LF_ONLY) {
872 if (mode == 1){
cf194819 873 if (ABS(hf_av - hf_baseline) > REPORT_CHANGE)
3b692427 874 LED_B_ON();
875 else
876 LED_B_OFF();
15c4dc5a 877 }
e30c654b 878
3b692427 879 hf_av_new = AvgAdc(ADC_CHAN_HF);
15c4dc5a 880 // see if there's a significant change
cf194819 881 if(ABS(hf_av - hf_av_new) > REPORT_CHANGE) {
3b692427 882 Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
15c4dc5a 883 hf_av = hf_av_new;
884 if (hf_av > hf_max)
885 hf_max = hf_av;
15c4dc5a 886 }
887 }
e30c654b 888
15c4dc5a 889 if(mode == 2) {
890 if (limit == LF_ONLY) {
891 display_val = lf_av;
892 display_max = lf_max;
893 } else if (limit == HF_ONLY) {
894 display_val = hf_av;
895 display_max = hf_max;
896 } else { /* Pick one at random */
897 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
898 display_val = hf_av;
899 display_max = hf_max;
900 } else {
901 display_val = lf_av;
902 display_max = lf_max;
903 }
904 }
905 for (i=0; i<LIGHT_LEN; i++) {
906 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
907 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
908 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
909 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
910 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
911 break;
912 }
913 }
914 }
915 }
916}
917
f7e3ed82 918void UsbPacketReceived(uint8_t *packet, int len)
15c4dc5a 919{
920 UsbCommand *c = (UsbCommand *)packet;
15c4dc5a 921
902cb3c0 922// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
923
15c4dc5a 924 switch(c->cmd) {
925#ifdef WITH_LF
31abe49f
MHS		 926 case CMD_SET_LF_SAMPLING_CONFIG:
927 setSamplingConfig((sample_config *) c->d.asBytes);
928 break;
15c4dc5a 929 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
b9957414 930 cmd_send(CMD_ACK,SampleLF(c->arg[0], c->arg[1]),0,0,0,0);
15c4dc5a 931 break;
15c4dc5a 932 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
933 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
934 break;
b014c96d 935 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
31abe49f 936 cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
b014c96d 937 break;
7e67e42f 938 case CMD_HID_DEMOD_FSK:
3fe4ff4f 939 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
7e67e42f 940 break;
941 case CMD_HID_SIM_TAG:
3fe4ff4f 942 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
7e67e42f 943 break;
abd6112f 944 case CMD_FSK_SIM_TAG:
945 CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
946 break;
947 case CMD_ASK_SIM_TAG:
948 CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
949 break;
872e3d4d 950 case CMD_PSK_SIM_TAG:
951 CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
952 break;
953 case CMD_HID_CLONE_TAG:
1c611bbd 954 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
7e67e42f 955 break;
a1f3bb12 956 case CMD_IO_DEMOD_FSK:
3fe4ff4f 957 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
a1f3bb12 958 break;
3fe4ff4f 959 case CMD_IO_CLONE_TAG:
9f669cb2 960 CopyIOtoT55x7(c->arg[0], c->arg[1]);
a1f3bb12 961 break;
66707a3b 962 case CMD_EM410X_DEMOD:
963 CmdEM410xdemod(c->arg[0], 0, 0, 1);
964 break;
2d4eae76 965 case CMD_EM410X_WRITE_TAG:
966 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
967 break;
7e67e42f 968 case CMD_READ_TI_TYPE:
969 ReadTItag();
970 break;
971 case CMD_WRITE_TI_TYPE:
972 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
973 break;
974 case CMD_SIMULATE_TAG_125K:
31d1caa5 975 LED_A_ON();
7e67e42f 976 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
31d1caa5 977 LED_A_OFF();
7e67e42f 978 break;
979 case CMD_LF_SIMULATE_BIDIR:
980 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
981 break;
3fe4ff4f 982 case CMD_INDALA_CLONE_TAG:
2414f978 983 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
984 break;
3fe4ff4f 985 case CMD_INDALA_CLONE_TAG_L:
2414f978 986 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
987 break;
1c611bbd 988 case CMD_T55XX_READ_BLOCK:
8e99ec25 989 T55xxReadBlock(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 990 break;
991 case CMD_T55XX_WRITE_BLOCK:
992 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
993 break;
be2d41b7 994 case CMD_T55XX_WAKEUP:
995 T55xxWakeUp(c->arg[0]);
1c611bbd 996 break;
66837a03 997 case CMD_T55XX_RESET_READ:
998 T55xxResetRead();
999 break;
3fe4ff4f 1000 case CMD_PCF7931_READ:
1c611bbd 1001 ReadPCF7931();
1c611bbd 1002 break;
dc4300ba 1003 case CMD_PCF7931_WRITE:
d10e08ae 1004 WritePCF7931(c->d.asBytes[0],c->d.asBytes[1],c->d.asBytes[2],c->d.asBytes[3],c->d.asBytes[4],c->d.asBytes[5],c->d.asBytes[6], c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128, c->arg[0], c->arg[1], c->arg[2]);
dc4300ba 1005 break;
1c611bbd 1006 case CMD_EM4X_READ_WORD:
7666f460 1007 EM4xReadWord(c->arg[0], c->arg[1],c->arg[2]);
1c611bbd 1008 break;
1009 case CMD_EM4X_WRITE_WORD:
7666f460 1010 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2]);
1c611bbd 1011 break;
dbf6e824
CY		 1012 case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
1013 CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
7cfc777b 1014 break;
709665b5 1015 case CMD_VIKING_CLONE_TAG:
1016 CopyVikingtoT55xx(c->arg[0], c->arg[1], c->arg[2]);
1017 break;
e04475c4 1018 case CMD_COTAG:
1019 Cotag(c->arg[0]);
1020 break;
15c4dc5a 1021#endif
1022
d19929cb 1023#ifdef WITH_HITAG
1024 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
1025 SnoopHitag(c->arg[0]);
1026 break;
1027 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
1028 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1029 break;
1030 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
1031 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1032 break;
4e12287d
RS		 1033 case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content
1034 SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1035 break;
1036 case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file
1037 check_challenges((bool)c->arg[0],(byte_t*)c->d.asBytes);
1038 break;
1039 case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge
1040 ReadHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1041 break;
1042 case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge
52244230
HJ		 1043 if ((hitag_function)c->arg[0] < 10) {
1044 WritePageHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes,c->arg[2]);
1045 }
1046 else if ((hitag_function)c->arg[0] >= 10) {
1047 WriterHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes, c->arg[2]);
1048 }
4e12287d 1049 break;
d19929cb 1050#endif
f168b263 1051
15c4dc5a 1052#ifdef WITH_ISO15693
1053 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
1054 AcquireRawAdcSamplesIso15693();
1055 break;
9455b51c 1056 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
1057 RecordRawAdcSamplesIso15693();
1058 break;
1059
1060 case CMD_ISO_15693_COMMAND:
1061 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1062 break;
1063
1064 case CMD_ISO_15693_FIND_AFI:
1065 BruteforceIso15693Afi(c->arg[0]);
1066 break;
1067
1068 case CMD_ISO_15693_DEBUG:
1069 SetDebugIso15693(c->arg[0]);
1070 break;
15c4dc5a 1071
15c4dc5a 1072 case CMD_READER_ISO_15693:
1073 ReaderIso15693(c->arg[0]);
1074 break;
7e67e42f 1075 case CMD_SIMTAG_ISO_15693:
3fe4ff4f 1076 SimTagIso15693(c->arg[0], c->d.asBytes);
7e67e42f 1077 break;
15c4dc5a 1078#endif
1079
7e67e42f 1080#ifdef WITH_LEGICRF
1081 case CMD_SIMULATE_TAG_LEGIC_RF:
1082 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
1083 break;
3612a8a8 1084
7e67e42f 1085 case CMD_WRITER_LEGIC_RF:
1086 LegicRfWriter(c->arg[1], c->arg[0]);
1087 break;
3612a8a8 1088
15c4dc5a 1089 case CMD_READER_LEGIC_RF:
1090 LegicRfReader(c->arg[0], c->arg[1]);
1091 break;
15c4dc5a 1092#endif
1093
1094#ifdef WITH_ISO14443b
15c4dc5a 1095 case CMD_READ_SRI512_TAG:
51d4f6f1 1096 ReadSTMemoryIso14443b(0x0F);
15c4dc5a 1097 break;
7e67e42f 1098 case CMD_READ_SRIX4K_TAG:
51d4f6f1 1099 ReadSTMemoryIso14443b(0x7F);
7e67e42f 1100 break;
132a0217 1101 case CMD_SNOOP_ISO_14443B:
51d4f6f1 1102 SnoopIso14443b();
7e67e42f 1103 break;
132a0217 1104 case CMD_SIMULATE_TAG_ISO_14443B:
51d4f6f1 1105 SimulateIso14443bTag();
7e67e42f 1106 break;
7cf3ef20 1107 case CMD_ISO_14443B_COMMAND:
1108 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1109 break;
15c4dc5a 1110#endif
1111
1112#ifdef WITH_ISO14443a
7e67e42f 1113 case CMD_SNOOP_ISO_14443a:
5cd9ec01 1114 SnoopIso14443a(c->arg[0]);
7e67e42f 1115 break;
15c4dc5a 1116 case CMD_READER_ISO_14443a:
902cb3c0 1117 ReaderIso14443a(c);
15c4dc5a 1118 break;
7e67e42f 1119 case CMD_SIMULATE_TAG_ISO_14443a:
28afbd2b 1120 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
7e67e42f 1121 break;
3fe4ff4f 1122
5acd09bd 1123 case CMD_EPA_PACE_COLLECT_NONCE:
902cb3c0 1124 EPA_PACE_Collect_Nonce(c);
5acd09bd 1125 break;
3bb07d96
FM		 1126 case CMD_EPA_PACE_REPLAY:
1127 EPA_PACE_Replay(c);
1128 break;
7e67e42f 1129
15c4dc5a 1130 case CMD_READER_MIFARE:
f168b263 1131 ReaderMifare(c->arg[0]);
15c4dc5a 1132 break;
20f9a2a1
M		 1133 case CMD_MIFARE_READBL:
1134 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1135 break;
981bd429 1136 case CMD_MIFAREU_READBL:
f168b263 1137 MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
981bd429 1138 break;
8258f409 1139 case CMD_MIFAREUC_AUTH:
1140 MifareUC_Auth(c->arg[0],c->d.asBytes);
a631936e 1141 break;
981bd429 1142 case CMD_MIFAREU_READCARD:
75377d29 1143 MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
117d9ec2 1144 break;
f168b263 1145 case CMD_MIFAREUC_SETPWD:
1146 MifareUSetPwd(c->arg[0], c->d.asBytes);
1147 break;
20f9a2a1
M		 1148 case CMD_MIFARE_READSC:
1149 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1150 break;
1151 case CMD_MIFARE_WRITEBL:
1152 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1153 break;
4973f23d 1154 //case CMD_MIFAREU_WRITEBL_COMPAT:
1155 //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
1156 //break;
981bd429 1157 case CMD_MIFAREU_WRITEBL:
4973f23d 1158 MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
f168b263 1159 break;
c48c4d78 1160 case CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES:
1161 MifareAcquireEncryptedNonces(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1162 break;
20f9a2a1
M		 1163 case CMD_MIFARE_NESTED:
1164 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
f397b5cc
M		 1165 break;
1166 case CMD_MIFARE_CHKKEYS:
1167 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
20f9a2a1
M		 1168 break;
1169 case CMD_SIMULATE_MIFARE_CARD:
1170 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1171 break;
8556b852
M		 1172
1173 // emulator
1174 case CMD_MIFARE_SET_DBGMODE:
1175 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1176 break;
1177 case CMD_MIFARE_EML_MEMCLR:
1178 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1179 break;
1180 case CMD_MIFARE_EML_MEMSET:
1181 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1182 break;
1183 case CMD_MIFARE_EML_MEMGET:
1184 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1185 break;
1186 case CMD_MIFARE_EML_CARDLOAD:
1187 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
0675f200
M		 1188 break;
1189
1190 // Work with "magic Chinese" card
3a05a1e7
OM		 1191 case CMD_MIFARE_CWIPE:
1192 MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1193 break;
3fe4ff4f 1194 case CMD_MIFARE_CSETBLOCK:
0675f200 1195 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
545a1f38 1196 break;
3fe4ff4f 1197 case CMD_MIFARE_CGETBLOCK:
545a1f38 1198 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
8556b852 1199 break;
3fe4ff4f 1200 case CMD_MIFARE_CIDENT:
1201 MifareCIdent();
1202 break;
b62a5a84
M		 1203
1204 // mifare sniffer
1205 case CMD_MIFARE_SNIFFER:
5cd9ec01 1206 SniffMifare(c->arg[0]);
b62a5a84 1207 break;
a631936e 1208
20f9a2a1
M		 1209#endif
1210
7e67e42f 1211#ifdef WITH_ICLASS
cee5a30d 1212 // Makes use of ISO14443a FPGA Firmware
1213 case CMD_SNOOP_ICLASS:
1214 SnoopIClass();
1215 break;
1e262141 1216 case CMD_SIMULATE_TAG_ICLASS:
ff7bb4ef 1217 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1e262141 1218 break;
1219 case CMD_READER_ICLASS:
1220 ReaderIClass(c->arg[0]);
1221 break;
c3963755 1222 case CMD_READER_ICLASS_REPLAY:
aa53efc3 1223 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
c3963755 1224 break;
aa53efc3 1225 case CMD_ICLASS_EML_MEMSET:
e80aeb96
MHS		 1226 emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
1227 break;
aa53efc3 1228 case CMD_ICLASS_WRITEBLOCK:
3ac22ee1 1229 iClass_WriteBlock(c->arg[0], c->d.asBytes);
1230 break;
1231 case CMD_ICLASS_READCHECK: // auth step 1
1232 iClass_ReadCheck(c->arg[0], c->arg[1]);
aa53efc3 1233 break;
1234 case CMD_ICLASS_READBLOCK:
3ac22ee1 1235 iClass_ReadBlk(c->arg[0]);
aa53efc3 1236 break;
3ac22ee1 1237 case CMD_ICLASS_AUTHENTICATION: //check
aa53efc3 1238 iClass_Authentication(c->d.asBytes);
1239 break;
1240 case CMD_ICLASS_DUMP:
3ac22ee1 1241 iClass_Dump(c->arg[0], c->arg[1]);
aa53efc3 1242 break;
1243 case CMD_ICLASS_CLONE:
3ac22ee1 1244 iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
aa53efc3 1245 break;
cee5a30d 1246#endif
0472d76d 1247#ifdef WITH_HFSNOOP
1248 case CMD_HF_SNIFFER:
1249 HfSnoop(c->arg[0], c->arg[1]);
1250 break;
1251#endif
cee5a30d 1252
7e67e42f 1253 case CMD_BUFF_CLEAR:
117d9ec2 1254 BigBuf_Clear();
15c4dc5a 1255 break;
15c4dc5a 1256
1257 case CMD_MEASURE_ANTENNA_TUNING:
fdcfbdcc 1258 MeasureAntennaTuning(c->arg[0]);
15c4dc5a 1259 break;
1260
1261 case CMD_MEASURE_ANTENNA_TUNING_HF:
1262 MeasureAntennaTuningHf();
1263 break;
1264
1265 case CMD_LISTEN_READER_FIELD:
1266 ListenReaderField(c->arg[0]);
1267 break;
1268
15c4dc5a 1269 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
1270 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1271 SpinDelay(200);
1272 LED_D_OFF(); // LED D indicates field ON or OFF
1273 break;
1274
1c611bbd 1275 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
902cb3c0 1276
1c611bbd 1277 LED_B_ON();
117d9ec2 1278 uint8_t *BigBuf = BigBuf_get_addr();
1c611bbd 1279 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
1280 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
3000dc4e 1281 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
1c611bbd 1282 }
1283 // Trigger a finish downloading signal with an ACK frame
3000dc4e 1284 cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
d3b1f4e4 1285 LED_B_OFF();
1c611bbd 1286 break;
15c4dc5a 1287
1288 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
8c8317a5 1289 // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
1290 // to be able to use this one for uploading data to device
1291 // arg1 = 0 upload for LF usage
1292 // 1 upload for HF usage
1293 if (c->arg[1] == 0)
1294 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
1295 else
1296 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1297
117d9ec2 1298 uint8_t *b = BigBuf_get_addr();
3fe4ff4f 1299 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1c611bbd 1300 cmd_send(CMD_ACK,0,0,0,0,0);
1301 break;
1302 }
15c4dc5a 1303 case CMD_READ_MEM:
1304 ReadMem(c->arg[0]);
1305 break;
1306
1307 case CMD_SET_LF_DIVISOR:
8c8317a5 1308 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
15c4dc5a 1309 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
1310 break;
1311
1312 case CMD_SET_ADC_MUX:
1313 switch(c->arg[0]) {
1314 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
1315 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
1316 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
1317 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
1318 }
1319 break;
1320
1321 case CMD_VERSION:
1322 SendVersion();
1323 break;
c89274cc 1324 case CMD_STATUS:
67b7d6fa 1325 SendStatus();
c89274cc
CY		 1326 break;
1327 case CMD_PING:
1328 cmd_send(CMD_ACK,0,0,0,0,0);
1329 break;
15c4dc5a 1330#ifdef WITH_LCD
1331 case CMD_LCD_RESET:
1332 LCDReset();
1333 break;
1334 case CMD_LCD:
1335 LCDSend(c->arg[0]);
1336 break;
1337#endif
1338 case CMD_SETUP_WRITE:
1339 case CMD_FINISH_WRITE:
1c611bbd 1340 case CMD_HARDWARE_RESET:
1341 usb_disable();
15c4dc5a 1342 SpinDelay(1000);
1343 SpinDelay(1000);
1344 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1345 for(;;) {
1346 // We're going to reset, and the bootrom will take control.
1347 }
1c611bbd 1348 break;
15c4dc5a 1349
1c611bbd 1350 case CMD_START_FLASH:
15c4dc5a 1351 if(common_area.flags.bootrom_present) {
1352 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
1353 }
1c611bbd 1354 usb_disable();
15c4dc5a 1355 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1356 for(;;);
1c611bbd 1357 break;
e30c654b 1358
15c4dc5a 1359 case CMD_DEVICE_INFO: {
902cb3c0 1360 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1361 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1c611bbd 1362 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1363 break;
1364 }
1365 default:
15c4dc5a 1366 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1c611bbd 1367 break;
15c4dc5a 1368 }
1369}
1370
1371void __attribute__((noreturn)) AppMain(void)
1372{
1373 SpinDelay(100);
9e8255d4 1374 clear_trace();
15c4dc5a 1375 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1376 /* Initialize common area */
1377 memset(&common_area, 0, sizeof(common_area));
1378 common_area.magic = COMMON_AREA_MAGIC;
1379 common_area.version = 1;
1380 }
1381 common_area.flags.osimage_present = 1;
1382
1383 LED_D_OFF();
1384 LED_C_OFF();
1385 LED_B_OFF();
1386 LED_A_OFF();
1387
3fe4ff4f 1388 // Init USB device
902cb3c0 1389 usb_enable();
15c4dc5a 1390
1391 // The FPGA gets its clock from us from PCK0 output, so set that up.
1392 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1393 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1394 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1395 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1396 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
0472d76d 1397 AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
15c4dc5a 1398 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1399
1400 // Reset SPI
1401 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1402 // Reset SSC
1403 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1404
1405 // Load the FPGA image, which we have stored in our flash.
7cc204bf 1406 // (the HF version by default)
1407 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
15c4dc5a 1408
9ca155ba 1409 StartTickCount();
902cb3c0 1410
15c4dc5a 1411#ifdef WITH_LCD
15c4dc5a 1412 LCDInit();
15c4dc5a 1413#endif
1414
902cb3c0 1415 byte_t rx[sizeof(UsbCommand)];
1416 size_t rx_len;
1417
15c4dc5a 1418 for(;;) {
902cb3c0 1419 if (usb_poll()) {
1420 rx_len = usb_read(rx,sizeof(UsbCommand));
1421 if (rx_len) {
1422 UsbPacketReceived(rx,rx_len);
1423 }
1424 }
15c4dc5a 1425 WDT_HIT();
1426
1427#ifdef WITH_LF
e46fe044 1428#ifndef WITH_ISO14443a_StandAlone
15c4dc5a 1429 if (BUTTON_HELD(1000) > 0)
1430 SamyRun();
e46fe044
CY		 1431#endif
1432#endif
1433#ifdef WITH_ISO14443a
1434#ifdef WITH_ISO14443a_StandAlone
1435 if (BUTTON_HELD(1000) > 0)
1436 StandAloneMode14a();
1437#endif
15c4dc5a 1438#endif
1439 }
1440}
Proxmark3 GIT tracking
Impressum, Datenschutz