]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/lfsampling.c
Speedup Mifare Plus Attack v2
[proxmark3-svn] / armsrc / lfsampling.c
1 //-----------------------------------------------------------------------------
2 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
3 // at your option, any later version. See the LICENSE.txt file for the text of
4 // the license.
5 //-----------------------------------------------------------------------------
6 // Miscellaneous routines for low frequency sampling.
7 //-----------------------------------------------------------------------------
8
9 #include "lfsampling.h"
10
11 sample_config config = { 1, 8, 1, 95, 0 } ;
12
13 void printConfig() {
14 Dbprintf("LF Sampling config: ");
15 Dbprintf(" [q] divisor: %d ", config.divisor);
16 Dbprintf(" [b] bps: %d ", config.bits_per_sample);
17 Dbprintf(" [d] decimation: %d ", config.decimation);
18 Dbprintf(" [a] averaging: %d ", config.averaging);
19 Dbprintf(" [t] trigger threshold: %d ", config.trigger_threshold);
20 }
21
22
23 /**
24 * Called from the USB-handler to set the sampling configuration
25 * The sampling config is used for std reading and snooping.
26 *
27 * Other functions may read samples and ignore the sampling config,
28 * such as functions to read the UID from a prox tag or similar.
29 *
30 * Values set to '0' implies no change (except for averaging)
31 * @brief setSamplingConfig
32 * @param sc
33 */
34 void setSamplingConfig(sample_config *sc) {
35 if(sc->divisor != 0) config.divisor = sc->divisor;
36 if(sc->bits_per_sample != 0) config.bits_per_sample = sc->bits_per_sample;
37 if(sc->decimation != 0) config.decimation = sc->decimation;
38 if(sc->trigger_threshold != -1) config.trigger_threshold = sc->trigger_threshold;
39
40 config.averaging = sc->averaging;
41 if(config.bits_per_sample > 8) config.bits_per_sample = 8;
42 if(config.decimation < 1) config.decimation = 1;
43
44 printConfig();
45 }
46
47 sample_config* getSamplingConfig() {
48 return &config;
49 }
50
51 typedef struct {
52 uint8_t * buffer;
53 uint32_t numbits;
54 uint32_t position;
55 } BitstreamOut;
56
57 /**
58 * @brief Pushes bit onto the stream
59 * @param stream
60 * @param bit
61 */
62 void pushBit( BitstreamOut* stream, uint8_t bit) {
63 int bytepos = stream->position >> 3; // divide by 8
64 int bitpos = stream->position & 7;
65 *(stream->buffer+bytepos) |= (bit > 0) << (7 - bitpos);
66 stream->position++;
67 stream->numbits++;
68 }
69
70 /**
71 * Setup the FPGA to listen for samples. This method downloads the FPGA bitstream
72 * if not already loaded, sets divisor and starts up the antenna.
73 * @param divisor : 1, 88> 255 or negative ==> 134.8 KHz
74 * 0 or 95 ==> 125 KHz
75 *
76 **/
77 void LFSetupFPGAForADC(int divisor, bool lf_field) {
78 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
79 if ( (divisor == 1) || (divisor < 0) || (divisor > 255) )
80 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
81 else if (divisor == 0)
82 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
83 else
84 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor);
85
86 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0));
87
88 // Connect the A/D to the peak-detected low-frequency path.
89 SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
90 // Give it a bit of time for the resonant antenna to settle.
91 SpinDelay(50);
92 // Now set up the SSC to get the ADC samples that are now streaming at us.
93 FpgaSetupSsc();
94
95 // start a 1.5ticks is 1us
96 StartTicks();
97 }
98
99 /**
100 * Does the sample acquisition. If threshold is specified, the actual sampling
101 * is not commenced until the threshold has been reached.
102 * This method implements decimation and quantization in order to
103 * be able to provide longer sample traces.
104 * Uses the following global settings:
105 * @param decimation - how much should the signal be decimated. A decimation of N means we keep 1 in N samples, etc.
106 * @param bits_per_sample - bits per sample. Max 8, min 1 bit per sample.
107 * @param averaging If set to true, decimation will use averaging, so that if e.g. decimation is 3, the sample
108 * value that will be used is the average value of the three samples.
109 * @param trigger_threshold - a threshold. The sampling won't commence until this threshold has been reached. Set
110 * to -1 to ignore threshold.
111 * @param silent - is true, now outputs are made. If false, dbprints the status
112 * @return the number of bits occupied by the samples.
113 */
114 uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold,bool silent) {
115 //bigbuf, to hold the aquired raw data signal
116 uint8_t *dest = BigBuf_get_addr();
117 uint16_t bufsize = BigBuf_max_traceLen();
118
119 //BigBuf_Clear_ext(false); //creates issues with cmdread (marshmellow)
120
121 if(bits_per_sample < 1) bits_per_sample = 1;
122 if(bits_per_sample > 8) bits_per_sample = 8;
123
124 if(decimation < 1) decimation = 1;
125
126 // Use a bit stream to handle the output
127 BitstreamOut data = { dest , 0, 0};
128 int sample_counter = 0;
129 uint8_t sample = 0;
130 //If we want to do averaging
131 uint32_t sample_sum =0 ;
132 uint32_t sample_total_numbers =0 ;
133 uint32_t sample_total_saved =0 ;
134
135 while(!BUTTON_PRESS() && !usb_poll_validate_length() ) {
136 WDT_HIT();
137 if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
138 AT91C_BASE_SSC->SSC_THR = 0x43;
139 LED_D_ON();
140 }
141 if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
142 sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
143 LED_D_OFF();
144 // threshold either high or low values 128 = center 0. if trigger = 178
145 if ((trigger_threshold > 0) && (sample < (trigger_threshold+128)) && (sample > (128-trigger_threshold))) //
146 continue;
147
148 trigger_threshold = 0;
149 sample_total_numbers++;
150
151 if(averaging)
152 {
153 sample_sum += sample;
154 }
155 //Check decimation
156 if(decimation > 1)
157 {
158 sample_counter++;
159 if(sample_counter < decimation) continue;
160 sample_counter = 0;
161 }
162 //Averaging
163 if(averaging && decimation > 1) {
164 sample = sample_sum / decimation;
165 sample_sum =0;
166 }
167 //Store the sample
168 sample_total_saved ++;
169 if(bits_per_sample == 8){
170 dest[sample_total_saved-1] = sample;
171 data.numbits = sample_total_saved << 3;//Get the return value correct
172 if(sample_total_saved >= bufsize) break;
173 }
174 else{
175 pushBit(&data, sample & 0x80);
176 if(bits_per_sample > 1) pushBit(&data, sample & 0x40);
177 if(bits_per_sample > 2) pushBit(&data, sample & 0x20);
178 if(bits_per_sample > 3) pushBit(&data, sample & 0x10);
179 if(bits_per_sample > 4) pushBit(&data, sample & 0x08);
180 if(bits_per_sample > 5) pushBit(&data, sample & 0x04);
181 if(bits_per_sample > 6) pushBit(&data, sample & 0x02);
182 //Not needed, 8bps is covered above
183 //if(bits_per_sample > 7) pushBit(&data, sample & 0x01);
184 if((data.numbits >> 3) +1 >= bufsize) break;
185 }
186 }
187 }
188
189 if(!silent)
190 {
191 Dbprintf("Done, saved %d out of %d seen samples at %d bits/sample",sample_total_saved, sample_total_numbers,bits_per_sample);
192 Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...",
193 dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]);
194 }
195 return data.numbits;
196 }
197 /**
198 * @brief Does sample acquisition, ignoring the config values set in the sample_config.
199 * This method is typically used by tag-specific readers who just wants to read the samples
200 * the normal way
201 * @param trigger_threshold
202 * @param silent
203 * @return number of bits sampled
204 */
205 uint32_t DoAcquisition_default(int trigger_threshold, bool silent) {
206 return DoAcquisition(1,8,0,trigger_threshold,silent);
207 }
208 uint32_t DoAcquisition_config( bool silent) {
209 return DoAcquisition(config.decimation
210 ,config.bits_per_sample
211 ,config.averaging
212 ,config.trigger_threshold
213 ,silent);
214 }
215
216 uint32_t ReadLF(bool activeField, bool silent) {
217 if (!silent)
218 printConfig();
219 LFSetupFPGAForADC(config.divisor, activeField);
220 return DoAcquisition_config(silent);
221 }
222
223 /**
224 * Initializes the FPGA for reader-mode (field on), and acquires the samples.
225 * @return number of bits sampled
226 **/
227 uint32_t SampleLF(bool printCfg) {
228 return ReadLF(true, printCfg);
229 }
230 /**
231 * Initializes the FPGA for snoop-mode (field off), and acquires the samples.
232 * @return number of bits sampled
233 **/
234 uint32_t SnoopLF() {
235 return ReadLF(false, true);
236 }
237
238 /**
239 * acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds
240 * the data is collected in BigBuf.
241 **/
242 void doT55x7Acquisition(size_t sample_size) {
243
244 #define T55xx_READ_UPPER_THRESHOLD 128+40 // 60 grph
245 #define T55xx_READ_LOWER_THRESHOLD 128-40 // -60 grph
246 #define T55xx_READ_TOL 2
247
248 uint8_t *dest = BigBuf_get_addr();
249 uint16_t bufsize = BigBuf_max_traceLen();
250
251 if ( bufsize > sample_size )
252 bufsize = sample_size;
253
254 uint8_t curSample = 0, lastSample = 0;
255 uint16_t i = 0, skipCnt = 0;
256 bool startFound = false;
257 bool highFound = false;
258 bool lowFound = false;
259
260 while(!BUTTON_PRESS() && !usb_poll_validate_length() && skipCnt < 1000 && (i < bufsize) ) {
261 WDT_HIT();
262 if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
263 AT91C_BASE_SSC->SSC_THR = 0x43;
264 LED_D_ON();
265 }
266 if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
267 curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
268 LED_D_OFF();
269
270 // skip until the first high sample above threshold
271 if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
272 //if (curSample > lastSample)
273 // lastSample = curSample;
274 highFound = true;
275 } else if (!highFound) {
276 skipCnt++;
277 continue;
278 }
279 // skip until the first Low sample below threshold
280 if (!startFound && curSample < T55xx_READ_LOWER_THRESHOLD) {
281 //if (curSample > lastSample)
282 lastSample = curSample;
283 lowFound = true;
284 } else if (!lowFound) {
285 skipCnt++;
286 continue;
287 }
288
289
290 // skip until first high samples begin to change
291 if (startFound || curSample > T55xx_READ_LOWER_THRESHOLD + T55xx_READ_TOL){
292 // if just found start - recover last sample
293 if (!startFound) {
294 dest[i++] = lastSample;
295 startFound = true;
296 }
297 // collect samples
298 dest[i++] = curSample;
299 }
300 }
301 }
302 }
303
Impressum, Datenschutz