]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
data askraw patches, data askedgedetect demod,
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
40 uint8_t ToSend[TOSEND_BUFFER_SIZE];
41 int ToSendMax;
42 static int ToSendBit;
43 struct common_area common_area __attribute__((section(".commonarea")));
44
45 void ToSendReset(void)
46 {
47 ToSendMax = -1;
48 ToSendBit = 8;
49 }
50
51 void ToSendStuffBit(int b)
52 {
53 if(ToSendBit >= 8) {
54 ToSendMax++;
55 ToSend[ToSendMax] = 0;
56 ToSendBit = 0;
57 }
58
59 if(b) {
60 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
61 }
62
63 ToSendBit++;
64
65 if(ToSendMax >= sizeof(ToSend)) {
66 ToSendBit = 0;
67 DbpString("ToSendStuffBit overflowed!");
68 }
69 }
70
71 //=============================================================================
72 // Debug print functions, to go out over USB, to the usual PC-side client.
73 //=============================================================================
74
75 void DbpString(char *str)
76 {
77 byte_t len = strlen(str);
78 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
79 }
80
81 #if 0
82 void DbpIntegers(int x1, int x2, int x3)
83 {
84 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
85 }
86 #endif
87
88 void Dbprintf(const char *fmt, ...) {
89 // should probably limit size here; oh well, let's just use a big buffer
90 char output_string[128];
91 va_list ap;
92
93 va_start(ap, fmt);
94 kvsprintf(fmt, output_string, 10, ap);
95 va_end(ap);
96
97 DbpString(output_string);
98 }
99
100 // prints HEX & ASCII
101 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
102 int l=0,i;
103 char ascii[9];
104
105 while (len>0) {
106 if (len>8) l=8;
107 else l=len;
108
109 memcpy(ascii,d,l);
110 ascii[l]=0;
111
112 // filter safe ascii
113 for (i=0;i<l;i++)
114 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
115
116 if (bAsci) {
117 Dbprintf("%-8s %*D",ascii,l,d," ");
118 } else {
119 Dbprintf("%*D",l,d," ");
120 }
121
122 len-=8;
123 d+=8;
124 }
125 }
126
127 //-----------------------------------------------------------------------------
128 // Read an ADC channel and block till it completes, then return the result
129 // in ADC units (0 to 1023). Also a routine to average 32 samples and
130 // return that.
131 //-----------------------------------------------------------------------------
132 static int ReadAdc(int ch)
133 {
134 uint32_t d;
135
136 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
137 AT91C_BASE_ADC->ADC_MR =
138 ADC_MODE_PRESCALE(32) |
139 ADC_MODE_STARTUP_TIME(16) |
140 ADC_MODE_SAMPLE_HOLD_TIME(8);
141 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
142
143 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
144 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
145 ;
146 d = AT91C_BASE_ADC->ADC_CDR[ch];
147
148 return d;
149 }
150
151 int AvgAdc(int ch) // was static - merlok
152 {
153 int i;
154 int a = 0;
155
156 for(i = 0; i < 32; i++) {
157 a += ReadAdc(ch);
158 }
159
160 return (a + 15) >> 5;
161 }
162
163 void MeasureAntennaTuning(void)
164 {
165 uint8_t LF_Results[256];
166 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
167 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
168
169 LED_B_ON();
170
171 /*
172 * Sweeps the useful LF range of the proxmark from
173 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
174 * read the voltage in the antenna, the result left
175 * in the buffer is a graph which should clearly show
176 * the resonating frequency of your LF antenna
177 * ( hopefully around 95 if it is tuned to 125kHz!)
178 */
179
180 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
181 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
182 for (i=255; i>=19; i--) {
183 WDT_HIT();
184 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
185 SpinDelay(20);
186 // Vref = 3.3V, and a 10000:240 voltage divider on the input
187 // can measure voltages up to 137500 mV
188 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
189 if (i==95) vLf125 = adcval; // voltage at 125Khz
190 if (i==89) vLf134 = adcval; // voltage at 134Khz
191
192 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
193 if(LF_Results[i] > peak) {
194 peakv = adcval;
195 peak = LF_Results[i];
196 peakf = i;
197 //ptr = i;
198 }
199 }
200
201 for (i=18; i >= 0; i--) LF_Results[i] = 0;
202
203 LED_A_ON();
204 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
205 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
206 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
207 SpinDelay(20);
208 // Vref = 3300mV, and an 10:1 voltage divider on the input
209 // can measure voltages up to 33000 mV
210 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
211
212 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
213 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
214 LED_A_OFF();
215 LED_B_OFF();
216 return;
217 }
218
219 void MeasureAntennaTuningHf(void)
220 {
221 int vHf = 0; // in mV
222
223 DbpString("Measuring HF antenna, press button to exit");
224
225 for (;;) {
226 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
227 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
228 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
229 SpinDelay(20);
230 // Vref = 3300mV, and an 10:1 voltage divider on the input
231 // can measure voltages up to 33000 mV
232 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
233
234 Dbprintf("%d mV",vHf);
235 if (BUTTON_PRESS()) break;
236 }
237 DbpString("cancelled");
238 }
239
240
241 void SimulateTagHfListen(void)
242 {
243 // ToDo: historically this used the free buffer, which was 2744 Bytes long.
244 // There might be a better size to be defined:
245 #define HF_14B_SNOOP_BUFFER_SIZE 2744
246 uint8_t *dest = BigBuf_malloc(HF_14B_SNOOP_BUFFER_SIZE);
247 uint8_t v = 0;
248 int i;
249 int p = 0;
250
251 // We're using this mode just so that I can test it out; the simulated
252 // tag mode would work just as well and be simpler.
253 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
254 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
255
256 // We need to listen to the high-frequency, peak-detected path.
257 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
258
259 FpgaSetupSsc();
260
261 i = 0;
262 for(;;) {
263 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
264 AT91C_BASE_SSC->SSC_THR = 0xff;
265 }
266 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
267 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
268
269 v <<= 1;
270 if(r & 1) {
271 v |= 1;
272 }
273 p++;
274
275 if(p >= 8) {
276 dest[i] = v;
277 v = 0;
278 p = 0;
279 i++;
280
281 if(i >= HF_14B_SNOOP_BUFFER_SIZE) {
282 break;
283 }
284 }
285 }
286 }
287 DbpString("simulate tag (now type bitsamples)");
288 }
289
290 void ReadMem(int addr)
291 {
292 const uint8_t *data = ((uint8_t *)addr);
293
294 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
295 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
296 }
297
298 /* osimage version information is linked in */
299 extern struct version_information version_information;
300 /* bootrom version information is pointed to from _bootphase1_version_pointer */
301 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
302 void SendVersion(void)
303 {
304 char temp[512]; /* Limited data payload in USB packets */
305 DbpString("Prox/RFID mark3 RFID instrument");
306
307 /* Try to find the bootrom version information. Expect to find a pointer at
308 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
309 * pointer, then use it.
310 */
311 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
312 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
313 DbpString("bootrom version information appears invalid");
314 } else {
315 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
316 DbpString(temp);
317 }
318
319 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
320 DbpString(temp);
321
322 FpgaGatherVersion(temp, sizeof(temp));
323 DbpString(temp);
324 // Send Chip ID
325 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
326 }
327
328 #ifdef WITH_LF
329 // samy's sniff and repeat routine
330 void SamyRun()
331 {
332 DbpString("Stand-alone mode! No PC necessary.");
333 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
334
335 // 3 possible options? no just 2 for now
336 #define OPTS 2
337
338 int high[OPTS], low[OPTS];
339
340 // Oooh pretty -- notify user we're in elite samy mode now
341 LED(LED_RED, 200);
342 LED(LED_ORANGE, 200);
343 LED(LED_GREEN, 200);
344 LED(LED_ORANGE, 200);
345 LED(LED_RED, 200);
346 LED(LED_ORANGE, 200);
347 LED(LED_GREEN, 200);
348 LED(LED_ORANGE, 200);
349 LED(LED_RED, 200);
350
351 int selected = 0;
352 int playing = 0;
353 int cardRead = 0;
354
355 // Turn on selected LED
356 LED(selected + 1, 0);
357
358 for (;;)
359 {
360 usb_poll();
361 WDT_HIT();
362
363 // Was our button held down or pressed?
364 int button_pressed = BUTTON_HELD(1000);
365 SpinDelay(300);
366
367 // Button was held for a second, begin recording
368 if (button_pressed > 0 && cardRead == 0)
369 {
370 LEDsoff();
371 LED(selected + 1, 0);
372 LED(LED_RED2, 0);
373
374 // record
375 DbpString("Starting recording");
376
377 // wait for button to be released
378 while(BUTTON_PRESS())
379 WDT_HIT();
380
381 /* need this delay to prevent catching some weird data */
382 SpinDelay(500);
383
384 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
385 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
386
387 LEDsoff();
388 LED(selected + 1, 0);
389 // Finished recording
390
391 // If we were previously playing, set playing off
392 // so next button push begins playing what we recorded
393 playing = 0;
394
395 cardRead = 1;
396
397 }
398
399 else if (button_pressed > 0 && cardRead == 1)
400 {
401 LEDsoff();
402 LED(selected + 1, 0);
403 LED(LED_ORANGE, 0);
404
405 // record
406 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
407
408 // wait for button to be released
409 while(BUTTON_PRESS())
410 WDT_HIT();
411
412 /* need this delay to prevent catching some weird data */
413 SpinDelay(500);
414
415 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
416 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
417
418 LEDsoff();
419 LED(selected + 1, 0);
420 // Finished recording
421
422 // If we were previously playing, set playing off
423 // so next button push begins playing what we recorded
424 playing = 0;
425
426 cardRead = 0;
427
428 }
429
430 // Change where to record (or begin playing)
431 else if (button_pressed)
432 {
433 // Next option if we were previously playing
434 if (playing)
435 selected = (selected + 1) % OPTS;
436 playing = !playing;
437
438 LEDsoff();
439 LED(selected + 1, 0);
440
441 // Begin transmitting
442 if (playing)
443 {
444 LED(LED_GREEN, 0);
445 DbpString("Playing");
446 // wait for button to be released
447 while(BUTTON_PRESS())
448 WDT_HIT();
449 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
450 CmdHIDsimTAG(high[selected], low[selected], 0);
451 DbpString("Done playing");
452 if (BUTTON_HELD(1000) > 0)
453 {
454 DbpString("Exiting");
455 LEDsoff();
456 return;
457 }
458
459 /* We pressed a button so ignore it here with a delay */
460 SpinDelay(300);
461
462 // when done, we're done playing, move to next option
463 selected = (selected + 1) % OPTS;
464 playing = !playing;
465 LEDsoff();
466 LED(selected + 1, 0);
467 }
468 else
469 while(BUTTON_PRESS())
470 WDT_HIT();
471 }
472 }
473 }
474 #endif
475
476 /*
477 OBJECTIVE
478 Listen and detect an external reader. Determine the best location
479 for the antenna.
480
481 INSTRUCTIONS:
482 Inside the ListenReaderField() function, there is two mode.
483 By default, when you call the function, you will enter mode 1.
484 If you press the PM3 button one time, you will enter mode 2.
485 If you press the PM3 button a second time, you will exit the function.
486
487 DESCRIPTION OF MODE 1:
488 This mode just listens for an external reader field and lights up green
489 for HF and/or red for LF. This is the original mode of the detectreader
490 function.
491
492 DESCRIPTION OF MODE 2:
493 This mode will visually represent, using the LEDs, the actual strength of the
494 current compared to the maximum current detected. Basically, once you know
495 what kind of external reader is present, it will help you spot the best location to place
496 your antenna. You will probably not get some good results if there is a LF and a HF reader
497 at the same place! :-)
498
499 LIGHT SCHEME USED:
500 */
501 static const char LIGHT_SCHEME[] = {
502 0x0, /* ---- | No field detected */
503 0x1, /* X--- | 14% of maximum current detected */
504 0x2, /* -X-- | 29% of maximum current detected */
505 0x4, /* --X- | 43% of maximum current detected */
506 0x8, /* ---X | 57% of maximum current detected */
507 0xC, /* --XX | 71% of maximum current detected */
508 0xE, /* -XXX | 86% of maximum current detected */
509 0xF, /* XXXX | 100% of maximum current detected */
510 };
511 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
512
513 void ListenReaderField(int limit)
514 {
515 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
516 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
517 int mode=1, display_val, display_max, i;
518
519 #define LF_ONLY 1
520 #define HF_ONLY 2
521
522 LEDsoff();
523
524 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
525
526 if(limit != HF_ONLY) {
527 Dbprintf("LF 125/134 Baseline: %d", lf_av);
528 lf_baseline = lf_av;
529 }
530
531 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
532
533 if (limit != LF_ONLY) {
534 Dbprintf("HF 13.56 Baseline: %d", hf_av);
535 hf_baseline = hf_av;
536 }
537
538 for(;;) {
539 if (BUTTON_PRESS()) {
540 SpinDelay(500);
541 switch (mode) {
542 case 1:
543 mode=2;
544 DbpString("Signal Strength Mode");
545 break;
546 case 2:
547 default:
548 DbpString("Stopped");
549 LEDsoff();
550 return;
551 break;
552 }
553 }
554 WDT_HIT();
555
556 if (limit != HF_ONLY) {
557 if(mode==1) {
558 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
559 else LED_D_OFF();
560 }
561
562 ++lf_count;
563 lf_av_new= ReadAdc(ADC_CHAN_LF);
564 // see if there's a significant change
565 if(abs(lf_av - lf_av_new) > 10) {
566 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
567 lf_av = lf_av_new;
568 if (lf_av > lf_max)
569 lf_max = lf_av;
570 lf_count= 0;
571 }
572 }
573
574 if (limit != LF_ONLY) {
575 if (mode == 1){
576 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
577 else LED_B_OFF();
578 }
579
580 ++hf_count;
581 hf_av_new= ReadAdc(ADC_CHAN_HF);
582 // see if there's a significant change
583 if(abs(hf_av - hf_av_new) > 10) {
584 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
585 hf_av = hf_av_new;
586 if (hf_av > hf_max)
587 hf_max = hf_av;
588 hf_count= 0;
589 }
590 }
591
592 if(mode == 2) {
593 if (limit == LF_ONLY) {
594 display_val = lf_av;
595 display_max = lf_max;
596 } else if (limit == HF_ONLY) {
597 display_val = hf_av;
598 display_max = hf_max;
599 } else { /* Pick one at random */
600 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
601 display_val = hf_av;
602 display_max = hf_max;
603 } else {
604 display_val = lf_av;
605 display_max = lf_max;
606 }
607 }
608 for (i=0; i<LIGHT_LEN; i++) {
609 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
610 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
611 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
612 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
613 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
614 break;
615 }
616 }
617 }
618 }
619 }
620
621 void UsbPacketReceived(uint8_t *packet, int len)
622 {
623 UsbCommand *c = (UsbCommand *)packet;
624
625 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
626
627 switch(c->cmd) {
628 #ifdef WITH_LF
629 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
630 AcquireRawAdcSamples125k(c->arg[0]);
631 cmd_send(CMD_ACK,0,0,0,0,0);
632 break;
633 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
634 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
635 break;
636 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
637 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
638 cmd_send(CMD_ACK,0,0,0,0,0);
639 break;
640 case CMD_HID_DEMOD_FSK:
641 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
642 break;
643 case CMD_HID_SIM_TAG:
644 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
645 break;
646 case CMD_HID_CLONE_TAG:
647 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
648 break;
649 case CMD_IO_DEMOD_FSK:
650 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
651 break;
652 case CMD_IO_CLONE_TAG:
653 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
654 break;
655 case CMD_EM410X_DEMOD:
656 CmdEM410xdemod(c->arg[0], 0, 0, 1);
657 break;
658 case CMD_EM410X_WRITE_TAG:
659 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
660 break;
661 case CMD_READ_TI_TYPE:
662 ReadTItag();
663 break;
664 case CMD_WRITE_TI_TYPE:
665 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
666 break;
667 case CMD_SIMULATE_TAG_125K:
668 LED_A_ON();
669 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
670 LED_A_OFF();
671 break;
672 case CMD_LF_SIMULATE_BIDIR:
673 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
674 break;
675 case CMD_INDALA_CLONE_TAG:
676 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
677 break;
678 case CMD_INDALA_CLONE_TAG_L:
679 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
680 break;
681 case CMD_T55XX_READ_BLOCK:
682 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
683 break;
684 case CMD_T55XX_WRITE_BLOCK:
685 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
686 break;
687 case CMD_T55XX_READ_TRACE:
688 T55xxReadTrace();
689 break;
690 case CMD_PCF7931_READ:
691 ReadPCF7931();
692 cmd_send(CMD_ACK,0,0,0,0,0);
693 break;
694 case CMD_EM4X_READ_WORD:
695 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
696 break;
697 case CMD_EM4X_WRITE_WORD:
698 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
699 break;
700 #endif
701
702 #ifdef WITH_HITAG
703 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
704 SnoopHitag(c->arg[0]);
705 break;
706 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
707 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
708 break;
709 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
710 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
711 break;
712 #endif
713
714 #ifdef WITH_ISO15693
715 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
716 AcquireRawAdcSamplesIso15693();
717 break;
718 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
719 RecordRawAdcSamplesIso15693();
720 break;
721
722 case CMD_ISO_15693_COMMAND:
723 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
724 break;
725
726 case CMD_ISO_15693_FIND_AFI:
727 BruteforceIso15693Afi(c->arg[0]);
728 break;
729
730 case CMD_ISO_15693_DEBUG:
731 SetDebugIso15693(c->arg[0]);
732 break;
733
734 case CMD_READER_ISO_15693:
735 ReaderIso15693(c->arg[0]);
736 break;
737 case CMD_SIMTAG_ISO_15693:
738 SimTagIso15693(c->arg[0], c->d.asBytes);
739 break;
740 #endif
741
742 #ifdef WITH_LEGICRF
743 case CMD_SIMULATE_TAG_LEGIC_RF:
744 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
745 break;
746
747 case CMD_WRITER_LEGIC_RF:
748 LegicRfWriter(c->arg[1], c->arg[0]);
749 break;
750
751 case CMD_READER_LEGIC_RF:
752 LegicRfReader(c->arg[0], c->arg[1]);
753 break;
754 #endif
755
756 #ifdef WITH_ISO14443b
757 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
758 AcquireRawAdcSamplesIso14443(c->arg[0]);
759 break;
760 case CMD_READ_SRI512_TAG:
761 ReadSTMemoryIso14443(0x0F);
762 break;
763 case CMD_READ_SRIX4K_TAG:
764 ReadSTMemoryIso14443(0x7F);
765 break;
766 case CMD_SNOOP_ISO_14443:
767 SnoopIso14443();
768 break;
769 case CMD_SIMULATE_TAG_ISO_14443:
770 SimulateIso14443Tag();
771 break;
772 case CMD_ISO_14443B_COMMAND:
773 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
774 break;
775 #endif
776
777 #ifdef WITH_ISO14443a
778 case CMD_SNOOP_ISO_14443a:
779 SnoopIso14443a(c->arg[0]);
780 break;
781 case CMD_READER_ISO_14443a:
782 ReaderIso14443a(c);
783 break;
784 case CMD_SIMULATE_TAG_ISO_14443a:
785 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
786 break;
787
788 case CMD_EPA_PACE_COLLECT_NONCE:
789 EPA_PACE_Collect_Nonce(c);
790 break;
791
792 case CMD_READER_MIFARE:
793 ReaderMifare(c->arg[0]);
794 break;
795 case CMD_MIFARE_READBL:
796 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
797 break;
798 case CMD_MIFAREU_READBL:
799 MifareUReadBlock(c->arg[0],c->d.asBytes);
800 break;
801 case CMD_MIFAREUC_AUTH1:
802 MifareUC_Auth1(c->arg[0],c->d.asBytes);
803 break;
804 case CMD_MIFAREUC_AUTH2:
805 MifareUC_Auth2(c->arg[0],c->d.asBytes);
806 break;
807 case CMD_MIFAREU_READCARD:
808 MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
809 break;
810 case CMD_MIFAREUC_READCARD:
811 MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
812 break;
813 case CMD_MIFARE_READSC:
814 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
815 break;
816 case CMD_MIFARE_WRITEBL:
817 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
818 break;
819 case CMD_MIFAREU_WRITEBL_COMPAT:
820 MifareUWriteBlock(c->arg[0], c->d.asBytes);
821 break;
822 case CMD_MIFAREU_WRITEBL:
823 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
824 break;
825 case CMD_MIFARE_NESTED:
826 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
827 break;
828 case CMD_MIFARE_CHKKEYS:
829 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
830 break;
831 case CMD_SIMULATE_MIFARE_CARD:
832 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
833 break;
834
835 // emulator
836 case CMD_MIFARE_SET_DBGMODE:
837 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
838 break;
839 case CMD_MIFARE_EML_MEMCLR:
840 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
841 break;
842 case CMD_MIFARE_EML_MEMSET:
843 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
844 break;
845 case CMD_MIFARE_EML_MEMGET:
846 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
847 break;
848 case CMD_MIFARE_EML_CARDLOAD:
849 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
850 break;
851
852 // Work with "magic Chinese" card
853 case CMD_MIFARE_CSETBLOCK:
854 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
855 break;
856 case CMD_MIFARE_CGETBLOCK:
857 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
858 break;
859 case CMD_MIFARE_CIDENT:
860 MifareCIdent();
861 break;
862
863 // mifare sniffer
864 case CMD_MIFARE_SNIFFER:
865 SniffMifare(c->arg[0]);
866 break;
867
868 #endif
869
870 #ifdef WITH_ICLASS
871 // Makes use of ISO14443a FPGA Firmware
872 case CMD_SNOOP_ICLASS:
873 SnoopIClass();
874 break;
875 case CMD_SIMULATE_TAG_ICLASS:
876 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
877 break;
878 case CMD_READER_ICLASS:
879 ReaderIClass(c->arg[0]);
880 break;
881 case CMD_READER_ICLASS_REPLAY:
882 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
883 break;
884 #endif
885
886 case CMD_SIMULATE_TAG_HF_LISTEN:
887 SimulateTagHfListen();
888 break;
889
890 case CMD_BUFF_CLEAR:
891 BigBuf_Clear();
892 break;
893
894 case CMD_MEASURE_ANTENNA_TUNING:
895 MeasureAntennaTuning();
896 break;
897
898 case CMD_MEASURE_ANTENNA_TUNING_HF:
899 MeasureAntennaTuningHf();
900 break;
901
902 case CMD_LISTEN_READER_FIELD:
903 ListenReaderField(c->arg[0]);
904 break;
905
906 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
907 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
908 SpinDelay(200);
909 LED_D_OFF(); // LED D indicates field ON or OFF
910 break;
911
912 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
913
914 LED_B_ON();
915 uint8_t *BigBuf = BigBuf_get_addr();
916 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
917 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
918 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,traceLen,BigBuf+c->arg[0]+i,len);
919 }
920 // Trigger a finish downloading signal with an ACK frame
921 cmd_send(CMD_ACK,0,0,traceLen,0,0);
922 LED_B_OFF();
923 break;
924
925 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
926 uint8_t *b = BigBuf_get_addr();
927 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
928 cmd_send(CMD_ACK,0,0,0,0,0);
929 break;
930 }
931 case CMD_READ_MEM:
932 ReadMem(c->arg[0]);
933 break;
934
935 case CMD_SET_LF_DIVISOR:
936 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
937 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
938 break;
939
940 case CMD_SET_ADC_MUX:
941 switch(c->arg[0]) {
942 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
943 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
944 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
945 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
946 }
947 break;
948
949 case CMD_VERSION:
950 SendVersion();
951 break;
952
953 #ifdef WITH_LCD
954 case CMD_LCD_RESET:
955 LCDReset();
956 break;
957 case CMD_LCD:
958 LCDSend(c->arg[0]);
959 break;
960 #endif
961 case CMD_SETUP_WRITE:
962 case CMD_FINISH_WRITE:
963 case CMD_HARDWARE_RESET:
964 usb_disable();
965 SpinDelay(1000);
966 SpinDelay(1000);
967 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
968 for(;;) {
969 // We're going to reset, and the bootrom will take control.
970 }
971 break;
972
973 case CMD_START_FLASH:
974 if(common_area.flags.bootrom_present) {
975 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
976 }
977 usb_disable();
978 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
979 for(;;);
980 break;
981
982 case CMD_DEVICE_INFO: {
983 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
984 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
985 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
986 break;
987 }
988 default:
989 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
990 break;
991 }
992 }
993
994 void __attribute__((noreturn)) AppMain(void)
995 {
996 SpinDelay(100);
997
998 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
999 /* Initialize common area */
1000 memset(&common_area, 0, sizeof(common_area));
1001 common_area.magic = COMMON_AREA_MAGIC;
1002 common_area.version = 1;
1003 }
1004 common_area.flags.osimage_present = 1;
1005
1006 LED_D_OFF();
1007 LED_C_OFF();
1008 LED_B_OFF();
1009 LED_A_OFF();
1010
1011 // Init USB device
1012 usb_enable();
1013
1014 // The FPGA gets its clock from us from PCK0 output, so set that up.
1015 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1016 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1017 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1018 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1019 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1020 AT91C_PMC_PRES_CLK_4;
1021 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1022
1023 // Reset SPI
1024 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1025 // Reset SSC
1026 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1027
1028 // Load the FPGA image, which we have stored in our flash.
1029 // (the HF version by default)
1030 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1031
1032 StartTickCount();
1033
1034 #ifdef WITH_LCD
1035 LCDInit();
1036 #endif
1037
1038 byte_t rx[sizeof(UsbCommand)];
1039 size_t rx_len;
1040
1041 for(;;) {
1042 if (usb_poll()) {
1043 rx_len = usb_read(rx,sizeof(UsbCommand));
1044 if (rx_len) {
1045 UsbPacketReceived(rx,rx_len);
1046 }
1047 }
1048 WDT_HIT();
1049
1050 #ifdef WITH_LF
1051 if (BUTTON_HELD(1000) > 0)
1052 SamyRun();
1053 #endif
1054 }
1055 }
Proxmark3 GIT tracking
Impressum, Datenschutz