]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
fix bug in moebius nonce collection - now finishes
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26 #include <hitagS.h>
27 #include "lfsampling.h"
28 #include "BigBuf.h"
29 #include "mifareutil.h"
30 #include "pcf7931.h"
31 #ifdef WITH_LCD
32 #include "LCD.h"
33 #endif
34
35 // Craig Young - 14a stand-alone code
36 #ifdef WITH_ISO14443a_StandAlone
37 #include "iso14443a.h"
38 #endif
39
40 //=============================================================================
41 // A buffer where we can queue things up to be sent through the FPGA, for
42 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
43 // is the order in which they go out on the wire.
44 //=============================================================================
45
46 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
47 uint8_t ToSend[TOSEND_BUFFER_SIZE];
48 int ToSendMax;
49 static int ToSendBit;
50 struct common_area common_area __attribute__((section(".commonarea")));
51
52 void ToSendReset(void)
53 {
54 ToSendMax = -1;
55 ToSendBit = 8;
56 }
57
58 void ToSendStuffBit(int b)
59 {
60 if(ToSendBit >= 8) {
61 ToSendMax++;
62 ToSend[ToSendMax] = 0;
63 ToSendBit = 0;
64 }
65
66 if(b) {
67 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
68 }
69
70 ToSendBit++;
71
72 if(ToSendMax >= sizeof(ToSend)) {
73 ToSendBit = 0;
74 DbpString("ToSendStuffBit overflowed!");
75 }
76 }
77
78 //=============================================================================
79 // Debug print functions, to go out over USB, to the usual PC-side client.
80 //=============================================================================
81
82 void DbpString(char *str)
83 {
84 byte_t len = strlen(str);
85 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
86 }
87
88 #if 0
89 void DbpIntegers(int x1, int x2, int x3)
90 {
91 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
92 }
93 #endif
94
95 void Dbprintf(const char *fmt, ...) {
96 // should probably limit size here; oh well, let's just use a big buffer
97 char output_string[128];
98 va_list ap;
99
100 va_start(ap, fmt);
101 kvsprintf(fmt, output_string, 10, ap);
102 va_end(ap);
103
104 DbpString(output_string);
105 }
106
107 // prints HEX & ASCII
108 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
109 int l=0,i;
110 char ascii[9];
111
112 while (len>0) {
113 if (len>8) l=8;
114 else l=len;
115
116 memcpy(ascii,d,l);
117 ascii[l]=0;
118
119 // filter safe ascii
120 for (i=0;i<l;i++)
121 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
122
123 if (bAsci) {
124 Dbprintf("%-8s %*D",ascii,l,d," ");
125 } else {
126 Dbprintf("%*D",l,d," ");
127 }
128
129 len-=8;
130 d+=8;
131 }
132 }
133
134 //-----------------------------------------------------------------------------
135 // Read an ADC channel and block till it completes, then return the result
136 // in ADC units (0 to 1023). Also a routine to average 32 samples and
137 // return that.
138 //-----------------------------------------------------------------------------
139 static int ReadAdc(int ch)
140 {
141 uint32_t d;
142
143 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
144 AT91C_BASE_ADC->ADC_MR =
145 ADC_MODE_PRESCALE(63 /* was 32 */) | // ADC_CLK = MCK / ((63+1) * 2) = 48MHz / 128 = 375kHz
146 ADC_MODE_STARTUP_TIME(1 /* was 16 */) | // Startup Time = (1+1) * 8 / ADC_CLK = 16 / 375kHz = 42,7us Note: must be > 20us
147 ADC_MODE_SAMPLE_HOLD_TIME(15 /* was 8 */); // Sample & Hold Time SHTIM = 15 / ADC_CLK = 15 / 375kHz = 40us
148
149 // Note: ADC_MODE_PRESCALE and ADC_MODE_SAMPLE_HOLD_TIME are set to the maximum allowed value.
150 // Both AMPL_LO and AMPL_HI are very high impedance (10MOhm) outputs, the input capacitance of the ADC is 12pF (typical). This results in a time constant
151 // of RC = 10MOhm * 12pF = 120us. Even after the maximum configurable sample&hold time of 40us the input capacitor will not be fully charged.
152 //
153 // The maths are:
154 // If there is a voltage v_in at the input, the voltage v_cap at the capacitor (this is what we are measuring) will be
155 //
156 // v_cap = v_in * (1 - exp(-RC/SHTIM)) = v_in * (1 - exp(-3)) = v_in * 0,95 (i.e. an error of 5%)
157 //
158 // Note: with the "historic" values in the comments above, the error was 34% !!!
159
160 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
161
162 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
163
164 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
165 ;
166 d = AT91C_BASE_ADC->ADC_CDR[ch];
167
168 return d;
169 }
170
171 int AvgAdc(int ch) // was static - merlok
172 {
173 int i;
174 int a = 0;
175
176 for(i = 0; i < 32; i++) {
177 a += ReadAdc(ch);
178 }
179
180 return (a + 15) >> 5;
181 }
182
183 void MeasureAntennaTuning(void)
184 {
185 uint8_t LF_Results[256];
186 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
187 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
188
189 LED_B_ON();
190
191 /*
192 * Sweeps the useful LF range of the proxmark from
193 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
194 * read the voltage in the antenna, the result left
195 * in the buffer is a graph which should clearly show
196 * the resonating frequency of your LF antenna
197 * ( hopefully around 95 if it is tuned to 125kHz!)
198 */
199
200 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
201 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
202 for (i=255; i>=19; i--) {
203 WDT_HIT();
204 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
205 SpinDelay(20);
206 adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
207 if (i==95) vLf125 = adcval; // voltage at 125Khz
208 if (i==89) vLf134 = adcval; // voltage at 134Khz
209
210 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
211 if(LF_Results[i] > peak) {
212 peakv = adcval;
213 peak = LF_Results[i];
214 peakf = i;
215 //ptr = i;
216 }
217 }
218
219 for (i=18; i >= 0; i--) LF_Results[i] = 0;
220
221 LED_A_ON();
222 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
223 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
224 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
225 SpinDelay(20);
226 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
227
228 cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
229 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
230 LED_A_OFF();
231 LED_B_OFF();
232 return;
233 }
234
235 void MeasureAntennaTuningHf(void)
236 {
237 int vHf = 0; // in mV
238
239 DbpString("Measuring HF antenna, press button to exit");
240
241 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
242 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
243 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
244
245 for (;;) {
246 SpinDelay(20);
247 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
248
249 Dbprintf("%d mV",vHf);
250 if (BUTTON_PRESS()) break;
251 }
252 DbpString("cancelled");
253
254 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
255
256 }
257
258
259 void ReadMem(int addr)
260 {
261 const uint8_t *data = ((uint8_t *)addr);
262
263 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
264 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
265 }
266
267 /* osimage version information is linked in */
268 extern struct version_information version_information;
269 /* bootrom version information is pointed to from _bootphase1_version_pointer */
270 extern char *_bootphase1_version_pointer, _flash_start, _flash_end, _bootrom_start, _bootrom_end, __data_src_start__;
271 void SendVersion(void)
272 {
273 char temp[USB_CMD_DATA_SIZE]; /* Limited data payload in USB packets */
274 char VersionString[USB_CMD_DATA_SIZE] = { '\0' };
275
276 /* Try to find the bootrom version information. Expect to find a pointer at
277 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
278 * pointer, then use it.
279 */
280 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
281 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
282 strcat(VersionString, "bootrom version information appears invalid\n");
283 } else {
284 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
285 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
286 }
287
288 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
289 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
290
291 FpgaGatherVersion(FPGA_BITSTREAM_LF, temp, sizeof(temp));
292 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
293 FpgaGatherVersion(FPGA_BITSTREAM_HF, temp, sizeof(temp));
294 strncat(VersionString, temp, sizeof(VersionString) - strlen(VersionString) - 1);
295
296 // Send Chip ID and used flash memory
297 uint32_t text_and_rodata_section_size = (uint32_t)&__data_src_start__ - (uint32_t)&_flash_start;
298 uint32_t compressed_data_section_size = common_area.arg1;
299 cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
300 }
301
302 // measure the USB Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
303 // Note: this mimics GetFromBigbuf(), i.e. we have the overhead of the UsbCommand structure included.
304 void printUSBSpeed(void)
305 {
306 Dbprintf("USB Speed:");
307 Dbprintf(" Sending USB packets to client...");
308
309 #define USB_SPEED_TEST_MIN_TIME 1500 // in milliseconds
310 uint8_t *test_data = BigBuf_get_addr();
311 uint32_t end_time;
312
313 uint32_t start_time = end_time = GetTickCount();
314 uint32_t bytes_transferred = 0;
315
316 LED_B_ON();
317 while(end_time < start_time + USB_SPEED_TEST_MIN_TIME) {
318 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, 0, USB_CMD_DATA_SIZE, 0, test_data, USB_CMD_DATA_SIZE);
319 end_time = GetTickCount();
320 bytes_transferred += USB_CMD_DATA_SIZE;
321 }
322 LED_B_OFF();
323
324 Dbprintf(" Time elapsed: %dms", end_time - start_time);
325 Dbprintf(" Bytes transferred: %d", bytes_transferred);
326 Dbprintf(" USB Transfer Speed PM3 -> Client = %d Bytes/s",
327 1000 * bytes_transferred / (end_time - start_time));
328
329 }
330
331 /**
332 * Prints runtime information about the PM3.
333 **/
334 void SendStatus(void)
335 {
336 BigBuf_print_status();
337 Fpga_print_status();
338 printConfig(); //LF Sampling config
339 printUSBSpeed();
340 Dbprintf("Various");
341 Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL);
342 Dbprintf(" ToSendMax........%d",ToSendMax);
343 Dbprintf(" ToSendBit........%d",ToSendBit);
344
345 cmd_send(CMD_ACK,1,0,0,0,0);
346 }
347
348 #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
349
350 #define OPTS 2
351
352 void StandAloneMode()
353 {
354 DbpString("Stand-alone mode! No PC necessary.");
355 // Oooh pretty -- notify user we're in elite samy mode now
356 LED(LED_RED, 200);
357 LED(LED_ORANGE, 200);
358 LED(LED_GREEN, 200);
359 LED(LED_ORANGE, 200);
360 LED(LED_RED, 200);
361 LED(LED_ORANGE, 200);
362 LED(LED_GREEN, 200);
363 LED(LED_ORANGE, 200);
364 LED(LED_RED, 200);
365
366 }
367
368 #endif
369
370
371
372 #ifdef WITH_ISO14443a_StandAlone
373 void StandAloneMode14a()
374 {
375 StandAloneMode();
376 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
377
378 int selected = 0;
379 int playing = 0, iGotoRecord = 0, iGotoClone = 0;
380 int cardRead[OPTS] = {0};
381 uint8_t readUID[10] = {0};
382 uint32_t uid_1st[OPTS]={0};
383 uint32_t uid_2nd[OPTS]={0};
384 uint32_t uid_tmp1 = 0;
385 uint32_t uid_tmp2 = 0;
386 iso14a_card_select_t hi14a_card[OPTS];
387
388 LED(selected + 1, 0);
389
390 for (;;)
391 {
392 usb_poll();
393 WDT_HIT();
394 SpinDelay(300);
395
396 if (iGotoRecord == 1 || cardRead[selected] == 0)
397 {
398 iGotoRecord = 0;
399 LEDsoff();
400 LED(selected + 1, 0);
401 LED(LED_RED2, 0);
402
403 // record
404 Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
405 /* need this delay to prevent catching some weird data */
406 SpinDelay(500);
407 /* Code for reading from 14a tag */
408 uint8_t uid[10] ={0};
409 uint32_t cuid;
410 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
411
412 for ( ; ; )
413 {
414 WDT_HIT();
415 if (BUTTON_PRESS()) {
416 if (cardRead[selected]) {
417 Dbprintf("Button press detected -- replaying card in bank[%d]", selected);
418 break;
419 }
420 else if (cardRead[(selected+1)%OPTS]) {
421 Dbprintf("Button press detected but no card in bank[%d] so playing from bank[%d]", selected, (selected+1)%OPTS);
422 selected = (selected+1)%OPTS;
423 break; // playing = 1;
424 }
425 else {
426 Dbprintf("Button press detected but no stored tag to play. (Ignoring button)");
427 SpinDelay(300);
428 }
429 }
430 if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid))
431 continue;
432 else
433 {
434 Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
435 memcpy(readUID,uid,10*sizeof(uint8_t));
436 uint8_t *dst = (uint8_t *)&uid_tmp1;
437 // Set UID byte order
438 for (int i=0; i<4; i++)
439 dst[i] = uid[3-i];
440 dst = (uint8_t *)&uid_tmp2;
441 for (int i=0; i<4; i++)
442 dst[i] = uid[7-i];
443 if (uid_1st[(selected+1)%OPTS] == uid_tmp1 && uid_2nd[(selected+1)%OPTS] == uid_tmp2) {
444 Dbprintf("Card selected has same UID as what is stored in the other bank. Skipping.");
445 }
446 else {
447 if (uid_tmp2) {
448 Dbprintf("Bank[%d] received a 7-byte UID",selected);
449 uid_1st[selected] = (uid_tmp1)>>8;
450 uid_2nd[selected] = (uid_tmp1<<24) + (uid_tmp2>>8);
451 }
452 else {
453 Dbprintf("Bank[%d] received a 4-byte UID",selected);
454 uid_1st[selected] = uid_tmp1;
455 uid_2nd[selected] = uid_tmp2;
456 }
457 break;
458 }
459 }
460 }
461 Dbprintf("ATQA = %02X%02X",hi14a_card[selected].atqa[0],hi14a_card[selected].atqa[1]);
462 Dbprintf("SAK = %02X",hi14a_card[selected].sak);
463 LEDsoff();
464 LED(LED_GREEN, 200);
465 LED(LED_ORANGE, 200);
466 LED(LED_GREEN, 200);
467 LED(LED_ORANGE, 200);
468
469 LEDsoff();
470 LED(selected + 1, 0);
471
472 // Next state is replay:
473 playing = 1;
474
475 cardRead[selected] = 1;
476 }
477 /* MF Classic UID clone */
478 else if (iGotoClone==1)
479 {
480 iGotoClone=0;
481 LEDsoff();
482 LED(selected + 1, 0);
483 LED(LED_ORANGE, 250);
484
485
486 // record
487 Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
488
489 // wait for button to be released
490 while(BUTTON_PRESS())
491 {
492 // Delay cloning until card is in place
493 WDT_HIT();
494 }
495 Dbprintf("Starting clone. [Bank: %u]", selected);
496 // need this delay to prevent catching some weird data
497 SpinDelay(500);
498 // Begin clone function here:
499 /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
500 UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
501 memcpy(c.d.asBytes, data, 16);
502 SendCommand(&c);
503
504 Block read is similar:
505 UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
506 We need to imitate that call with blockNo 0 to set a uid.
507
508 The get and set commands are handled in this file:
509 // Work with "magic Chinese" card
510 case CMD_MIFARE_CSETBLOCK:
511 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
512 break;
513 case CMD_MIFARE_CGETBLOCK:
514 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
515 break;
516
517 mfCSetUID provides example logic for UID set workflow:
518 -Read block0 from card in field with MifareCGetBlock()
519 -Configure new values without replacing reserved bytes
520 memcpy(block0, uid, 4); // Copy UID bytes from byte array
521 // Mifare UID BCC
522 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
523 Bytes 5-7 are reserved SAK and ATQA for mifare classic
524 -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
525 */
526 uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
527 // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
528 MifareCGetBlock(0x3F, 1, 0, oldBlock0);
529 if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) {
530 Dbprintf("No changeable tag detected. Returning to replay mode for bank[%d]", selected);
531 playing = 1;
532 }
533 else {
534 Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
535 memcpy(newBlock0,oldBlock0,16);
536 // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
537
538 newBlock0[0] = uid_1st[selected]>>24;
539 newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
540 newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
541 newBlock0[3] = 0xFF & (uid_1st[selected]);
542 newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
543 // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
544 MifareCSetBlock(0, 0xFF,0, newBlock0);
545 MifareCGetBlock(0x3F, 1, 0, testBlock0);
546 if (memcmp(testBlock0,newBlock0,16)==0)
547 {
548 DbpString("Cloned successfull!");
549 cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
550 playing = 0;
551 iGotoRecord = 1;
552 selected = (selected+1) % OPTS;
553 }
554 else {
555 Dbprintf("Clone failed. Back to replay mode on bank[%d]", selected);
556 playing = 1;
557 }
558 }
559 LEDsoff();
560 LED(selected + 1, 0);
561
562 }
563 // Change where to record (or begin playing)
564 else if (playing==1) // button_pressed == BUTTON_SINGLE_CLICK && cardRead[selected])
565 {
566 LEDsoff();
567 LED(selected + 1, 0);
568
569 // Begin transmitting
570 if (playing)
571 {
572 LED(LED_GREEN, 0);
573 DbpString("Playing");
574 for ( ; ; ) {
575 WDT_HIT();
576 int button_action = BUTTON_HELD(1000);
577 if (button_action == 0) { // No button action, proceed with sim
578 uint8_t data[512] = {0}; // in case there is a read command received we shouldn't break
579 Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
580 if (hi14a_card[selected].sak == 8 && hi14a_card[selected].atqa[0] == 4 && hi14a_card[selected].atqa[1] == 0) {
581 DbpString("Mifare Classic");
582 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data); // Mifare Classic
583 }
584 else if (hi14a_card[selected].sak == 0 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 0) {
585 DbpString("Mifare Ultralight");
586 SimulateIso14443aTag(2,uid_1st[selected],uid_2nd[selected],data); // Mifare Ultralight
587 }
588 else if (hi14a_card[selected].sak == 20 && hi14a_card[selected].atqa[0] == 0x44 && hi14a_card[selected].atqa[1] == 3) {
589 DbpString("Mifare DESFire");
590 SimulateIso14443aTag(3,uid_1st[selected],uid_2nd[selected],data); // Mifare DESFire
591 }
592 else {
593 Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
594 SimulateIso14443aTag(1,uid_1st[selected], uid_2nd[selected], data);
595 }
596 }
597 else if (button_action == BUTTON_SINGLE_CLICK) {
598 selected = (selected + 1) % OPTS;
599 Dbprintf("Done playing. Switching to record mode on bank %d",selected);
600 iGotoRecord = 1;
601 break;
602 }
603 else if (button_action == BUTTON_HOLD) {
604 Dbprintf("Playtime over. Begin cloning...");
605 iGotoClone = 1;
606 break;
607 }
608 WDT_HIT();
609 }
610
611 /* We pressed a button so ignore it here with a delay */
612 SpinDelay(300);
613 LEDsoff();
614 LED(selected + 1, 0);
615 }
616 else
617 while(BUTTON_PRESS())
618 WDT_HIT();
619 }
620 }
621 }
622 #elif WITH_LF
623 // samy's sniff and repeat routine
624 void SamyRun()
625 {
626 StandAloneMode();
627 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
628
629 int high[OPTS], low[OPTS];
630 int selected = 0;
631 int playing = 0;
632 int cardRead = 0;
633
634 // Turn on selected LED
635 LED(selected + 1, 0);
636
637 for (;;)
638 {
639 usb_poll();
640 WDT_HIT();
641
642 // Was our button held down or pressed?
643 int button_pressed = BUTTON_HELD(1000);
644 SpinDelay(300);
645
646 // Button was held for a second, begin recording
647 if (button_pressed > 0 && cardRead == 0)
648 {
649 LEDsoff();
650 LED(selected + 1, 0);
651 LED(LED_RED2, 0);
652
653 // record
654 DbpString("Starting recording");
655
656 // wait for button to be released
657 while(BUTTON_PRESS())
658 WDT_HIT();
659
660 /* need this delay to prevent catching some weird data */
661 SpinDelay(500);
662
663 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
664 Dbprintf("Recorded %x %x%08x", selected, high[selected], low[selected]);
665
666 LEDsoff();
667 LED(selected + 1, 0);
668 // Finished recording
669
670 // If we were previously playing, set playing off
671 // so next button push begins playing what we recorded
672 playing = 0;
673
674 cardRead = 1;
675
676 }
677
678 else if (button_pressed > 0 && cardRead == 1)
679 {
680 LEDsoff();
681 LED(selected + 1, 0);
682 LED(LED_ORANGE, 0);
683
684 // record
685 Dbprintf("Cloning %x %x%08x", selected, high[selected], low[selected]);
686
687 // wait for button to be released
688 while(BUTTON_PRESS())
689 WDT_HIT();
690
691 /* need this delay to prevent catching some weird data */
692 SpinDelay(500);
693
694 CopyHIDtoT55x7(0, high[selected], low[selected], 0);
695 Dbprintf("Cloned %x %x%08x", selected, high[selected], low[selected]);
696
697 LEDsoff();
698 LED(selected + 1, 0);
699 // Finished recording
700
701 // If we were previously playing, set playing off
702 // so next button push begins playing what we recorded
703 playing = 0;
704
705 cardRead = 0;
706
707 }
708
709 // Change where to record (or begin playing)
710 else if (button_pressed)
711 {
712 // Next option if we were previously playing
713 if (playing)
714 selected = (selected + 1) % OPTS;
715 playing = !playing;
716
717 LEDsoff();
718 LED(selected + 1, 0);
719
720 // Begin transmitting
721 if (playing)
722 {
723 LED(LED_GREEN, 0);
724 DbpString("Playing");
725 // wait for button to be released
726 while(BUTTON_PRESS())
727 WDT_HIT();
728 Dbprintf("%x %x%08x", selected, high[selected], low[selected]);
729 CmdHIDsimTAG(high[selected], low[selected], 0);
730 DbpString("Done playing");
731 if (BUTTON_HELD(1000) > 0)
732 {
733 DbpString("Exiting");
734 LEDsoff();
735 return;
736 }
737
738 /* We pressed a button so ignore it here with a delay */
739 SpinDelay(300);
740
741 // when done, we're done playing, move to next option
742 selected = (selected + 1) % OPTS;
743 playing = !playing;
744 LEDsoff();
745 LED(selected + 1, 0);
746 }
747 else
748 while(BUTTON_PRESS())
749 WDT_HIT();
750 }
751 }
752 }
753
754 #endif
755 /*
756 OBJECTIVE
757 Listen and detect an external reader. Determine the best location
758 for the antenna.
759
760 INSTRUCTIONS:
761 Inside the ListenReaderField() function, there is two mode.
762 By default, when you call the function, you will enter mode 1.
763 If you press the PM3 button one time, you will enter mode 2.
764 If you press the PM3 button a second time, you will exit the function.
765
766 DESCRIPTION OF MODE 1:
767 This mode just listens for an external reader field and lights up green
768 for HF and/or red for LF. This is the original mode of the detectreader
769 function.
770
771 DESCRIPTION OF MODE 2:
772 This mode will visually represent, using the LEDs, the actual strength of the
773 current compared to the maximum current detected. Basically, once you know
774 what kind of external reader is present, it will help you spot the best location to place
775 your antenna. You will probably not get some good results if there is a LF and a HF reader
776 at the same place! :-)
777
778 LIGHT SCHEME USED:
779 */
780 static const char LIGHT_SCHEME[] = {
781 0x0, /* ---- | No field detected */
782 0x1, /* X--- | 14% of maximum current detected */
783 0x2, /* -X-- | 29% of maximum current detected */
784 0x4, /* --X- | 43% of maximum current detected */
785 0x8, /* ---X | 57% of maximum current detected */
786 0xC, /* --XX | 71% of maximum current detected */
787 0xE, /* -XXX | 86% of maximum current detected */
788 0xF, /* XXXX | 100% of maximum current detected */
789 };
790 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
791
792 void ListenReaderField(int limit)
793 {
794 int lf_av, lf_av_new, lf_baseline= 0, lf_max;
795 int hf_av, hf_av_new, hf_baseline= 0, hf_max;
796 int mode=1, display_val, display_max, i;
797
798 #define LF_ONLY 1
799 #define HF_ONLY 2
800 #define REPORT_CHANGE 10 // report new values only if they have changed at least by REPORT_CHANGE
801
802
803 // switch off FPGA - we don't want to measure our own signal
804 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
805 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
806
807 LEDsoff();
808
809 lf_av = lf_max = AvgAdc(ADC_CHAN_LF);
810
811 if(limit != HF_ONLY) {
812 Dbprintf("LF 125/134kHz Baseline: %dmV", (MAX_ADC_LF_VOLTAGE * lf_av) >> 10);
813 lf_baseline = lf_av;
814 }
815
816 hf_av = hf_max = AvgAdc(ADC_CHAN_HF);
817
818 if (limit != LF_ONLY) {
819 Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10);
820 hf_baseline = hf_av;
821 }
822
823 for(;;) {
824 if (BUTTON_PRESS()) {
825 SpinDelay(500);
826 switch (mode) {
827 case 1:
828 mode=2;
829 DbpString("Signal Strength Mode");
830 break;
831 case 2:
832 default:
833 DbpString("Stopped");
834 LEDsoff();
835 return;
836 break;
837 }
838 }
839 WDT_HIT();
840
841 if (limit != HF_ONLY) {
842 if(mode == 1) {
843 if (ABS(lf_av - lf_baseline) > REPORT_CHANGE)
844 LED_D_ON();
845 else
846 LED_D_OFF();
847 }
848
849 lf_av_new = AvgAdc(ADC_CHAN_LF);
850 // see if there's a significant change
851 if(ABS(lf_av - lf_av_new) > REPORT_CHANGE) {
852 Dbprintf("LF 125/134kHz Field Change: %5dmV", (MAX_ADC_LF_VOLTAGE * lf_av_new) >> 10);
853 lf_av = lf_av_new;
854 if (lf_av > lf_max)
855 lf_max = lf_av;
856 }
857 }
858
859 if (limit != LF_ONLY) {
860 if (mode == 1){
861 if (ABS(hf_av - hf_baseline) > REPORT_CHANGE)
862 LED_B_ON();
863 else
864 LED_B_OFF();
865 }
866
867 hf_av_new = AvgAdc(ADC_CHAN_HF);
868 // see if there's a significant change
869 if(ABS(hf_av - hf_av_new) > REPORT_CHANGE) {
870 Dbprintf("HF 13.56MHz Field Change: %5dmV", (MAX_ADC_HF_VOLTAGE * hf_av_new) >> 10);
871 hf_av = hf_av_new;
872 if (hf_av > hf_max)
873 hf_max = hf_av;
874 }
875 }
876
877 if(mode == 2) {
878 if (limit == LF_ONLY) {
879 display_val = lf_av;
880 display_max = lf_max;
881 } else if (limit == HF_ONLY) {
882 display_val = hf_av;
883 display_max = hf_max;
884 } else { /* Pick one at random */
885 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
886 display_val = hf_av;
887 display_max = hf_max;
888 } else {
889 display_val = lf_av;
890 display_max = lf_max;
891 }
892 }
893 for (i=0; i<LIGHT_LEN; i++) {
894 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
895 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
896 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
897 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
898 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
899 break;
900 }
901 }
902 }
903 }
904 }
905
906 void UsbPacketReceived(uint8_t *packet, int len)
907 {
908 UsbCommand *c = (UsbCommand *)packet;
909
910 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
911
912 switch(c->cmd) {
913 #ifdef WITH_LF
914 case CMD_SET_LF_SAMPLING_CONFIG:
915 setSamplingConfig((sample_config *) c->d.asBytes);
916 break;
917 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
918 cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
919 break;
920 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
921 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
922 break;
923 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
924 cmd_send(CMD_ACK,SnoopLF(),0,0,0,0);
925 break;
926 case CMD_HID_DEMOD_FSK:
927 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
928 break;
929 case CMD_HID_SIM_TAG:
930 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
931 break;
932 case CMD_FSK_SIM_TAG:
933 CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
934 break;
935 case CMD_ASK_SIM_TAG:
936 CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
937 break;
938 case CMD_PSK_SIM_TAG:
939 CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
940 break;
941 case CMD_HID_CLONE_TAG:
942 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
943 break;
944 case CMD_IO_DEMOD_FSK:
945 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
946 break;
947 case CMD_IO_CLONE_TAG:
948 CopyIOtoT55x7(c->arg[0], c->arg[1]);
949 break;
950 case CMD_EM410X_DEMOD:
951 CmdEM410xdemod(c->arg[0], 0, 0, 1);
952 break;
953 case CMD_EM410X_WRITE_TAG:
954 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
955 break;
956 case CMD_READ_TI_TYPE:
957 ReadTItag();
958 break;
959 case CMD_WRITE_TI_TYPE:
960 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
961 break;
962 case CMD_SIMULATE_TAG_125K:
963 LED_A_ON();
964 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
965 LED_A_OFF();
966 break;
967 case CMD_LF_SIMULATE_BIDIR:
968 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
969 break;
970 case CMD_INDALA_CLONE_TAG:
971 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
972 break;
973 case CMD_INDALA_CLONE_TAG_L:
974 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
975 break;
976 case CMD_T55XX_READ_BLOCK:
977 T55xxReadBlock(c->arg[0], c->arg[1], c->arg[2]);
978 break;
979 case CMD_T55XX_WRITE_BLOCK:
980 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
981 break;
982 case CMD_T55XX_WAKEUP:
983 T55xxWakeUp(c->arg[0]);
984 break;
985 case CMD_T55XX_RESET_READ:
986 T55xxResetRead();
987 break;
988 case CMD_PCF7931_READ:
989 ReadPCF7931();
990 break;
991 case CMD_PCF7931_WRITE:
992 WritePCF7931(c->d.asBytes[0],c->d.asBytes[1],c->d.asBytes[2],c->d.asBytes[3],c->d.asBytes[4],c->d.asBytes[5],c->d.asBytes[6], c->d.asBytes[9], c->d.asBytes[7]-128,c->d.asBytes[8]-128, c->arg[0], c->arg[1], c->arg[2]);
993 break;
994 case CMD_EM4X_READ_WORD:
995 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
996 break;
997 case CMD_EM4X_WRITE_WORD:
998 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
999 break;
1000 case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
1001 CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
1002 break;
1003 case CMD_VIKING_CLONE_TAG:
1004 CopyVikingtoT55xx(c->arg[0], c->arg[1], c->arg[2]);
1005 break;
1006 #endif
1007
1008 #ifdef WITH_HITAG
1009 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
1010 SnoopHitag(c->arg[0]);
1011 break;
1012 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
1013 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1014 break;
1015 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
1016 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1017 break;
1018 case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content
1019 SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
1020 break;
1021 case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file
1022 check_challenges((bool)c->arg[0],(byte_t*)c->d.asBytes);
1023 break;
1024 case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge
1025 ReadHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
1026 break;
1027 case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge
1028 WritePageHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes,c->arg[2]);
1029 break;
1030 #endif
1031
1032 #ifdef WITH_ISO15693
1033 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
1034 AcquireRawAdcSamplesIso15693();
1035 break;
1036 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
1037 RecordRawAdcSamplesIso15693();
1038 break;
1039
1040 case CMD_ISO_15693_COMMAND:
1041 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1042 break;
1043
1044 case CMD_ISO_15693_FIND_AFI:
1045 BruteforceIso15693Afi(c->arg[0]);
1046 break;
1047
1048 case CMD_ISO_15693_DEBUG:
1049 SetDebugIso15693(c->arg[0]);
1050 break;
1051
1052 case CMD_READER_ISO_15693:
1053 ReaderIso15693(c->arg[0]);
1054 break;
1055 case CMD_SIMTAG_ISO_15693:
1056 SimTagIso15693(c->arg[0], c->d.asBytes);
1057 break;
1058 #endif
1059
1060 #ifdef WITH_LEGICRF
1061 case CMD_SIMULATE_TAG_LEGIC_RF:
1062 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
1063 break;
1064
1065 case CMD_WRITER_LEGIC_RF:
1066 LegicRfWriter(c->arg[1], c->arg[0]);
1067 break;
1068
1069 case CMD_READER_LEGIC_RF:
1070 LegicRfReader(c->arg[0], c->arg[1]);
1071 break;
1072 #endif
1073
1074 #ifdef WITH_ISO14443b
1075 case CMD_READ_SRI512_TAG:
1076 ReadSTMemoryIso14443b(0x0F);
1077 break;
1078 case CMD_READ_SRIX4K_TAG:
1079 ReadSTMemoryIso14443b(0x7F);
1080 break;
1081 case CMD_SNOOP_ISO_14443B:
1082 SnoopIso14443b();
1083 break;
1084 case CMD_SIMULATE_TAG_ISO_14443B:
1085 SimulateIso14443bTag();
1086 break;
1087 case CMD_ISO_14443B_COMMAND:
1088 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
1089 break;
1090 #endif
1091
1092 #ifdef WITH_ISO14443a
1093 case CMD_SNOOP_ISO_14443a:
1094 SnoopIso14443a(c->arg[0]);
1095 break;
1096 case CMD_READER_ISO_14443a:
1097 ReaderIso14443a(c);
1098 break;
1099 case CMD_SIMULATE_TAG_ISO_14443a:
1100 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
1101 break;
1102
1103 case CMD_EPA_PACE_COLLECT_NONCE:
1104 EPA_PACE_Collect_Nonce(c);
1105 break;
1106 case CMD_EPA_PACE_REPLAY:
1107 EPA_PACE_Replay(c);
1108 break;
1109
1110 case CMD_READER_MIFARE:
1111 ReaderMifare(c->arg[0]);
1112 break;
1113 case CMD_MIFARE_READBL:
1114 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1115 break;
1116 case CMD_MIFAREU_READBL:
1117 MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
1118 break;
1119 case CMD_MIFAREUC_AUTH:
1120 MifareUC_Auth(c->arg[0],c->d.asBytes);
1121 break;
1122 case CMD_MIFAREU_READCARD:
1123 MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1124 break;
1125 case CMD_MIFAREUC_SETPWD:
1126 MifareUSetPwd(c->arg[0], c->d.asBytes);
1127 break;
1128 case CMD_MIFARE_READSC:
1129 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1130 break;
1131 case CMD_MIFARE_WRITEBL:
1132 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1133 break;
1134 //case CMD_MIFAREU_WRITEBL_COMPAT:
1135 //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
1136 //break;
1137 case CMD_MIFAREU_WRITEBL:
1138 MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
1139 break;
1140 case CMD_MIFARE_NESTED:
1141 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1142 break;
1143 case CMD_MIFARE_CHKKEYS:
1144 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1145 break;
1146 case CMD_SIMULATE_MIFARE_CARD:
1147 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1148 break;
1149
1150 // emulator
1151 case CMD_MIFARE_SET_DBGMODE:
1152 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1153 break;
1154 case CMD_MIFARE_EML_MEMCLR:
1155 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1156 break;
1157 case CMD_MIFARE_EML_MEMSET:
1158 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1159 break;
1160 case CMD_MIFARE_EML_MEMGET:
1161 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1162 break;
1163 case CMD_MIFARE_EML_CARDLOAD:
1164 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1165 break;
1166
1167 // Work with "magic Chinese" card
1168 case CMD_MIFARE_CSETBLOCK:
1169 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1170 break;
1171 case CMD_MIFARE_CGETBLOCK:
1172 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1173 break;
1174 case CMD_MIFARE_CIDENT:
1175 MifareCIdent();
1176 break;
1177
1178 // mifare sniffer
1179 case CMD_MIFARE_SNIFFER:
1180 SniffMifare(c->arg[0]);
1181 break;
1182
1183 #endif
1184
1185 #ifdef WITH_ICLASS
1186 // Makes use of ISO14443a FPGA Firmware
1187 case CMD_SNOOP_ICLASS:
1188 SnoopIClass();
1189 break;
1190 case CMD_SIMULATE_TAG_ICLASS:
1191 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
1192 break;
1193 case CMD_READER_ICLASS:
1194 ReaderIClass(c->arg[0]);
1195 break;
1196 case CMD_READER_ICLASS_REPLAY:
1197 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
1198 break;
1199 case CMD_ICLASS_EML_MEMSET:
1200 emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
1201 break;
1202 case CMD_ICLASS_WRITEBLOCK:
1203 iClass_WriteBlock(c->arg[0], c->d.asBytes);
1204 break;
1205 case CMD_ICLASS_READCHECK: // auth step 1
1206 iClass_ReadCheck(c->arg[0], c->arg[1]);
1207 break;
1208 case CMD_ICLASS_READBLOCK:
1209 iClass_ReadBlk(c->arg[0]);
1210 break;
1211 case CMD_ICLASS_AUTHENTICATION: //check
1212 iClass_Authentication(c->d.asBytes);
1213 break;
1214 case CMD_ICLASS_DUMP:
1215 iClass_Dump(c->arg[0], c->arg[1]);
1216 break;
1217 case CMD_ICLASS_CLONE:
1218 iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
1219 break;
1220 #endif
1221 #ifdef WITH_HFSNOOP
1222 case CMD_HF_SNIFFER:
1223 HfSnoop(c->arg[0], c->arg[1]);
1224 break;
1225 #endif
1226
1227 case CMD_BUFF_CLEAR:
1228 BigBuf_Clear();
1229 break;
1230
1231 case CMD_MEASURE_ANTENNA_TUNING:
1232 MeasureAntennaTuning();
1233 break;
1234
1235 case CMD_MEASURE_ANTENNA_TUNING_HF:
1236 MeasureAntennaTuningHf();
1237 break;
1238
1239 case CMD_LISTEN_READER_FIELD:
1240 ListenReaderField(c->arg[0]);
1241 break;
1242
1243 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
1244 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1245 SpinDelay(200);
1246 LED_D_OFF(); // LED D indicates field ON or OFF
1247 break;
1248
1249 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
1250
1251 LED_B_ON();
1252 uint8_t *BigBuf = BigBuf_get_addr();
1253 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
1254 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
1255 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
1256 }
1257 // Trigger a finish downloading signal with an ACK frame
1258 cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
1259 LED_B_OFF();
1260 break;
1261
1262 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
1263 uint8_t *b = BigBuf_get_addr();
1264 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
1265 cmd_send(CMD_ACK,0,0,0,0,0);
1266 break;
1267 }
1268 case CMD_READ_MEM:
1269 ReadMem(c->arg[0]);
1270 break;
1271
1272 case CMD_SET_LF_DIVISOR:
1273 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
1274 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
1275 break;
1276
1277 case CMD_SET_ADC_MUX:
1278 switch(c->arg[0]) {
1279 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
1280 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
1281 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
1282 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
1283 }
1284 break;
1285
1286 case CMD_VERSION:
1287 SendVersion();
1288 break;
1289 case CMD_STATUS:
1290 SendStatus();
1291 break;
1292 case CMD_PING:
1293 cmd_send(CMD_ACK,0,0,0,0,0);
1294 break;
1295 #ifdef WITH_LCD
1296 case CMD_LCD_RESET:
1297 LCDReset();
1298 break;
1299 case CMD_LCD:
1300 LCDSend(c->arg[0]);
1301 break;
1302 #endif
1303 case CMD_SETUP_WRITE:
1304 case CMD_FINISH_WRITE:
1305 case CMD_HARDWARE_RESET:
1306 usb_disable();
1307 SpinDelay(1000);
1308 SpinDelay(1000);
1309 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1310 for(;;) {
1311 // We're going to reset, and the bootrom will take control.
1312 }
1313 break;
1314
1315 case CMD_START_FLASH:
1316 if(common_area.flags.bootrom_present) {
1317 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
1318 }
1319 usb_disable();
1320 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1321 for(;;);
1322 break;
1323
1324 case CMD_DEVICE_INFO: {
1325 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1326 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1327 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1328 break;
1329 }
1330 default:
1331 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1332 break;
1333 }
1334 }
1335
1336 void __attribute__((noreturn)) AppMain(void)
1337 {
1338 SpinDelay(100);
1339 clear_trace();
1340 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1341 /* Initialize common area */
1342 memset(&common_area, 0, sizeof(common_area));
1343 common_area.magic = COMMON_AREA_MAGIC;
1344 common_area.version = 1;
1345 }
1346 common_area.flags.osimage_present = 1;
1347
1348 LED_D_OFF();
1349 LED_C_OFF();
1350 LED_B_OFF();
1351 LED_A_OFF();
1352
1353 // Init USB device
1354 usb_enable();
1355
1356 // The FPGA gets its clock from us from PCK0 output, so set that up.
1357 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1358 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1359 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1360 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1361 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1362 AT91C_PMC_PRES_CLK_4; // 4 for 24Mhz pck0, 2 for 48 MHZ pck0
1363 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1364
1365 // Reset SPI
1366 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1367 // Reset SSC
1368 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1369
1370 // Load the FPGA image, which we have stored in our flash.
1371 // (the HF version by default)
1372 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1373
1374 StartTickCount();
1375
1376 #ifdef WITH_LCD
1377 LCDInit();
1378 #endif
1379
1380 byte_t rx[sizeof(UsbCommand)];
1381 size_t rx_len;
1382
1383 for(;;) {
1384 if (usb_poll()) {
1385 rx_len = usb_read(rx,sizeof(UsbCommand));
1386 if (rx_len) {
1387 UsbPacketReceived(rx,rx_len);
1388 }
1389 }
1390 WDT_HIT();
1391
1392 #ifdef WITH_LF
1393 #ifndef WITH_ISO14443a_StandAlone
1394 if (BUTTON_HELD(1000) > 0)
1395 SamyRun();
1396 #endif
1397 #endif
1398 #ifdef WITH_ISO14443a
1399 #ifdef WITH_ISO14443a_StandAlone
1400 if (BUTTON_HELD(1000) > 0)
1401 StandAloneMode14a();
1402 #endif
1403 #endif
1404 }
1405 }
Impressum, Datenschutz