]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
6fd6cdcc3cd0332309f37524df93a4e86eca2628
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "../common/usb_cdc.h"
14 #include "../common/cmd.h"
15
16 #include "../include/proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include "../include/hitag2.h"
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 uint8_t ToSend[512];
40 int ToSendMax;
41 static int ToSendBit;
42 struct common_area common_area __attribute__((section(".commonarea")));
43
44 void BufferClear(void)
45 {
46 memset(BigBuf,0,sizeof(BigBuf));
47 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
48 }
49
50 void ToSendReset(void)
51 {
52 ToSendMax = -1;
53 ToSendBit = 8;
54 }
55
56 void ToSendStuffBit(int b)
57 {
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
70 if(ToSendBit >= sizeof(ToSend)) {
71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74 }
75
76 //=============================================================================
77 // Debug print functions, to go out over USB, to the usual PC-side client.
78 //=============================================================================
79
80 void DbpString(char *str)
81 {
82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
84 }
85
86 #if 0
87 void DbpIntegers(int x1, int x2, int x3)
88 {
89 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
90 }
91 #endif
92
93 void Dbprintf(const char *fmt, ...) {
94 // should probably limit size here; oh well, let's just use a big buffer
95 char output_string[128];
96 va_list ap;
97
98 va_start(ap, fmt);
99 kvsprintf(fmt, output_string, 10, ap);
100 va_end(ap);
101
102 DbpString(output_string);
103 }
104
105 // prints HEX & ASCII
106 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
107 int l=0,i;
108 char ascii[9];
109
110 while (len>0) {
111 if (len>8) l=8;
112 else l=len;
113
114 memcpy(ascii,d,l);
115 ascii[l]=0;
116
117 // filter safe ascii
118 for (i=0;i<l;i++)
119 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
120
121 if (bAsci) {
122 Dbprintf("%-8s %*D",ascii,l,d," ");
123 } else {
124 Dbprintf("%*D",l,d," ");
125 }
126
127 len-=8;
128 d+=8;
129 }
130 }
131
132 //-----------------------------------------------------------------------------
133 // Read an ADC channel and block till it completes, then return the result
134 // in ADC units (0 to 1023). Also a routine to average 32 samples and
135 // return that.
136 //-----------------------------------------------------------------------------
137 static int ReadAdc(int ch)
138 {
139 uint32_t d;
140
141 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
142 AT91C_BASE_ADC->ADC_MR =
143 ADC_MODE_PRESCALE(32) |
144 ADC_MODE_STARTUP_TIME(16) |
145 ADC_MODE_SAMPLE_HOLD_TIME(8);
146 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
147
148 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
149 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
150 ;
151 d = AT91C_BASE_ADC->ADC_CDR[ch];
152
153 return d;
154 }
155
156 int AvgAdc(int ch) // was static - merlok
157 {
158 int i;
159 int a = 0;
160
161 for(i = 0; i < 32; i++) {
162 a += ReadAdc(ch);
163 }
164
165 return (a + 15) >> 5;
166 }
167
168 void MeasureAntennaTuning(void)
169 {
170 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
171 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
172 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
173
174 LED_B_ON();
175 DbpString("Measuring antenna characteristics, please wait...");
176 memset(dest,0,sizeof(FREE_BUFFER_SIZE));
177
178 /*
179 * Sweeps the useful LF range of the proxmark from
180 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
181 * read the voltage in the antenna, the result left
182 * in the buffer is a graph which should clearly show
183 * the resonating frequency of your LF antenna
184 * ( hopefully around 95 if it is tuned to 125kHz!)
185 */
186
187 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
188 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
189 for (i=255; i>19; i--) {
190 WDT_HIT();
191 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
192 SpinDelay(20);
193 // Vref = 3.3V, and a 10000:240 voltage divider on the input
194 // can measure voltages up to 137500 mV
195 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
196 if (i==95) vLf125 = adcval; // voltage at 125Khz
197 if (i==89) vLf134 = adcval; // voltage at 134Khz
198
199 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
200 if(dest[i] > peak) {
201 peakv = adcval;
202 peak = dest[i];
203 peakf = i;
204 //ptr = i;
205 }
206 }
207
208 LED_A_ON();
209 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
210 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
211 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
212 SpinDelay(20);
213 // Vref = 3300mV, and an 10:1 voltage divider on the input
214 // can measure voltages up to 33000 mV
215 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
216
217 // c.cmd = CMD_MEASURED_ANTENNA_TUNING;
218 // c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
219 // c.arg[1] = vHf;
220 // c.arg[2] = peakf | (peakv << 16);
221
222 DbpString("Measuring complete, sending report back to host");
223 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),0,0);
224 // UsbSendPacket((uint8_t *)&c, sizeof(c));
225 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
226 LED_A_OFF();
227 LED_B_OFF();
228 return;
229 }
230
231 void MeasureAntennaTuningHf(void)
232 {
233 int vHf = 0; // in mV
234
235 DbpString("Measuring HF antenna, press button to exit");
236
237 for (;;) {
238 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
239 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
240 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
241 SpinDelay(20);
242 // Vref = 3300mV, and an 10:1 voltage divider on the input
243 // can measure voltages up to 33000 mV
244 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
245
246 Dbprintf("%d mV",vHf);
247 if (BUTTON_PRESS()) break;
248 }
249 DbpString("cancelled");
250 }
251
252
253 void SimulateTagHfListen(void)
254 {
255 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
256 uint8_t v = 0;
257 int i;
258 int p = 0;
259
260 // We're using this mode just so that I can test it out; the simulated
261 // tag mode would work just as well and be simpler.
262 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
263 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
264
265 // We need to listen to the high-frequency, peak-detected path.
266 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
267
268 FpgaSetupSsc();
269
270 i = 0;
271 for(;;) {
272 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
273 AT91C_BASE_SSC->SSC_THR = 0xff;
274 }
275 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
276 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
277
278 v <<= 1;
279 if(r & 1) {
280 v |= 1;
281 }
282 p++;
283
284 if(p >= 8) {
285 dest[i] = v;
286 v = 0;
287 p = 0;
288 i++;
289
290 if(i >= FREE_BUFFER_SIZE) {
291 break;
292 }
293 }
294 }
295 }
296 DbpString("simulate tag (now type bitsamples)");
297 }
298
299 void ReadMem(int addr)
300 {
301 const uint8_t *data = ((uint8_t *)addr);
302
303 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
304 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
305 }
306
307 /* osimage version information is linked in */
308 extern struct version_information version_information;
309 /* bootrom version information is pointed to from _bootphase1_version_pointer */
310 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
311 void SendVersion(void)
312 {
313 char temp[256]; /* Limited data payload in USB packets */
314 DbpString("Prox/RFID mark3 RFID instrument");
315
316 /* Try to find the bootrom version information. Expect to find a pointer at
317 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
318 * pointer, then use it.
319 */
320 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
321 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
322 DbpString("bootrom version information appears invalid");
323 } else {
324 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
325 DbpString(temp);
326 }
327
328 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
329 DbpString(temp);
330
331 FpgaGatherVersion(temp, sizeof(temp));
332 DbpString(temp);
333 // Send Chip ID
334 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
335 }
336
337 #ifdef WITH_LF
338 // samy's sniff and repeat routine
339 void SamyRun()
340 {
341 DbpString("Stand-alone mode! No PC necessary.");
342 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
343
344 // 3 possible options? no just 2 for now
345 #define OPTS 2
346
347 int high[OPTS], low[OPTS];
348
349 // Oooh pretty -- notify user we're in elite samy mode now
350 LED(LED_RED, 200);
351 LED(LED_ORANGE, 200);
352 LED(LED_GREEN, 200);
353 LED(LED_ORANGE, 200);
354 LED(LED_RED, 200);
355 LED(LED_ORANGE, 200);
356 LED(LED_GREEN, 200);
357 LED(LED_ORANGE, 200);
358 LED(LED_RED, 200);
359
360 int selected = 0;
361 int playing = 0;
362
363 // Turn on selected LED
364 LED(selected + 1, 0);
365
366 for (;;)
367 {
368 // UsbPoll(FALSE);
369 usb_poll();
370 WDT_HIT();
371
372 // Was our button held down or pressed?
373 int button_pressed = BUTTON_HELD(1000);
374 SpinDelay(300);
375
376 // Button was held for a second, begin recording
377 if (button_pressed > 0)
378 {
379 LEDsoff();
380 LED(selected + 1, 0);
381 LED(LED_RED2, 0);
382
383 // record
384 DbpString("Starting recording");
385
386 // wait for button to be released
387 while(BUTTON_PRESS())
388 WDT_HIT();
389
390 /* need this delay to prevent catching some weird data */
391 SpinDelay(500);
392
393 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
394 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
395
396 LEDsoff();
397 LED(selected + 1, 0);
398 // Finished recording
399
400 // If we were previously playing, set playing off
401 // so next button push begins playing what we recorded
402 playing = 0;
403 }
404
405 // Change where to record (or begin playing)
406 else if (button_pressed)
407 {
408 // Next option if we were previously playing
409 if (playing)
410 selected = (selected + 1) % OPTS;
411 playing = !playing;
412
413 LEDsoff();
414 LED(selected + 1, 0);
415
416 // Begin transmitting
417 if (playing)
418 {
419 LED(LED_GREEN, 0);
420 DbpString("Playing");
421 // wait for button to be released
422 while(BUTTON_PRESS())
423 WDT_HIT();
424 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
425 CmdHIDsimTAG(high[selected], low[selected], 0);
426 DbpString("Done playing");
427 if (BUTTON_HELD(1000) > 0)
428 {
429 DbpString("Exiting");
430 LEDsoff();
431 return;
432 }
433
434 /* We pressed a button so ignore it here with a delay */
435 SpinDelay(300);
436
437 // when done, we're done playing, move to next option
438 selected = (selected + 1) % OPTS;
439 playing = !playing;
440 LEDsoff();
441 LED(selected + 1, 0);
442 }
443 else
444 while(BUTTON_PRESS())
445 WDT_HIT();
446 }
447 }
448 }
449 #endif
450
451 /*
452 OBJECTIVE
453 Listen and detect an external reader. Determine the best location
454 for the antenna.
455
456 INSTRUCTIONS:
457 Inside the ListenReaderField() function, there is two mode.
458 By default, when you call the function, you will enter mode 1.
459 If you press the PM3 button one time, you will enter mode 2.
460 If you press the PM3 button a second time, you will exit the function.
461
462 DESCRIPTION OF MODE 1:
463 This mode just listens for an external reader field and lights up green
464 for HF and/or red for LF. This is the original mode of the detectreader
465 function.
466
467 DESCRIPTION OF MODE 2:
468 This mode will visually represent, using the LEDs, the actual strength of the
469 current compared to the maximum current detected. Basically, once you know
470 what kind of external reader is present, it will help you spot the best location to place
471 your antenna. You will probably not get some good results if there is a LF and a HF reader
472 at the same place! :-)
473
474 LIGHT SCHEME USED:
475 */
476 static const char LIGHT_SCHEME[] = {
477 0x0, /* ---- | No field detected */
478 0x1, /* X--- | 14% of maximum current detected */
479 0x2, /* -X-- | 29% of maximum current detected */
480 0x4, /* --X- | 43% of maximum current detected */
481 0x8, /* ---X | 57% of maximum current detected */
482 0xC, /* --XX | 71% of maximum current detected */
483 0xE, /* -XXX | 86% of maximum current detected */
484 0xF, /* XXXX | 100% of maximum current detected */
485 };
486 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
487
488 void ListenReaderField(int limit)
489 {
490 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
491 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
492 int mode=1, display_val, display_max, i;
493
494 #define LF_ONLY 1
495 #define HF_ONLY 2
496
497 LEDsoff();
498
499 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
500
501 if(limit != HF_ONLY) {
502 Dbprintf("LF 125/134 Baseline: %d", lf_av);
503 lf_baseline = lf_av;
504 }
505
506 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
507
508 if (limit != LF_ONLY) {
509 Dbprintf("HF 13.56 Baseline: %d", hf_av);
510 hf_baseline = hf_av;
511 }
512
513 for(;;) {
514 if (BUTTON_PRESS()) {
515 SpinDelay(500);
516 switch (mode) {
517 case 1:
518 mode=2;
519 DbpString("Signal Strength Mode");
520 break;
521 case 2:
522 default:
523 DbpString("Stopped");
524 LEDsoff();
525 return;
526 break;
527 }
528 }
529 WDT_HIT();
530
531 if (limit != HF_ONLY) {
532 if(mode==1) {
533 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
534 else LED_D_OFF();
535 }
536
537 ++lf_count;
538 lf_av_new= ReadAdc(ADC_CHAN_LF);
539 // see if there's a significant change
540 if(abs(lf_av - lf_av_new) > 10) {
541 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
542 lf_av = lf_av_new;
543 if (lf_av > lf_max)
544 lf_max = lf_av;
545 lf_count= 0;
546 }
547 }
548
549 if (limit != LF_ONLY) {
550 if (mode == 1){
551 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
552 else LED_B_OFF();
553 }
554
555 ++hf_count;
556 hf_av_new= ReadAdc(ADC_CHAN_HF);
557 // see if there's a significant change
558 if(abs(hf_av - hf_av_new) > 10) {
559 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
560 hf_av = hf_av_new;
561 if (hf_av > hf_max)
562 hf_max = hf_av;
563 hf_count= 0;
564 }
565 }
566
567 if(mode == 2) {
568 if (limit == LF_ONLY) {
569 display_val = lf_av;
570 display_max = lf_max;
571 } else if (limit == HF_ONLY) {
572 display_val = hf_av;
573 display_max = hf_max;
574 } else { /* Pick one at random */
575 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
576 display_val = hf_av;
577 display_max = hf_max;
578 } else {
579 display_val = lf_av;
580 display_max = lf_max;
581 }
582 }
583 for (i=0; i<LIGHT_LEN; i++) {
584 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
585 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
586 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
587 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
588 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
589 break;
590 }
591 }
592 }
593 }
594 }
595
596 void UsbPacketReceived(uint8_t *packet, int len)
597 {
598 UsbCommand *c = (UsbCommand *)packet;
599
600 //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
601
602 switch(c->cmd) {
603 #ifdef WITH_LF
604 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
605 AcquireRawAdcSamples125k(c->arg[0]);
606 cmd_send(CMD_ACK,0,0,0,0,0);
607 break;
608 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
609 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
610 break;
611 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
612 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
613 cmd_send(CMD_ACK,0,0,0,0,0);
614 break;
615 case CMD_HID_DEMOD_FSK:
616 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
617 break;
618 case CMD_HID_SIM_TAG:
619 CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
620 break;
621 case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
622 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
623 break;
624 case CMD_IO_DEMOD_FSK:
625 CmdIOdemodFSK(1, 0, 0, 1); // Demodulate IO tag
626 break;
627 case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
628 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
629 break;
630 case CMD_EM410X_WRITE_TAG:
631 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
632 break;
633 case CMD_READ_TI_TYPE:
634 ReadTItag();
635 break;
636 case CMD_WRITE_TI_TYPE:
637 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
638 break;
639 case CMD_SIMULATE_TAG_125K:
640 LED_A_ON();
641 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
642 LED_A_OFF();
643 break;
644 case CMD_LF_SIMULATE_BIDIR:
645 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
646 break;
647 case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
648 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
649 break;
650 case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
651 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
652 break;
653 case CMD_T55XX_READ_BLOCK:
654 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
655 break;
656 case CMD_T55XX_WRITE_BLOCK:
657 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
658 break;
659 case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
660 T55xxReadTrace();
661 break;
662 case CMD_PCF7931_READ: // Read PCF7931 tag
663 ReadPCF7931();
664 cmd_send(CMD_ACK,0,0,0,0,0);
665 break;
666 case CMD_EM4X_READ_WORD:
667 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
668 break;
669 case CMD_EM4X_WRITE_WORD:
670 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
671 break;
672 #endif
673
674 #ifdef WITH_HITAG
675 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
676 SnoopHitag(c->arg[0]);
677 break;
678 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
679 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
680 break;
681 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
682 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
683 break;
684 #endif
685
686 #ifdef WITH_ISO15693
687 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
688 AcquireRawAdcSamplesIso15693();
689 break;
690 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
691 RecordRawAdcSamplesIso15693();
692 break;
693
694 case CMD_ISO_15693_COMMAND:
695 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
696 break;
697
698 case CMD_ISO_15693_FIND_AFI:
699 BruteforceIso15693Afi(c->arg[0]);
700 break;
701
702 case CMD_ISO_15693_DEBUG:
703 SetDebugIso15693(c->arg[0]);
704 break;
705
706 case CMD_READER_ISO_15693:
707 ReaderIso15693(c->arg[0]);
708 break;
709 case CMD_SIMTAG_ISO_15693:
710 SimTagIso15693(c->arg[0]);
711 break;
712 #endif
713
714 #ifdef WITH_LEGICRF
715 case CMD_SIMULATE_TAG_LEGIC_RF:
716 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
717 break;
718
719 case CMD_WRITER_LEGIC_RF:
720 LegicRfWriter(c->arg[1], c->arg[0]);
721 break;
722
723 case CMD_READER_LEGIC_RF:
724 LegicRfReader(c->arg[0], c->arg[1]);
725 break;
726 #endif
727
728 #ifdef WITH_ISO14443b
729 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
730 AcquireRawAdcSamplesIso14443(c->arg[0]);
731 break;
732 case CMD_READ_SRI512_TAG:
733 ReadSTMemoryIso14443(0x0F);
734 break;
735 case CMD_READ_SRIX4K_TAG:
736 ReadSTMemoryIso14443(0x7F);
737 break;
738 case CMD_SNOOP_ISO_14443:
739 SnoopIso14443();
740 break;
741 case CMD_SIMULATE_TAG_ISO_14443:
742 SimulateIso14443Tag();
743 break;
744 case CMD_ISO_14443B_COMMAND:
745 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
746 break;
747 #endif
748
749 #ifdef WITH_ISO14443a
750 case CMD_SNOOP_ISO_14443a:
751 SnoopIso14443a(c->arg[0]);
752 break;
753 case CMD_READER_ISO_14443a:
754 ReaderIso14443a(c);
755 break;
756 case CMD_SIMULATE_TAG_ISO_14443a:
757 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
758 break;
759 case CMD_EPA_PACE_COLLECT_NONCE:
760 EPA_PACE_Collect_Nonce(c);
761 break;
762
763 case CMD_READER_MIFARE:
764 ReaderMifare(c->arg[0]);
765 break;
766 case CMD_MIFARE_READBL:
767 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
768 break;
769 case CMD_MIFAREU_READBL:
770 MifareUReadBlock(c->arg[0],c->d.asBytes);
771 break;
772 case CMD_MIFAREUC_AUTH1:
773 MifareUC_Auth1(c->arg[0],c->d.asBytes);
774 break;
775 case CMD_MIFAREUC_AUTH2:
776 MifareUC_Auth2(c->arg[0],c->d.asBytes);
777 break;
778 case CMD_MIFAREU_READCARD:
779 MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
780 break;
781 case CMD_MIFAREUC_READCARD:
782 MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
783 break;
784 case CMD_MIFARE_READSC:
785 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
786 break;
787 case CMD_MIFARE_WRITEBL:
788 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
789 break;
790 case CMD_MIFAREU_WRITEBL_COMPAT:
791 MifareUWriteBlock(c->arg[0], c->d.asBytes);
792 break;
793 case CMD_MIFAREU_WRITEBL:
794 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
795 break;
796 case CMD_MIFARE_NESTED:
797 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
798 break;
799 case CMD_MIFARE_CHKKEYS:
800 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
801 break;
802 case CMD_SIMULATE_MIFARE_CARD:
803 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
804 break;
805
806 // emulator
807 case CMD_MIFARE_SET_DBGMODE:
808 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
809 break;
810 case CMD_MIFARE_EML_MEMCLR:
811 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
812 break;
813 case CMD_MIFARE_EML_MEMSET:
814 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
815 break;
816 case CMD_MIFARE_EML_MEMGET:
817 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
818 break;
819 case CMD_MIFARE_EML_CARDLOAD:
820 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
821 break;
822
823 // Work with "magic Chinese" card
824 case CMD_MIFARE_EML_CSETBLOCK:
825 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
826 break;
827 case CMD_MIFARE_EML_CGETBLOCK:
828 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
829 break;
830
831 // mifare sniffer
832 case CMD_MIFARE_SNIFFER:
833 SniffMifare(c->arg[0]);
834 break;
835
836 // mifare desfire
837 case CMD_MIFARE_DESFIRE_READBL:
838 break;
839 case CMD_MIFARE_DESFIRE_WRITEBL:
840 break;
841 case CMD_MIFARE_DESFIRE_AUTH1:
842 MifareDES_Auth1(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
843 break;
844 case CMD_MIFARE_DESFIRE_AUTH2:
845 MifareDES_Auth2(c->arg[0],c->d.asBytes);
846 break;
847 // case CMD_MIFARE_DES_READER:
848 // ReaderMifareDES(c->arg[0], c->arg[1], c->d.asBytes);
849 //break;
850 case CMD_MIFARE_DESFIRE_INFO:
851 MifareDesfireGetInformation();
852 break;
853 case CMD_MIFARE_DESFIRE:
854 MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes);
855 break;
856
857 #endif
858
859 #ifdef WITH_ICLASS
860 // Makes use of ISO14443a FPGA Firmware
861 case CMD_SNOOP_ICLASS:
862 SnoopIClass();
863 break;
864 case CMD_SIMULATE_TAG_ICLASS:
865 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
866 break;
867 case CMD_READER_ICLASS:
868 ReaderIClass(c->arg[0]);
869 break;
870 case CMD_READER_ICLASS_REPLAY:
871 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
872 break;
873 #endif
874
875 case CMD_SIMULATE_TAG_HF_LISTEN:
876 SimulateTagHfListen();
877 break;
878
879 case CMD_BUFF_CLEAR:
880 BufferClear();
881 break;
882
883 case CMD_MEASURE_ANTENNA_TUNING:
884 MeasureAntennaTuning();
885 break;
886
887 case CMD_MEASURE_ANTENNA_TUNING_HF:
888 MeasureAntennaTuningHf();
889 break;
890
891 case CMD_LISTEN_READER_FIELD:
892 ListenReaderField(c->arg[0]);
893 break;
894
895 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
896 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
897 SpinDelay(200);
898 LED_D_OFF(); // LED D indicates field ON or OFF
899 break;
900
901 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
902
903 LED_B_ON();
904 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
905 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
906 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
907 }
908 // Trigger a finish downloading signal with an ACK frame
909 cmd_send(CMD_ACK,0,0,0,0,0);
910 LED_B_OFF();
911 break;
912
913 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
914 uint8_t *b = (uint8_t *)BigBuf;
915 memcpy(b+c->arg[0], c->d.asBytes, 48);
916 //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
917 cmd_send(CMD_ACK,0,0,0,0,0);
918 break;
919 }
920 case CMD_READ_MEM:
921 ReadMem(c->arg[0]);
922 break;
923
924 case CMD_SET_LF_DIVISOR:
925 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
926 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
927 break;
928
929 case CMD_SET_ADC_MUX:
930 switch(c->arg[0]) {
931 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
932 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
933 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
934 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
935 }
936 break;
937
938 case CMD_VERSION:
939 SendVersion();
940 break;
941
942 #ifdef WITH_LCD
943 case CMD_LCD_RESET:
944 LCDReset();
945 break;
946 case CMD_LCD:
947 LCDSend(c->arg[0]);
948 break;
949 #endif
950 case CMD_SETUP_WRITE:
951 case CMD_FINISH_WRITE:
952 case CMD_HARDWARE_RESET:
953 usb_disable();
954 SpinDelay(1000);
955 SpinDelay(1000);
956 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
957 for(;;) {
958 // We're going to reset, and the bootrom will take control.
959 }
960 break;
961
962 case CMD_START_FLASH:
963 if(common_area.flags.bootrom_present) {
964 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
965 }
966 usb_disable();
967 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
968 for(;;);
969 break;
970
971 case CMD_DEVICE_INFO: {
972 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
973 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
974 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
975 break;
976 }
977 default:
978 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
979 break;
980 }
981 }
982
983 void __attribute__((noreturn)) AppMain(void)
984 {
985 SpinDelay(100);
986
987 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
988 /* Initialize common area */
989 memset(&common_area, 0, sizeof(common_area));
990 common_area.magic = COMMON_AREA_MAGIC;
991 common_area.version = 1;
992 }
993 common_area.flags.osimage_present = 1;
994
995 LED_D_OFF();
996 LED_C_OFF();
997 LED_B_OFF();
998 LED_A_OFF();
999
1000 // Init USB device
1001 usb_enable();
1002
1003 // The FPGA gets its clock from us from PCK0 output, so set that up.
1004 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1005 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1006 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1007 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1008 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1009 AT91C_PMC_PRES_CLK_4;
1010 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1011
1012 // Reset SPI
1013 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1014 // Reset SSC
1015 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1016
1017 // Load the FPGA image, which we have stored in our flash.
1018 // (the HF version by default)
1019 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1020
1021 StartTickCount();
1022
1023 #ifdef WITH_LCD
1024 LCDInit();
1025 #endif
1026
1027 byte_t rx[sizeof(UsbCommand)];
1028 size_t rx_len;
1029
1030 for(;;) {
1031 if (usb_poll()) {
1032 rx_len = usb_read(rx,sizeof(UsbCommand));
1033 if (rx_len) {
1034 UsbPacketReceived(rx,rx_len);
1035 }
1036 }
1037 WDT_HIT();
1038
1039 #ifdef WITH_LF
1040 if (BUTTON_HELD(1000) > 0)
1041 SamyRun();
1042 #endif
1043 }
1044 }
Impressum, Datenschutz