]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CHG: minor code clean up in ArmSrc.
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21 #include <stdarg.h>
22
23 #include "legicrf.h"
24 #include <hitag2.h>
25
26 #ifdef WITH_LCD
27 #include "LCD.h"
28 #endif
29
30 #define abs(x) ( ((x)<0) ? -(x) : (x) )
31
32 //=============================================================================
33 // A buffer where we can queue things up to be sent through the FPGA, for
34 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
35 // is the order in which they go out on the wire.
36 //=============================================================================
37
38 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
39 uint8_t ToSend[TOSEND_BUFFER_SIZE];
40 int ToSendMax;
41 static int ToSendBit;
42 struct common_area common_area __attribute__((section(".commonarea")));
43
44 void BufferClear(void)
45 {
46 memset(BigBuf,0,sizeof(BigBuf));
47 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
48 }
49
50 void ToSendReset(void)
51 {
52 ToSendMax = -1;
53 ToSendBit = 8;
54 }
55
56 void ToSendStuffBit(int b)
57 {
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
70 if(ToSendMax >= sizeof(ToSend)) {
71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74 }
75
76 //=============================================================================
77 // Debug print functions, to go out over USB, to the usual PC-side client.
78 //=============================================================================
79
80 void DbpString(char *str)
81 {
82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
84 }
85
86 #if 0
87 void DbpIntegers(int x1, int x2, int x3)
88 {
89 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
90 }
91 #endif
92
93 void Dbprintf(const char *fmt, ...) {
94 // should probably limit size here; oh well, let's just use a big buffer
95 char output_string[128];
96 va_list ap;
97
98 va_start(ap, fmt);
99 kvsprintf(fmt, output_string, 10, ap);
100 va_end(ap);
101
102 DbpString(output_string);
103 }
104
105 // prints HEX & ASCII
106 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
107 int l=0,i;
108 char ascii[9];
109
110 while (len>0) {
111 if (len>8) l=8;
112 else l=len;
113
114 memcpy(ascii,d,l);
115 ascii[l]=0;
116
117 // filter safe ascii
118 for (i=0;i<l;i++)
119 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
120
121 if (bAsci) {
122 Dbprintf("%-8s %*D",ascii,l,d," ");
123 } else {
124 Dbprintf("%*D",l,d," ");
125 }
126
127 len-=8;
128 d+=8;
129 }
130 }
131
132 //-----------------------------------------------------------------------------
133 // Read an ADC channel and block till it completes, then return the result
134 // in ADC units (0 to 1023). Also a routine to average 32 samples and
135 // return that.
136 //-----------------------------------------------------------------------------
137 static int ReadAdc(int ch)
138 {
139 uint32_t d;
140
141 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
142 AT91C_BASE_ADC->ADC_MR =
143 ADC_MODE_PRESCALE(32) |
144 ADC_MODE_STARTUP_TIME(16) |
145 ADC_MODE_SAMPLE_HOLD_TIME(8);
146 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
147
148 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
149 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
150 ;
151 d = AT91C_BASE_ADC->ADC_CDR[ch];
152
153 return d;
154 }
155
156 int AvgAdc(int ch) // was static - merlok
157 {
158 int i;
159 int a = 0;
160
161 for(i = 0; i < 32; i++) {
162 a += ReadAdc(ch);
163 }
164
165 return (a + 15) >> 5;
166 }
167
168 void MeasureAntennaTuning(void)
169 {
170 uint8_t LF_Results[256];
171 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
172 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
173
174 LED_B_ON();
175
176 /*
177 * Sweeps the useful LF range of the proxmark from
178 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
179 * read the voltage in the antenna, the result left
180 * in the buffer is a graph which should clearly show
181 * the resonating frequency of your LF antenna
182 * ( hopefully around 95 if it is tuned to 125kHz!)
183 */
184
185 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
186 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
187 for (i=255; i>=19; i--) {
188 WDT_HIT();
189 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
190 SpinDelay(20);
191 // Vref = 3.3V, and a 10000:240 voltage divider on the input
192 // can measure voltages up to 137500 mV
193 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
194 if (i==95) vLf125 = adcval; // voltage at 125Khz
195 if (i==89) vLf134 = adcval; // voltage at 134Khz
196
197 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
198 if(LF_Results[i] > peak) {
199 peakv = adcval;
200 peak = LF_Results[i];
201 peakf = i;
202 //ptr = i;
203 }
204 }
205
206 for (i=18; i >= 0; i--) LF_Results[i] = 0;
207
208 LED_A_ON();
209 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
210 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
211 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
212 SpinDelay(20);
213 // Vref = 3300mV, and an 10:1 voltage divider on the input
214 // can measure voltages up to 33000 mV
215 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
216
217 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
218 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
219 LED_A_OFF();
220 LED_B_OFF();
221 return;
222 }
223
224 void MeasureAntennaTuningHf(void)
225 {
226 int vHf = 0; // in mV
227
228 DbpString("Measuring HF antenna, press button to exit");
229
230 for (;;) {
231 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
232 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
233 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
234 SpinDelay(20);
235 // Vref = 3300mV, and an 10:1 voltage divider on the input
236 // can measure voltages up to 33000 mV
237 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
238
239 Dbprintf("%d mV",vHf);
240 if (BUTTON_PRESS()) break;
241 }
242 DbpString("cancelled");
243 }
244
245
246 void SimulateTagHfListen(void)
247 {
248 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
249 uint8_t v = 0;
250 int i;
251 int p = 0;
252
253 // We're using this mode just so that I can test it out; the simulated
254 // tag mode would work just as well and be simpler.
255 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
256 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
257
258 // We need to listen to the high-frequency, peak-detected path.
259 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
260
261 FpgaSetupSsc();
262
263 i = 0;
264 for(;;) {
265 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
266 AT91C_BASE_SSC->SSC_THR = 0xff;
267 }
268 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
269 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
270
271 v <<= 1;
272 if(r & 1) {
273 v |= 1;
274 }
275 p++;
276
277 if(p >= 8) {
278 dest[i] = v;
279 v = 0;
280 p = 0;
281 i++;
282
283 if(i >= FREE_BUFFER_SIZE) {
284 break;
285 }
286 }
287 }
288 }
289 DbpString("simulate tag (now type bitsamples)");
290 }
291
292 void ReadMem(int addr)
293 {
294 const uint8_t *data = ((uint8_t *)addr);
295
296 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
297 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
298 }
299
300 /* osimage version information is linked in */
301 extern struct version_information version_information;
302 /* bootrom version information is pointed to from _bootphase1_version_pointer */
303 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
304 void SendVersion(void)
305 {
306 char temp[512]; /* Limited data payload in USB packets */
307 DbpString("Prox/RFID mark3 RFID instrument");
308
309 /* Try to find the bootrom version information. Expect to find a pointer at
310 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
311 * pointer, then use it.
312 */
313 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
314 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
315 DbpString("bootrom version information appears invalid");
316 } else {
317 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
318 DbpString(temp);
319 }
320
321 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
322 DbpString(temp);
323
324 FpgaGatherVersion(temp, sizeof(temp));
325 DbpString(temp);
326 // Send Chip ID
327 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
328 }
329
330 #ifdef WITH_LF
331 // samy's sniff and repeat routine
332 void SamyRun()
333 {
334 DbpString("Stand-alone mode! No PC necessary.");
335 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
336
337 // 3 possible options? no just 2 for now
338 #define OPTS 2
339
340 int high[OPTS], low[OPTS];
341
342 // Oooh pretty -- notify user we're in elite samy mode now
343 LED(LED_RED, 200);
344 LED(LED_ORANGE, 200);
345 LED(LED_GREEN, 200);
346 LED(LED_ORANGE, 200);
347 LED(LED_RED, 200);
348 LED(LED_ORANGE, 200);
349 LED(LED_GREEN, 200);
350 LED(LED_ORANGE, 200);
351 LED(LED_RED, 200);
352
353 int selected = 0;
354 int playing = 0;
355 int cardRead = 0;
356
357 // Turn on selected LED
358 LED(selected + 1, 0);
359
360 for (;;)
361 {
362 usb_poll();
363 WDT_HIT();
364
365 // Was our button held down or pressed?
366 int button_pressed = BUTTON_HELD(1000);
367 SpinDelay(300);
368
369 // Button was held for a second, begin recording
370 if (button_pressed > 0 && cardRead == 0)
371 {
372 LEDsoff();
373 LED(selected + 1, 0);
374 LED(LED_RED2, 0);
375
376 // record
377 DbpString("Starting recording");
378
379 // wait for button to be released
380 while(BUTTON_PRESS())
381 WDT_HIT();
382
383 /* need this delay to prevent catching some weird data */
384 SpinDelay(500);
385
386 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
387 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
388
389 LEDsoff();
390 LED(selected + 1, 0);
391 // Finished recording
392
393 // If we were previously playing, set playing off
394 // so next button push begins playing what we recorded
395 playing = 0;
396
397 cardRead = 1;
398
399 }
400
401 else if (button_pressed > 0 && cardRead == 1)
402 {
403 LEDsoff();
404 LED(selected + 1, 0);
405 LED(LED_ORANGE, 0);
406
407 // record
408 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
409
410 // wait for button to be released
411 while(BUTTON_PRESS())
412 WDT_HIT();
413
414 /* need this delay to prevent catching some weird data */
415 SpinDelay(500);
416
417 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
418 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
419
420 LEDsoff();
421 LED(selected + 1, 0);
422 // Finished recording
423
424 // If we were previously playing, set playing off
425 // so next button push begins playing what we recorded
426 playing = 0;
427
428 cardRead = 0;
429
430 }
431
432 // Change where to record (or begin playing)
433 else if (button_pressed)
434 {
435 // Next option if we were previously playing
436 if (playing)
437 selected = (selected + 1) % OPTS;
438 playing = !playing;
439
440 LEDsoff();
441 LED(selected + 1, 0);
442
443 // Begin transmitting
444 if (playing)
445 {
446 LED(LED_GREEN, 0);
447 DbpString("Playing");
448 // wait for button to be released
449 while(BUTTON_PRESS())
450 WDT_HIT();
451 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
452 CmdHIDsimTAG(high[selected], low[selected], 0);
453 DbpString("Done playing");
454 if (BUTTON_HELD(1000) > 0)
455 {
456 DbpString("Exiting");
457 LEDsoff();
458 return;
459 }
460
461 /* We pressed a button so ignore it here with a delay */
462 SpinDelay(300);
463
464 // when done, we're done playing, move to next option
465 selected = (selected + 1) % OPTS;
466 playing = !playing;
467 LEDsoff();
468 LED(selected + 1, 0);
469 }
470 else
471 while(BUTTON_PRESS())
472 WDT_HIT();
473 }
474 }
475 }
476 #endif
477
478 /*
479 OBJECTIVE
480 Listen and detect an external reader. Determine the best location
481 for the antenna.
482
483 INSTRUCTIONS:
484 Inside the ListenReaderField() function, there is two mode.
485 By default, when you call the function, you will enter mode 1.
486 If you press the PM3 button one time, you will enter mode 2.
487 If you press the PM3 button a second time, you will exit the function.
488
489 DESCRIPTION OF MODE 1:
490 This mode just listens for an external reader field and lights up green
491 for HF and/or red for LF. This is the original mode of the detectreader
492 function.
493
494 DESCRIPTION OF MODE 2:
495 This mode will visually represent, using the LEDs, the actual strength of the
496 current compared to the maximum current detected. Basically, once you know
497 what kind of external reader is present, it will help you spot the best location to place
498 your antenna. You will probably not get some good results if there is a LF and a HF reader
499 at the same place! :-)
500
501 LIGHT SCHEME USED:
502 */
503 static const char LIGHT_SCHEME[] = {
504 0x0, /* ---- | No field detected */
505 0x1, /* X--- | 14% of maximum current detected */
506 0x2, /* -X-- | 29% of maximum current detected */
507 0x4, /* --X- | 43% of maximum current detected */
508 0x8, /* ---X | 57% of maximum current detected */
509 0xC, /* --XX | 71% of maximum current detected */
510 0xE, /* -XXX | 86% of maximum current detected */
511 0xF, /* XXXX | 100% of maximum current detected */
512 };
513 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
514
515 void ListenReaderField(int limit)
516 {
517 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
518 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
519 int mode=1, display_val, display_max, i;
520
521 #define LF_ONLY 1
522 #define HF_ONLY 2
523
524 LEDsoff();
525
526 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
527
528 if(limit != HF_ONLY) {
529 Dbprintf("LF 125/134 Baseline: %d", lf_av);
530 lf_baseline = lf_av;
531 }
532
533 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
534
535 if (limit != LF_ONLY) {
536 Dbprintf("HF 13.56 Baseline: %d", hf_av);
537 hf_baseline = hf_av;
538 }
539
540 for(;;) {
541 if (BUTTON_PRESS()) {
542 SpinDelay(500);
543 switch (mode) {
544 case 1:
545 mode=2;
546 DbpString("Signal Strength Mode");
547 break;
548 case 2:
549 default:
550 DbpString("Stopped");
551 LEDsoff();
552 return;
553 break;
554 }
555 }
556 WDT_HIT();
557
558 if (limit != HF_ONLY) {
559 if(mode==1) {
560 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
561 else LED_D_OFF();
562 }
563
564 ++lf_count;
565 lf_av_new= ReadAdc(ADC_CHAN_LF);
566 // see if there's a significant change
567 if(abs(lf_av - lf_av_new) > 10) {
568 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
569 lf_av = lf_av_new;
570 if (lf_av > lf_max)
571 lf_max = lf_av;
572 lf_count= 0;
573 }
574 }
575
576 if (limit != LF_ONLY) {
577 if (mode == 1){
578 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
579 else LED_B_OFF();
580 }
581
582 ++hf_count;
583 hf_av_new= ReadAdc(ADC_CHAN_HF);
584 // see if there's a significant change
585 if(abs(hf_av - hf_av_new) > 10) {
586 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
587 hf_av = hf_av_new;
588 if (hf_av > hf_max)
589 hf_max = hf_av;
590 hf_count= 0;
591 }
592 }
593
594 if(mode == 2) {
595 if (limit == LF_ONLY) {
596 display_val = lf_av;
597 display_max = lf_max;
598 } else if (limit == HF_ONLY) {
599 display_val = hf_av;
600 display_max = hf_max;
601 } else { /* Pick one at random */
602 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
603 display_val = hf_av;
604 display_max = hf_max;
605 } else {
606 display_val = lf_av;
607 display_max = lf_max;
608 }
609 }
610 for (i=0; i<LIGHT_LEN; i++) {
611 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
612 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
613 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
614 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
615 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
616 break;
617 }
618 }
619 }
620 }
621 }
622
623 void UsbPacketReceived(uint8_t *packet, int len)
624 {
625 UsbCommand *c = (UsbCommand *)packet;
626
627 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
628
629 switch(c->cmd) {
630 #ifdef WITH_LF
631 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
632 AcquireRawAdcSamples125k(c->arg[0]);
633 cmd_send(CMD_ACK,0,0,0,0,0);
634 break;
635 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
636 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
637 break;
638 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
639 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
640 cmd_send(CMD_ACK,0,0,0,0,0);
641 break;
642 case CMD_HID_DEMOD_FSK:
643 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
644 break;
645 case CMD_HID_SIM_TAG:
646 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
647 break;
648 case CMD_HID_CLONE_TAG:
649 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
650 break;
651 case CMD_IO_DEMOD_FSK:
652 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
653 break;
654 case CMD_IO_CLONE_TAG:
655 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
656 break;
657 case CMD_EM410X_DEMOD:
658 CmdEM410xdemod(c->arg[0], 0, 0, 1);
659 break;
660 case CMD_EM410X_WRITE_TAG:
661 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
662 break;
663 case CMD_READ_TI_TYPE:
664 ReadTItag();
665 break;
666 case CMD_WRITE_TI_TYPE:
667 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
668 break;
669 case CMD_SIMULATE_TAG_125K:
670 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
671 break;
672 case CMD_LF_SIMULATE_BIDIR:
673 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
674 break;
675 case CMD_INDALA_CLONE_TAG:
676 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
677 break;
678 case CMD_INDALA_CLONE_TAG_L:
679 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
680 break;
681 case CMD_T55XX_READ_BLOCK:
682 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
683 break;
684 case CMD_T55XX_WRITE_BLOCK:
685 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
686 break;
687 case CMD_T55XX_READ_TRACE:
688 T55xxReadTrace();
689 break;
690 case CMD_PCF7931_READ:
691 ReadPCF7931();
692 cmd_send(CMD_ACK,0,0,0,0,0);
693 break;
694 case CMD_EM4X_READ_WORD:
695 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
696 break;
697 case CMD_EM4X_WRITE_WORD:
698 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
699 break;
700 #endif
701
702 #ifdef WITH_HITAG
703 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
704 SnoopHitag(c->arg[0]);
705 break;
706 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
707 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
708 break;
709 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
710 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
711 break;
712 #endif
713
714 #ifdef WITH_ISO15693
715 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
716 AcquireRawAdcSamplesIso15693();
717 break;
718 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
719 RecordRawAdcSamplesIso15693();
720 break;
721
722 case CMD_ISO_15693_COMMAND:
723 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
724 break;
725
726 case CMD_ISO_15693_FIND_AFI:
727 BruteforceIso15693Afi(c->arg[0]);
728 break;
729
730 case CMD_ISO_15693_DEBUG:
731 SetDebugIso15693(c->arg[0]);
732 break;
733
734 case CMD_READER_ISO_15693:
735 ReaderIso15693(c->arg[0]);
736 break;
737 case CMD_SIMTAG_ISO_15693:
738 SimTagIso15693(c->arg[0], c->d.asBytes);
739 break;
740 #endif
741
742 #ifdef WITH_LEGICRF
743 case CMD_SIMULATE_TAG_LEGIC_RF:
744 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
745 break;
746
747 case CMD_WRITER_LEGIC_RF:
748 LegicRfWriter(c->arg[1], c->arg[0]);
749 break;
750
751 case CMD_READER_LEGIC_RF:
752 LegicRfReader(c->arg[0], c->arg[1]);
753 break;
754 #endif
755
756 #ifdef WITH_ISO14443b
757 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
758 AcquireRawAdcSamplesIso14443(c->arg[0]);
759 break;
760 case CMD_READ_SRI512_TAG:
761 ReadSTMemoryIso14443(0x0F);
762 break;
763 case CMD_READ_SRIX4K_TAG:
764 ReadSTMemoryIso14443(0x7F);
765 break;
766 case CMD_SNOOP_ISO_14443:
767 SnoopIso14443();
768 break;
769 case CMD_SIMULATE_TAG_ISO_14443:
770 SimulateIso14443Tag();
771 break;
772 case CMD_ISO_14443B_COMMAND:
773 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
774 break;
775 #endif
776
777 #ifdef WITH_ISO14443a
778 case CMD_SNOOP_ISO_14443a:
779 SnoopIso14443a(c->arg[0]);
780 break;
781 case CMD_READER_ISO_14443a:
782 ReaderIso14443a(c);
783 break;
784 case CMD_SIMULATE_TAG_ISO_14443a:
785 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
786 break;
787
788 case CMD_EPA_PACE_COLLECT_NONCE:
789 EPA_PACE_Collect_Nonce(c);
790 break;
791
792 case CMD_READER_MIFARE:
793 ReaderMifare(c->arg[0]);
794 break;
795 case CMD_MIFARE_READBL:
796 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
797 break;
798 case CMD_MIFAREU_READBL:
799 MifareUReadBlock(c->arg[0],c->d.asBytes);
800 break;
801 case CMD_MIFAREU_READCARD:
802 MifareUReadCard(c->arg[0],c->d.asBytes);
803 break;
804 case CMD_MIFARE_READSC:
805 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
806 break;
807 case CMD_MIFARE_WRITEBL:
808 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
809 break;
810 case CMD_MIFAREU_WRITEBL_COMPAT:
811 MifareUWriteBlock(c->arg[0], c->d.asBytes);
812 break;
813 case CMD_MIFAREU_WRITEBL:
814 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
815 break;
816 case CMD_MIFARE_NESTED:
817 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
818 break;
819 case CMD_MIFARE_CHKKEYS:
820 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
821 break;
822 case CMD_SIMULATE_MIFARE_CARD:
823 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
824 break;
825
826 // emulator
827 case CMD_MIFARE_SET_DBGMODE:
828 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
829 break;
830 case CMD_MIFARE_EML_MEMCLR:
831 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
832 break;
833 case CMD_MIFARE_EML_MEMSET:
834 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
835 break;
836 case CMD_MIFARE_EML_MEMGET:
837 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
838 break;
839 case CMD_MIFARE_EML_CARDLOAD:
840 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
841 break;
842
843 // Work with "magic Chinese" card
844 case CMD_MIFARE_CSETBLOCK:
845 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
846 break;
847 case CMD_MIFARE_CGETBLOCK:
848 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
849 break;
850 case CMD_MIFARE_CIDENT:
851 MifareCIdent();
852 break;
853
854 // mifare sniffer
855 case CMD_MIFARE_SNIFFER:
856 SniffMifare(c->arg[0]);
857 break;
858 #endif
859
860 #ifdef WITH_ICLASS
861 // Makes use of ISO14443a FPGA Firmware
862 case CMD_SNOOP_ICLASS:
863 SnoopIClass();
864 break;
865 case CMD_SIMULATE_TAG_ICLASS:
866 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
867 break;
868 case CMD_READER_ICLASS:
869 ReaderIClass(c->arg[0]);
870 break;
871 case CMD_READER_ICLASS_REPLAY:
872 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
873 break;
874 #endif
875
876 case CMD_SIMULATE_TAG_HF_LISTEN:
877 SimulateTagHfListen();
878 break;
879
880 case CMD_BUFF_CLEAR:
881 BufferClear();
882 break;
883
884 case CMD_MEASURE_ANTENNA_TUNING:
885 MeasureAntennaTuning();
886 break;
887
888 case CMD_MEASURE_ANTENNA_TUNING_HF:
889 MeasureAntennaTuningHf();
890 break;
891
892 case CMD_LISTEN_READER_FIELD:
893 ListenReaderField(c->arg[0]);
894 break;
895
896 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
897 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
898 SpinDelay(200);
899 LED_D_OFF(); // LED D indicates field ON or OFF
900 break;
901
902 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
903
904 LED_B_ON();
905 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
906 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
907 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
908 }
909 // Trigger a finish downloading signal with an ACK frame
910 cmd_send(CMD_ACK,0,0,0,0,0);
911 LED_B_OFF();
912 break;
913
914 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
915 uint8_t *b = (uint8_t *)BigBuf;
916 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
917 cmd_send(CMD_ACK,0,0,0,0,0);
918 break;
919 }
920 case CMD_READ_MEM:
921 ReadMem(c->arg[0]);
922 break;
923
924 case CMD_SET_LF_DIVISOR:
925 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
926 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
927 break;
928
929 case CMD_SET_ADC_MUX:
930 switch(c->arg[0]) {
931 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
932 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
933 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
934 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
935 }
936 break;
937
938 case CMD_VERSION:
939 SendVersion();
940 break;
941
942 #ifdef WITH_LCD
943 case CMD_LCD_RESET:
944 LCDReset();
945 break;
946 case CMD_LCD:
947 LCDSend(c->arg[0]);
948 break;
949 #endif
950 case CMD_SETUP_WRITE:
951 case CMD_FINISH_WRITE:
952 case CMD_HARDWARE_RESET:
953 usb_disable();
954 SpinDelay(1000);
955 SpinDelay(1000);
956 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
957 for(;;) {
958 // We're going to reset, and the bootrom will take control.
959 }
960 break;
961
962 case CMD_START_FLASH:
963 if(common_area.flags.bootrom_present) {
964 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
965 }
966 usb_disable();
967 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
968 for(;;);
969 break;
970
971 case CMD_DEVICE_INFO: {
972 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
973 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
974 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
975 break;
976 }
977 default:
978 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
979 break;
980 }
981 }
982
983 void __attribute__((noreturn)) AppMain(void)
984 {
985 SpinDelay(100);
986
987 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
988 /* Initialize common area */
989 memset(&common_area, 0, sizeof(common_area));
990 common_area.magic = COMMON_AREA_MAGIC;
991 common_area.version = 1;
992 }
993 common_area.flags.osimage_present = 1;
994
995 LED_D_OFF();
996 LED_C_OFF();
997 LED_B_OFF();
998 LED_A_OFF();
999
1000 // Init USB device
1001 usb_enable();
1002
1003 // The FPGA gets its clock from us from PCK0 output, so set that up.
1004 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1005 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1006 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1007 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1008 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1009 AT91C_PMC_PRES_CLK_4;
1010 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1011
1012 // Reset SPI
1013 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1014 // Reset SSC
1015 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1016
1017 // Load the FPGA image, which we have stored in our flash.
1018 // (the HF version by default)
1019 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1020
1021 StartTickCount();
1022
1023 #ifdef WITH_LCD
1024 LCDInit();
1025 #endif
1026
1027 byte_t rx[sizeof(UsbCommand)];
1028 size_t rx_len;
1029
1030 for(;;) {
1031 if (usb_poll()) {
1032 rx_len = usb_read(rx,sizeof(UsbCommand));
1033 if (rx_len) {
1034 UsbPacketReceived(rx,rx_len);
1035 }
1036 }
1037 WDT_HIT();
1038
1039 #ifdef WITH_LF
1040 if (BUTTON_HELD(1000) > 0)
1041 SamyRun();
1042 #endif
1043 }
1044 }
Proxmark3 GIT tracking
Impressum, Datenschutz