]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:


a4d9c33549ab22e4913de79c9b7927eb7478ce07
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
40 uint8_t ToSend[TOSEND_BUFFER_SIZE];
41 int ToSendMax;
42 static int ToSendBit;
43 struct common_area common_area __attribute__((section(".commonarea")));
44
45 void ToSendReset(void)
46 {
47 ToSendMax = -1;
48 ToSendBit = 8;
49 }
50
51 void ToSendStuffBit(int b)
52 {
53 if(ToSendBit >= 8) {
54 ToSendMax++;
55 ToSend[ToSendMax] = 0;
56 ToSendBit = 0;
57 }
58
59 if(b) {
60 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
61 }
62
63 ToSendBit++;
64
65 if(ToSendMax >= sizeof(ToSend)) {
66 ToSendBit = 0;
67 DbpString("ToSendStuffBit overflowed!");
68 }
69 }
70
71 //=============================================================================
72 // Debug print functions, to go out over USB, to the usual PC-side client.
73 //=============================================================================
74
75 void DbpString(char *str)
76 {
77 byte_t len = strlen(str);
78 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
79 }
80
81 #if 0
82 void DbpIntegers(int x1, int x2, int x3)
83 {
84 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
85 }
86 #endif
87
88 void Dbprintf(const char *fmt, ...) {
89 // should probably limit size here; oh well, let's just use a big buffer
90 char output_string[128];
91 va_list ap;
92
93 va_start(ap, fmt);
94 kvsprintf(fmt, output_string, 10, ap);
95 va_end(ap);
96
97 DbpString(output_string);
98 }
99
100 // prints HEX & ASCII
101 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
102 int l=0,i;
103 char ascii[9];
104
105 while (len>0) {
106 if (len>8) l=8;
107 else l=len;
108
109 memcpy(ascii,d,l);
110 ascii[l]=0;
111
112 // filter safe ascii
113 for (i=0;i<l;i++)
114 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
115
116 if (bAsci) {
117 Dbprintf("%-8s %*D",ascii,l,d," ");
118 } else {
119 Dbprintf("%*D",l,d," ");
120 }
121
122 len-=8;
123 d+=8;
124 }
125 }
126
127 //-----------------------------------------------------------------------------
128 // Read an ADC channel and block till it completes, then return the result
129 // in ADC units (0 to 1023). Also a routine to average 32 samples and
130 // return that.
131 //-----------------------------------------------------------------------------
132 static int ReadAdc(int ch)
133 {
134 uint32_t d;
135
136 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
137 AT91C_BASE_ADC->ADC_MR =
138 ADC_MODE_PRESCALE(32) |
139 ADC_MODE_STARTUP_TIME(16) |
140 ADC_MODE_SAMPLE_HOLD_TIME(8);
141 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
142
143 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
144 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
145 ;
146 d = AT91C_BASE_ADC->ADC_CDR[ch];
147
148 return d;
149 }
150
151 int AvgAdc(int ch) // was static - merlok
152 {
153 int i;
154 int a = 0;
155
156 for(i = 0; i < 32; i++) {
157 a += ReadAdc(ch);
158 }
159
160 return (a + 15) >> 5;
161 }
162
163 void MeasureAntennaTuning(void)
164 {
165 uint8_t LF_Results[256];
166 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
167 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
168
169 LED_B_ON();
170
171 /*
172 * Sweeps the useful LF range of the proxmark from
173 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
174 * read the voltage in the antenna, the result left
175 * in the buffer is a graph which should clearly show
176 * the resonating frequency of your LF antenna
177 * ( hopefully around 95 if it is tuned to 125kHz!)
178 */
179
180 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
181 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
182 for (i=255; i>=19; i--) {
183 WDT_HIT();
184 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
185 SpinDelay(20);
186 // Vref = 3.3V, and a 10000:240 voltage divider on the input
187 // can measure voltages up to 137500 mV
188 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
189 if (i==95) vLf125 = adcval; // voltage at 125Khz
190 if (i==89) vLf134 = adcval; // voltage at 134Khz
191
192 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
193 if(LF_Results[i] > peak) {
194 peakv = adcval;
195 peak = LF_Results[i];
196 peakf = i;
197 //ptr = i;
198 }
199 }
200
201 for (i=18; i >= 0; i--) LF_Results[i] = 0;
202
203 LED_A_ON();
204 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
205 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
206 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
207 SpinDelay(20);
208 // Vref = 3300mV, and an 10:1 voltage divider on the input
209 // can measure voltages up to 33000 mV
210 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
211
212 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
213 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
214 LED_A_OFF();
215 LED_B_OFF();
216 return;
217 }
218
219 void MeasureAntennaTuningHf(void)
220 {
221 int vHf = 0; // in mV
222
223 DbpString("Measuring HF antenna, press button to exit");
224
225 for (;;) {
226 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
227 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
228 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
229 SpinDelay(20);
230 // Vref = 3300mV, and an 10:1 voltage divider on the input
231 // can measure voltages up to 33000 mV
232 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
233
234 Dbprintf("%d mV",vHf);
235 if (BUTTON_PRESS()) break;
236 }
237 DbpString("cancelled");
238 }
239
240
241 void SimulateTagHfListen(void)
242 {
243 uint8_t *dest = BigBuf_get_addr() + FREE_BUFFER_OFFSET;
244 uint8_t v = 0;
245 int i;
246 int p = 0;
247
248 // We're using this mode just so that I can test it out; the simulated
249 // tag mode would work just as well and be simpler.
250 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
251 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
252
253 // We need to listen to the high-frequency, peak-detected path.
254 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
255
256 FpgaSetupSsc();
257
258 i = 0;
259 for(;;) {
260 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
261 AT91C_BASE_SSC->SSC_THR = 0xff;
262 }
263 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
264 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
265
266 v <<= 1;
267 if(r & 1) {
268 v |= 1;
269 }
270 p++;
271
272 if(p >= 8) {
273 dest[i] = v;
274 v = 0;
275 p = 0;
276 i++;
277
278 if(i >= FREE_BUFFER_SIZE) {
279 break;
280 }
281 }
282 }
283 }
284 DbpString("simulate tag (now type bitsamples)");
285 }
286
287 void ReadMem(int addr)
288 {
289 const uint8_t *data = ((uint8_t *)addr);
290
291 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
292 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
293 }
294
295 /* osimage version information is linked in */
296 extern struct version_information version_information;
297 /* bootrom version information is pointed to from _bootphase1_version_pointer */
298 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
299 void SendVersion(void)
300 {
301 char temp[512]; /* Limited data payload in USB packets */
302 DbpString("Prox/RFID mark3 RFID instrument");
303
304 /* Try to find the bootrom version information. Expect to find a pointer at
305 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
306 * pointer, then use it.
307 */
308 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
309 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
310 DbpString("bootrom version information appears invalid");
311 } else {
312 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
313 DbpString(temp);
314 }
315
316 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
317 DbpString(temp);
318
319 FpgaGatherVersion(temp, sizeof(temp));
320 DbpString(temp);
321 // Send Chip ID
322 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
323 }
324
325 #ifdef WITH_LF
326 // samy's sniff and repeat routine
327 void SamyRun()
328 {
329 DbpString("Stand-alone mode! No PC necessary.");
330 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
331
332 // 3 possible options? no just 2 for now
333 #define OPTS 2
334
335 int high[OPTS], low[OPTS];
336
337 // Oooh pretty -- notify user we're in elite samy mode now
338 LED(LED_RED, 200);
339 LED(LED_ORANGE, 200);
340 LED(LED_GREEN, 200);
341 LED(LED_ORANGE, 200);
342 LED(LED_RED, 200);
343 LED(LED_ORANGE, 200);
344 LED(LED_GREEN, 200);
345 LED(LED_ORANGE, 200);
346 LED(LED_RED, 200);
347
348 int selected = 0;
349 int playing = 0;
350 int cardRead = 0;
351
352 // Turn on selected LED
353 LED(selected + 1, 0);
354
355 for (;;)
356 {
357 usb_poll();
358 WDT_HIT();
359
360 // Was our button held down or pressed?
361 int button_pressed = BUTTON_HELD(1000);
362 SpinDelay(300);
363
364 // Button was held for a second, begin recording
365 if (button_pressed > 0 && cardRead == 0)
366 {
367 LEDsoff();
368 LED(selected + 1, 0);
369 LED(LED_RED2, 0);
370
371 // record
372 DbpString("Starting recording");
373
374 // wait for button to be released
375 while(BUTTON_PRESS())
376 WDT_HIT();
377
378 /* need this delay to prevent catching some weird data */
379 SpinDelay(500);
380
381 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
382 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
383
384 LEDsoff();
385 LED(selected + 1, 0);
386 // Finished recording
387
388 // If we were previously playing, set playing off
389 // so next button push begins playing what we recorded
390 playing = 0;
391
392 cardRead = 1;
393
394 }
395
396 else if (button_pressed > 0 && cardRead == 1)
397 {
398 LEDsoff();
399 LED(selected + 1, 0);
400 LED(LED_ORANGE, 0);
401
402 // record
403 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
404
405 // wait for button to be released
406 while(BUTTON_PRESS())
407 WDT_HIT();
408
409 /* need this delay to prevent catching some weird data */
410 SpinDelay(500);
411
412 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
413 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
414
415 LEDsoff();
416 LED(selected + 1, 0);
417 // Finished recording
418
419 // If we were previously playing, set playing off
420 // so next button push begins playing what we recorded
421 playing = 0;
422
423 cardRead = 0;
424
425 }
426
427 // Change where to record (or begin playing)
428 else if (button_pressed)
429 {
430 // Next option if we were previously playing
431 if (playing)
432 selected = (selected + 1) % OPTS;
433 playing = !playing;
434
435 LEDsoff();
436 LED(selected + 1, 0);
437
438 // Begin transmitting
439 if (playing)
440 {
441 LED(LED_GREEN, 0);
442 DbpString("Playing");
443 // wait for button to be released
444 while(BUTTON_PRESS())
445 WDT_HIT();
446 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
447 CmdHIDsimTAG(high[selected], low[selected], 0);
448 DbpString("Done playing");
449 if (BUTTON_HELD(1000) > 0)
450 {
451 DbpString("Exiting");
452 LEDsoff();
453 return;
454 }
455
456 /* We pressed a button so ignore it here with a delay */
457 SpinDelay(300);
458
459 // when done, we're done playing, move to next option
460 selected = (selected + 1) % OPTS;
461 playing = !playing;
462 LEDsoff();
463 LED(selected + 1, 0);
464 }
465 else
466 while(BUTTON_PRESS())
467 WDT_HIT();
468 }
469 }
470 }
471 #endif
472
473 /*
474 OBJECTIVE
475 Listen and detect an external reader. Determine the best location
476 for the antenna.
477
478 INSTRUCTIONS:
479 Inside the ListenReaderField() function, there is two mode.
480 By default, when you call the function, you will enter mode 1.
481 If you press the PM3 button one time, you will enter mode 2.
482 If you press the PM3 button a second time, you will exit the function.
483
484 DESCRIPTION OF MODE 1:
485 This mode just listens for an external reader field and lights up green
486 for HF and/or red for LF. This is the original mode of the detectreader
487 function.
488
489 DESCRIPTION OF MODE 2:
490 This mode will visually represent, using the LEDs, the actual strength of the
491 current compared to the maximum current detected. Basically, once you know
492 what kind of external reader is present, it will help you spot the best location to place
493 your antenna. You will probably not get some good results if there is a LF and a HF reader
494 at the same place! :-)
495
496 LIGHT SCHEME USED:
497 */
498 static const char LIGHT_SCHEME[] = {
499 0x0, /* ---- | No field detected */
500 0x1, /* X--- | 14% of maximum current detected */
501 0x2, /* -X-- | 29% of maximum current detected */
502 0x4, /* --X- | 43% of maximum current detected */
503 0x8, /* ---X | 57% of maximum current detected */
504 0xC, /* --XX | 71% of maximum current detected */
505 0xE, /* -XXX | 86% of maximum current detected */
506 0xF, /* XXXX | 100% of maximum current detected */
507 };
508 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
509
510 void ListenReaderField(int limit)
511 {
512 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
513 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
514 int mode=1, display_val, display_max, i;
515
516 #define LF_ONLY 1
517 #define HF_ONLY 2
518
519 LEDsoff();
520
521 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
522
523 if(limit != HF_ONLY) {
524 Dbprintf("LF 125/134 Baseline: %d", lf_av);
525 lf_baseline = lf_av;
526 }
527
528 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
529
530 if (limit != LF_ONLY) {
531 Dbprintf("HF 13.56 Baseline: %d", hf_av);
532 hf_baseline = hf_av;
533 }
534
535 for(;;) {
536 if (BUTTON_PRESS()) {
537 SpinDelay(500);
538 switch (mode) {
539 case 1:
540 mode=2;
541 DbpString("Signal Strength Mode");
542 break;
543 case 2:
544 default:
545 DbpString("Stopped");
546 LEDsoff();
547 return;
548 break;
549 }
550 }
551 WDT_HIT();
552
553 if (limit != HF_ONLY) {
554 if(mode==1) {
555 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
556 else LED_D_OFF();
557 }
558
559 ++lf_count;
560 lf_av_new= ReadAdc(ADC_CHAN_LF);
561 // see if there's a significant change
562 if(abs(lf_av - lf_av_new) > 10) {
563 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
564 lf_av = lf_av_new;
565 if (lf_av > lf_max)
566 lf_max = lf_av;
567 lf_count= 0;
568 }
569 }
570
571 if (limit != LF_ONLY) {
572 if (mode == 1){
573 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
574 else LED_B_OFF();
575 }
576
577 ++hf_count;
578 hf_av_new= ReadAdc(ADC_CHAN_HF);
579 // see if there's a significant change
580 if(abs(hf_av - hf_av_new) > 10) {
581 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
582 hf_av = hf_av_new;
583 if (hf_av > hf_max)
584 hf_max = hf_av;
585 hf_count= 0;
586 }
587 }
588
589 if(mode == 2) {
590 if (limit == LF_ONLY) {
591 display_val = lf_av;
592 display_max = lf_max;
593 } else if (limit == HF_ONLY) {
594 display_val = hf_av;
595 display_max = hf_max;
596 } else { /* Pick one at random */
597 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
598 display_val = hf_av;
599 display_max = hf_max;
600 } else {
601 display_val = lf_av;
602 display_max = lf_max;
603 }
604 }
605 for (i=0; i<LIGHT_LEN; i++) {
606 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
607 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
608 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
609 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
610 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
611 break;
612 }
613 }
614 }
615 }
616 }
617
618 void UsbPacketReceived(uint8_t *packet, int len)
619 {
620 UsbCommand *c = (UsbCommand *)packet;
621
622 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
623
624 switch(c->cmd) {
625 #ifdef WITH_LF
626 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
627 AcquireRawAdcSamples125k(c->arg[0]);
628 cmd_send(CMD_ACK,0,0,0,0,0);
629 break;
630 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
631 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
632 break;
633 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
634 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
635 cmd_send(CMD_ACK,0,0,0,0,0);
636 break;
637 case CMD_HID_DEMOD_FSK:
638 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
639 break;
640 case CMD_HID_SIM_TAG:
641 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
642 break;
643 case CMD_HID_CLONE_TAG:
644 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
645 break;
646 case CMD_IO_DEMOD_FSK:
647 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
648 break;
649 case CMD_IO_CLONE_TAG:
650 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
651 break;
652 case CMD_EM410X_DEMOD:
653 CmdEM410xdemod(c->arg[0], 0, 0, 1);
654 break;
655 case CMD_EM410X_WRITE_TAG:
656 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
657 break;
658 case CMD_READ_TI_TYPE:
659 ReadTItag();
660 break;
661 case CMD_WRITE_TI_TYPE:
662 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
663 break;
664 case CMD_SIMULATE_TAG_125K:
665 LED_A_ON();
666 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
667 LED_A_OFF();
668 break;
669 case CMD_LF_SIMULATE_BIDIR:
670 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
671 break;
672 case CMD_INDALA_CLONE_TAG:
673 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
674 break;
675 case CMD_INDALA_CLONE_TAG_L:
676 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
677 break;
678 case CMD_T55XX_READ_BLOCK:
679 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
680 break;
681 case CMD_T55XX_WRITE_BLOCK:
682 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
683 break;
684 case CMD_T55XX_READ_TRACE:
685 T55xxReadTrace();
686 break;
687 case CMD_PCF7931_READ:
688 ReadPCF7931();
689 cmd_send(CMD_ACK,0,0,0,0,0);
690 break;
691 case CMD_EM4X_READ_WORD:
692 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
693 break;
694 case CMD_EM4X_WRITE_WORD:
695 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
696 break;
697 #endif
698
699 #ifdef WITH_HITAG
700 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
701 SnoopHitag(c->arg[0]);
702 break;
703 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
704 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
705 break;
706 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
707 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
708 break;
709 #endif
710
711 #ifdef WITH_ISO15693
712 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
713 AcquireRawAdcSamplesIso15693();
714 break;
715 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
716 RecordRawAdcSamplesIso15693();
717 break;
718
719 case CMD_ISO_15693_COMMAND:
720 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
721 break;
722
723 case CMD_ISO_15693_FIND_AFI:
724 BruteforceIso15693Afi(c->arg[0]);
725 break;
726
727 case CMD_ISO_15693_DEBUG:
728 SetDebugIso15693(c->arg[0]);
729 break;
730
731 case CMD_READER_ISO_15693:
732 ReaderIso15693(c->arg[0]);
733 break;
734 case CMD_SIMTAG_ISO_15693:
735 SimTagIso15693(c->arg[0], c->d.asBytes);
736 break;
737 #endif
738
739 #ifdef WITH_LEGICRF
740 case CMD_SIMULATE_TAG_LEGIC_RF:
741 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
742 break;
743
744 case CMD_WRITER_LEGIC_RF:
745 LegicRfWriter(c->arg[1], c->arg[0]);
746 break;
747
748 case CMD_READER_LEGIC_RF:
749 LegicRfReader(c->arg[0], c->arg[1]);
750 break;
751 #endif
752
753 #ifdef WITH_ISO14443b
754 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
755 AcquireRawAdcSamplesIso14443(c->arg[0]);
756 break;
757 case CMD_READ_SRI512_TAG:
758 ReadSTMemoryIso14443(0x0F);
759 break;
760 case CMD_READ_SRIX4K_TAG:
761 ReadSTMemoryIso14443(0x7F);
762 break;
763 case CMD_SNOOP_ISO_14443:
764 SnoopIso14443();
765 break;
766 case CMD_SIMULATE_TAG_ISO_14443:
767 SimulateIso14443Tag();
768 break;
769 case CMD_ISO_14443B_COMMAND:
770 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
771 break;
772 #endif
773
774 #ifdef WITH_ISO14443a
775 case CMD_SNOOP_ISO_14443a:
776 SnoopIso14443a(c->arg[0]);
777 break;
778 case CMD_READER_ISO_14443a:
779 ReaderIso14443a(c);
780 break;
781 case CMD_SIMULATE_TAG_ISO_14443a:
782 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
783 break;
784
785 case CMD_EPA_PACE_COLLECT_NONCE:
786 EPA_PACE_Collect_Nonce(c);
787 break;
788
789 case CMD_READER_MIFARE:
790 ReaderMifare(c->arg[0]);
791 break;
792 case CMD_MIFARE_READBL:
793 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
794 break;
795 case CMD_MIFAREU_READBL:
796 MifareUReadBlock(c->arg[0],c->d.asBytes);
797 break;
798 case CMD_MIFAREUC_AUTH1:
799 MifareUC_Auth1(c->arg[0],c->d.asBytes);
800 break;
801 case CMD_MIFAREUC_AUTH2:
802 MifareUC_Auth2(c->arg[0],c->d.asBytes);
803 break;
804 case CMD_MIFAREU_READCARD:
805 MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
806 break;
807 case CMD_MIFAREUC_READCARD:
808 MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
809 break;
810 case CMD_MIFARE_READSC:
811 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
812 break;
813 case CMD_MIFARE_WRITEBL:
814 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
815 break;
816 case CMD_MIFAREU_WRITEBL_COMPAT:
817 MifareUWriteBlock(c->arg[0], c->d.asBytes);
818 break;
819 case CMD_MIFAREU_WRITEBL:
820 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
821 break;
822 case CMD_MIFARE_NESTED:
823 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
824 break;
825 case CMD_MIFARE_CHKKEYS:
826 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
827 break;
828 case CMD_SIMULATE_MIFARE_CARD:
829 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
830 break;
831
832 // emulator
833 case CMD_MIFARE_SET_DBGMODE:
834 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
835 break;
836 case CMD_MIFARE_EML_MEMCLR:
837 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
838 break;
839 case CMD_MIFARE_EML_MEMSET:
840 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
841 break;
842 case CMD_MIFARE_EML_MEMGET:
843 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
844 break;
845 case CMD_MIFARE_EML_CARDLOAD:
846 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
847 break;
848
849 // Work with "magic Chinese" card
850 case CMD_MIFARE_CSETBLOCK:
851 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
852 break;
853 case CMD_MIFARE_CGETBLOCK:
854 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
855 break;
856 case CMD_MIFARE_CIDENT:
857 MifareCIdent();
858 break;
859
860 // mifare sniffer
861 case CMD_MIFARE_SNIFFER:
862 SniffMifare(c->arg[0]);
863 break;
864
865 #endif
866
867 #ifdef WITH_ICLASS
868 // Makes use of ISO14443a FPGA Firmware
869 case CMD_SNOOP_ICLASS:
870 SnoopIClass();
871 break;
872 case CMD_SIMULATE_TAG_ICLASS:
873 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
874 break;
875 case CMD_READER_ICLASS:
876 ReaderIClass(c->arg[0]);
877 break;
878 case CMD_READER_ICLASS_REPLAY:
879 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
880 break;
881 #endif
882
883 case CMD_SIMULATE_TAG_HF_LISTEN:
884 SimulateTagHfListen();
885 break;
886
887 case CMD_BUFF_CLEAR:
888 BigBuf_Clear();
889 break;
890
891 case CMD_MEASURE_ANTENNA_TUNING:
892 MeasureAntennaTuning();
893 break;
894
895 case CMD_MEASURE_ANTENNA_TUNING_HF:
896 MeasureAntennaTuningHf();
897 break;
898
899 case CMD_LISTEN_READER_FIELD:
900 ListenReaderField(c->arg[0]);
901 break;
902
903 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
904 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
905 SpinDelay(200);
906 LED_D_OFF(); // LED D indicates field ON or OFF
907 break;
908
909 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
910
911 LED_B_ON();
912 uint8_t *BigBuf = BigBuf_get_addr();
913 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
914 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
915 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,BigBuf+c->arg[0]+i,len);
916 }
917 // Trigger a finish downloading signal with an ACK frame
918 cmd_send(CMD_ACK,0,0,0,0,0);
919 LED_B_OFF();
920 break;
921
922 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
923 uint8_t *b = BigBuf_get_addr();
924 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
925 cmd_send(CMD_ACK,0,0,0,0,0);
926 break;
927 }
928 case CMD_READ_MEM:
929 ReadMem(c->arg[0]);
930 break;
931
932 case CMD_SET_LF_DIVISOR:
933 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
934 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
935 break;
936
937 case CMD_SET_ADC_MUX:
938 switch(c->arg[0]) {
939 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
940 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
941 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
942 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
943 }
944 break;
945
946 case CMD_VERSION:
947 SendVersion();
948 break;
949
950 #ifdef WITH_LCD
951 case CMD_LCD_RESET:
952 LCDReset();
953 break;
954 case CMD_LCD:
955 LCDSend(c->arg[0]);
956 break;
957 #endif
958 case CMD_SETUP_WRITE:
959 case CMD_FINISH_WRITE:
960 case CMD_HARDWARE_RESET:
961 usb_disable();
962 SpinDelay(1000);
963 SpinDelay(1000);
964 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
965 for(;;) {
966 // We're going to reset, and the bootrom will take control.
967 }
968 break;
969
970 case CMD_START_FLASH:
971 if(common_area.flags.bootrom_present) {
972 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
973 }
974 usb_disable();
975 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
976 for(;;);
977 break;
978
979 case CMD_DEVICE_INFO: {
980 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
981 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
982 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
983 break;
984 }
985 default:
986 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
987 break;
988 }
989 }
990
991 void __attribute__((noreturn)) AppMain(void)
992 {
993 SpinDelay(100);
994
995 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
996 /* Initialize common area */
997 memset(&common_area, 0, sizeof(common_area));
998 common_area.magic = COMMON_AREA_MAGIC;
999 common_area.version = 1;
1000 }
1001 common_area.flags.osimage_present = 1;
1002
1003 LED_D_OFF();
1004 LED_C_OFF();
1005 LED_B_OFF();
1006 LED_A_OFF();
1007
1008 // Init USB device
1009 usb_enable();
1010
1011 // The FPGA gets its clock from us from PCK0 output, so set that up.
1012 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1013 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1014 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1015 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1016 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1017 AT91C_PMC_PRES_CLK_4;
1018 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1019
1020 // Reset SPI
1021 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1022 // Reset SSC
1023 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1024
1025 // Load the FPGA image, which we have stored in our flash.
1026 // (the HF version by default)
1027 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1028
1029 StartTickCount();
1030
1031 #ifdef WITH_LCD
1032 LCDInit();
1033 #endif
1034
1035 byte_t rx[sizeof(UsbCommand)];
1036 size_t rx_len;
1037
1038 for(;;) {
1039 if (usb_poll()) {
1040 rx_len = usb_read(rx,sizeof(UsbCommand));
1041 if (rx_len) {
1042 UsbPacketReceived(rx,rx_len);
1043 }
1044 }
1045 WDT_HIT();
1046
1047 #ifdef WITH_LF
1048 if (BUTTON_HELD(1000) > 0)
1049 SamyRun();
1050 #endif
1051 }
1052 }
Proxmark3 GIT tracking
Impressum, Datenschutz