]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:


c3cf3999dc91e66be18438661228d255a36807b4
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "../common/usb_cdc.h"
14 #include "../common/cmd.h"
15
16 #include "../include/proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21 #include <stdarg.h>
22
23
24 #include "legicrf.h"
25 #include "../include/hitag2.h"
26
27
28 #ifdef WITH_LCD
29 #include "LCD.h"
30 #endif
31
32 #define abs(x) ( ((x)<0) ? -(x) : (x) )
33
34 //=============================================================================
35 // A buffer where we can queue things up to be sent through the FPGA, for
36 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
37 // is the order in which they go out on the wire.
38 //=============================================================================
39
40 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
41 uint8_t ToSend[TOSEND_BUFFER_SIZE];
42 int ToSendMax;
43 static int ToSendBit;
44 struct common_area common_area __attribute__((section(".commonarea")));
45
46 void BufferClear(void)
47 {
48 memset(BigBuf,0,sizeof(BigBuf));
49 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
50 }
51
52 void ToSendReset(void)
53 {
54 ToSendMax = -1;
55 ToSendBit = 8;
56 }
57
58 void ToSendStuffBit(int b)
59 {
60 if(ToSendBit >= 8) {
61 ToSendMax++;
62 ToSend[ToSendMax] = 0;
63 ToSendBit = 0;
64 }
65
66 if(b) {
67 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
68 }
69
70 ToSendBit++;
71
72 if(ToSendMax >= sizeof(ToSend)) {
73 ToSendBit = 0;
74 DbpString("ToSendStuffBit overflowed!");
75 }
76 }
77
78 //=============================================================================
79 // Debug print functions, to go out over USB, to the usual PC-side client.
80 //=============================================================================
81
82 void DbpString(char *str)
83 {
84 byte_t len = strlen(str);
85 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
86 }
87
88 #if 0
89 void DbpIntegers(int x1, int x2, int x3)
90 {
91 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
92 }
93 #endif
94
95 void Dbprintf(const char *fmt, ...) {
96 // should probably limit size here; oh well, let's just use a big buffer
97 char output_string[128];
98 va_list ap;
99
100 va_start(ap, fmt);
101 kvsprintf(fmt, output_string, 10, ap);
102 va_end(ap);
103
104 DbpString(output_string);
105 }
106
107 // prints HEX & ASCII
108 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
109 int l=0,i;
110 char ascii[9];
111
112 while (len>0) {
113 if (len>8) l=8;
114 else l=len;
115
116 memcpy(ascii,d,l);
117 ascii[l]=0;
118
119 // filter safe ascii
120 for (i=0;i<l;i++)
121 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
122
123 if (bAsci) {
124 Dbprintf("%-8s %*D",ascii,l,d," ");
125 } else {
126 Dbprintf("%*D",l,d," ");
127 }
128
129 len-=8;
130 d+=8;
131 }
132 }
133
134 //-----------------------------------------------------------------------------
135 // Read an ADC channel and block till it completes, then return the result
136 // in ADC units (0 to 1023). Also a routine to average 32 samples and
137 // return that.
138 //-----------------------------------------------------------------------------
139 static int ReadAdc(int ch)
140 {
141 uint32_t d;
142
143 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
144 AT91C_BASE_ADC->ADC_MR =
145 ADC_MODE_PRESCALE(32) |
146 ADC_MODE_STARTUP_TIME(16) |
147 ADC_MODE_SAMPLE_HOLD_TIME(8);
148 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
149
150 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
151 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
152 ;
153 d = AT91C_BASE_ADC->ADC_CDR[ch];
154
155 return d;
156 }
157
158 int AvgAdc(int ch) // was static - merlok
159 {
160 int i;
161 int a = 0;
162
163 for(i = 0; i < 32; i++) {
164 a += ReadAdc(ch);
165 }
166
167 return (a + 15) >> 5;
168 }
169
170 void MeasureAntennaTuning(void)
171 {
172 uint8_t LF_Results[256];
173 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
174 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
175
176 LED_B_ON();
177
178 /*
179 * Sweeps the useful LF range of the proxmark from
180 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
181 * read the voltage in the antenna, the result left
182 * in the buffer is a graph which should clearly show
183 * the resonating frequency of your LF antenna
184 * ( hopefully around 95 if it is tuned to 125kHz!)
185 */
186
187 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
188 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
189 for (i=255; i>=19; i--) {
190 WDT_HIT();
191 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
192 SpinDelay(20);
193 // Vref = 3.3V, and a 10000:240 voltage divider on the input
194 // can measure voltages up to 137500 mV
195 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
196 if (i==95) vLf125 = adcval; // voltage at 125Khz
197 if (i==89) vLf134 = adcval; // voltage at 134Khz
198
199 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
200 if(LF_Results[i] > peak) {
201 peakv = adcval;
202 peak = LF_Results[i];
203 peakf = i;
204 //ptr = i;
205 }
206 }
207
208 for (i=18; i >= 0; i--) LF_Results[i] = 0;
209
210 LED_A_ON();
211 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
212 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
213 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
214 SpinDelay(20);
215 // Vref = 3300mV, and an 10:1 voltage divider on the input
216 // can measure voltages up to 33000 mV
217 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
218
219 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
220 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
221 LED_A_OFF();
222 LED_B_OFF();
223 return;
224 }
225
226 void MeasureAntennaTuningHf(void)
227 {
228 int vHf = 0; // in mV
229
230 DbpString("Measuring HF antenna, press button to exit");
231
232 for (;;) {
233 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
234 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
235 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
236 SpinDelay(20);
237 // Vref = 3300mV, and an 10:1 voltage divider on the input
238 // can measure voltages up to 33000 mV
239 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
240
241 Dbprintf("%d mV",vHf);
242 if (BUTTON_PRESS()) break;
243 }
244 DbpString("cancelled");
245 }
246
247
248 void SimulateTagHfListen(void)
249 {
250 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
251 uint8_t v = 0;
252 int i;
253 int p = 0;
254
255 // We're using this mode just so that I can test it out; the simulated
256 // tag mode would work just as well and be simpler.
257 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
258 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
259
260 // We need to listen to the high-frequency, peak-detected path.
261 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
262
263 FpgaSetupSsc();
264
265 i = 0;
266 for(;;) {
267 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
268 AT91C_BASE_SSC->SSC_THR = 0xff;
269 }
270 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
271 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
272
273 v <<= 1;
274 if(r & 1) {
275 v |= 1;
276 }
277 p++;
278
279 if(p >= 8) {
280 dest[i] = v;
281 v = 0;
282 p = 0;
283 i++;
284
285 if(i >= FREE_BUFFER_SIZE) {
286 break;
287 }
288 }
289 }
290 }
291 DbpString("simulate tag (now type bitsamples)");
292 }
293
294 void ReadMem(int addr)
295 {
296 const uint8_t *data = ((uint8_t *)addr);
297
298 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
299 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
300 }
301
302 /* osimage version information is linked in */
303 extern struct version_information version_information;
304 /* bootrom version information is pointed to from _bootphase1_version_pointer */
305 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
306 void SendVersion(void)
307 {
308 char temp[512]; /* Limited data payload in USB packets */
309 DbpString("Prox/RFID mark3 RFID instrument");
310
311 /* Try to find the bootrom version information. Expect to find a pointer at
312 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
313 * pointer, then use it.
314 */
315 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
316 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
317 DbpString("bootrom version information appears invalid");
318 } else {
319 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
320 DbpString(temp);
321 }
322
323 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
324 DbpString(temp);
325
326 FpgaGatherVersion(temp, sizeof(temp));
327 DbpString(temp);
328 // Send Chip ID
329 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
330 }
331
332 #ifdef WITH_LF
333 // samy's sniff and repeat routine
334 void SamyRun()
335 {
336 DbpString("Stand-alone mode! No PC necessary.");
337 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
338
339 // 3 possible options? no just 2 for now
340 #define OPTS 2
341
342 int high[OPTS], low[OPTS];
343
344 // Oooh pretty -- notify user we're in elite samy mode now
345 LED(LED_RED, 200);
346 LED(LED_ORANGE, 200);
347 LED(LED_GREEN, 200);
348 LED(LED_ORANGE, 200);
349 LED(LED_RED, 200);
350 LED(LED_ORANGE, 200);
351 LED(LED_GREEN, 200);
352 LED(LED_ORANGE, 200);
353 LED(LED_RED, 200);
354
355 int selected = 0;
356 int playing = 0;
357 int cardRead = 0;
358
359 // Turn on selected LED
360 LED(selected + 1, 0);
361
362 for (;;)
363 {
364 usb_poll();
365 WDT_HIT();
366
367 // Was our button held down or pressed?
368 int button_pressed = BUTTON_HELD(1000);
369 SpinDelay(300);
370
371 // Button was held for a second, begin recording
372 if (button_pressed > 0 && cardRead == 0)
373 {
374 LEDsoff();
375 LED(selected + 1, 0);
376 LED(LED_RED2, 0);
377
378 // record
379 DbpString("Starting recording");
380
381 // wait for button to be released
382 while(BUTTON_PRESS())
383 WDT_HIT();
384
385 /* need this delay to prevent catching some weird data */
386 SpinDelay(500);
387
388 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
389 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
390
391 LEDsoff();
392 LED(selected + 1, 0);
393 // Finished recording
394
395 // If we were previously playing, set playing off
396 // so next button push begins playing what we recorded
397 playing = 0;
398
399 cardRead = 1;
400
401 }
402
403 else if (button_pressed > 0 && cardRead == 1)
404 {
405 LEDsoff();
406 LED(selected + 1, 0);
407 LED(LED_ORANGE, 0);
408
409 // record
410 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
411
412 // wait for button to be released
413 while(BUTTON_PRESS())
414 WDT_HIT();
415
416 /* need this delay to prevent catching some weird data */
417 SpinDelay(500);
418
419 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
420 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
421
422 LEDsoff();
423 LED(selected + 1, 0);
424 // Finished recording
425
426 // If we were previously playing, set playing off
427 // so next button push begins playing what we recorded
428 playing = 0;
429
430 cardRead = 0;
431
432 }
433
434 // Change where to record (or begin playing)
435 else if (button_pressed)
436 {
437 // Next option if we were previously playing
438 if (playing)
439 selected = (selected + 1) % OPTS;
440 playing = !playing;
441
442 LEDsoff();
443 LED(selected + 1, 0);
444
445 // Begin transmitting
446 if (playing)
447 {
448 LED(LED_GREEN, 0);
449 DbpString("Playing");
450 // wait for button to be released
451 while(BUTTON_PRESS())
452 WDT_HIT();
453 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
454 CmdHIDsimTAG(high[selected], low[selected], 0);
455 DbpString("Done playing");
456 if (BUTTON_HELD(1000) > 0)
457 {
458 DbpString("Exiting");
459 LEDsoff();
460 return;
461 }
462
463 /* We pressed a button so ignore it here with a delay */
464 SpinDelay(300);
465
466 // when done, we're done playing, move to next option
467 selected = (selected + 1) % OPTS;
468 playing = !playing;
469 LEDsoff();
470 LED(selected + 1, 0);
471 }
472 else
473 while(BUTTON_PRESS())
474 WDT_HIT();
475 }
476 }
477 }
478 #endif
479
480 /*
481 OBJECTIVE
482 Listen and detect an external reader. Determine the best location
483 for the antenna.
484
485 INSTRUCTIONS:
486 Inside the ListenReaderField() function, there is two mode.
487 By default, when you call the function, you will enter mode 1.
488 If you press the PM3 button one time, you will enter mode 2.
489 If you press the PM3 button a second time, you will exit the function.
490
491 DESCRIPTION OF MODE 1:
492 This mode just listens for an external reader field and lights up green
493 for HF and/or red for LF. This is the original mode of the detectreader
494 function.
495
496 DESCRIPTION OF MODE 2:
497 This mode will visually represent, using the LEDs, the actual strength of the
498 current compared to the maximum current detected. Basically, once you know
499 what kind of external reader is present, it will help you spot the best location to place
500 your antenna. You will probably not get some good results if there is a LF and a HF reader
501 at the same place! :-)
502
503 LIGHT SCHEME USED:
504 */
505 static const char LIGHT_SCHEME[] = {
506 0x0, /* ---- | No field detected */
507 0x1, /* X--- | 14% of maximum current detected */
508 0x2, /* -X-- | 29% of maximum current detected */
509 0x4, /* --X- | 43% of maximum current detected */
510 0x8, /* ---X | 57% of maximum current detected */
511 0xC, /* --XX | 71% of maximum current detected */
512 0xE, /* -XXX | 86% of maximum current detected */
513 0xF, /* XXXX | 100% of maximum current detected */
514 };
515 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
516
517 void ListenReaderField(int limit)
518 {
519 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
520 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
521 int mode=1, display_val, display_max, i;
522
523 #define LF_ONLY 1
524 #define HF_ONLY 2
525
526 LEDsoff();
527
528 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
529
530 if(limit != HF_ONLY) {
531 Dbprintf("LF 125/134 Baseline: %d", lf_av);
532 lf_baseline = lf_av;
533 }
534
535 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
536
537 if (limit != LF_ONLY) {
538 Dbprintf("HF 13.56 Baseline: %d", hf_av);
539 hf_baseline = hf_av;
540 }
541
542 for(;;) {
543 if (BUTTON_PRESS()) {
544 SpinDelay(500);
545 switch (mode) {
546 case 1:
547 mode=2;
548 DbpString("Signal Strength Mode");
549 break;
550 case 2:
551 default:
552 DbpString("Stopped");
553 LEDsoff();
554 return;
555 break;
556 }
557 }
558 WDT_HIT();
559
560 if (limit != HF_ONLY) {
561 if(mode==1) {
562 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
563 else LED_D_OFF();
564 }
565
566 ++lf_count;
567 lf_av_new= ReadAdc(ADC_CHAN_LF);
568 // see if there's a significant change
569 if(abs(lf_av - lf_av_new) > 10) {
570 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
571 lf_av = lf_av_new;
572 if (lf_av > lf_max)
573 lf_max = lf_av;
574 lf_count= 0;
575 }
576 }
577
578 if (limit != LF_ONLY) {
579 if (mode == 1){
580 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
581 else LED_B_OFF();
582 }
583
584 ++hf_count;
585 hf_av_new= ReadAdc(ADC_CHAN_HF);
586 // see if there's a significant change
587 if(abs(hf_av - hf_av_new) > 10) {
588 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
589 hf_av = hf_av_new;
590 if (hf_av > hf_max)
591 hf_max = hf_av;
592 hf_count= 0;
593 }
594 }
595
596 if(mode == 2) {
597 if (limit == LF_ONLY) {
598 display_val = lf_av;
599 display_max = lf_max;
600 } else if (limit == HF_ONLY) {
601 display_val = hf_av;
602 display_max = hf_max;
603 } else { /* Pick one at random */
604 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
605 display_val = hf_av;
606 display_max = hf_max;
607 } else {
608 display_val = lf_av;
609 display_max = lf_max;
610 }
611 }
612 for (i=0; i<LIGHT_LEN; i++) {
613 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
614 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
615 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
616 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
617 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
618 break;
619 }
620 }
621 }
622 }
623 }
624
625 void UsbPacketReceived(uint8_t *packet, int len)
626 {
627 UsbCommand *c = (UsbCommand *)packet;
628
629 //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
630
631 switch(c->cmd) {
632 #ifdef WITH_LF
633 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
634 AcquireRawAdcSamples125k(c->arg[0]);
635 cmd_send(CMD_ACK,0,0,0,0,0);
636 break;
637 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
638 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
639 break;
640 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
641 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
642 cmd_send(CMD_ACK,0,0,0,0,0);
643 break;
644 case CMD_HID_DEMOD_FSK:
645 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
646 break;
647 case CMD_HID_SIM_TAG:
648 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
649 break;
650 case CMD_HID_CLONE_TAG:
651 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
652 break;
653 case CMD_IO_DEMOD_FSK:
654 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
655 break;
656 case CMD_IO_CLONE_TAG:
657 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
658 break;
659 case CMD_EM410X_WRITE_TAG:
660 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
661 break;
662 case CMD_READ_TI_TYPE:
663 ReadTItag();
664 break;
665 case CMD_WRITE_TI_TYPE:
666 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
667 break;
668 case CMD_SIMULATE_TAG_125K:
669 SimulateTagLowFrequency(c->arg[0], c->arg[1], 0);
670 //SimulateTagLowFrequencyA(c->arg[0], c->arg[1]);
671 break;
672 case CMD_LF_SIMULATE_BIDIR:
673 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
674 break;
675 case CMD_INDALA_CLONE_TAG:
676 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
677 break;
678 case CMD_INDALA_CLONE_TAG_L:
679 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
680 break;
681 case CMD_T55XX_READ_BLOCK:
682 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
683 break;
684 case CMD_T55XX_WRITE_BLOCK:
685 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
686 break;
687 case CMD_T55XX_READ_TRACE:
688 T55xxReadTrace();
689 break;
690 case CMD_PCF7931_READ:
691 ReadPCF7931();
692 cmd_send(CMD_ACK,0,0,0,0,0);
693 break;
694 case CMD_EM4X_READ_WORD:
695 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
696 break;
697 case CMD_EM4X_WRITE_WORD:
698 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
699 break;
700 #endif
701
702 #ifdef WITH_HITAG
703 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
704 SnoopHitag(c->arg[0]);
705 break;
706 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
707 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
708 break;
709 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
710 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
711 break;
712 #endif
713
714 #ifdef WITH_ISO15693
715 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
716 AcquireRawAdcSamplesIso15693();
717 break;
718 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
719 RecordRawAdcSamplesIso15693();
720 break;
721
722 case CMD_ISO_15693_COMMAND:
723 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
724 break;
725
726 case CMD_ISO_15693_FIND_AFI:
727 BruteforceIso15693Afi(c->arg[0]);
728 break;
729
730 case CMD_ISO_15693_DEBUG:
731 SetDebugIso15693(c->arg[0]);
732 break;
733
734 case CMD_READER_ISO_15693:
735 ReaderIso15693(c->arg[0]);
736 break;
737 case CMD_SIMTAG_ISO_15693:
738 SimTagIso15693(c->arg[0], c->d.asBytes);
739 break;
740 #endif
741
742 #ifdef WITH_LEGICRF
743 case CMD_SIMULATE_TAG_LEGIC_RF:
744 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
745 break;
746
747 case CMD_WRITER_LEGIC_RF:
748 LegicRfWriter(c->arg[1], c->arg[0]);
749 break;
750
751 case CMD_READER_LEGIC_RF:
752 LegicRfReader(c->arg[0], c->arg[1]);
753 break;
754 #endif
755
756 #ifdef WITH_ISO14443b
757 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
758 AcquireRawAdcSamplesIso14443(c->arg[0]);
759 break;
760 case CMD_READ_SRI512_TAG:
761 ReadSTMemoryIso14443(0x0F);
762 break;
763 case CMD_READ_SRIX4K_TAG:
764 ReadSTMemoryIso14443(0x7F);
765 break;
766 case CMD_SNOOP_ISO_14443:
767 SnoopIso14443();
768 break;
769 case CMD_SIMULATE_TAG_ISO_14443:
770 SimulateIso14443Tag();
771 break;
772 case CMD_ISO_14443B_COMMAND:
773 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
774 break;
775 #endif
776
777 #ifdef WITH_ISO14443a
778 case CMD_SNOOP_ISO_14443a:
779 SnoopIso14443a(c->arg[0]);
780 break;
781 case CMD_READER_ISO_14443a:
782 ReaderIso14443a(c);
783 break;
784 case CMD_SIMULATE_TAG_ISO_14443a:
785 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
786 break;
787
788 case CMD_EPA_PACE_COLLECT_NONCE:
789 EPA_PACE_Collect_Nonce(c);
790 break;
791
792 // case CMD_EPA_:
793 // EpaFoo(c);
794 // break;
795
796 case CMD_READER_MIFARE:
797 ReaderMifare(c->arg[0]);
798 break;
799 case CMD_MIFARE_READBL:
800 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
801 break;
802 case CMD_MIFAREU_READBL:
803 MifareUReadBlock(c->arg[0],c->d.asBytes);
804 break;
805 case CMD_MIFAREUC_AUTH1:
806 MifareUC_Auth1(c->arg[0],c->d.asBytes);
807 break;
808 case CMD_MIFAREUC_AUTH2:
809 MifareUC_Auth2(c->arg[0],c->d.asBytes);
810 break;
811 case CMD_MIFAREU_READCARD:
812 MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
813 break;
814 case CMD_MIFAREUC_READCARD:
815 MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
816 break;
817 case CMD_MIFARE_READSC:
818 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
819 break;
820 case CMD_MIFARE_WRITEBL:
821 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
822 break;
823 case CMD_MIFAREU_WRITEBL_COMPAT:
824 MifareUWriteBlock(c->arg[0], c->d.asBytes);
825 break;
826 case CMD_MIFAREU_WRITEBL:
827 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
828 break;
829 case CMD_MIFARE_NESTED:
830 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
831 break;
832 case CMD_MIFARE_CHKKEYS:
833 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
834 break;
835 case CMD_SIMULATE_MIFARE_CARD:
836 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
837 break;
838
839 // emulator
840 case CMD_MIFARE_SET_DBGMODE:
841 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
842 break;
843 case CMD_MIFARE_EML_MEMCLR:
844 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
845 break;
846 case CMD_MIFARE_EML_MEMSET:
847 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
848 break;
849 case CMD_MIFARE_EML_MEMGET:
850 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
851 break;
852 case CMD_MIFARE_EML_CARDLOAD:
853 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
854 break;
855
856 // Work with "magic Chinese" card
857 case CMD_MIFARE_EML_CSETBLOCK:
858 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
859 break;
860 case CMD_MIFARE_EML_CGETBLOCK:
861 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
862 break;
863
864 // mifare sniffer
865 case CMD_MIFARE_SNIFFER:
866 SniffMifare(c->arg[0]);
867 break;
868
869 // mifare desfire
870 case CMD_MIFARE_DESFIRE_READBL:
871 break;
872 case CMD_MIFARE_DESFIRE_WRITEBL:
873 break;
874 case CMD_MIFARE_DESFIRE_AUTH1:
875 MifareDES_Auth1(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
876 break;
877 case CMD_MIFARE_DESFIRE_AUTH2:
878 //MifareDES_Auth2(c->arg[0],c->d.asBytes);
879 break;
880 // case CMD_MIFARE_DES_READER:
881 // ReaderMifareDES(c->arg[0], c->arg[1], c->d.asBytes);
882 //break;
883 case CMD_MIFARE_DESFIRE_INFO:
884 MifareDesfireGetInformation();
885 break;
886 case CMD_MIFARE_DESFIRE:
887 MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes);
888 break;
889
890 #endif
891
892 #ifdef WITH_ICLASS
893 // Makes use of ISO14443a FPGA Firmware
894 case CMD_SNOOP_ICLASS:
895 SnoopIClass();
896 break;
897 case CMD_SIMULATE_TAG_ICLASS:
898 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
899 break;
900 case CMD_READER_ICLASS:
901 ReaderIClass(c->arg[0]);
902 break;
903 case CMD_READER_ICLASS_REPLAY:
904 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
905 break;
906 #endif
907
908 case CMD_SIMULATE_TAG_HF_LISTEN:
909 SimulateTagHfListen();
910 break;
911
912 case CMD_BUFF_CLEAR:
913 BufferClear();
914 break;
915
916 case CMD_MEASURE_ANTENNA_TUNING:
917 MeasureAntennaTuning();
918 break;
919
920 case CMD_MEASURE_ANTENNA_TUNING_HF:
921 MeasureAntennaTuningHf();
922 break;
923
924 case CMD_LISTEN_READER_FIELD:
925 ListenReaderField(c->arg[0]);
926 break;
927
928 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
929 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
930 SpinDelay(200);
931 LED_D_OFF(); // LED D indicates field ON or OFF
932 break;
933
934 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
935
936 LED_B_ON();
937 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
938 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
939 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
940 }
941 // Trigger a finish downloading signal with an ACK frame
942 cmd_send(CMD_ACK,0,0,0,0,0);
943 LED_B_OFF();
944 break;
945
946 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
947 uint8_t *b = (uint8_t *)BigBuf;
948 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
949 cmd_send(CMD_ACK,0,0,0,0,0);
950 break;
951 }
952 case CMD_READ_MEM:
953 ReadMem(c->arg[0]);
954 break;
955
956 case CMD_SET_LF_DIVISOR:
957 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
958 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
959 break;
960
961 case CMD_SET_ADC_MUX:
962 switch(c->arg[0]) {
963 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
964 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
965 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
966 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
967 }
968 break;
969
970 case CMD_VERSION:
971 SendVersion();
972 break;
973
974 #ifdef WITH_LCD
975 case CMD_LCD_RESET:
976 LCDReset();
977 break;
978 case CMD_LCD:
979 LCDSend(c->arg[0]);
980 break;
981 #endif
982 case CMD_SETUP_WRITE:
983 case CMD_FINISH_WRITE:
984 case CMD_HARDWARE_RESET:
985 usb_disable();
986 SpinDelay(1000);
987 SpinDelay(1000);
988 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
989 for(;;) {
990 // We're going to reset, and the bootrom will take control.
991 }
992 break;
993
994 case CMD_START_FLASH:
995 if(common_area.flags.bootrom_present) {
996 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
997 }
998 usb_disable();
999 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
1000 for(;;);
1001 break;
1002
1003 case CMD_DEVICE_INFO: {
1004 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
1005 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
1006 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
1007 break;
1008 }
1009 default:
1010 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
1011 break;
1012 }
1013 }
1014
1015 void __attribute__((noreturn)) AppMain(void)
1016 {
1017 SpinDelay(100);
1018
1019 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
1020 /* Initialize common area */
1021 memset(&common_area, 0, sizeof(common_area));
1022 common_area.magic = COMMON_AREA_MAGIC;
1023 common_area.version = 1;
1024 }
1025 common_area.flags.osimage_present = 1;
1026
1027 LED_D_OFF();
1028 LED_C_OFF();
1029 LED_B_OFF();
1030 LED_A_OFF();
1031
1032 // Init USB device
1033 usb_enable();
1034
1035 // The FPGA gets its clock from us from PCK0 output, so set that up.
1036 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1037 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1038 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1039 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1040 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1041 AT91C_PMC_PRES_CLK_4;
1042 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1043
1044 // Reset SPI
1045 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1046 // Reset SSC
1047 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1048
1049 // Load the FPGA image, which we have stored in our flash.
1050 // (the HF version by default)
1051 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1052
1053 StartTickCount();
1054
1055 #ifdef WITH_LCD
1056 LCDInit();
1057 #endif
1058
1059 byte_t rx[sizeof(UsbCommand)];
1060 size_t rx_len;
1061
1062 for(;;) {
1063 if (usb_poll()) {
1064 rx_len = usb_read(rx,sizeof(UsbCommand));
1065 if (rx_len) {
1066 UsbPacketReceived(rx,rx_len);
1067 }
1068 }
1069 WDT_HIT();
1070
1071 #ifdef WITH_LF
1072 if (BUTTON_HELD(1000) > 0)
1073 SamyRun();
1074 #endif
1075 }
1076 }
Proxmark3 GIT tracking
Impressum, Datenschutz