]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:


d52ed94a3beab578483d68ebc2820799d182ecc4
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21 #include <stdarg.h>
22
23 #include "legicrf.h"
24 #include <hitag2.h>
25
26 #ifdef WITH_LCD
27 #include "LCD.h"
28 #endif
29
30 #define abs(x) ( ((x)<0) ? -(x) : (x) )
31
32 //=============================================================================
33 // A buffer where we can queue things up to be sent through the FPGA, for
34 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
35 // is the order in which they go out on the wire.
36 //=============================================================================
37
38 #define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
39 uint8_t ToSend[TOSEND_BUFFER_SIZE];
40 int ToSendMax;
41 static int ToSendBit;
42 struct common_area common_area __attribute__((section(".commonarea")));
43
44 void BufferClear(void)
45 {
46 memset(BigBuf,0,sizeof(BigBuf));
47 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
48 }
49
50 void ToSendReset(void)
51 {
52 ToSendMax = -1;
53 ToSendBit = 8;
54 }
55
56 void ToSendStuffBit(int b)
57 {
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
70 if(ToSendMax >= sizeof(ToSend)) {
71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74 }
75
76 //=============================================================================
77 // Debug print functions, to go out over USB, to the usual PC-side client.
78 //=============================================================================
79
80 void DbpString(char *str)
81 {
82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
84 }
85
86 #if 0
87 void DbpIntegers(int x1, int x2, int x3)
88 {
89 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
90 }
91 #endif
92
93 void Dbprintf(const char *fmt, ...) {
94 // should probably limit size here; oh well, let's just use a big buffer
95 char output_string[128];
96 va_list ap;
97
98 va_start(ap, fmt);
99 kvsprintf(fmt, output_string, 10, ap);
100 va_end(ap);
101
102 DbpString(output_string);
103 }
104
105 // prints HEX & ASCII
106 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
107 int l=0,i;
108 char ascii[9];
109
110 while (len>0) {
111 if (len>8) l=8;
112 else l=len;
113
114 memcpy(ascii,d,l);
115 ascii[l]=0;
116
117 // filter safe ascii
118 for (i=0;i<l;i++)
119 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
120
121 if (bAsci) {
122 Dbprintf("%-8s %*D",ascii,l,d," ");
123 } else {
124 Dbprintf("%*D",l,d," ");
125 }
126
127 len-=8;
128 d+=8;
129 }
130 }
131
132 //-----------------------------------------------------------------------------
133 // Read an ADC channel and block till it completes, then return the result
134 // in ADC units (0 to 1023). Also a routine to average 32 samples and
135 // return that.
136 //-----------------------------------------------------------------------------
137 static int ReadAdc(int ch)
138 {
139 uint32_t d;
140
141 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
142 AT91C_BASE_ADC->ADC_MR =
143 ADC_MODE_PRESCALE(32) |
144 ADC_MODE_STARTUP_TIME(16) |
145 ADC_MODE_SAMPLE_HOLD_TIME(8);
146 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
147
148 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
149 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
150 ;
151 d = AT91C_BASE_ADC->ADC_CDR[ch];
152
153 return d;
154 }
155
156 int AvgAdc(int ch) // was static - merlok
157 {
158 int i;
159 int a = 0;
160
161 for(i = 0; i < 32; i++) {
162 a += ReadAdc(ch);
163 }
164
165 return (a + 15) >> 5;
166 }
167
168 void MeasureAntennaTuning(void)
169 {
170 uint8_t LF_Results[256];
171 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
172 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
173
174 LED_B_ON();
175
176 /*
177 * Sweeps the useful LF range of the proxmark from
178 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
179 * read the voltage in the antenna, the result left
180 * in the buffer is a graph which should clearly show
181 * the resonating frequency of your LF antenna
182 * ( hopefully around 95 if it is tuned to 125kHz!)
183 */
184
185 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
186 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
187 for (i=255; i>=19; i--) {
188 WDT_HIT();
189 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
190 SpinDelay(20);
191 // Vref = 3.3V, and a 10000:240 voltage divider on the input
192 // can measure voltages up to 137500 mV
193 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
194 if (i==95) vLf125 = adcval; // voltage at 125Khz
195 if (i==89) vLf134 = adcval; // voltage at 134Khz
196
197 LF_Results[i] = adcval>>8; // scale int to fit in byte for graphing purposes
198 if(LF_Results[i] > peak) {
199 peakv = adcval;
200 peak = LF_Results[i];
201 peakf = i;
202 //ptr = i;
203 }
204 }
205
206 for (i=18; i >= 0; i--) LF_Results[i] = 0;
207
208 LED_A_ON();
209 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
210 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
211 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
212 SpinDelay(20);
213 // Vref = 3300mV, and an 10:1 voltage divider on the input
214 // can measure voltages up to 33000 mV
215 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
216
217 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256);
218 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
219 LED_A_OFF();
220 LED_B_OFF();
221 return;
222 }
223
224 void MeasureAntennaTuningHf(void)
225 {
226 int vHf = 0; // in mV
227
228 DbpString("Measuring HF antenna, press button to exit");
229
230 for (;;) {
231 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
232 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
233 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
234 SpinDelay(20);
235 // Vref = 3300mV, and an 10:1 voltage divider on the input
236 // can measure voltages up to 33000 mV
237 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
238
239 Dbprintf("%d mV",vHf);
240 if (BUTTON_PRESS()) break;
241 }
242 DbpString("cancelled");
243 }
244
245
246 void SimulateTagHfListen(void)
247 {
248 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
249 uint8_t v = 0;
250 int i;
251 int p = 0;
252
253 // We're using this mode just so that I can test it out; the simulated
254 // tag mode would work just as well and be simpler.
255 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
256 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
257
258 // We need to listen to the high-frequency, peak-detected path.
259 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
260
261 FpgaSetupSsc();
262
263 i = 0;
264 for(;;) {
265 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
266 AT91C_BASE_SSC->SSC_THR = 0xff;
267 }
268 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
269 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
270
271 v <<= 1;
272 if(r & 1) {
273 v |= 1;
274 }
275 p++;
276
277 if(p >= 8) {
278 dest[i] = v;
279 v = 0;
280 p = 0;
281 i++;
282
283 if(i >= FREE_BUFFER_SIZE) {
284 break;
285 }
286 }
287 }
288 }
289 DbpString("simulate tag (now type bitsamples)");
290 }
291
292 void ReadMem(int addr)
293 {
294 const uint8_t *data = ((uint8_t *)addr);
295
296 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
297 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
298 }
299
300 /* osimage version information is linked in */
301 extern struct version_information version_information;
302 /* bootrom version information is pointed to from _bootphase1_version_pointer */
303 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
304 void SendVersion(void)
305 {
306 char temp[512]; /* Limited data payload in USB packets */
307 DbpString("Prox/RFID mark3 RFID instrument");
308
309 /* Try to find the bootrom version information. Expect to find a pointer at
310 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
311 * pointer, then use it.
312 */
313 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
314 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
315 DbpString("bootrom version information appears invalid");
316 } else {
317 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
318 DbpString(temp);
319 }
320
321 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
322 DbpString(temp);
323
324 FpgaGatherVersion(temp, sizeof(temp));
325 DbpString(temp);
326 // Send Chip ID
327 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
328 }
329
330 #ifdef WITH_LF
331 // samy's sniff and repeat routine
332 void SamyRun()
333 {
334 DbpString("Stand-alone mode! No PC necessary.");
335 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
336
337 // 3 possible options? no just 2 for now
338 #define OPTS 2
339
340 int high[OPTS], low[OPTS];
341
342 // Oooh pretty -- notify user we're in elite samy mode now
343 LED(LED_RED, 200);
344 LED(LED_ORANGE, 200);
345 LED(LED_GREEN, 200);
346 LED(LED_ORANGE, 200);
347 LED(LED_RED, 200);
348 LED(LED_ORANGE, 200);
349 LED(LED_GREEN, 200);
350 LED(LED_ORANGE, 200);
351 LED(LED_RED, 200);
352
353 int selected = 0;
354 int playing = 0;
355 int cardRead = 0;
356
357 // Turn on selected LED
358 LED(selected + 1, 0);
359
360 for (;;)
361 {
362 usb_poll();
363 WDT_HIT();
364
365 // Was our button held down or pressed?
366 int button_pressed = BUTTON_HELD(1000);
367 SpinDelay(300);
368
369 // Button was held for a second, begin recording
370 if (button_pressed > 0 && cardRead == 0)
371 {
372 LEDsoff();
373 LED(selected + 1, 0);
374 LED(LED_RED2, 0);
375
376 // record
377 DbpString("Starting recording");
378
379 // wait for button to be released
380 while(BUTTON_PRESS())
381 WDT_HIT();
382
383 /* need this delay to prevent catching some weird data */
384 SpinDelay(500);
385
386 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
387 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
388
389 LEDsoff();
390 LED(selected + 1, 0);
391 // Finished recording
392
393 // If we were previously playing, set playing off
394 // so next button push begins playing what we recorded
395 playing = 0;
396
397 cardRead = 1;
398
399 }
400
401 else if (button_pressed > 0 && cardRead == 1)
402 {
403 LEDsoff();
404 LED(selected + 1, 0);
405 LED(LED_ORANGE, 0);
406
407 // record
408 Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
409
410 // wait for button to be released
411 while(BUTTON_PRESS())
412 WDT_HIT();
413
414 /* need this delay to prevent catching some weird data */
415 SpinDelay(500);
416
417 CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
418 Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
419
420 LEDsoff();
421 LED(selected + 1, 0);
422 // Finished recording
423
424 // If we were previously playing, set playing off
425 // so next button push begins playing what we recorded
426 playing = 0;
427
428 cardRead = 0;
429
430 }
431
432 // Change where to record (or begin playing)
433 else if (button_pressed)
434 {
435 // Next option if we were previously playing
436 if (playing)
437 selected = (selected + 1) % OPTS;
438 playing = !playing;
439
440 LEDsoff();
441 LED(selected + 1, 0);
442
443 // Begin transmitting
444 if (playing)
445 {
446 LED(LED_GREEN, 0);
447 DbpString("Playing");
448 // wait for button to be released
449 while(BUTTON_PRESS())
450 WDT_HIT();
451 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
452 CmdHIDsimTAG(high[selected], low[selected], 0);
453 DbpString("Done playing");
454 if (BUTTON_HELD(1000) > 0)
455 {
456 DbpString("Exiting");
457 LEDsoff();
458 return;
459 }
460
461 /* We pressed a button so ignore it here with a delay */
462 SpinDelay(300);
463
464 // when done, we're done playing, move to next option
465 selected = (selected + 1) % OPTS;
466 playing = !playing;
467 LEDsoff();
468 LED(selected + 1, 0);
469 }
470 else
471 while(BUTTON_PRESS())
472 WDT_HIT();
473 }
474 }
475 }
476 #endif
477
478 /*
479 OBJECTIVE
480 Listen and detect an external reader. Determine the best location
481 for the antenna.
482
483 INSTRUCTIONS:
484 Inside the ListenReaderField() function, there is two mode.
485 By default, when you call the function, you will enter mode 1.
486 If you press the PM3 button one time, you will enter mode 2.
487 If you press the PM3 button a second time, you will exit the function.
488
489 DESCRIPTION OF MODE 1:
490 This mode just listens for an external reader field and lights up green
491 for HF and/or red for LF. This is the original mode of the detectreader
492 function.
493
494 DESCRIPTION OF MODE 2:
495 This mode will visually represent, using the LEDs, the actual strength of the
496 current compared to the maximum current detected. Basically, once you know
497 what kind of external reader is present, it will help you spot the best location to place
498 your antenna. You will probably not get some good results if there is a LF and a HF reader
499 at the same place! :-)
500
501 LIGHT SCHEME USED:
502 */
503 static const char LIGHT_SCHEME[] = {
504 0x0, /* ---- | No field detected */
505 0x1, /* X--- | 14% of maximum current detected */
506 0x2, /* -X-- | 29% of maximum current detected */
507 0x4, /* --X- | 43% of maximum current detected */
508 0x8, /* ---X | 57% of maximum current detected */
509 0xC, /* --XX | 71% of maximum current detected */
510 0xE, /* -XXX | 86% of maximum current detected */
511 0xF, /* XXXX | 100% of maximum current detected */
512 };
513 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
514
515 void ListenReaderField(int limit)
516 {
517 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
518 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
519 int mode=1, display_val, display_max, i;
520
521 #define LF_ONLY 1
522 #define HF_ONLY 2
523
524 LEDsoff();
525
526 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
527
528 if(limit != HF_ONLY) {
529 Dbprintf("LF 125/134 Baseline: %d", lf_av);
530 lf_baseline = lf_av;
531 }
532
533 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
534
535 if (limit != LF_ONLY) {
536 Dbprintf("HF 13.56 Baseline: %d", hf_av);
537 hf_baseline = hf_av;
538 }
539
540 for(;;) {
541 if (BUTTON_PRESS()) {
542 SpinDelay(500);
543 switch (mode) {
544 case 1:
545 mode=2;
546 DbpString("Signal Strength Mode");
547 break;
548 case 2:
549 default:
550 DbpString("Stopped");
551 LEDsoff();
552 return;
553 break;
554 }
555 }
556 WDT_HIT();
557
558 if (limit != HF_ONLY) {
559 if(mode==1) {
560 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
561 else LED_D_OFF();
562 }
563
564 ++lf_count;
565 lf_av_new= ReadAdc(ADC_CHAN_LF);
566 // see if there's a significant change
567 if(abs(lf_av - lf_av_new) > 10) {
568 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
569 lf_av = lf_av_new;
570 if (lf_av > lf_max)
571 lf_max = lf_av;
572 lf_count= 0;
573 }
574 }
575
576 if (limit != LF_ONLY) {
577 if (mode == 1){
578 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
579 else LED_B_OFF();
580 }
581
582 ++hf_count;
583 hf_av_new= ReadAdc(ADC_CHAN_HF);
584 // see if there's a significant change
585 if(abs(hf_av - hf_av_new) > 10) {
586 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
587 hf_av = hf_av_new;
588 if (hf_av > hf_max)
589 hf_max = hf_av;
590 hf_count= 0;
591 }
592 }
593
594 if(mode == 2) {
595 if (limit == LF_ONLY) {
596 display_val = lf_av;
597 display_max = lf_max;
598 } else if (limit == HF_ONLY) {
599 display_val = hf_av;
600 display_max = hf_max;
601 } else { /* Pick one at random */
602 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
603 display_val = hf_av;
604 display_max = hf_max;
605 } else {
606 display_val = lf_av;
607 display_max = lf_max;
608 }
609 }
610 for (i=0; i<LIGHT_LEN; i++) {
611 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
612 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
613 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
614 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
615 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
616 break;
617 }
618 }
619 }
620 }
621 }
622
623 void UsbPacketReceived(uint8_t *packet, int len)
624 {
625 UsbCommand *c = (UsbCommand *)packet;
626
627 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
628
629 switch(c->cmd) {
630 #ifdef WITH_LF
631 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
632 AcquireRawAdcSamples125k(c->arg[0]);
633 cmd_send(CMD_ACK,0,0,0,0,0);
634 break;
635 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
636 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
637 break;
638 case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
639 SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
640 cmd_send(CMD_ACK,0,0,0,0,0);
641 break;
642 case CMD_HID_DEMOD_FSK:
643 CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
644 break;
645 case CMD_HID_SIM_TAG:
646 CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
647 break;
648 case CMD_HID_CLONE_TAG:
649 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
650 break;
651 case CMD_IO_DEMOD_FSK:
652 CmdIOdemodFSK(c->arg[0], 0, 0, 1);
653 break;
654 case CMD_IO_CLONE_TAG:
655 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
656 break;
657 case CMD_EM410X_DEMOD:
658 CmdEM410xdemod(c->arg[0], 0, 0, 1);
659 break;
660 case CMD_EM410X_WRITE_TAG:
661 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
662 break;
663 case CMD_READ_TI_TYPE:
664 ReadTItag();
665 break;
666 case CMD_WRITE_TI_TYPE:
667 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
668 break;
669 case CMD_SIMULATE_TAG_125K:
670 LED_A_ON();
671 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
672 LED_A_OFF();
673 break;
674 case CMD_LF_SIMULATE_BIDIR:
675 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
676 break;
677 case CMD_INDALA_CLONE_TAG:
678 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
679 break;
680 case CMD_INDALA_CLONE_TAG_L:
681 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
682 break;
683 case CMD_T55XX_READ_BLOCK:
684 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
685 break;
686 case CMD_T55XX_WRITE_BLOCK:
687 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
688 break;
689 case CMD_T55XX_READ_TRACE:
690 T55xxReadTrace();
691 break;
692 case CMD_PCF7931_READ:
693 ReadPCF7931();
694 cmd_send(CMD_ACK,0,0,0,0,0);
695 break;
696 case CMD_EM4X_READ_WORD:
697 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
698 break;
699 case CMD_EM4X_WRITE_WORD:
700 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
701 break;
702 #endif
703
704 #ifdef WITH_HITAG
705 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
706 SnoopHitag(c->arg[0]);
707 break;
708 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
709 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
710 break;
711 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
712 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
713 break;
714 #endif
715
716 #ifdef WITH_ISO15693
717 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
718 AcquireRawAdcSamplesIso15693();
719 break;
720 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
721 RecordRawAdcSamplesIso15693();
722 break;
723
724 case CMD_ISO_15693_COMMAND:
725 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
726 break;
727
728 case CMD_ISO_15693_FIND_AFI:
729 BruteforceIso15693Afi(c->arg[0]);
730 break;
731
732 case CMD_ISO_15693_DEBUG:
733 SetDebugIso15693(c->arg[0]);
734 break;
735
736 case CMD_READER_ISO_15693:
737 ReaderIso15693(c->arg[0]);
738 break;
739 case CMD_SIMTAG_ISO_15693:
740 SimTagIso15693(c->arg[0], c->d.asBytes);
741 break;
742 #endif
743
744 #ifdef WITH_LEGICRF
745 case CMD_SIMULATE_TAG_LEGIC_RF:
746 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
747 break;
748
749 case CMD_WRITER_LEGIC_RF:
750 LegicRfWriter(c->arg[1], c->arg[0]);
751 break;
752
753 case CMD_READER_LEGIC_RF:
754 LegicRfReader(c->arg[0], c->arg[1]);
755 break;
756 #endif
757
758 #ifdef WITH_ISO14443b
759 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
760 AcquireRawAdcSamplesIso14443(c->arg[0]);
761 break;
762 case CMD_READ_SRI512_TAG:
763 ReadSTMemoryIso14443(0x0F);
764 break;
765 case CMD_READ_SRIX4K_TAG:
766 ReadSTMemoryIso14443(0x7F);
767 break;
768 case CMD_SNOOP_ISO_14443:
769 SnoopIso14443();
770 break;
771 case CMD_SIMULATE_TAG_ISO_14443:
772 SimulateIso14443Tag();
773 break;
774 case CMD_ISO_14443B_COMMAND:
775 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
776 break;
777 #endif
778
779 #ifdef WITH_ISO14443a
780 case CMD_SNOOP_ISO_14443a:
781 SnoopIso14443a(c->arg[0]);
782 break;
783 case CMD_READER_ISO_14443a:
784 ReaderIso14443a(c);
785 break;
786 case CMD_SIMULATE_TAG_ISO_14443a:
787 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
788 break;
789
790 case CMD_EPA_PACE_COLLECT_NONCE:
791 EPA_PACE_Collect_Nonce(c);
792 break;
793
794 case CMD_READER_MIFARE:
795 ReaderMifare(c->arg[0]);
796 break;
797 case CMD_MIFARE_READBL:
798 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
799 break;
800 case CMD_MIFAREU_READBL:
801 MifareUReadBlock(c->arg[0],c->d.asBytes);
802 break;
803 case CMD_MIFAREU_READCARD:
804 MifareUReadCard(c->arg[0],c->d.asBytes);
805 break;
806 case CMD_MIFARE_READSC:
807 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
808 break;
809 case CMD_MIFARE_WRITEBL:
810 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
811 break;
812 case CMD_MIFAREU_WRITEBL_COMPAT:
813 MifareUWriteBlock(c->arg[0], c->d.asBytes);
814 break;
815 case CMD_MIFAREU_WRITEBL:
816 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
817 break;
818 case CMD_MIFARE_NESTED:
819 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
820 break;
821 case CMD_MIFARE_CHKKEYS:
822 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
823 break;
824 case CMD_SIMULATE_MIFARE_CARD:
825 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
826 break;
827
828 // emulator
829 case CMD_MIFARE_SET_DBGMODE:
830 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
831 break;
832 case CMD_MIFARE_EML_MEMCLR:
833 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
834 break;
835 case CMD_MIFARE_EML_MEMSET:
836 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
837 break;
838 case CMD_MIFARE_EML_MEMGET:
839 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
840 break;
841 case CMD_MIFARE_EML_CARDLOAD:
842 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
843 break;
844
845 // Work with "magic Chinese" card
846 case CMD_MIFARE_CSETBLOCK:
847 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
848 break;
849 case CMD_MIFARE_CGETBLOCK:
850 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
851 break;
852 case CMD_MIFARE_CIDENT:
853 MifareCIdent();
854 break;
855
856 // mifare sniffer
857 case CMD_MIFARE_SNIFFER:
858 SniffMifare(c->arg[0]);
859 break;
860 #endif
861
862 #ifdef WITH_ICLASS
863 // Makes use of ISO14443a FPGA Firmware
864 case CMD_SNOOP_ICLASS:
865 SnoopIClass();
866 break;
867 case CMD_SIMULATE_TAG_ICLASS:
868 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
869 break;
870 case CMD_READER_ICLASS:
871 ReaderIClass(c->arg[0]);
872 break;
873 case CMD_READER_ICLASS_REPLAY:
874 ReaderIClass_Replay(c->arg[0], c->d.asBytes);
875 break;
876 #endif
877
878 case CMD_SIMULATE_TAG_HF_LISTEN:
879 SimulateTagHfListen();
880 break;
881
882 case CMD_BUFF_CLEAR:
883 BufferClear();
884 break;
885
886 case CMD_MEASURE_ANTENNA_TUNING:
887 MeasureAntennaTuning();
888 break;
889
890 case CMD_MEASURE_ANTENNA_TUNING_HF:
891 MeasureAntennaTuningHf();
892 break;
893
894 case CMD_LISTEN_READER_FIELD:
895 ListenReaderField(c->arg[0]);
896 break;
897
898 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
899 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
900 SpinDelay(200);
901 LED_D_OFF(); // LED D indicates field ON or OFF
902 break;
903
904 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
905
906 LED_B_ON();
907 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
908 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
909 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
910 }
911 // Trigger a finish downloading signal with an ACK frame
912 cmd_send(CMD_ACK,0,0,0,0,0);
913 LED_B_OFF();
914 break;
915
916 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
917 uint8_t *b = (uint8_t *)BigBuf;
918 memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
919 cmd_send(CMD_ACK,0,0,0,0,0);
920 break;
921 }
922 case CMD_READ_MEM:
923 ReadMem(c->arg[0]);
924 break;
925
926 case CMD_SET_LF_DIVISOR:
927 FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
928 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
929 break;
930
931 case CMD_SET_ADC_MUX:
932 switch(c->arg[0]) {
933 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
934 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
935 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
936 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
937 }
938 break;
939
940 case CMD_VERSION:
941 SendVersion();
942 break;
943
944 #ifdef WITH_LCD
945 case CMD_LCD_RESET:
946 LCDReset();
947 break;
948 case CMD_LCD:
949 LCDSend(c->arg[0]);
950 break;
951 #endif
952 case CMD_SETUP_WRITE:
953 case CMD_FINISH_WRITE:
954 case CMD_HARDWARE_RESET:
955 usb_disable();
956 SpinDelay(1000);
957 SpinDelay(1000);
958 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
959 for(;;) {
960 // We're going to reset, and the bootrom will take control.
961 }
962 break;
963
964 case CMD_START_FLASH:
965 if(common_area.flags.bootrom_present) {
966 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
967 }
968 usb_disable();
969 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
970 for(;;);
971 break;
972
973 case CMD_DEVICE_INFO: {
974 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
975 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
976 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
977 break;
978 }
979 default:
980 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
981 break;
982 }
983 }
984
985 void __attribute__((noreturn)) AppMain(void)
986 {
987 SpinDelay(100);
988
989 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
990 /* Initialize common area */
991 memset(&common_area, 0, sizeof(common_area));
992 common_area.magic = COMMON_AREA_MAGIC;
993 common_area.version = 1;
994 }
995 common_area.flags.osimage_present = 1;
996
997 LED_D_OFF();
998 LED_C_OFF();
999 LED_B_OFF();
1000 LED_A_OFF();
1001
1002 // Init USB device
1003 usb_enable();
1004
1005 // The FPGA gets its clock from us from PCK0 output, so set that up.
1006 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1007 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1008 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1009 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1010 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1011 AT91C_PMC_PRES_CLK_4;
1012 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1013
1014 // Reset SPI
1015 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1016 // Reset SSC
1017 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1018
1019 // Load the FPGA image, which we have stored in our flash.
1020 // (the HF version by default)
1021 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1022
1023 StartTickCount();
1024
1025 #ifdef WITH_LCD
1026 LCDInit();
1027 #endif
1028
1029 byte_t rx[sizeof(UsbCommand)];
1030 size_t rx_len;
1031
1032 for(;;) {
1033 if (usb_poll()) {
1034 rx_len = usb_read(rx,sizeof(UsbCommand));
1035 if (rx_len) {
1036 UsbPacketReceived(rx,rx_len);
1037 }
1038 }
1039 WDT_HIT();
1040
1041 #ifdef WITH_LF
1042 if (BUTTON_HELD(1000) > 0)
1043 SamyRun();
1044 #endif
1045 }
1046 }
Proxmark3 GIT tracking
Impressum, Datenschutz