]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
More work on iclass
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // The main application code. This is the first thing called after start.c
10 // executes.
11 //-----------------------------------------------------------------------------
12
13 #include "usb_cdc.h"
14 #include "cmd.h"
15
16 #include "proxmark3.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "printf.h"
20 #include "string.h"
21
22 #include <stdarg.h>
23
24 #include "legicrf.h"
25 #include <hitag2.h>
26
27 #ifdef WITH_LCD
28 #include "LCD.h"
29 #endif
30
31 #define abs(x) ( ((x)<0) ? -(x) : (x) )
32
33 //=============================================================================
34 // A buffer where we can queue things up to be sent through the FPGA, for
35 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
36 // is the order in which they go out on the wire.
37 //=============================================================================
38
39 uint8_t ToSend[512];
40 int ToSendMax;
41 static int ToSendBit;
42 struct common_area common_area __attribute__((section(".commonarea")));
43
44 void BufferClear(void)
45 {
46 memset(BigBuf,0,sizeof(BigBuf));
47 Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf));
48 }
49
50 void ToSendReset(void)
51 {
52 ToSendMax = -1;
53 ToSendBit = 8;
54 }
55
56 void ToSendStuffBit(int b)
57 {
58 if(ToSendBit >= 8) {
59 ToSendMax++;
60 ToSend[ToSendMax] = 0;
61 ToSendBit = 0;
62 }
63
64 if(b) {
65 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
66 }
67
68 ToSendBit++;
69
70 if(ToSendBit >= sizeof(ToSend)) {
71 ToSendBit = 0;
72 DbpString("ToSendStuffBit overflowed!");
73 }
74 }
75
76 //=============================================================================
77 // Debug print functions, to go out over USB, to the usual PC-side client.
78 //=============================================================================
79
80 void DbpString(char *str)
81 {
82 byte_t len = strlen(str);
83 cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
84 // /* this holds up stuff unless we're connected to usb */
85 // if (!UsbConnected())
86 // return;
87 //
88 // UsbCommand c;
89 // c.cmd = CMD_DEBUG_PRINT_STRING;
90 // c.arg[0] = strlen(str);
91 // if(c.arg[0] > sizeof(c.d.asBytes)) {
92 // c.arg[0] = sizeof(c.d.asBytes);
93 // }
94 // memcpy(c.d.asBytes, str, c.arg[0]);
95 //
96 // UsbSendPacket((uint8_t *)&c, sizeof(c));
97 // // TODO fix USB so stupid things like this aren't req'd
98 // SpinDelay(50);
99 }
100
101 #if 0
102 void DbpIntegers(int x1, int x2, int x3)
103 {
104 cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
105 // /* this holds up stuff unless we're connected to usb */
106 // if (!UsbConnected())
107 // return;
108 //
109 // UsbCommand c;
110 // c.cmd = CMD_DEBUG_PRINT_INTEGERS;
111 // c.arg[0] = x1;
112 // c.arg[1] = x2;
113 // c.arg[2] = x3;
114 //
115 // UsbSendPacket((uint8_t *)&c, sizeof(c));
116 // // XXX
117 // SpinDelay(50);
118 }
119 #endif
120
121 void Dbprintf(const char *fmt, ...) {
122 // should probably limit size here; oh well, let's just use a big buffer
123 char output_string[128];
124 va_list ap;
125
126 va_start(ap, fmt);
127 kvsprintf(fmt, output_string, 10, ap);
128 va_end(ap);
129
130 DbpString(output_string);
131 }
132
133 // prints HEX & ASCII
134 void Dbhexdump(int len, uint8_t *d, bool bAsci) {
135 int l=0,i;
136 char ascii[9];
137
138 while (len>0) {
139 if (len>8) l=8;
140 else l=len;
141
142 memcpy(ascii,d,l);
143 ascii[l]=0;
144
145 // filter safe ascii
146 for (i=0;i<l;i++)
147 if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
148
149 if (bAsci) {
150 Dbprintf("%-8s %*D",ascii,l,d," ");
151 } else {
152 Dbprintf("%*D",l,d," ");
153 }
154
155 len-=8;
156 d+=8;
157 }
158 }
159
160 //-----------------------------------------------------------------------------
161 // Read an ADC channel and block till it completes, then return the result
162 // in ADC units (0 to 1023). Also a routine to average 32 samples and
163 // return that.
164 //-----------------------------------------------------------------------------
165 static int ReadAdc(int ch)
166 {
167 uint32_t d;
168
169 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
170 AT91C_BASE_ADC->ADC_MR =
171 ADC_MODE_PRESCALE(32) |
172 ADC_MODE_STARTUP_TIME(16) |
173 ADC_MODE_SAMPLE_HOLD_TIME(8);
174 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch);
175
176 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
177 while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch)))
178 ;
179 d = AT91C_BASE_ADC->ADC_CDR[ch];
180
181 return d;
182 }
183
184 int AvgAdc(int ch) // was static - merlok
185 {
186 int i;
187 int a = 0;
188
189 for(i = 0; i < 32; i++) {
190 a += ReadAdc(ch);
191 }
192
193 return (a + 15) >> 5;
194 }
195
196 void MeasureAntennaTuning(void)
197 {
198 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
199 int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
200 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
201
202 // UsbCommand c;
203
204 LED_B_ON();
205 DbpString("Measuring antenna characteristics, please wait...");
206 memset(dest,0,sizeof(FREE_BUFFER_SIZE));
207
208 /*
209 * Sweeps the useful LF range of the proxmark from
210 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
211 * read the voltage in the antenna, the result left
212 * in the buffer is a graph which should clearly show
213 * the resonating frequency of your LF antenna
214 * ( hopefully around 95 if it is tuned to 125kHz!)
215 */
216
217 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
218 for (i=255; i>19; i--) {
219 WDT_HIT();
220 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
221 SpinDelay(20);
222 // Vref = 3.3V, and a 10000:240 voltage divider on the input
223 // can measure voltages up to 137500 mV
224 adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
225 if (i==95) vLf125 = adcval; // voltage at 125Khz
226 if (i==89) vLf134 = adcval; // voltage at 134Khz
227
228 dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
229 if(dest[i] > peak) {
230 peakv = adcval;
231 peak = dest[i];
232 peakf = i;
233 //ptr = i;
234 }
235 }
236
237 LED_A_ON();
238 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
239 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
240 SpinDelay(20);
241 // Vref = 3300mV, and an 10:1 voltage divider on the input
242 // can measure voltages up to 33000 mV
243 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
244
245 // c.cmd = CMD_MEASURED_ANTENNA_TUNING;
246 // c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
247 // c.arg[1] = vHf;
248 // c.arg[2] = peakf | (peakv << 16);
249
250 DbpString("Measuring complete, sending report back to host");
251 cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),0,0);
252 // UsbSendPacket((uint8_t *)&c, sizeof(c));
253 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
254 LED_A_OFF();
255 LED_B_OFF();
256 return;
257 }
258
259 void MeasureAntennaTuningHf(void)
260 {
261 int vHf = 0; // in mV
262
263 DbpString("Measuring HF antenna, press button to exit");
264
265 for (;;) {
266 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
267 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
268 SpinDelay(20);
269 // Vref = 3300mV, and an 10:1 voltage divider on the input
270 // can measure voltages up to 33000 mV
271 vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
272
273 Dbprintf("%d mV",vHf);
274 if (BUTTON_PRESS()) break;
275 }
276 DbpString("cancelled");
277 }
278
279
280 void SimulateTagHfListen(void)
281 {
282 uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
283 uint8_t v = 0;
284 int i;
285 int p = 0;
286
287 // We're using this mode just so that I can test it out; the simulated
288 // tag mode would work just as well and be simpler.
289 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
290
291 // We need to listen to the high-frequency, peak-detected path.
292 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
293
294 FpgaSetupSsc();
295
296 i = 0;
297 for(;;) {
298 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
299 AT91C_BASE_SSC->SSC_THR = 0xff;
300 }
301 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
302 uint8_t r = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
303
304 v <<= 1;
305 if(r & 1) {
306 v |= 1;
307 }
308 p++;
309
310 if(p >= 8) {
311 dest[i] = v;
312 v = 0;
313 p = 0;
314 i++;
315
316 if(i >= FREE_BUFFER_SIZE) {
317 break;
318 }
319 }
320 }
321 }
322 DbpString("simulate tag (now type bitsamples)");
323 }
324
325 void ReadMem(int addr)
326 {
327 const uint8_t *data = ((uint8_t *)addr);
328
329 Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x",
330 addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]);
331 }
332
333 /* osimage version information is linked in */
334 extern struct version_information version_information;
335 /* bootrom version information is pointed to from _bootphase1_version_pointer */
336 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
337 void SendVersion(void)
338 {
339 char temp[256]; /* Limited data payload in USB packets */
340 DbpString("Prox/RFID mark3 RFID instrument");
341
342 /* Try to find the bootrom version information. Expect to find a pointer at
343 * symbol _bootphase1_version_pointer, perform slight sanity checks on the
344 * pointer, then use it.
345 */
346 char *bootrom_version = *(char**)&_bootphase1_version_pointer;
347 if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) {
348 DbpString("bootrom version information appears invalid");
349 } else {
350 FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version);
351 DbpString(temp);
352 }
353
354 FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information);
355 DbpString(temp);
356
357 FpgaGatherVersion(temp, sizeof(temp));
358 DbpString(temp);
359 // Send Chip ID
360 cmd_send(CMD_ACK,*(AT91C_DBGU_CIDR),0,0,NULL,0);
361 }
362
363 #ifdef WITH_LF
364 // samy's sniff and repeat routine
365 void SamyRun()
366 {
367 DbpString("Stand-alone mode! No PC necessary.");
368
369 // 3 possible options? no just 2 for now
370 #define OPTS 2
371
372 int high[OPTS], low[OPTS];
373
374 // Oooh pretty -- notify user we're in elite samy mode now
375 LED(LED_RED, 200);
376 LED(LED_ORANGE, 200);
377 LED(LED_GREEN, 200);
378 LED(LED_ORANGE, 200);
379 LED(LED_RED, 200);
380 LED(LED_ORANGE, 200);
381 LED(LED_GREEN, 200);
382 LED(LED_ORANGE, 200);
383 LED(LED_RED, 200);
384
385 int selected = 0;
386 int playing = 0;
387
388 // Turn on selected LED
389 LED(selected + 1, 0);
390
391 for (;;)
392 {
393 // UsbPoll(FALSE);
394 usb_poll();
395 WDT_HIT();
396
397 // Was our button held down or pressed?
398 int button_pressed = BUTTON_HELD(1000);
399 SpinDelay(300);
400
401 // Button was held for a second, begin recording
402 if (button_pressed > 0)
403 {
404 LEDsoff();
405 LED(selected + 1, 0);
406 LED(LED_RED2, 0);
407
408 // record
409 DbpString("Starting recording");
410
411 // wait for button to be released
412 while(BUTTON_PRESS())
413 WDT_HIT();
414
415 /* need this delay to prevent catching some weird data */
416 SpinDelay(500);
417
418 CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
419 Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]);
420
421 LEDsoff();
422 LED(selected + 1, 0);
423 // Finished recording
424
425 // If we were previously playing, set playing off
426 // so next button push begins playing what we recorded
427 playing = 0;
428 }
429
430 // Change where to record (or begin playing)
431 else if (button_pressed)
432 {
433 // Next option if we were previously playing
434 if (playing)
435 selected = (selected + 1) % OPTS;
436 playing = !playing;
437
438 LEDsoff();
439 LED(selected + 1, 0);
440
441 // Begin transmitting
442 if (playing)
443 {
444 LED(LED_GREEN, 0);
445 DbpString("Playing");
446 // wait for button to be released
447 while(BUTTON_PRESS())
448 WDT_HIT();
449 Dbprintf("%x %x %x", selected, high[selected], low[selected]);
450 CmdHIDsimTAG(high[selected], low[selected], 0);
451 DbpString("Done playing");
452 if (BUTTON_HELD(1000) > 0)
453 {
454 DbpString("Exiting");
455 LEDsoff();
456 return;
457 }
458
459 /* We pressed a button so ignore it here with a delay */
460 SpinDelay(300);
461
462 // when done, we're done playing, move to next option
463 selected = (selected + 1) % OPTS;
464 playing = !playing;
465 LEDsoff();
466 LED(selected + 1, 0);
467 }
468 else
469 while(BUTTON_PRESS())
470 WDT_HIT();
471 }
472 }
473 }
474 #endif
475
476 /*
477 OBJECTIVE
478 Listen and detect an external reader. Determine the best location
479 for the antenna.
480
481 INSTRUCTIONS:
482 Inside the ListenReaderField() function, there is two mode.
483 By default, when you call the function, you will enter mode 1.
484 If you press the PM3 button one time, you will enter mode 2.
485 If you press the PM3 button a second time, you will exit the function.
486
487 DESCRIPTION OF MODE 1:
488 This mode just listens for an external reader field and lights up green
489 for HF and/or red for LF. This is the original mode of the detectreader
490 function.
491
492 DESCRIPTION OF MODE 2:
493 This mode will visually represent, using the LEDs, the actual strength of the
494 current compared to the maximum current detected. Basically, once you know
495 what kind of external reader is present, it will help you spot the best location to place
496 your antenna. You will probably not get some good results if there is a LF and a HF reader
497 at the same place! :-)
498
499 LIGHT SCHEME USED:
500 */
501 static const char LIGHT_SCHEME[] = {
502 0x0, /* ---- | No field detected */
503 0x1, /* X--- | 14% of maximum current detected */
504 0x2, /* -X-- | 29% of maximum current detected */
505 0x4, /* --X- | 43% of maximum current detected */
506 0x8, /* ---X | 57% of maximum current detected */
507 0xC, /* --XX | 71% of maximum current detected */
508 0xE, /* -XXX | 86% of maximum current detected */
509 0xF, /* XXXX | 100% of maximum current detected */
510 };
511 static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]);
512
513 void ListenReaderField(int limit)
514 {
515 int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max;
516 int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max;
517 int mode=1, display_val, display_max, i;
518
519 #define LF_ONLY 1
520 #define HF_ONLY 2
521
522 LEDsoff();
523
524 lf_av=lf_max=ReadAdc(ADC_CHAN_LF);
525
526 if(limit != HF_ONLY) {
527 Dbprintf("LF 125/134 Baseline: %d", lf_av);
528 lf_baseline = lf_av;
529 }
530
531 hf_av=hf_max=ReadAdc(ADC_CHAN_HF);
532
533 if (limit != LF_ONLY) {
534 Dbprintf("HF 13.56 Baseline: %d", hf_av);
535 hf_baseline = hf_av;
536 }
537
538 for(;;) {
539 if (BUTTON_PRESS()) {
540 SpinDelay(500);
541 switch (mode) {
542 case 1:
543 mode=2;
544 DbpString("Signal Strength Mode");
545 break;
546 case 2:
547 default:
548 DbpString("Stopped");
549 LEDsoff();
550 return;
551 break;
552 }
553 }
554 WDT_HIT();
555
556 if (limit != HF_ONLY) {
557 if(mode==1) {
558 if (abs(lf_av - lf_baseline) > 10) LED_D_ON();
559 else LED_D_OFF();
560 }
561
562 ++lf_count;
563 lf_av_new= ReadAdc(ADC_CHAN_LF);
564 // see if there's a significant change
565 if(abs(lf_av - lf_av_new) > 10) {
566 Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count);
567 lf_av = lf_av_new;
568 if (lf_av > lf_max)
569 lf_max = lf_av;
570 lf_count= 0;
571 }
572 }
573
574 if (limit != LF_ONLY) {
575 if (mode == 1){
576 if (abs(hf_av - hf_baseline) > 10) LED_B_ON();
577 else LED_B_OFF();
578 }
579
580 ++hf_count;
581 hf_av_new= ReadAdc(ADC_CHAN_HF);
582 // see if there's a significant change
583 if(abs(hf_av - hf_av_new) > 10) {
584 Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count);
585 hf_av = hf_av_new;
586 if (hf_av > hf_max)
587 hf_max = hf_av;
588 hf_count= 0;
589 }
590 }
591
592 if(mode == 2) {
593 if (limit == LF_ONLY) {
594 display_val = lf_av;
595 display_max = lf_max;
596 } else if (limit == HF_ONLY) {
597 display_val = hf_av;
598 display_max = hf_max;
599 } else { /* Pick one at random */
600 if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) {
601 display_val = hf_av;
602 display_max = hf_max;
603 } else {
604 display_val = lf_av;
605 display_max = lf_max;
606 }
607 }
608 for (i=0; i<LIGHT_LEN; i++) {
609 if (display_val >= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) {
610 if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF();
611 if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF();
612 if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF();
613 if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF();
614 break;
615 }
616 }
617 }
618 }
619 }
620
621 void UsbPacketReceived(uint8_t *packet, int len)
622 {
623 UsbCommand *c = (UsbCommand *)packet;
624
625 // Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]);
626
627 switch(c->cmd) {
628 #ifdef WITH_LF
629 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
630 AcquireRawAdcSamples125k(c->arg[0]);
631 cmd_send(CMD_ACK,0,0,0,0,0);
632 break;
633 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
634 ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
635 break;
636 case CMD_HID_DEMOD_FSK:
637 CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag
638 break;
639 case CMD_HID_SIM_TAG:
640 CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
641 break;
642 case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
643 CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
644 break;
645 case CMD_IO_DEMOD_FSK:
646 CmdIOdemodFSK(1, 0, 0, 1); // Demodulate IO tag
647 break;
648 case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
649 CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
650 break;
651 case CMD_EM410X_WRITE_TAG:
652 WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
653 break;
654 case CMD_READ_TI_TYPE:
655 ReadTItag();
656 break;
657 case CMD_WRITE_TI_TYPE:
658 WriteTItag(c->arg[0],c->arg[1],c->arg[2]);
659 break;
660 case CMD_SIMULATE_TAG_125K:
661 LED_A_ON();
662 SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
663 LED_A_OFF();
664 break;
665 case CMD_LF_SIMULATE_BIDIR:
666 SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
667 break;
668 case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
669 CopyIndala64toT55x7(c->arg[0], c->arg[1]);
670 break;
671 case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
672 CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
673 break;
674 case CMD_T55XX_READ_BLOCK:
675 T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
676 break;
677 case CMD_T55XX_WRITE_BLOCK:
678 T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
679 break;
680 case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
681 T55xxReadTrace();
682 break;
683 case CMD_PCF7931_READ: // Read PCF7931 tag
684 ReadPCF7931();
685 cmd_send(CMD_ACK,0,0,0,0,0);
686 // UsbSendPacket((uint8_t*)&ack, sizeof(ack));
687 break;
688 case CMD_EM4X_READ_WORD:
689 EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
690 break;
691 case CMD_EM4X_WRITE_WORD:
692 EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
693 break;
694 #endif
695
696 #ifdef WITH_HITAG
697 case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
698 SnoopHitag(c->arg[0]);
699 break;
700 case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
701 SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
702 break;
703 case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
704 ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
705 break;
706 #endif
707
708 #ifdef WITH_ISO15693
709 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
710 AcquireRawAdcSamplesIso15693();
711 break;
712 case CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693:
713 RecordRawAdcSamplesIso15693();
714 break;
715
716 case CMD_ISO_15693_COMMAND:
717 DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
718 break;
719
720 case CMD_ISO_15693_FIND_AFI:
721 BruteforceIso15693Afi(c->arg[0]);
722 break;
723
724 case CMD_ISO_15693_DEBUG:
725 SetDebugIso15693(c->arg[0]);
726 break;
727
728 case CMD_READER_ISO_15693:
729 ReaderIso15693(c->arg[0]);
730 break;
731 case CMD_SIMTAG_ISO_15693:
732 SimTagIso15693(c->arg[0]);
733 break;
734 #endif
735
736 #ifdef WITH_LEGICRF
737 case CMD_SIMULATE_TAG_LEGIC_RF:
738 LegicRfSimulate(c->arg[0], c->arg[1], c->arg[2]);
739 break;
740
741 case CMD_WRITER_LEGIC_RF:
742 LegicRfWriter(c->arg[1], c->arg[0]);
743 break;
744
745 case CMD_READER_LEGIC_RF:
746 LegicRfReader(c->arg[0], c->arg[1]);
747 break;
748 #endif
749
750 #ifdef WITH_ISO14443b
751 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
752 AcquireRawAdcSamplesIso14443(c->arg[0]);
753 break;
754 case CMD_READ_SRI512_TAG:
755 ReadSTMemoryIso14443(0x0F);
756 break;
757 case CMD_READ_SRIX4K_TAG:
758 ReadSTMemoryIso14443(0x7F);
759 break;
760 case CMD_SNOOP_ISO_14443:
761 SnoopIso14443();
762 break;
763 case CMD_SIMULATE_TAG_ISO_14443:
764 SimulateIso14443Tag();
765 break;
766 case CMD_ISO_14443B_COMMAND:
767 SendRawCommand14443B(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
768 break;
769 #endif
770
771 #ifdef WITH_ISO14443a
772 case CMD_SNOOP_ISO_14443a:
773 SnoopIso14443a(c->arg[0]);
774 break;
775 case CMD_READER_ISO_14443a:
776 ReaderIso14443a(c);
777 break;
778 case CMD_SIMULATE_TAG_ISO_14443a:
779 SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
780 break;
781 case CMD_EPA_PACE_COLLECT_NONCE:
782 EPA_PACE_Collect_Nonce(c);
783 break;
784
785 case CMD_READER_MIFARE:
786 ReaderMifare(c->arg[0]);
787 break;
788 case CMD_MIFARE_READBL:
789 MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
790 break;
791 case CMD_MIFAREU_READBL:
792 MifareUReadBlock(c->arg[0],c->d.asBytes);
793 break;
794 case CMD_MIFAREU_READCARD:
795 MifareUReadCard(c->arg[0],c->d.asBytes);
796 break;
797 case CMD_MIFARE_READSC:
798 MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
799 break;
800 case CMD_MIFARE_WRITEBL:
801 MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
802 break;
803 case CMD_MIFAREU_WRITEBL_COMPAT:
804 MifareUWriteBlock(c->arg[0], c->d.asBytes);
805 break;
806 case CMD_MIFAREU_WRITEBL:
807 MifareUWriteBlock_Special(c->arg[0], c->d.asBytes);
808 break;
809 case CMD_MIFARE_NESTED:
810 MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
811 break;
812 case CMD_MIFARE_CHKKEYS:
813 MifareChkKeys(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
814 break;
815 case CMD_SIMULATE_MIFARE_CARD:
816 Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
817 break;
818
819 // emulator
820 case CMD_MIFARE_SET_DBGMODE:
821 MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
822 break;
823 case CMD_MIFARE_EML_MEMCLR:
824 MifareEMemClr(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
825 break;
826 case CMD_MIFARE_EML_MEMSET:
827 MifareEMemSet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
828 break;
829 case CMD_MIFARE_EML_MEMGET:
830 MifareEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
831 break;
832 case CMD_MIFARE_EML_CARDLOAD:
833 MifareECardLoad(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
834 break;
835
836 // Work with "magic Chinese" card
837 case CMD_MIFARE_EML_CSETBLOCK:
838 MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
839 break;
840 case CMD_MIFARE_EML_CGETBLOCK:
841 MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
842 break;
843
844 // mifare sniffer
845 case CMD_MIFARE_SNIFFER:
846 SniffMifare(c->arg[0]);
847 break;
848 #endif
849
850 #ifdef WITH_ICLASS
851 // Makes use of ISO14443a FPGA Firmware
852 case CMD_SNOOP_ICLASS:
853 SnoopIClass();
854 break;
855 case CMD_SIMULATE_TAG_ICLASS:
856 SimulateIClass(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
857 break;
858 case CMD_READER_ICLASS:
859 ReaderIClass(c->arg[0]);
860 break;
861 #endif
862
863 case CMD_SIMULATE_TAG_HF_LISTEN:
864 SimulateTagHfListen();
865 break;
866
867 case CMD_BUFF_CLEAR:
868 BufferClear();
869 break;
870
871 case CMD_MEASURE_ANTENNA_TUNING:
872 MeasureAntennaTuning();
873 break;
874
875 case CMD_MEASURE_ANTENNA_TUNING_HF:
876 MeasureAntennaTuningHf();
877 break;
878
879 case CMD_LISTEN_READER_FIELD:
880 ListenReaderField(c->arg[0]);
881 break;
882
883 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
884 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
885 SpinDelay(200);
886 LED_D_OFF(); // LED D indicates field ON or OFF
887 break;
888
889 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
890 // UsbCommand n;
891 // if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
892 // n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
893 // } else {
894 // n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
895 // }
896 // n.arg[0] = c->arg[0];
897 // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
898 // LED_B_ON();
899 // usb_write((uint8_t *)&n, sizeof(n));
900 // UsbSendPacket((uint8_t *)&n, sizeof(n));
901 // LED_B_OFF();
902
903 LED_B_ON();
904 for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
905 size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
906 cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,0,((byte_t*)BigBuf)+c->arg[0]+i,len);
907 }
908 // Trigger a finish downloading signal with an ACK frame
909 cmd_send(CMD_ACK,0,0,0,0,0);
910 LED_B_OFF();
911 break;
912
913 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
914 uint8_t *b = (uint8_t *)BigBuf;
915 memcpy(b+c->arg[0], c->d.asBytes, 48);
916 //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
917 // UsbSendPacket((uint8_t*)&ack, sizeof(ack));
918 cmd_send(CMD_ACK,0,0,0,0,0);
919 break;
920 }
921 case CMD_READ_MEM:
922 ReadMem(c->arg[0]);
923 break;
924
925 case CMD_SET_LF_DIVISOR:
926 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
927 break;
928
929 case CMD_SET_ADC_MUX:
930 switch(c->arg[0]) {
931 case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break;
932 case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break;
933 case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break;
934 case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break;
935 }
936 break;
937
938 case CMD_VERSION:
939 SendVersion();
940 break;
941
942 #ifdef WITH_LCD
943 case CMD_LCD_RESET:
944 LCDReset();
945 break;
946 case CMD_LCD:
947 LCDSend(c->arg[0]);
948 break;
949 #endif
950 case CMD_SETUP_WRITE:
951 case CMD_FINISH_WRITE:
952 case CMD_HARDWARE_RESET:
953 usb_disable();
954 SpinDelay(1000);
955 SpinDelay(1000);
956 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
957 for(;;) {
958 // We're going to reset, and the bootrom will take control.
959 }
960 break;
961
962 case CMD_START_FLASH:
963 if(common_area.flags.bootrom_present) {
964 common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
965 }
966 usb_disable();
967 AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
968 for(;;);
969 break;
970
971 case CMD_DEVICE_INFO: {
972 uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
973 if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
974 // UsbSendPacket((uint8_t*)&c, sizeof(c));
975 cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
976 break;
977 }
978 default:
979 Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
980 break;
981 }
982 }
983
984 void __attribute__((noreturn)) AppMain(void)
985 {
986 SpinDelay(100);
987
988 if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
989 /* Initialize common area */
990 memset(&common_area, 0, sizeof(common_area));
991 common_area.magic = COMMON_AREA_MAGIC;
992 common_area.version = 1;
993 }
994 common_area.flags.osimage_present = 1;
995
996 LED_D_OFF();
997 LED_C_OFF();
998 LED_B_OFF();
999 LED_A_OFF();
1000
1001 // Init USB device`
1002 usb_enable();
1003 // UsbStart();
1004
1005 // The FPGA gets its clock from us from PCK0 output, so set that up.
1006 AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
1007 AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0;
1008 AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
1009 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
1010 AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
1011 AT91C_PMC_PRES_CLK_4;
1012 AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
1013
1014 // Reset SPI
1015 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST;
1016 // Reset SSC
1017 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
1018
1019 // Load the FPGA image, which we have stored in our flash.
1020 FpgaDownloadAndGo();
1021
1022 StartTickCount();
1023
1024 #ifdef WITH_LCD
1025 LCDInit();
1026 #endif
1027
1028 byte_t rx[sizeof(UsbCommand)];
1029 size_t rx_len;
1030
1031 for(;;) {
1032 if (usb_poll()) {
1033 rx_len = usb_read(rx,sizeof(UsbCommand));
1034 if (rx_len) {
1035 UsbPacketReceived(rx,rx_len);
1036 }
1037 }
1038 // UsbPoll(FALSE);
1039
1040 WDT_HIT();
1041
1042 #ifdef WITH_LF
1043 if (BUTTON_HELD(1000) > 0)
1044 SamyRun();
1045 #endif
1046 }
1047 }
Proxmark3 GIT tracking
Impressum, Datenschutz