\r
#include "prox.h"\r
#include "../common/iso14443_crc.c"\r
+#include "../common/crc16.c"\r
\r
#define arraylen(x) (sizeof(x)/sizeof((x)[0]))\r
#define BIT(x) GraphBuffer[x * clock]\r
while(i < GraphTraceLen)\r
{\r
// measure from low to low\r
- while(GraphBuffer[i] > low)\r
+ while((GraphBuffer[i] > low) && (i<GraphTraceLen))\r
++i;\r
start= i;\r
- while(GraphBuffer[i] < high)\r
+ while((GraphBuffer[i] < high) && (i<GraphTraceLen))\r
++i;\r
- while(GraphBuffer[i] > low)\r
+ while((GraphBuffer[i] > low) && (i<GraphTraceLen))\r
++i;\r
+ if (j>(MAX_GRAPH_TRACE_LEN/64)) {\r
+ break;\r
+ }\r
tmpbuff[j++]= i - start;\r
}\r
\r
-\r
/* look for data start - should be 2 pairs of LW (pulses of 192,128) */\r
start= -1;\r
skip= 0;\r
\r
/* skip over the remainder of the LW */\r
skip += tmpbuff[i+1]+tmpbuff[i+2];\r
- while(GraphBuffer[skip] > low)\r
+ while(skip < MAX_GRAPH_TRACE_LEN && GraphBuffer[skip] > low)\r
++skip;\r
skip += 8;\r
\r
PrintToScrollback("CRC=%04x", Iso15693Crc(outBuf, k-2));\r
}\r
\r
-static void CmdTiread(char *str)\r
+static void CmdTIReadRaw(char *str)\r
{\r
UsbCommand c;\r
c.cmd = CMD_ACQUIRE_RAW_BITS_TI_TYPE;\r
SendCommand(&c, FALSE);\r
}\r
\r
-static void CmdTibits(char *str)\r
+static void CmdTIBits(char *str)\r
{\r
int cnt = 0;\r
int i;\r
PrintToScrollback("hex: %08x %08x", hi, lo);\r
}\r
\r
-static void CmdTidemod(char *cmdline)\r
+// read a TI tag and return its ID\r
+static void CmdTIRead(char *str)\r
+{\r
+ UsbCommand c;\r
+ c.cmd = CMD_READ_TI_TYPE;\r
+ SendCommand(&c, FALSE);\r
+}\r
+\r
+// write new data to a r/w TI tag\r
+static void CmdTIWrite(char *str)\r
+{\r
+ UsbCommand c;\r
+ int res=0;\r
+\r
+ c.cmd = CMD_WRITE_TI_TYPE;\r
+ res = sscanf(str, "0x%x 0x%x 0x%x ", &c.ext1, &c.ext2, &c.ext3);\r
+ if (res == 2) c.ext3=0;\r
+ if (res<2)\r
+ PrintToScrollback("Please specify 2 or three hex strings, eg 0x1234 0x5678");\r
+ else\r
+ SendCommand(&c, FALSE);\r
+}\r
+\r
+static void CmdTIDemod(char *cmdline)\r
{\r
/* MATLAB as follows:\r
f_s = 2000000; % sampling frequency\r
};\r
\r
int convLen = max(arraylen(HighTone), arraylen(LowTone));\r
-\r
- int i;\r
+ WORD crc;\r
+ int i, TagType;\r
for(i = 0; i < GraphTraceLen - convLen; i++) {\r
int j;\r
int lowSum = 0, highSum = 0;;\r
\r
RepaintGraphWindow();\r
\r
- // Okay, so now we have unsliced soft decisions; find bit-sync, and then\r
- // get some bits.\r
+ // TI tag data format is 16 prebits, 8 start bits, 64 data bits,\r
+ // 16 crc CCITT bits, 8 stop bits, 15 end bits\r
+\r
+ // the 16 prebits are always low\r
+ // the 8 start and stop bits of a tag must match\r
+ // the start/stop prebits of a ro tag are 01111110\r
+ // the start/stop prebits of a rw tag are 11111110\r
+ // the 15 end bits of a ro tag are all low\r
+ // the 15 end bits of a rw tag match bits 15-1 of the data bits\r
\r
+ // Okay, so now we have unsliced soft decisions;\r
+ // find bit-sync, and then get some bits.\r
+ // look for 17 low bits followed by 6 highs (common pattern for ro and rw tags)\r
int max = 0, maxPos = 0;\r
for(i = 0; i < 6000; i++) {\r
int j;\r
int dec = 0;\r
- for(j = 0; j < 8*arraylen(LowTone); j++) {\r
+ // searching 17 consecutive lows\r
+ for(j = 0; j < 17*arraylen(LowTone); j++) {\r
dec -= GraphBuffer[i+j];\r
}\r
- for(; j < 8*arraylen(LowTone) + 8*arraylen(HighTone); j++) {\r
+ // searching 7 consecutive highs\r
+ for(; j < 17*arraylen(LowTone) + 6*arraylen(HighTone); j++) {\r
dec += GraphBuffer[i+j];\r
}\r
if(dec > max) {\r
maxPos = i;\r
}\r
}\r
- GraphBuffer[maxPos] = 800;\r
- GraphBuffer[maxPos+1] = -800;\r
\r
- maxPos += 8*arraylen(LowTone);\r
+ // place a marker in the buffer to visually aid location\r
+ // of the start of sync\r
GraphBuffer[maxPos] = 800;\r
GraphBuffer[maxPos+1] = -800;\r
- maxPos += 8*arraylen(HighTone);\r
\r
+ // advance pointer to start of actual data stream (after 16 pre and 8 start bits)\r
+ maxPos += 17*arraylen(LowTone);\r
+ maxPos += 6*arraylen(HighTone);\r
+\r
+ // place a marker in the buffer to visually aid location\r
+ // of the end of sync\r
GraphBuffer[maxPos] = 800;\r
GraphBuffer[maxPos+1] = -800;\r
\r
\r
PrintToScrollback("length %d/%d", arraylen(HighTone), arraylen(LowTone));\r
\r
- BYTE bits[64+16+8+1];\r
+ BYTE bits[1+64+16+8+16];\r
bits[sizeof(bits)-1] = '\0';\r
\r
- for(i = 0; i < arraylen(bits); i++) {\r
+ DWORD shift3 = 0x7e000000, shift2 = 0, shift1 = 0, shift0 = 0;\r
+\r
+ for(i = 0; i < arraylen(bits)-1; i++) {\r
int high = 0;\r
int low = 0;\r
int j;\r
for(j = 0; j < arraylen(HighTone); j++) {\r
high += GraphBuffer[maxPos+j];\r
}\r
+\r
if(high > low) {\r
bits[i] = '1';\r
maxPos += arraylen(HighTone);\r
+ // bitstream arrives lsb first so shift right\r
+ shift3 |= (1<<31);\r
} else {\r
bits[i] = '.';\r
maxPos += arraylen(LowTone);\r
}\r
+\r
+ // 128 bit right shift register\r
+ shift0 = (shift0>>1) | (shift1 << 31);\r
+ shift1 = (shift1>>1) | (shift2 << 31);\r
+ shift2 = (shift2>>1) | (shift3 << 31);\r
+ shift3 >>= 1;\r
+\r
+ // place a marker in the buffer between bits to visually aid location\r
GraphBuffer[maxPos] = 800;\r
GraphBuffer[maxPos+1] = -800;\r
}\r
- PrintToScrollback("bits: '%s'", bits);\r
+ PrintToScrollback("Info: raw tag bits = %s", bits);\r
\r
- DWORD h = 0, l = 0;\r
- for(i = 0; i < 32; i++) {\r
- if(bits[i] == '1') {\r
- l |= (1<<i);\r
- }\r
+ TagType = (shift3>>8)&0xff;\r
+ if ( TagType != ((shift0>>16)&0xff) ) {\r
+ PrintToScrollback("Error: start and stop bits do not match!");\r
+ return;\r
+ }\r
+ else if (TagType == 0x7e) {\r
+ PrintToScrollback("Info: Readonly TI tag detected.");\r
+ return;\r
}\r
- for(i = 32; i < 64; i++) {\r
- if(bits[i] == '1') {\r
- h |= (1<<(i-32));\r
+ else if (TagType == 0xfe) {\r
+ PrintToScrollback("Info: Rewriteable TI tag detected.");\r
+\r
+ // put 64 bit data into shift1 and shift0\r
+ shift0 = (shift0>>24) | (shift1 << 8);\r
+ shift1 = (shift1>>24) | (shift2 << 8);\r
+\r
+ // align 16 bit crc into lower half of shift2\r
+ shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff;\r
+\r
+ // align 16 bit "end bits" or "ident" into lower half of shift3\r
+ shift3 >>= 16;\r
+\r
+ // only 15 bits compare, last bit of ident is not valid\r
+ if ( (shift3^shift0)&0x7fff ) {\r
+ PrintToScrollback("Error: Ident mismatch!");\r
+ }\r
+ // WARNING the order of the bytes in which we calc crc below needs checking\r
+ // i'm 99% sure the crc algorithm is correct, but it may need to eat the\r
+ // bytes in reverse or something\r
+ // calculate CRC\r
+ crc=0;\r
+ crc = update_crc16(crc, (shift0)&0xff);\r
+ crc = update_crc16(crc, (shift0>>8)&0xff);\r
+ crc = update_crc16(crc, (shift0>>16)&0xff);\r
+ crc = update_crc16(crc, (shift0>>24)&0xff);\r
+ crc = update_crc16(crc, (shift1)&0xff);\r
+ crc = update_crc16(crc, (shift1>>8)&0xff);\r
+ crc = update_crc16(crc, (shift1>>16)&0xff);\r
+ crc = update_crc16(crc, (shift1>>24)&0xff);\r
+ PrintToScrollback("Info: Tag data = %08X%08X", shift1, shift0);\r
+ if (crc != (shift2&0xffff)) {\r
+ PrintToScrollback("Error: CRC mismatch, calculated %04X, got ^04X", crc, shift2&0xffff);\r
+ } else {\r
+ PrintToScrollback("Info: CRC %04X is good", crc);\r
}\r
}\r
- PrintToScrollback("hex: %08x %08x", h, l);\r
+ else {\r
+ PrintToScrollback("Unknown tag type.");\r
+ return;\r
+ }\r
}\r
\r
static void CmdNorm(char *str)\r
{"scale", CmdScale, 1, "<int> -- Set cursor display scale"},\r
{"setlfdivisor", CmdSetDivisor, 0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"},\r
{"sri512read", CmdSri512read, 0, "<int> -- Read contents of a SRI512 tag"},\r
- {"tibits", CmdTibits, 0, "Get raw bits for TI-type LF tag"},\r
- {"tidemod", CmdTidemod, 1, "Demodulate raw bits for TI-type LF tag"},\r
- {"tiread", CmdTiread, 0, "Read a TI-type 134 kHz tag"},\r
+ {"tibits", CmdTIBits, 0, "Get raw bits for TI-type LF tag"},\r
+ {"tidemod", CmdTIDemod, 1, "Demodulate raw bits for TI-type LF tag"},\r
+ {"tireadraw", CmdTIReadRaw, 0, "Read a TI-type 134 kHz tag in raw mode"},\r
+ {"tiread", CmdTIRead, 0, "Read and decode a TI 134 kHz tag"},\r
+ {"tiwrite", CmdTIWrite, 0, "Write new data to a r/w TI 134 kHz tag"},\r
{"threshold", CmdThreshold, 1, "Maximize/minimize every value in the graph window depending on threshold"},\r
{"tune", CmdTune, 0, "Measure antenna tuning"},\r
{"vchdemod", CmdVchdemod, 0, "['clone'] -- Demodulate samples for VeriChip"},\r
projects / proxmark3-svn / blobdiff