// Binary puls length modulation (BPLM) is used to encode the data stream
// This means that a transmission of a one takes longer than that of a zero
- // Enable modulation, which means, drop the the field
+ // Enable modulation, which means, drop the field
HIGH(GPIO_SSC_DOUT);
// Wait for 4-10 times the carrier period
}
// Send EOF
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
- // Enable modulation, which means, drop the the field
+ // Enable modulation, which means, drop the field
HIGH(GPIO_SSC_DOUT);
// Wait for 4-10 times the carrier period
while(AT91C_BASE_TC0->TC_CV < T0*6);
return true;
}
+static bool hitag2_read_uid(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) {
+ // Reset the transmission frame length
+ *txlen = 0;
+
+ // Try to find out which command was send by selecting on length (in bits)
+ switch (rxlen) {
+ // No answer, try to resurrect
+ case 0: {
+ // Just starting or if there is no answer
+ *txlen = 5;
+ memcpy(tx,"\xc0",nbytes(*txlen));
+ } break;
+ // Received UID
+ case 32: {
+ // Check if we received answer tag (at)
+ if (bAuthenticating) {
+ bAuthenticating = false;
+ } else {
+ // Store the received block
+ memcpy(tag.sectors[blocknr],rx,4);
+ blocknr++;
+ }
+ if (blocknr > 0) {
+ //DbpString("Read successful!");
+ bSuccessful = true;
+ return false;
+ }
+ } break;
+ // Unexpected response
+ default: {
+ Dbprintf("Uknown frame length: %d",rxlen);
+ return false;
+ } break;
+ }
+ return true;
+}
void SnoopHitag(uint32_t type) {
int frame_count;
byte_t rx[HITAG_FRAME_LEN];
size_t rxlen=0;
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ // Clean up trace and prepare it for storing frames
+ set_tracing(TRUE);
+ clear_trace();
+
auth_table_len = 0;
auth_table_pos = 0;
+
BigBuf_free();
auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
- // Clean up trace and prepare it for storing frames
- set_tracing(TRUE);
- clear_trace();
-
DbpString("Starting Hitag2 snoop");
LED_D_ON();
// Set up eavesdropping mode, frequency divisor which will drive the FPGA
// and analog mux selection.
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
bool bQuitTraceFull = false;
bQuiet = false;
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ // Clean up trace and prepare it for storing frames
+ set_tracing(TRUE);
+ clear_trace();
+
auth_table_len = 0;
auth_table_pos = 0;
byte_t* auth_table;
auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH);
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
- // Clean up trace and prepare it for storing frames
- set_tracing(TRUE);
- clear_trace();
-
DbpString("Starting Hitag2 simulation");
LED_D_ON();
hitag2_init();
// Set up simulator mode, frequency divisor which will drive the FPGA
// and analog mux selection.
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
set_tracing(TRUE);
clear_trace();
- DbpString("Starting Hitag reader family");
+ //DbpString("Starting Hitag reader family");
// Check configuration
switch(htf) {
case RHT2F_PASSWORD: {
Dbprintf("List identifier in password mode");
memcpy(password,htd->pwd.password,4);
- blocknr = 0;
+ blocknr = 0;
bQuitTraceFull = false;
bQuiet = false;
bPwd = false;
} break;
-
case RHT2F_AUTHENTICATE: {
DbpString("Authenticating using nr,ar pair:");
memcpy(NrAr,htd->auth.NrAr,8);
bAuthenticating = false;
bQuitTraceFull = true;
} break;
-
case RHT2F_CRYPTO: {
DbpString("Authenticating using key:");
- memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code.
+ memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code.
Dbhexdump(6,key,false);
blocknr = 0;
bQuiet = false;
bAuthenticating = false;
bQuitTraceFull = true;
} break;
-
case RHT2F_TEST_AUTH_ATTEMPTS: {
Dbprintf("Testing %d authentication attempts",(auth_table_len/8));
auth_table_pos = 0;
bQuiet = false;
bCrypto = false;
} break;
-
+ case RHT2F_UID_ONLY: {
+ blocknr = 0;
+ bQuiet = false;
+ bCrypto = false;
+ bAuthenticating = false;
+ } break;
default: {
Dbprintf("Error, unknown function: %d",htf);
return;
// hitagS settings
reset_sof = 1;
t_wait = 200;
- DbpString("Configured for hitagS reader");
+ //DbpString("Configured for hitagS reader");
} else if (htf < 20) {
// hitag1 settings
reset_sof = 1;
t_wait = 200;
- DbpString("Configured for hitag1 reader");
+ //DbpString("Configured for hitag1 reader");
} else if (htf < 30) {
// hitag2 settings
reset_sof = 4;
t_wait = HITAG_T_WAIT_2;
- DbpString("Configured for hitag2 reader");
+ //DbpString("Configured for hitag2 reader");
} else {
Dbprintf("Error, unknown hitag reader type: %d",htf);
return;
}
-
+ uint8_t attempt_count=0;
while(!bStop && !BUTTON_PRESS()) {
// Watchdog hit
WDT_HIT();
case RHT2F_TEST_AUTH_ATTEMPTS: {
bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen);
} break;
+ case RHT2F_UID_ONLY: {
+ bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen);
+ attempt_count++; //attempt 3 times to get uid then quit
+ if (!bStop && attempt_count == 3) bStop = true;
+ } break;
default: {
Dbprintf("Error, unknown function: %d",htf);
return;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- Dbprintf("frame received: %d",frame_count);
- DbpString("All done");
+ //Dbprintf("frame received: %d",frame_count);
+ //DbpString("All done");
cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48);
}
projects / proxmark3-svn / blobdiff