]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/iso14443a.c
fixed cmd malloc strlen()+1 bug
[proxmark3-svn] / armsrc / iso14443a.c
index 4bdbb8104fa20243abf80fa3b781c6bb178a486f..780a7ca08bb4e758fdfa002d04685d92aeff7687 100644 (file)
 #include "mifareutil.h"
 
 static uint32_t iso14a_timeout;
-uint8_t *trace = (uint8_t *) BigBuf;
+uint8_t *trace = (uint8_t *) BigBuf+TRACE_OFFSET;
 int traceLen = 0;
 int rsamples = 0;
 int tracing = TRUE;
 uint8_t trigger = 0;
+// the block number for the ISO14443-4 PCB
+static uint8_t iso14_pcb_blocknum = 0;
 
 // CARD TO READER - manchester
 // Sequence D: 11110000 modulation with subcarrier during first half
@@ -66,13 +68,19 @@ void iso14a_set_trigger(int enable) {
        trigger = enable;
 }
 
-void iso14a_clear_tracelen(void) {
+void iso14a_clear_trace(void) {
+    memset(trace, 0x44, TRACE_SIZE);
        traceLen = 0;
 }
+
 void iso14a_set_tracing(int enable) {
        tracing = enable;
 }
 
+void iso14a_set_timeout(uint32_t timeout) {
+       iso14a_timeout = timeout;
+}
+
 //-----------------------------------------------------------------------------
 // Generate the parity value for a byte sequence
 //
@@ -575,8 +583,7 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
        
        LEDsoff();
        // init trace buffer
-       traceLen = 0;
-       memset(trace, 0x44, TRACE_SIZE);
+    iso14a_clear_trace();
 
        // We won't start recording the frames that we acquire until we trigger;
        // a good trigger condition to get started is probably when we see a
@@ -656,7 +663,6 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
                if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
                        AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
                        AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
-                       Dbprintf("RxEmpty ERROR!!! %d", dataLen); // temporary
                }
                // secondary buffer sets as primary, secondary buffer was stopped
                if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
@@ -901,8 +907,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd)
 {
   // Enable and clear the trace
        tracing = TRUE;
-       traceLen = 0;
-  memset(trace, 0x44, TRACE_SIZE);
+  iso14a_clear_trace();
 
        // This function contains the tag emulation
        uint8_t sak;
@@ -1703,6 +1708,9 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, u
                resp_data->ats_len = len;
        }
        
+       // reset the PCB block number
+       iso14_pcb_blocknum = 0;
+       
        return 1;
 }
 
@@ -1729,19 +1737,30 @@ void iso14443a_setup() {
 int iso14_apdu(uint8_t * cmd, size_t cmd_len, void * data) {
        uint8_t real_cmd[cmd_len+4];
        real_cmd[0] = 0x0a; //I-Block
+       // put block number into the PCB
+       real_cmd[0] |= iso14_pcb_blocknum;
        real_cmd[1] = 0x00; //CID: 0 //FIXME: allow multiple selected cards
        memcpy(real_cmd+2, cmd, cmd_len);
        AppendCrc14443a(real_cmd,cmd_len+2);
  
        ReaderTransmit(real_cmd, cmd_len+4);
        size_t len = ReaderReceive(data);
-       if(!len)
-               return -1; //DATA LINK ERROR
-       
+       uint8_t * data_bytes = (uint8_t *) data;
+       if (!len)
+               return 0; //DATA LINK ERROR
+       // if we received an I- or R(ACK)-Block with a block number equal to the
+       // current block number, toggle the current block number
+       else if (len >= 4 // PCB+CID+CRC = 4 bytes
+                && ((data_bytes[0] & 0xC0) == 0 // I-Block
+                    || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
+                && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) // equal block numbers
+       {
+               iso14_pcb_blocknum ^= 1;
+       }
+
        return len;
 }
 
-
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
@@ -1751,6 +1770,7 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
        iso14a_command_t param = c->arg[0];
        uint8_t * cmd = c->d.asBytes;
        size_t len = c->arg[1];
+       uint8_t *receiveBuf = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
 
        if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(1);
 
@@ -1769,7 +1789,19 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
        }
 
        if(param & ISO14A_APDU) {
-               ack->arg[0] = iso14_apdu(cmd, len, ack->d.asBytes);
+       memcpy(receiveBuf, ack->d.asBytes, len);
+               ack->arg[0] = iso14_apdu(cmd, len, receiveBuf);
+               
+    while(ack->arg[0] > sizeof(ack->d))
+    {
+      memcpy(ack->d.asBytes, receiveBuf, sizeof(ack->d));              
+               UsbSendPacket((void *)ack, sizeof(UsbCommand));
+
+      receiveBuf+=sizeof(ack->d);
+               ack->arg[0]-=sizeof(ack->d);
+               }
+               
+               memcpy(ack->d.asBytes, receiveBuf, ack->arg[0]);
                UsbSendPacket((void *)ack, sizeof(UsbCommand));
        }
 
@@ -1791,6 +1823,7 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack)
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        LEDsoff();
 }
+
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
@@ -1830,11 +1863,12 @@ void ReaderMifare(uint32_t parameter)
 
        while(TRUE)
        {
-               LED_C_ON();
+               LED_C_OFF();
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-               SpinDelay(200);
+               SpinDelay(50);
                FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
-               LED_C_OFF();
+               LED_C_ON();
+               SpinDelay(2);
 
                // Test if the action was cancelled
                if(BUTTON_PRESS()) {
@@ -2356,11 +2390,11 @@ void RAMFUNC SniffMifare(uint8_t param) {
        // param:
        // bit 0 - trigger from first card answer
        // bit 1 - trigger from first reader 7-bit request
-       
+
+       // C(red) A(yellow) B(green)
        LEDsoff();
        // init trace buffer
-       traceLen = 0;
-       memset(trace, 0x44, TRACE_SIZE);
+    iso14a_clear_trace();
 
        // The command (reader -> tag) that we're receiving.
        // The length of a received command will in most cases be no more than 18 bytes.
@@ -2378,7 +2412,6 @@ void RAMFUNC SniffMifare(uint8_t param) {
        int8_t *data = dmaBuf;
        int maxDataLen = 0;
        int dataLen = 0;
-//     data = dmaBuf;
 
        // Set up the demodulator for tag -> reader responses.
        Demod.output = receivedResponse;
@@ -2400,10 +2433,11 @@ void RAMFUNC SniffMifare(uint8_t param) {
        LED_D_OFF();
        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+       
+       // init sniffer
+       MfSniffInit();
+       int sniffCounter = 0;
 
-       // Count of samples received so far, so that we can include timing
-       // information in the trace buffer.
-       rsamples = 0;
        // And now we loop, receiving samples.
        while(true) {
                if(BUTTON_PRESS()) {
@@ -2413,6 +2447,13 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
                LED_A_ON();
                WDT_HIT();
+               
+               if (++sniffCounter > 65) {
+                       if (MfSniffSend(2000)) {
+                               FpgaEnableSscDma();
+                       }
+                       sniffCounter = 0;
+               }
 
                int register readBufDataP = data - dmaBuf;
                int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
@@ -2435,7 +2476,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
                if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
                        AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
                        AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
-                       Dbprintf("RxEmpty ERROR!!! %d", dataLen); // temporary
+                       Dbprintf("RxEmpty ERROR!!! data length:%d", dataLen); // temporary
                }
                // secondary buffer sets as primary, secondary buffer was stopped
                if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
@@ -2445,33 +2486,30 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
                LED_A_OFF();
                
-               rsamples += 4;
                if(MillerDecoding((data[0] & 0xF0) >> 4)) {
-                       LED_C_ON();
+                       LED_C_INV();
                        // check - if there is a short 7bit request from reader
-                       if ((Uart.byteCnt == 1) && (Uart.bitCnt = 9)) { 
-
-                       }
-                       if (!LogTrace(receivedCmd, Uart.byteCnt, 0 - Uart.samples, Uart.parityBits, TRUE)) break;
+                       if (MfSniffLogic(receivedCmd, Uart.byteCnt, Uart.parityBits, Uart.bitCnt, TRUE)) break;
 
                        /* And ready to receive another command. */
                        Uart.state = STATE_UNSYNCD;
-                       /* And also reset the demod code, which might have been */
-                       /* false-triggered by the commands from the reader. */
+                       
+                       /* And also reset the demod code */
                        Demod.state = DEMOD_UNSYNCD;
-                       LED_B_OFF();
                }
 
                if(ManchesterDecoding(data[0] & 0x0F)) {
-                       LED_B_ON();
+                       LED_C_INV();
 
-                       if (!LogTrace(receivedResponse, Demod.len, 0 - Demod.samples, Demod.parityBits, FALSE)) break;
+                       if (MfSniffLogic(receivedResponse, Demod.len, Demod.parityBits, Demod.bitCount, FALSE)) break;
 
                        // And ready to receive another response.
                        memset(&Demod, 0, sizeof(Demod));
                        Demod.output = receivedResponse;
                        Demod.state = DEMOD_UNSYNCD;
-                       LED_C_OFF();
+
+                       /* And also reset the uart code */
+                       Uart.state = STATE_UNSYNCD;
                }
 
                data++;
@@ -2483,8 +2521,9 @@ void RAMFUNC SniffMifare(uint8_t param) {
        DbpString("COMMAND FINISHED");
 
 done:
-       AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
-       Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x", maxDataLen, Uart.state, Uart.byteCnt);
-       Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
+       FpgaDisableSscDma();
+       MfSniffEnd();
+       
+       Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x Uart.byteCntMax=%x", maxDataLen, Uart.state, Uart.byteCnt, Uart.byteCntMax);
        LEDsoff();
-}
\ No newline at end of file
+}
Impressum, Datenschutz