//-----------------------------------------------------------------------------\r
#include <proxmark3.h>\r
#include "apps.h"\r
-#include "../common/iso14443_crc.c"\r
+#include "iso14443crc.h"\r
\r
\r
//static void GetSamplesFor14443(BOOL weTx, int n);\r
\r
-#define DMA_BUFFER_SIZE 256\r
+#define DEMOD_TRACE_SIZE 4096\r
+#define READER_TAG_BUFFER_SIZE 2048\r
+#define TAG_READER_BUFFER_SIZE 2048\r
+#define DMA_BUFFER_SIZE 1024\r
\r
//=============================================================================\r
// An ISO 14443 Type B tag. We listen for commands from the reader, using\r
BYTE b1, b2;\r
\r
if(!GetIso14443CommandFromReader(receivedCmd, &len, 100)) {\r
- DbpIntegers(cmdsRecvd, 0, 0);\r
- DbpString("button press");\r
- break;\r
+ Dbprintf("button pressed, received %d commands", cmdsRecvd);\r
+ break;\r
}\r
\r
// Good, look at the command now.\r
if(len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len)==0) {\r
resp = resp1; respLen = resp1Len;\r
} else {\r
- DbpString("new cmd from reader:");\r
- DbpIntegers(len, 0x1234, cmdsRecvd);\r
+ Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsRecvd);\r
// And print whether the CRC fails, just for good measure\r
ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);\r
if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {\r
}\r
}\r
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;\r
- if (!quiet) DbpIntegers(max, gotFrame, Demod.len);\r
+ if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len);\r
}\r
\r
//-----------------------------------------------------------------------------\r
// I tried to be systematic and check every answer of the tag, every CRC, etc...\r
//-----------------------------------------------------------------------------\r
void ReadSRI512Iso14443(DWORD parameter)\r
+{\r
+ ReadSTMemoryIso14443(parameter,0x0F);\r
+}\r
+void ReadSRIX4KIso14443(DWORD parameter)\r
+{\r
+ ReadSTMemoryIso14443(parameter,0x7F);\r
+}\r
+\r
+void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast)\r
{\r
BYTE i = 0x00;\r
\r
DbpString("No response from tag");\r
return;\r
} else {\r
- DbpString("Randomly generated UID from tag (+ 2 byte CRC):");\r
- DbpIntegers(Demod.output[0], Demod.output[1],Demod.output[2]);\r
+ Dbprintf("Randomly generated UID from tag (+ 2 byte CRC): %x %x %x",\r
+ Demod.output[0], Demod.output[1],Demod.output[2]);\r
}\r
// There is a response, SELECT the uid\r
DbpString("Now SELECT tag:");\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
// LED_A_OFF();\r
if (Demod.len != 3) {\r
- DbpString("Expected 3 bytes from tag, got:");\r
- DbpIntegers(Demod.len,0x0,0x0);\r
+ Dbprintf("Expected 3 bytes from tag, got %d", Demod.len);\r
return;\r
}\r
// Check the CRC of the answer:\r
}\r
// Check response from the tag: should be the same UID as the command we just sent:\r
if (cmd1[1] != Demod.output[0]) {\r
- DbpString("Bad response to SELECT from Tag, aborting:");\r
- DbpIntegers(cmd1[1],Demod.output[0],0x0);\r
+ Dbprintf("Bad response to SELECT from Tag, aborting: %x %x", cmd1[1], Demod.output[0]);\r
return;\r
}\r
// Tag is now selected,\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
// LED_A_OFF();\r
if (Demod.len != 10) {\r
- DbpString("Expected 10 bytes from tag, got:");\r
- DbpIntegers(Demod.len,0x0,0x0);\r
+ Dbprintf("Expected 10 bytes from tag, got %d", Demod.len);\r
return;\r
}\r
// The check the CRC of the answer (use cmd1 as temporary variable):\r
ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]);\r
if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) {\r
- DbpString("CRC Error reading block! - Below: expected, got");\r
- DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9],0);\r
+ Dbprintf("CRC Error reading block! - Below: expected, got %x %x",\r
+ (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]);\r
// Do not return;, let's go on... (we should retry, maybe ?)\r
}\r
- DbpString("Tag UID (64 bits):");\r
- DbpIntegers((Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], 0);\r
+ Dbprintf("Tag UID (64 bits): %08x %08x",\r
+ (Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4],\r
+ (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0]);\r
\r
// Now loop to read all 16 blocks, address from 0 to 15\r
DbpString("Tag memory dump, block 0 to 15");\r
cmd1[0] = 0x08;\r
i = 0x00;\r
+ dwLast++;\r
for (;;) {\r
- if (i == 0x10) {\r
+ if (i == dwLast) {\r
DbpString("System area block (0xff):");\r
i = 0xff;\r
}\r
// The check the CRC of the answer (use cmd1 as temporary variable):\r
ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]);\r
if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) {\r
- DbpString("CRC Error reading block! - Below: expected, got");\r
- DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5],0);\r
+ Dbprintf("CRC Error reading block! - Below: expected, got %x %x",\r
+ (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]);\r
// Do not return;, let's go on... (we should retry, maybe ?)\r
}\r
// Now print out the memory location:\r
- DbpString("Address , Contents, CRC");\r
- DbpIntegers(i, (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], (Demod.output[4]<<8)+Demod.output[5]);\r
+ Dbprintf("Address=%x, Contents=%x, CRC=%x", i,\r
+ (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0],\r
+ (Demod.output[4]<<8)+Demod.output[5]);\r
if (i == 0xff) {\r
break;\r
}\r
//-----------------------------------------------------------------------------\r
/*\r
* Memory usage for this function, (within BigBuf)\r
- * 0-1023 : Demodulated samples receive (1024 bytes)\r
- * 1024-1535 : Last Received command, 512 bytes (reader->tag)\r
- * 1536-2047 : Last Received command, 512 bytes(tag->reader)\r
- * 2048-2304 : DMA Buffer, 256 bytes (samples)\r
+ * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE\r
+ * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE\r
+ * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE\r
+ * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE\r
*/\r
void SnoopIso14443(void)\r
{\r
BOOL triggered = FALSE;\r
\r
// The command (reader -> tag) that we're working on receiving.\r
- BYTE *receivedCmd = (BYTE *)(BigBuf) + 1024;\r
+ BYTE *receivedCmd = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE;\r
// The response (tag -> reader) that we're working on receiving.\r
- BYTE *receivedResponse = (BYTE *)(BigBuf) + 1536;\r
+ BYTE *receivedResponse = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE;\r
\r
// As we receive stuff, we copy it from receivedCmd or receivedResponse\r
// into trace, along with its length and other annotations.\r
int traceLen = 0;\r
\r
// The DMA buffer, used to stream samples from the FPGA.\r
- SBYTE *dmaBuf = (SBYTE *)(BigBuf) + 2048;\r
+ SBYTE *dmaBuf = (SBYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE + TAG_READER_BUFFER_SIZE;\r
int lastRxCounter;\r
SBYTE *upTo;\r
int ci, cq;\r
int samples = 0;\r
\r
// Initialize the trace buffer\r
- memset(trace, 0x44, 1024);\r
+ memset(trace, 0x44, DEMOD_TRACE_SIZE);\r
\r
// Set up the demodulator for tag -> reader responses.\r
Demod.output = receivedResponse;\r
Uart.byteCntMax = 100;\r
Uart.state = STATE_UNSYNCD;\r
\r
+ // Print some debug information about the buffer sizes\r
+ Dbprintf("Snooping buffers initialized:");\r
+ Dbprintf(" Trace: %i bytes", DEMOD_TRACE_SIZE);\r
+ Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE);\r
+ Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE);\r
+ Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE);\r
+ \r
+ // Use a counter for blinking the LED\r
+ long ledCount=0;\r
+ long ledFlashAt=200000;\r
+ \r
// And put the FPGA in the appropriate mode\r
// Signal field is off with the appropriate LED\r
LED_D_OFF();\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
// And now we loop, receiving samples.\r
for(;;) {\r
+ // Blink the LED while Snooping\r
+ ledCount++;\r
+ if (ledCount == ledFlashAt) {\r
+ LED_D_ON();\r
+ }\r
+ if (ledCount >= 2*ledFlashAt) {\r
+ LED_D_OFF();\r
+ ledCount=0;\r
+ }\r
+ \r
int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &\r
(DMA_BUFFER_SIZE-1);\r
if(behindBy > maxBehindBy) {\r
maxBehindBy = behindBy;\r
if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not?\r
- DbpString("blew circular buffer!");\r
- DbpIntegers(behindBy,0,0);\r
+ Dbprintf("blew circular buffer! behindBy=%x", behindBy);\r
goto done;\r
}\r
}\r
\r
#define HANDLE_BIT_IF_BODY \\r
if(triggered) { \\r
+ ledFlashAt=30000; \\r
trace[traceLen++] = ((samples >> 0) & 0xff); \\r
trace[traceLen++] = ((samples >> 8) & 0xff); \\r
trace[traceLen++] = ((samples >> 16) & 0xff); \\r
trace[traceLen++] = Demod.len;\r
memcpy(trace+traceLen, receivedResponse, Demod.len);\r
traceLen += Demod.len;\r
- if(traceLen > 1000) break;\r
+ if(traceLen > DEMOD_TRACE_SIZE) { \r
+ DbpString("Reached trace limit");\r
+ goto done;\r
+ }\r
\r
triggered = TRUE;\r
\r
}\r
}\r
\r
- DbpString("in done pt");\r
-\r
- DbpIntegers(maxBehindBy, Uart.state, Uart.byteCnt);\r
- DbpIntegers(Uart.byteCntMax, traceLen, 0x23);\r
-\r
done:\r
LED_D_OFF();\r
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;\r
+ DbpString("Snoop statistics:");\r
+ Dbprintf(" Max behind by: %i", maxBehindBy);\r
+ Dbprintf(" Uart State: %x", Uart.state);\r
+ Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt);\r
+ Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax);\r
+ Dbprintf(" Trace length: %i", traceLen);\r
}\r
projects / proxmark3-svn / blobdiff