]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/lfops.c
Added / modified SAK descriptions.
[proxmark3-svn] / armsrc / lfops.c
index 93c0cbde3bd1b7fb1c697db968fe9014db3fb683..50cf35c6c53734fdfd1354375486aa9f1a6a0df0 100644 (file)
@@ -1,14 +1,19 @@
 //-----------------------------------------------------------------------------
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
 // Miscellaneous routines for low frequency tag operations.
 // Tags supported here so far are Texas Instruments (TI), HID
 // Also routines for raw mode reading/simulating of LF waveform
-//
 //-----------------------------------------------------------------------------
+
 #include "proxmark3.h"
 #include "apps.h"
 #include "util.h"
 #include "hitag2.h"
 #include "crc16.h"
+#include "string.h"
 
 void AcquireRawAdcSamples125k(int at134khz)
 {
@@ -538,7 +543,7 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0)
        AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1);
        AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME;
        AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
-       AT91C_BASE_TC1->TC_CMR =        TC_CMR_TCCLKS_TIMER_CLOCK1 |
+       AT91C_BASE_TC1->TC_CMR =        AT91C_TC_CLKS_TIMER_DIV1_CLOCK |
                                                                AT91C_TC_ETRGEDG_RISING |
                                                                AT91C_TC_ABETRG |
                                                                AT91C_TC_LDRA_RISING |
@@ -970,3 +975,109 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
                WDT_HIT();
        }
 }
+
+//----------------------
+// T5557/T5567 routines
+
+// Relevant times in microsecond
+// To compensate antenna falling times shorten the write times
+//  and enlarge the gap ones.
+#define start_gap 250 
+#define write_gap 160 
+#define write_0 144 //192
+#define write_1 400 //432 for T55x7; 448 for E5550
+
+//Write one bit to card
+void T5567WriteBit(int bit)
+{
+       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+       if (bit == 0)  SpinDelayUs(write_0);
+       else SpinDelayUs(write_1);
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+       SpinDelayUs(write_gap);
+}
+
+//Write one card block in page 0, no lock
+void T5567WriteBlock(int Data, int Block)
+{
+
+       /* Make sure the tag is reset */
+//     FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+//     SpinDelay(2500);
+
+       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+
+       // Give it a bit of time for the resonant antenna to settle.
+       // And for the tag to fully power up
+       SpinDelay(150);
+
+       // now start writting
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+       SpinDelayUs(start_gap);
+
+  //Opcode
+  T5567WriteBit(1);
+  T5567WriteBit(0); //Page 0
+  //Lock bit
+  T5567WriteBit(0);
+  
+  //Data 
+  for (int i=0;i<32;i++){
+     T5567WriteBit(Data&(1<<(31-i)));
+  }    
+
+  //Page 
+  for (int i=0;i<3;i++){
+     T5567WriteBit(Block&(1<<(2-i)));
+  }    
+  
+  //Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
+  //                   so wait a little more)
+       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+       SpinDelay(20);
+       
+}
+
+//Copy HID id to card and setup block 0 config
+void CopyHIDtoT5567(int hi, int lo)
+{
+       int data1, data2, data3;
+
+  // ensure no more than 44 bits supplied
+       if (hi>0xFFF) {
+               DbpString("Tags can only have 44 bits.");
+               return;
+       }
+       
+       //Build the 3 data blocks for supplied 44bit ID
+       data1 = 0x1D000000; //load preamble
+       for (int i=0;i<12;i++){
+               if (hi & (1<<(11-i))) data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10
+               else data1 |= (1<<((11-i)*2));                      // 0 -> 01
+       }
+       data2 = 0; 
+       for (int i=0;i<16;i++){
+               if (lo & (1<<(31-i))) data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+               else data2 |= (1<<((15-i)*2));                      // 0 -> 01
+       }
+       data3 = 0; 
+       for (int i=0;i<16;i++){
+               if (lo & (1<<(15-i))) data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+               else data3 |= (1<<((15-i)*2));                      // 0 -> 01
+       }
+
+       //Program the 3 data blocks for supplied 44bit ID
+       // and the block 0 for HID format
+  T5567WriteBlock(data1,1);
+  T5567WriteBlock(data2,2);
+  T5567WriteBlock(data3,3);
+  //Config for HID (RF/50;FSK2a;Maxblock=3)
+  T5567WriteBlock(0x00107060,0);
+
+       DbpString("DONE!");
+
+}      
+
Impressum, Datenschutz