#define RWD_TIME_1 120 // READER_TIME_PAUSE 20us off, 80us on = 100us 80 * 1.5 == 120ticks
#define RWD_TIME_0 60 // READER_TIME_PAUSE 20us off, 40us on = 60us 40 * 1.5 == 60ticks
#define RWD_TIME_PAUSE 30 // 20us == 20 * 1.5 == 30ticks */
-#define TAG_BIT_PERIOD 143 // 100us == 100 * 1.5 == 150ticks
+#define TAG_BIT_PERIOD 142 // 100us == 100 * 1.5 == 150ticks
#define TAG_FRAME_WAIT 495 // 330us from READER frame end to TAG frame start. 330 * 1.5 == 495
#define RWD_TIME_FUZZ 20 // rather generous 13us, since the peak detector + hysteresis fuzz quite a bit
if ( bits > 32 ) return;
uint8_t i = bits, edges = 0;
- uint16_t lsfr = 0;
uint32_t the_bit = 1, next_bit_at = 0, data = 0;
uint32_t old_level = 0;
volatile uint32_t level = 0;
// calibrate the prng.
legic_prng_forward(2);
- data = lsfr = legic_prng_get_bits(bits);
+ data = legic_prng_get_bits(bits);
//FIXED time between sending frame and now listening frame. 330us
uint32_t starttime = GET_TICKS;
- if ( bits == 6) {
- //WaitTicks( 495 - 9 - 9 );
- WaitTicks( 475 );
- } else {
- WaitTicks( 450 );
- }
+ // its about 9+9 ticks delay from end-send to here.
+ WaitTicks( 477 );
- next_bit_at = GET_TICKS + TAG_BIT_PERIOD;
+ next_bit_at = GET_TICKS + TAG_BIT_PERIOD;
while ( i-- ){
edges = 0;
// Switch on carrier and let the tag charge for 1ms
HIGH(GPIO_SSC_DOUT);
- WaitUS(1000);
+ WaitUS(5000);
ResetTicks();
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
// reserve a cardmem, meaning we can use the tracelog function in bigbuff easier.
- cardmem = BigBuf_malloc(LEGIC_CARD_MEMSIZE);
+ cardmem = BigBuf_get_EM_addr();
memset(cardmem, 0x00, LEGIC_CARD_MEMSIZE);
clear_trace();
uint8_t byte, crc, calcCrc = 0;
uint32_t cmd = (index << 1) | LEGIC_READ;
- WaitTicks(366);
+ //WaitTicks(330); // (4)
+ WaitTicks(240); // (3)
+ //WaitTicks(230); //(2)
+ //WaitTicks(60); //(1)
frame_sendAsReader(cmd, cmd_sz);
frame_receiveAsReader(¤t_frame, 12);
+ // CRC check.
byte = BYTEx(current_frame.data, 0);
crc = BYTEx(current_frame.data, 1);
-
calcCrc = legic4Crc(LEGIC_READ, index, byte, cmd_sz);
if( calcCrc != crc ) {
return -1;
}
- legic_prng_forward(4);
- WaitTicks(50);
+ legic_prng_forward(3);
return byte;
}
crc_update(&legic_crc, addr, addr_sz);
crc_update(&legic_crc, byte, 8);
uint32_t crc = crc_finish(&legic_crc);
-
uint32_t crc2 = legic4Crc(LEGIC_WRITE, addr, byte, addr_sz+1);
- if ( crc != crc2 )
+ if ( crc != crc2 ) {
Dbprintf("crc is missmatch");
-
+ return 1;
+ }
// send write command
uint32_t cmd = ((crc <<(addr_sz+1+8)) //CRC
|(byte <<(addr_sz+1)) //Data
legic_prng_forward(2); /* we wait anyways */
- WaitUS(TAG_FRAME_WAIT);
+ WaitTicks(330);
frame_sendAsReader(cmd, cmd_sz);
-
- // wllm-rbnt doesnt have these
+
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_DIN;
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DIN;
edges = 0;
next_bit_at += TAG_BIT_PERIOD;
while(timer->TC_CV < next_bit_at) {
- int level = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
+ volatile uint32_t level = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
if(level != old_level)
edges++;
old_level = level;
}
- if(edges > 20 && edges < 60) { /* expected are 42 edges */
+ if(edges > 20 ) { /* expected are 42 edges */
int t = timer->TC_CV;
int c = t / TAG_BIT_PERIOD;
int LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv) {
- len &= 0x3FF;
-
uint16_t i = 0;
uint8_t isOK = 1;
legic_card_select_t card;
WDT_HIT();
switch_off_tag_rwd();
LEDsoff();
- cmd_send(CMD_ACK,isOK,len,0,cardmem,len);
+ cmd_send(CMD_ACK, isOK, len, 0, cardmem, len);
return 0;
}
LED_B_ON();
setup_phase_reader(iv);
+
int r = 0;
while(byte_index < bytes) {
p_card->addrsize = 0;
p_card->cardsize = 0;
return 2;
- break;
}
return 0;
}
legic_card_select_t *card = (legic_card_select_t*) buf;
LegicCommonInit();
-
+
if ( legic_select_card(card) ) {
cmd_send(CMD_ACK,0,0,0,0,0);
goto OUT;
projects / proxmark3-svn / blobdiff