X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/653e5ed3ca3f8bf4ae677900ae4860a8cf7026c1..cdc9a7562d70ec1b4c58841acc64150774e377b6:/armsrc/iso14443a.c?ds=inline

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index a0fe2326..059db71e 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -189,13 +189,14 @@ void iso14a_set_trigger(bool enable) {
 
 
 void iso14a_set_timeout(uint32_t timeout) {
-	iso14a_timeout = timeout - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/(16*8);
+	// adjust timeout by FPGA delays and 2 additional ssp_frames to detect SOF
+	iso14a_timeout = timeout + (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/(16*8) + 2;
 	if(MF_DBGLEVEL >= 3) Dbprintf("ISO14443A Timeout set to %ld (%dms)", timeout, timeout / 106);
 }
 
 
 uint32_t iso14a_get_timeout(void) {
-	return iso14a_timeout + (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/(16*8);
+	return iso14a_timeout - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/(16*8) - 2;
 }
 
 //-----------------------------------------------------------------------------
@@ -1404,7 +1405,7 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
 				ADC_MODE_PRESCALE(63) |
 				ADC_MODE_STARTUP_TIME(1) |
 				ADC_MODE_SAMPLE_HOLD_TIME(15);
-	AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
+	AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF_LOW);
 	// start ADC
 	AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
 	
@@ -1431,12 +1432,12 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
 		if (BUTTON_PRESS()) return 1;
 
 		// test if the field exists
-		if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF)) {
+		if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF_LOW)) {
 			analogCnt++;
-			analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
+			analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF_LOW];
 			AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
 			if (analogCnt >= 32) {
-				if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
+				if ((MAX_ADC_HF_VOLTAGE_LOW * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
 					vtime = GetTickCount();
 					if (!timer) timer = vtime;
 					// 50ms no field --> card to idle state
@@ -1888,7 +1889,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 void iso14443a_setup(uint8_t fpga_minor_mode) {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	// Set up the synchronous serial port
-	FpgaSetupSsc();
+	FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A);
 	// connect Demodulated Signal to ADC:
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 
@@ -1955,9 +1956,9 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
 	} else{
 		// S-Block WTX 
 		while((data_bytes[0] & 0xF2) == 0xF2) {
-			uint32_t save_iso14a_timeout = iso14a_timeout;
+			uint32_t save_iso14a_timeout = iso14a_get_timeout();
 			// temporarily increase timeout
-			iso14a_timeout = MAX((data_bytes[1] & 0x3f) * iso14a_timeout, MAX_ISO14A_TIMEOUT);
+			iso14a_set_timeout(MAX((data_bytes[1] & 0x3f) * save_iso14a_timeout, MAX_ISO14A_TIMEOUT));
 			// Transmit WTX back 
 			// byte1 - WTXM [1..59]. command FWT=FWT*WTXM
 			data_bytes[1] = data_bytes[1] & 0x3f; // 2 high bits mandatory set to 0b
@@ -1969,7 +1970,7 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
 			len = ReaderReceive(data, parity);
 			data_bytes = data;
 			// restore timeout
-			iso14a_timeout = save_iso14a_timeout;
+			iso14a_set_timeout(save_iso14a_timeout);
 		}
 
 		// if we received an I- or R(ACK)-Block with a block number equal to the
@@ -2150,9 +2151,7 @@ void ReaderMifare(bool first_try)
 	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
 	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
 
-	if (first_try) { 
-		iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
-	}
+	iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 	
 	// free eventually allocated BigBuf memory. We want all for tracing.
 	BigBuf_free();
@@ -2160,9 +2159,9 @@ void ReaderMifare(bool first_try)
 	clear_trace();
 	set_tracing(true);
 
-	byte_t nt_diff = 0;
+	uint8_t nt_diff = 0;
 	uint8_t par[1] = {0};	// maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
-	static byte_t par_low = 0;
+	static uint8_t par_low = 0;
 	bool led_on = true;
 	uint8_t uid[10]  ={0};
 	uint32_t cuid;
@@ -2170,11 +2169,11 @@ void ReaderMifare(bool first_try)
 	uint32_t nt = 0;
 	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
-	byte_t par_list[8] = {0x00};
-	byte_t ks_list[8] = {0x00};
+	uint8_t par_list[8] = {0x00};
+	uint8_t ks_list[8] = {0x00};
 
 	#define PRNG_SEQUENCE_LENGTH  (1 << 16);
-	static uint32_t sync_time;
+	uint32_t sync_time = GetCountSspClk() & 0xfffffff8;
 	static int32_t sync_cycles;
 	int catch_up_cycles = 0;
 	int last_catch_up = 0;
@@ -2184,10 +2183,9 @@ void ReaderMifare(bool first_try)
 
 	if (first_try) { 
 		mf_nr_ar3 = 0;
-		sync_time = GetCountSspClk() & 0xfffffff8;
+		par[0] = par_low = 0;
 		sync_cycles = PRNG_SEQUENCE_LENGTH;							// theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the tag nonces).
 		nt_attacked = 0;
-		par[0] = 0;
 	}
 	else {
 		// we were unsuccessful on a previous call. Try another READER nonce (first 3 parity bits remain the same)
@@ -2203,6 +2201,7 @@ void ReaderMifare(bool first_try)
 
 	#define MAX_UNEXPECTED_RANDOM	4		// maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up.
 	#define MAX_SYNC_TRIES			32
+	#define SYNC_TIME_BUFFER		16		// if there is only SYNC_TIME_BUFFER left before next planned sync, wait for next PRNG cycle
 	#define NUM_DEBUG_INFOS			8		// per strategy
 	#define MAX_STRATEGY			3
 	uint16_t unexpected_random = 0;
@@ -2252,8 +2251,8 @@ void ReaderMifare(bool first_try)
 			sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
 			catch_up_cycles = 0;
 
-			// if we missed the sync time already, advance to the next nonce repeat
-			while(GetCountSspClk() > sync_time) {
+			// if we missed the sync time already or are about to miss it, advance to the next nonce repeat
+			while(sync_time < GetCountSspClk() + SYNC_TIME_BUFFER) {
 				elapsed_prng_sequences++;
 				sync_time = (sync_time & 0xfffffff8) + sync_cycles;
 			}
@@ -2409,14 +2408,14 @@ void ReaderMifare(bool first_try)
 		}
 	}
 	
-	byte_t buf[28];
+	uint8_t buf[32];
 	memcpy(buf + 0,  uid, 4);
 	num_to_bytes(nt, 4, buf + 4);
 	memcpy(buf + 8,  par_list, 8);
 	memcpy(buf + 16, ks_list, 8);
-	memcpy(buf + 24, mf_nr_ar, 4);
+	memcpy(buf + 24, mf_nr_ar, 8);
 		
-	cmd_send(CMD_ACK, isOK, 0, 0, buf, 28);
+	cmd_send(CMD_ACK, isOK, 0, 0, buf, 32);
 
 	// Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@@ -2481,7 +2480,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 	for(uint32_t sniffCounter = 0; true; ) {
 	
 		if(BUTTON_PRESS()) {
-			DbpString("cancelled by button");
+			DbpString("Canceled by button.");
 			break;
 		}
 
@@ -2538,7 +2537,9 @@ void RAMFUNC SniffMifare(uint8_t param) {
 			if(!TagIsActive) {		// no need to try decoding tag data if the reader is sending
 				uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
 				if(MillerDecoding(readerdata, (sniffCounter-1)*4)) {
-					LED_C_INV();
+					LED_B_ON();
+					LED_C_OFF();
+
 					if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, true)) break;
 
 					/* And ready to receive another command. */
@@ -2553,7 +2554,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
 			if(!ReaderIsActive) {		// no need to try decoding tag data if the reader is sending
 				uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
 				if(ManchesterDecoding(tagdata, 0, (sniffCounter-1)*4)) {
-					LED_C_INV();
+					LED_B_OFF();
+					LED_C_ON();
 
 					if (MfSniffLogic(receivedResponse, Demod.len, Demod.parity, Demod.bitCount, false)) break;
 
@@ -2575,7 +2577,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
 	} // main cycle
 
-	DbpString("COMMAND FINISHED");
+	DbpString("COMMAND FINISHED.");
 
 	FpgaDisableSscDma();
 	MfSniffEnd();