X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/94422fa23f2a9fe21d9d13286bde0e4e06a74c4f..52f2df615b806434ec7017349d6920a5cb9ab1c2:/armsrc/lfops.c

diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index b509b5a9..00b50852 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -1065,7 +1065,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 #define WRITE_GAP 20*8 // was 160 // SPEC:  1*8 to 20*8 - typ 10*8 (or 10fc)
 #define WRITE_0   16*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
 #define WRITE_1   50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc)  432 for T55x7; 448 for E5550
-#define READ_GAP  52*8 
+#define READ_GAP  15*8 
 
 //  VALUES TAKEN FROM EM4x function: SendForward
 //  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
@@ -1132,7 +1132,7 @@ void T55xxResetRead(void) {
 }
 
 // Write one card block in page 0, no lock
-void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
+void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
 	LED_A_ON();
 	bool PwdMode = arg & 0x1;
 	uint8_t Page = (arg & 0x2)>>1;
@@ -1178,12 +1178,12 @@ void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg
 }
 
 // Write one card block in page 0, no lock
-void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
+void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
 	T55xxWriteBlockExt(Data, Block, Pwd, arg);
 	cmd_send(CMD_ACK,0,0,0,0,0);
 }
 
-// Read one card block in page 0
+// Read one card block in page [page]
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	LED_A_ON();
 	bool PwdMode = arg0 & 0x1;
@@ -1260,10 +1260,8 @@ void T55xxWakeUp(uint32_t Pwd){
 
 void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
 	// write last block first and config block last (if included)
-	for (uint8_t i = numblocks+startblock; i > startblock; i--) {
-		//Dbprintf("write- Blk: %d, d:%08X",i-1,blockdata[i-1]);
+	for (uint8_t i = numblocks+startblock; i > startblock; i--)
 		T55xxWriteBlockExt(blockdata[i-1],i-1,0,0);
-	}
 }
 
 // Copy HID id to card and setup block 0 config
@@ -1304,6 +1302,9 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
 	// load chip config block
 	data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT;
 
+	//TODO add selection of chip for Q5 or T55x7
+	// data[0] = (((50-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | last_block << T5555_MAXBLOCK_SHIFT;
+
 	LED_D_ON();
 	// Program the data blocks for supplied ID
 	// and the block 0 for HID format
@@ -1316,6 +1317,8 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
 
 void CopyIOtoT55x7(uint32_t hi, uint32_t lo) {
 	uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
+	//TODO add selection of chip for Q5 or T55x7
+	// data[0] = (((64-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 2 << T5555_MAXBLOCK_SHIFT;
 
 	LED_D_ON();
 	// Program the data blocks for supplied ID
@@ -1332,6 +1335,9 @@ void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
 	//Program the 2 data blocks for supplied 64bit UID
 	// and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
 	uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
+	//TODO add selection of chip for Q5 or T55x7
+	// data[0] = (((32-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
+
 	WriteT55xx(data, 0, 3);
 	//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
 	//	T5567WriteBlock(0x603E1042,0);
@@ -1344,6 +1350,8 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
 	// and the block 0 for Indala224 format	
 	//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
 	data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
+	//TODO add selection of chip for Q5 or T55x7
+	// data[0] = (((32-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
 	WriteT55xx(data, 0, 8);
 	//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
 	//	T5567WriteBlock(0x603E10E2,0);
@@ -1415,19 +1423,20 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
 
 	// Write EM410x ID
 	uint32_t data[] = {0, id>>32, id & 0xFFFFFFFF};
-	if (card) {
+
 		clock = (card & 0xFF00) >> 8;
 		clock = (clock == 0) ? 64 : clock;
 		Dbprintf("Clock rate: %d", clock);
+	if (card & 0xFF) { //t55x7
 		clock = GetT55xxClockBit(clock);
 		if (clock == 0) {
 			Dbprintf("Invalid clock rate: %d", clock);
 			return;
 		}
-
 		data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
-	} else {
-		data[0] = (0x1F << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
+	} else { //t5555 (Q5)
+		clock = (clock-2)>>1;  //n = (RF-2)/2
+		data[0] = (clock << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
 	}
 
 	WriteT55xx(data, 0, 3);
@@ -1454,6 +1463,15 @@ uint8_t * fwd_write_ptr; //forwardlink bit pointer
 // prepares command bits
 // see EM4469 spec
 //====================================================================
+//--------------------------------------------------------------------
+//  VALUES TAKEN FROM EM4x function: SendForward
+//  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
+//  WRITE_GAP = 128;       (16*8)
+//  WRITE_1   = 256 32*8;  (32*8) 
+
+//  These timings work for 4469/4269/4305 (with the 55*8 above)
+//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); 
+
 uint8_t Prepare_Cmd( uint8_t cmd ) {
 
 	*forward_ptr++ = 0; //start bit
@@ -1641,13 +1659,10 @@ void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode
 }
 
 void CopyViKingtoT55x7(uint32_t block1, uint32_t block2) {
-    LED_D_ON();
-    T55xxWriteBlock(block1,1,0,0);
-    T55xxWriteBlock(block2,2,0,0);
-	T55xxWriteBlock(T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 2 << T55x7_MAXBLOCK_SHIFT,0,0,0);
-    // T55xxWriteBlock(T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 2 << T5555_MAXBLOCK_SHIFT,0,0,1);
-	// ICEMAN NOTES:
-	// Shouldn't this one be: T55x7_MAXBLOCK_SHIFT  and 0 in password mode
-    LED_D_OFF();
+
+	uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2};
+	// Program the data blocks for supplied ID and the block 0 config
+	WriteT55xx(data, 0, 3);
+	LED_D_OFF();
 }