// Read one card block in page 0
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
LED_A_ON();
- uint8_t PwdMode = arg0 & 0xFF;
+ uint8_t PwdMode = arg0 & 0x01;
+ uint8_t Page = arg0 & 0x02;
uint32_t i = 0;
//clear buffer now so it does not interfere with timing later
// Opcode 10
T55xxWriteBit(1);
- T55xxWriteBit(0); //Page 0
+ T55xxWriteBit(Page); //Page 0
if (PwdMode){
// Send Pwd
// Read card traceability data (page 1)
void T55xxReadTrace(void){
- LED_A_ON();
+ // LED_A_ON();
- //clear buffer now so it does not interfere with timing later
- BigBuf_Clear_ext(false);
+ // uint8_t PwdMode = arg0 & 0xFF;
+ // uint32_t i = 0;
+
+ // //clear buffer now so it does not interfere with timing later
+ // BigBuf_Clear_ext(false);
- // Set up FPGA, 125kHz
- LFSetupFPGAForADC(95, true);
+ // // Set up FPGA, 125kHz
+ // LFSetupFPGAForADC(95, true);
- // Trigger T55x7 Direct Access Mode
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
-
- // Opcode 11
- T55xxWriteBit(1);
- T55xxWriteBit(1); //Page 1
-
- // Turn field on to read the response
- TurnReadLFOn(READ_GAP);
+ // // Trigger T55x7 Direct Access Mode
+ // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ // SpinDelayUs(START_GAP);
+
+ // // Opcode 11
+ // T55xxWriteBit(1);
+ // T55xxWriteBit(1); //Page 1
+
+ // if (PwdMode){
+ // // Send Pwd
+ // for (i = 0x80000000; i != 0; i >>= 1)
+ // T55xxWriteBit(Pwd & i);
+ // }
+
+ // // Send a zero bit separation
+ // T55xxWriteBit(0);
+
+ // // Turn field on to read the response
+ // TurnReadLFOn(READ_GAP);
- // Acquisition
- doT55x7Acquisition();
+ // // Acquisition
+ // doT55x7Acquisition();
- // turn field off
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- cmd_send(CMD_ACK,0,0,0,0,0);
- LED_A_OFF();
- LED_B_OFF();
+ // // turn field off
+ // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ // cmd_send(CMD_ACK,0,0,0,0,0);
+ // LED_A_OFF();
+ // LED_B_OFF();
}
void T55xxWakeUp(uint32_t Pwd){
T55xxWriteBit(Pwd & i);
// Turn field on to read the response
- TurnReadLFOn(READ_GAP);
+ TurnReadLFOn(20*1000);
}
/*-------------- Cloning routines -----------*/
*/
uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold,bool silent)
{
- //.
+ //bigbuf, to hold the aquired raw data signal
uint8_t *dest = BigBuf_get_addr();
- int bufsize = BigBuf_max_traceLen();
+ uint16_t bufsize = BigBuf_max_traceLen();
- memset(dest, 0, bufsize);
+ BigBuf_Clear_ext(false);
if(bits_per_sample < 1) bits_per_sample = 1;
if(bits_per_sample > 8) bits_per_sample = 8;
* Initializes the FPGA for snoop-mode (field off), and acquires the samples.
* @return number of bits sampled
**/
-
uint32_t SnoopLF() {
return ReadLF(false, true);
}
void doT55x7Acquisition(void){
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
- #define T55xx_READ_UPPER_THRESHOLD 128+40 // 50
+ #define T55xx_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_TOL 5
- //#define T55xx_READ_LOWER_THRESHOLD 128-40 //-50
+ #define T55xx_LOWER_THRESHOLD 128-40 //-50
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
bufsize = T55xx_SAMPLES_SIZE;
uint16_t i = 0;
- uint16_t nosignal = 0;
bool startFound = false;
bool highFound = false;
- uint8_t curSample = 0;
+ uint8_t sample = 0;
uint8_t firstSample = 0;
while(!BUTTON_PRESS()) {
- WDT_HIT();
- if ( nosignal == 0xFFFF ) break;
-
+ WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
- AT91C_BASE_SSC->SSC_THR = 0x43;
+ AT91C_BASE_SSC->SSC_THR = 0x00;
LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
- curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-
+ sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+ LED_D_OFF();
+
// find first high sample
- if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
- if (curSample > firstSample)
- firstSample = curSample;
- highFound = true;
+ if (!startFound && sample > T55xx_UPPER_THRESHOLD) {
+ if (sample > firstSample)
+ firstSample = sample;
+ highFound = TRUE;
} else if (!highFound) {
- nosignal++;
continue;
}
// skip until samples begin to change
- if (startFound || curSample < firstSample-T55xx_READ_TOL){
+ if (startFound || sample < firstSample - T55xx_READ_TOL){
if (!startFound)
dest[i++] = firstSample;
- startFound = true;
- dest[i++] = curSample;
- LED_D_OFF();
+ startFound = TRUE;
+ dest[i++] = sample;
+
+ // exit condition.
if (i >= bufsize) break;
}
}
return 0;\r
}\r
int usage_t55xx_read(){\r
- PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety> <wakeup>");\r
+ PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety>");\r
PrintAndLog("Options:");\r
PrintAndLog(" b <block>, block number to read. Between 0-7");\r
PrintAndLog(" p <password>, OPTIONAL password 4bytes (8 hex symbols)");\r
PrintAndLog(" o, OPTIONAL override safety check");\r
- PrintAndLog(" w, OPTIONAL wakeup");\r
PrintAndLog(" ****WARNING****");\r
PrintAndLog(" Use of read with password on a tag not configured for a pwd");\r
PrintAndLog(" can damage the tag");\r
}\r
\r
// No args\r
- if (cmdp == 0) {\r
- printConfiguration( config );\r
- return 0;\r
- }\r
+ if (cmdp == 0) return printConfiguration( config );\r
+\r
//Validations\r
- if (errors)\r
- return usage_t55xx_config();\r
+ if (errors) return usage_t55xx_config();\r
\r
config.block0 = 0;\r
- printConfiguration ( config );\r
- return 0;\r
+ return printConfiguration ( config );\r
}\r
\r
int CmdT55xxReadBlock(const char *Cmd) {\r
uint8_t block = 255;\r
- uint8_t wake = 0;\r
- uint8_t usepwd = 0;\r
- uint32_t password = 0xFFFFFFFF; //default to blank Block 7\r
- uint8_t override = 0;\r
+ uint32_t password = 0; //default to blank Block 7\r
+ bool usepwd = FALSE;\r
+ bool override = FALSE; \r
+ bool errors = FALSE;\r
uint8_t cmdp = 0;\r
- bool errors = false;\r
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
switch(param_getchar(Cmd, cmdp)) {\r
case 'h':\r
case 'H':\r
- return usage_t55xx_read();\r
+ return usage_t55xx_read();\r
case 'b':\r
case 'B':\r
errors |= param_getdec(Cmd, cmdp+1, &block);\r
- cmdp+=2;\r
+ cmdp += 2;\r
break;\r
case 'o':\r
case 'O':\r
- override = 1;\r
+ override = TRUE;\r
cmdp++;\r
break;\r
case 'p':\r
case 'P':\r
- password = param_get32ex(Cmd, cmdp+1, 0, 10);\r
- usepwd = 1;\r
- cmdp+=2;\r
- break;\r
- case 'w':\r
- case 'W':\r
- wake = 1;\r
- cmdp++;\r
+ password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);\r
+ usepwd = TRUE;\r
+ cmdp += 2;\r
break;\r
default:\r
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
}\r
}\r
if (errors) return usage_t55xx_read();\r
- if (wake && !usepwd) {\r
- PrintAndLog("Wake command must use a pwd");\r
- return 1;\r
- }\r
- if ((block > 7) && !wake) {\r
+\r
+ if ( block > 7 ) {\r
PrintAndLog("Block must be between 0 and 7");\r
return 1;\r
} \r
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};\r
\r
//Password mode\r
- if ( usepwd || wake ) {\r
+ if ( usepwd ) {\r
+ \r
// try reading the config block and verify that PWD bit is set before doing this!\r
- if ( wake || override ) {\r
- c.arg[0] = (wake<<8) & usepwd;\r
- if ( !wake && override )\r
- PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
- } else {\r
+ if ( !override ) {\r
AquireData( CONFIGURATION_BLOCK );\r
if ( !tryDetectModulation() ) {\r
PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
} else { \r
PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password..."); \r
}\r
+ } else { \r
+ PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
+ c.arg[0] = usepwd;\r
}\r
}\r
\r
GetFromBigBuf(got,sizeof(got),0);\r
WaitForResponse(CMD_ACK,NULL);\r
setGraphBuf(got, sizeof(got));\r
- //DemodBufferLen=0;\r
+\r
if (!DecodeT55xxBlock()) return 3;\r
+ \r
char blk[10]={0};\r
- if ( wake ) {\r
- sprintf(blk,"wake");\r
- } else {\r
- sprintf(blk,"%d", block);\r
- }\r
+ sprintf(blk,"%d", block); \r
printT55xxBlock(blk);\r
return 0;\r
}\r
int CmdT55xxDetect(const char *Cmd){\r
\r
char cmdp = param_getchar(Cmd, 0);\r
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')\r
- return usage_t55xx_detect();\r
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_detect();\r
\r
if (strlen(Cmd)==0)\r
AquireData( CONFIGURATION_BLOCK );\r
}\r
\r
for (; i < endpos; ++i)\r
- bits[i - config.offset]=DemodBuffer[i];\r
+ bits[i - config.offset] = DemodBuffer[i];\r
\r
blockData = PackBits(0, 32, bits);\r
- PrintAndLog("[%s] 0x%08X %s", blockNum, blockData, sprint_bin(bits,32));\r
+ PrintAndLog("%s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));\r
}\r
\r
int special(const char *Cmd) {\r
uint32_t blockData = 0;\r
uint8_t bits[32] = {0x00};\r
\r
- PrintAndLog("[OFFSET] [DATA] [BINARY]");\r
+ PrintAndLog("OFFSET | DATA | BINARY");\r
PrintAndLog("----------------------------------------------------");\r
int i,j = 0;\r
for (; j < 64; ++j){\r
\r
blockData = PackBits(0, 32, bits);\r
\r
- PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32)); \r
+ PrintAndLog("%02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32)); \r
}\r
return 0;\r
}\r
\r
-void printConfiguration( t55xx_conf_block_t b){\r
+int printConfiguration( t55xx_conf_block_t b){\r
PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );\r
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );\r
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );\r
PrintAndLog("Offset : %d", b.offset);\r
PrintAndLog("Block0 : 0x%08X", b.block0);\r
PrintAndLog("");\r
+ return 0;\r
}\r
\r
-int CmdT55xxWriteBlock(const char *Cmd)\r
-{\r
+int CmdT55xxWriteBlock(const char *Cmd) {\r
int block = 8; //default to invalid block\r
int data = 0xFFFFFFFF; //default to blank Block \r
int password = 0xFFFFFFFF; //default to blank Block 7\r
\r
char cmdp = param_getchar(Cmd, 0);\r
- if (cmdp == 'h' || cmdp == 'H') {\r
- usage_t55xx_write();\r
- return 0;\r
- }\r
- \r
+ if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_write();\r
+ \r
int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);\r
\r
if ( res < 2 || res > 3) {\r
return 0;\r
}\r
\r
-int CmdT55xxReadTrace(const char *Cmd)\r
-{\r
+int CmdT55xxReadTrace(const char *Cmd) {\r
char cmdp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') \r
- return usage_t55xx_trace();\r
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();\r
\r
if (strlen(Cmd)==0)\r
AquireData( TRACE_BLOCK );\r
*/\r
char cmdp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')\r
- return usage_t55xx_info();\r
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();\r
\r
if (strlen(Cmd)==0)\r
AquireData( CONFIGURATION_BLOCK );\r
\r
char s[20] = {0x00};\r
uint8_t pwd[4] = {0x00};\r
-\r
char cmdp = param_getchar(Cmd, 0);\r
- if ( cmdp == 'h' || cmdp == 'H') {\r
- usage_t55xx_dump();\r
- return 0;\r
- }\r
+ if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();\r
\r
bool hasPwd = ( strlen(Cmd) > 0); \r
if ( hasPwd ){\r
}\r
\r
int AquireData( uint8_t block ){\r
-\r
- UsbCommand c;\r
\r
- if ( block == CONFIGURATION_BLOCK ) \r
- c.cmd = CMD_T55XX_READ_BLOCK;\r
- else if (block == TRACE_BLOCK )\r
- c.cmd = CMD_T55XX_READ_TRACE;\r
- \r
- c.arg[0] = 0x00;\r
- c.arg[1] = 0x00;\r
- c.arg[2] = 0x00;\r
- c.d.asBytes[0] = 0x0; \r
-\r
- //Password mode\r
- // if ( res == 2 ) {\r
- // c.arg[2] = password;\r
- // c.d.asBytes[0] = 0x1; \r
- // }\r
-\r
+ uint32_t password = 0;\r
+ UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, password}};\r
+ \r
+ if ( block == CONFIGURATION_BLOCK ) {\r
+ c.arg[0] = 0x00 | 0x01;\r
+ }\r
+ else if (block == TRACE_BLOCK ) {\r
+ c.arg[0] = 0x02 | 0x01;\r
+ }\r
+ \r
clearCommandBuffer();\r
SendCommand(&c);\r
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
}\r
\r
int CmdT55xxWakeUp(const char *Cmd) {\r
- uint32_t password = 0xFFFFFFFF; //default to blank Block 7\r
+ uint32_t password = 0;\r
uint8_t cmdp = 0;\r
bool errors = false;\r
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
return usage_t55xx_wakup();\r
case 'p':\r
case 'P':\r
- password = param_get32ex(Cmd, cmdp+1, 0, 10);\r
+ password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);\r
cmdp+=2;\r
break;\r
default:\r
}\r
}\r
if (errors) return usage_t55xx_wakup();\r
- \r
- UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
\r
+ UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
clearCommandBuffer();\r
SendCommand(&c);\r
PrintAndLog("Wake up command sent. Try read now");\r
projects / proxmark3-svn / commitdiff