]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix.
authoriceman1001 <iceman@iuse.se>
Tue, 27 Oct 2015 20:47:21 +0000 (21:47 +0100)
committericeman1001 <iceman@iuse.se>
Tue, 27 Oct 2015 20:47:21 +0000 (21:47 +0100)
ADD:  added the "t55x7" refactoring by @marshmellow42

24 files changed:
armsrc/Makefile
armsrc/appmain.c
armsrc/apps.h
armsrc/fpgaloader.h
armsrc/hfsnoop.c [new file with mode: 0644]
armsrc/lfops.c
armsrc/lfsampling.c
client/cmdhf.c
client/cmdhfmfdes.c
client/cmdhfmfu.c
client/cmdlft55xx.c
client/cmdlft55xx.h
client/hid-flasher/usb_cmd.h
client/lualibs/commands.lua
client/scripting.c
common/Makefile.common
common/lfdemod.c
common/lfdemod.h
common/protocols.c
common/protocols.h
fpga/Makefile
fpga/fpga_hf.v
fpga/hi_sniffer.v [new file with mode: 0644]
include/usb_cmd.h

index b6b80c12370176e35108ec33bd60723050a65120..ddcff33bfefbc32c89aef08dc13e7c121d9ae011 100644 (file)
@@ -10,12 +10,12 @@ APP_INCLUDES = apps.h
 
 #remove one of the following defines and comment out the relevant line
 #in the next section to remove that particular feature from compilation  
-APP_CFLAGS     = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE \
+APP_CFLAGS     = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE -DWITH_HFSNOOP \
                                -fno-strict-aliasing -ffunction-sections -fdata-sections
 #-DWITH_LCD 
 
 #SRC_LCD = fonts.c LCD.c
-SRC_LF = lfops.c hitag2.c lfsampling.c pcf7931.c
+SRC_LF = lfops.c hitag2.c lfsampling.c pcf7931.c lfdemod.c protocols.c
 SRC_ISO15693 = iso15693.c iso15693tools.c
 SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
 SRC_ISO14443b = iso14443b.c
@@ -52,7 +52,6 @@ THUMBSRC = start.c \
 # These are to be compiled in ARM mode
 ARMSRC = fpgaloader.c \
        legicrf.c \
-       lfdemod.c \
        $(SRC_ISO14443a) \
        $(SRC_ISO14443b) \
        $(SRC_CRAPTO1) \
@@ -60,7 +59,8 @@ ARMSRC = fpgaloader.c \
        legic_prng.c \
        iclass.c \
        BigBuf.c \
-       optimized_cipher.c
+       optimized_cipher.c \
+       hfsnoop.c
 
 # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
 include ../common/Makefile.common
index 8b8f2594dd50e1a76a2862c7b5e27b93134f7bfa..b4eab73381d2dbb5b16507a8b1c00df253b7dae4 100644 (file)
@@ -985,9 +985,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_T55XX_WRITE_BLOCK:
                        T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
                        break;
-               case CMD_T55XX_READ_TRACE:
-                       T55xxReadTrace();
-                       break;
                case CMD_T55XX_WAKEUP:
                        T55xxWakeUp(c->arg[0]);
                        break;
@@ -1236,6 +1233,11 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        iClass_Clone(c->arg[0], c->arg[1], c->d.asBytes);
                        break;
 #endif
+#ifdef WITH_HFSNOOP
+               case CMD_HF_SNIFFER:
+                       HfSnoop(c->arg[0], c->arg[1]);
+                       break;
+#endif
 
                case CMD_BUFF_CLEAR:
                        BigBuf_Clear();
@@ -1372,7 +1374,7 @@ void  __attribute__((noreturn)) AppMain(void)
        AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
        // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
        AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
-               AT91C_PMC_PRES_CLK_4;
+               AT91C_PMC_PRES_CLK_4; //  4 for 24Mhz pck0, 2 for 48 MHZ pck0
        AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
 
        // Reset SPI
index 7039ab5b3fe44c1a290ac0c243813b61a47c5bae..556581f8dcdfd26577b6165bba99bf8c802dd0a4 100644 (file)
@@ -86,11 +86,10 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioPro
 void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
 void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
-void CopyIndala64toT55x7(int hi, int lo); // Clone Indala 64-bit tag by UID to T55x7
-void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7); // Clone Indala 224-bit tag by UID to T55x7
+void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
+void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
-void T55xxReadTrace(void);
 void T55xxWakeUp(uint32_t Pwd);
 void TurnReadLFOn();
 void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode);
@@ -208,5 +207,6 @@ bool cmd_receive(UsbCommand* cmd);
 bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);
 
 /// util.h
+void HfSnoop(int , int);
 
 #endif
index 52d6c67780388ab6f94b1893c337139af9f729de..35f7e37c694e74c6571ea2a77a829234af5c1766 100644 (file)
@@ -43,6 +43,7 @@ void SetAdcMuxFor(uint32_t whichGpio);
 #define FPGA_MAJOR_MODE_HF_READER_RX_XCORR                     (1<<5)
 #define FPGA_MAJOR_MODE_HF_SIMULATOR                           (2<<5)
 #define FPGA_MAJOR_MODE_HF_ISO14443A                           (3<<5)
+#define FPGA_MAJOR_MODE_HF_SNOOP                                   (4<<5)
 // BOTH
 #define FPGA_MAJOR_MODE_OFF                                                    (7<<5)
 // Options for LF_ADC
diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c
new file mode 100644 (file)
index 0000000..b7d6901
--- /dev/null
@@ -0,0 +1,76 @@
+#include "proxmark3.h"
+#include "apps.h"
+#include "BigBuf.h"
+#include "util.h"
+
+static void RAMFUNC optimizedSnoop(void);
+
+static void RAMFUNC optimizedSnoop(void)
+{
+       BigBuf_free();
+       int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
+
+       uint16_t *dest = (uint16_t *)BigBuf_get_addr();
+       uint16_t *destend = dest + n;
+
+       AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
+       // Reading data loop
+       while(dest <= destend)
+       {
+               if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)
+               {
+                       *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
+                       dest = dest + 1;
+               }
+       }
+       //Resetting Frame mode (First set in fpgaloader.c)
+       AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
+}
+
+void HfSnoop(int samplesToSkip, int triggersToSkip)
+{
+       Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
+       bool trigger_cnt;
+       LED_D_ON();
+       // Select correct configs
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+       // Set up the synchronous serial port
+       FpgaSetupSsc();
+       // connect Demodulated Signal to ADC:
+       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
+       SpinDelay(100);
+
+       AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
+
+       trigger_cnt = 0;
+       uint16_t r = 0;
+       while(!BUTTON_PRESS()) {
+               WDT_HIT();
+               if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+                       r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
+                       if (!(trigger_cnt == triggersToSkip) && ( (r >> 8) >= 240)) 
+                       {
+                               Dbprintf("Trigger kicked! Value: %d.", r >> 8);
+                               trigger_cnt++;
+                               break;
+                       } 
+               }
+       }
+       if(!BUTTON_PRESS()) {
+               Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r >> 8);
+               int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
+               while(waitcount != 0) {
+                       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+                               waitcount--;
+                       }
+               }
+
+               optimizedSnoop();
+       }
+
+       DbpString("HF Snoop end");
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+       LED_D_OFF();
+}
+
index 1d452fd3f8fbdf2920e4d1de480c18756dc89101..0472122a27638604e138d7d19abf2a5bee59dfd9 100644 (file)
@@ -16,8 +16,8 @@
 #include "string.h"
 #include "lfdemod.h"
 #include "lfsampling.h"
-#include "usb_cdc.h"
-
+#include "protocols.h"
+#include "usb_cdc.h" //test
 
 /**
  * Function to do a modulation and then get samples.
@@ -1053,61 +1053,9 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 /*------------------------------
  * T5555/T5557/T5567 routines
  *------------------------------
- */
-
-/* T55x7 configuration register definitions */
-#define T55x7_POR_DELAY                                0x00000001
-#define T55x7_ST_TERMINATOR                    0x00000008
-#define T55x7_PWD                                      0x00000010
-#define T55x7_MAXBLOCK_SHIFT           5
-#define T55x7_AOR                                      0x00000200
-#define T55x7_PSKCF_RF_2                       0
-#define T55x7_PSKCF_RF_4                       0x00000400
-#define T55x7_PSKCF_RF_8                       0x00000800
-#define T55x7_MODULATION_DIRECT                0
-#define T55x7_MODULATION_PSK1          0x00001000
-#define T55x7_MODULATION_PSK2          0x00002000
-#define T55x7_MODULATION_PSK3          0x00003000
-#define T55x7_MODULATION_FSK1          0x00004000
-#define T55x7_MODULATION_FSK2          0x00005000
-#define T55x7_MODULATION_FSK1a         0x00006000
-#define T55x7_MODULATION_FSK2a         0x00007000
-#define T55x7_MODULATION_MANCHESTER    0x00008000
-#define T55x7_MODULATION_BIPHASE       0x00010000
-#define T55x7_MODULATION_DIPHASE       0x00018000
-//#define T55x7_MODULATION_BIPHASE57   0x00011000
-#define T55x7_BITRATE_RF_8                     0
-#define T55x7_BITRATE_RF_16                    0x00040000
-#define T55x7_BITRATE_RF_32                    0x00080000
-#define T55x7_BITRATE_RF_40                    0x000C0000
-#define T55x7_BITRATE_RF_50                    0x00100000
-#define T55x7_BITRATE_RF_64                    0x00140000
-#define T55x7_BITRATE_RF_100           0x00180000
-#define T55x7_BITRATE_RF_128           0x001C0000
-
-/* T5555 (Q5) configuration register definitions */
-#define T5555_ST_TERMINATOR                    0x00000001
-#define T5555_MAXBLOCK_SHIFT           0x00000001
-#define T5555_MODULATION_MANCHESTER    0
-#define T5555_MODULATION_PSK1          0x00000010
-#define T5555_MODULATION_PSK2          0x00000020
-#define T5555_MODULATION_PSK3          0x00000030
-#define T5555_MODULATION_FSK1          0x00000040
-#define T5555_MODULATION_FSK2          0x00000050
-#define T5555_MODULATION_BIPHASE       0x00000060
-#define T5555_MODULATION_DIRECT                0x00000070
-#define T5555_INVERT_OUTPUT                    0x00000080
-#define T5555_PSK_RF_2                         0
-#define T5555_PSK_RF_4                         0x00000100
-#define T5555_PSK_RF_8                         0x00000200
-#define T5555_USE_PWD                          0x00000400
-#define T5555_USE_AOR                          0x00000800
-#define T5555_BITRATE_SHIFT                    12
-#define T5555_FAST_WRITE                       0x00004000
-#define T5555_PAGE_SELECT                      0x00008000
-
-/*
- * Relevant times in microsecond
+ * NOTE: T55x7/T5555 configuration register definitions moved to protocols.h 
+ *
+ * Relevant communication times in microsecond
  * To compensate antenna falling times shorten the write times
  * and enlarge the gap ones.
  * Q5 tags seems to have issues when these values changes. 
@@ -1136,24 +1084,29 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 void TurnReadLFOn(int delay) {
        FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
        // Give it a bit of time for the resonant antenna to settle.
-       SpinDelayUs(delay); //155*8 //50*8
+
+       // measure antenna strength.
+       //int adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
+       // where to save it
+       
+       SpinDelayUs(delay);
 }
 
 // Write one bit to card
 void T55xxWriteBit(int bit) {
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
        if (!bit)
-               SpinDelayUs(WRITE_0);
+               TurnReadLFOn(WRITE_0);
        else
-               SpinDelayUs(WRITE_1);
+               TurnReadLFOn(WRITE_1);
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelayUs(WRITE_GAP);
 }
 
 // Write one card block in page 0, no lock
-void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) {
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
        LED_A_ON();
-       
+       bool PwdMode = arg & 0x1;
+       uint8_t Page = (arg & 0x2)>>1;
        uint32_t i = 0;
 
        // Set up FPGA, 125kHz
@@ -1165,8 +1118,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 
        // Opcode 10
        T55xxWriteBit(1);
-       T55xxWriteBit(0); //Page 0
-       
+       T55xxWriteBit(Page); //Page 0
        if (PwdMode){
                // Send Pwd
                for (i = 0x80000000; i != 0; i >>= 1)
@@ -1186,20 +1138,24 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
        // Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
        // so wait a little more)
        TurnReadLFOn(20 * 1000);
+               //could attempt to do a read to confirm write took
+               // as the tag should repeat back the new block 
+               // until it is reset, but to confirm it we would 
+               // need to know the current block 0 config mode
        
        // turn field off
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        cmd_send(CMD_ACK,0,0,0,0,0);
        LED_A_OFF();
-       LED_B_OFF();
 }
 
 // Read one card block in page 0
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
        LED_A_ON();
-       uint8_t PwdMode = arg0 & 0x01;
-       uint8_t Page    = arg0 & 0x02;
+       bool PwdMode = arg0 & 0x1;
+       uint8_t Page = (arg0 & 0x2) >> 1;
        uint32_t i = 0;
+       bool RegReadMode = (Block == 0xFF);
        
        //clear buffer now so it does not interfere with timing later
        BigBuf_Clear_ext(false);
@@ -1207,14 +1163,14 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
        //make sure block is at max 7
        Block &= 0x7;
 
-       // Set up FPGA, 125kHz
+       // Set up FPGA, 125kHz to power up the tag
        LFSetupFPGAForADC(95, true);
        
-       // Trigger T55x7 Direct Access Mode
+       // Trigger T55x7 Direct Access Mode with start gap
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelayUs(START_GAP);
        
-       // Opcode 10
+       // Opcode 1[page]
        T55xxWriteBit(1);
        T55xxWriteBit(Page); //Page 0
 
@@ -1223,11 +1179,11 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
                for (i = 0x80000000; i != 0; i >>= 1)
                        T55xxWriteBit(Pwd & i);
        }
-
        // Send a zero bit separation
        T55xxWriteBit(0);
        
-       // Send Block number
+       // Send Block number (if direct access mode)
+       if (!RegReadMode)
        for (i = 0x04; i != 0; i >>= 1)
                T55xxWriteBit(Block & i);
 
@@ -1237,54 +1193,10 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
        // Acquisition
        doT55x7Acquisition();
        
-       // turn field off
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+       // Turn the field off
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
        cmd_send(CMD_ACK,0,0,0,0,0);    
        LED_A_OFF();
-       LED_B_OFF();
-}
-
-// Read card traceability data (page 1)
-void T55xxReadTrace(void){
-       // LED_A_ON();
-
-       // uint8_t PwdMode = arg0 & 0xFF;
-       // uint32_t i = 0;
-               
-       // //clear buffer now so it does not interfere with timing later
-       // BigBuf_Clear_ext(false);
-
-       // // Set up FPGA, 125kHz
-       // LFSetupFPGAForADC(95, true);
-       
-       // // Trigger T55x7 Direct Access Mode
-       // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       // SpinDelayUs(START_GAP);
-
-       // // Opcode 11
-       // T55xxWriteBit(1);
-       // T55xxWriteBit(1); //Page 1
-
-       // if (PwdMode){
-               // // Send Pwd
-               // for (i = 0x80000000; i != 0; i >>= 1)
-                       // T55xxWriteBit(Pwd & i);
-       // }
-
-       // // Send a zero bit separation
-       // T55xxWriteBit(0);
-       
-       // // Turn field on to read the response
-       // TurnReadLFOn(READ_GAP);
-
-       // // Acquisition
-       // doT55x7Acquisition();
-
-       // // turn field off
-       // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       // cmd_send(CMD_ACK,0,0,0,0,0);
-       // LED_A_OFF();
-       // LED_B_OFF();
 }
 
 void T55xxWakeUp(uint32_t Pwd){
@@ -1306,16 +1218,23 @@ void T55xxWakeUp(uint32_t Pwd){
        for (i = 0x80000000; i != 0; i >>= 1)
                T55xxWriteBit(Pwd & i);
 
-       // Turn field on to read the response
+       // Turn and leave field on to let the begin repeating transmission
        TurnReadLFOn(20*1000);
 }
 
 /*-------------- Cloning routines -----------*/
+
+void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
+       // write last block first and config block last (if included)
+       for (uint8_t i = numblocks; i > startblock; i--)
+               T55xxWriteBlock(blockdata[i-1],i-1,0,0);
+}
+
 // Copy HID id to card and setup block 0 config
-void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
-{
-       int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
-       int last_block = 0;
+void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
+       uint32_t data[] = {0,0,0,0,0,0,0};
+       //int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
+       uint8_t last_block = 0;
 
        if (longFMT){
                // Ensure no more than 84 bits supplied
@@ -1325,108 +1244,34 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
                }
                // Build the 6 data blocks for supplied 84bit ID
                last_block = 6;
-               data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded)
-               for (int i=0;i<4;i++) {
-                       if (hi2 & (1<<(19-i)))
-                               data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10
-                       else
-                               data1 |= (1<<((3-i)*2)); // 0 -> 01
-               }
-
-               data2 = 0;
-               for (int i=0;i<16;i++) {
-                       if (hi2 & (1<<(15-i)))
-                               data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data2 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-
-               data3 = 0;
-               for (int i=0;i<16;i++) {
-                       if (hi & (1<<(31-i)))
-                               data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data3 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-
-               data4 = 0;
-               for (int i=0;i<16;i++) {
-                       if (hi & (1<<(15-i)))
-                               data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data4 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-
-               data5 = 0;
-               for (int i=0;i<16;i++) {
-                       if (lo & (1<<(31-i)))
-                               data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data5 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-
-               data6 = 0;
-               for (int i=0;i<16;i++) {
-                       if (lo & (1<<(15-i)))
-                               data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data6 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-       }
-       else {
+               // load preamble (1D) & long format identifier (9E manchester encoded)
+               data[1] = 0x1D96A900 | manchesterEncode2Bytes((hi2 >> 16) & 0xF);
+               // load raw id from hi2, hi, lo to data blocks (manchester encoded)
+               data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
+               data[3] = manchesterEncode2Bytes(hi >> 16);
+               data[4] = manchesterEncode2Bytes(hi & 0xFFFF);
+               data[5] = manchesterEncode2Bytes(lo >> 16);
+               data[6] = manchesterEncode2Bytes(lo & 0xFFFF);
+       }       else {
                // Ensure no more than 44 bits supplied
                if (hi>0xFFF) {
                        DbpString("Tags can only have 44 bits.");
                        return;
                }
-
                // Build the 3 data blocks for supplied 44bit ID
                last_block = 3;
-
-               data1 = 0x1D000000; // load preamble
-
-               for (int i=0;i<12;i++) {
-                       if (hi & (1<<(11-i)))
-                               data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10
-                       else
-                               data1 |= (1<<((11-i)*2)); // 0 -> 01
-               }
-
-               data2 = 0;
-               for (int i=0;i<16;i++) {
-                       if (lo & (1<<(31-i)))
-                               data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data2 |= (1<<((15-i)*2)); // 0 -> 01
-               }
-
-               data3 = 0;
-               for (int i=0;i<16;i++) {
-                       if (lo & (1<<(15-i)))
-                               data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
-                       else
-                               data3 |= (1<<((15-i)*2)); // 0 -> 01
-               }
+               // load preamble
+               data[1] = 0x1D000000 | manchesterEncode2Bytes(hi & 0xFFF);
+               data[2] = manchesterEncode2Bytes(lo >> 16);
+               data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
        }
+       // load chip config block
+       data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT;
 
        LED_D_ON();
        // Program the data blocks for supplied ID
        // and the block 0 for HID format
-       T55xxWriteBlock(data1,1,0,0);
-       T55xxWriteBlock(data2,2,0,0);
-       T55xxWriteBlock(data3,3,0,0);
-
-       if (longFMT) { // if long format there are 6 blocks
-               T55xxWriteBlock(data4,4,0,0);
-               T55xxWriteBlock(data5,5,0,0);
-               T55xxWriteBlock(data6,6,0,0);
-       }
-
-       // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long)
-       T55xxWriteBlock(T55x7_BITRATE_RF_50    |
-                                       T55x7_MODULATION_FSK2a |
-                                       last_block << T55x7_MAXBLOCK_SHIFT,
-                                       0,0,0);
+       WriteT55xx(data, 0, last_block+1);
 
        LED_D_OFF();
 
@@ -1435,24 +1280,42 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
 
 void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT)
 {
-       int data1=0, data2=0; //up to six blocks for long format
-
-       data1 = hi;  // load preamble
-       data2 = lo;
+       uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
 
        LED_D_ON();
        // Program the data blocks for supplied ID
-       // and the block 0 for HID format
-       T55xxWriteBlock(data1,1,0,0);
-       T55xxWriteBlock(data2,2,0,0);
+       // and the block 0 config
+       WriteT55xx(data, 0, 3);
 
-       //Config Block
-       T55xxWriteBlock(0x00147040,0,0,0);
        LED_D_OFF();
 
        DbpString("DONE!");
 }
 
+// Clone Indala 64-bit tag by UID to T55x7
+void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
+       //Program the 2 data blocks for supplied 64bit UID
+       // and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
+       uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
+       WriteT55xx(data, 0, 3);
+       //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
+       //      T5567WriteBlock(0x603E1042,0);
+       DbpString("DONE!");
+}
+// Clone Indala 224-bit tag by UID to T55x7
+void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7)
+{
+       //Program the 7 data blocks for supplied 224bit UID
+       uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
+       // and the block 0 for Indala224 format 
+       //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
+       data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
+       WriteT55xx(data, 0, 8);
+       //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
+       //      T5567WriteBlock(0x603E10E2,0);
+       DbpString("DONE!");
+}
+
 // Define 9bit header for EM410x tags
 #define EM410X_HEADER          0x1FF
 #define EM410X_ID_LENGTH       40
@@ -1518,94 +1381,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
        LED_D_ON();
 
        // Write EM410x ID
-       T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0);
-       T55xxWriteBlock((uint32_t)id, 2, 0, 0);
-
-       // Config for EM410x (RF/64, Manchester, Maxblock=2)
+       uint32_t data[] = {0, id>>32, id & 0xFFFF};
        if (card) {
-               // Clock rate is stored in bits 8-15 of the card value
                clock = (card & 0xFF00) >> 8;
+               clock = (clock == 0) ? 64 : clock;
                Dbprintf("Clock rate: %d", clock);
-               switch (clock) {
-               case 50:
-                       clock = T55x7_BITRATE_RF_50;
-               case 40:
-                       clock = T55x7_BITRATE_RF_40;
-               case 32:
-                       clock = T55x7_BITRATE_RF_32;
-                       break;
-               case 16:
-                       clock = T55x7_BITRATE_RF_16;
-                       break;
-               case 0:
-                       // A value of 0 is assumed to be 64 for backwards-compatibility
-                       // Fall through...
-               case 64:
-                       clock = T55x7_BITRATE_RF_64;
-                       break;
-               default:
+               clock = GetT55xxClockBit(clock);
+               if (clock == 0) {
                        Dbprintf("Invalid clock rate: %d", clock);
                        return;
                }
 
-               // Writing configuration for T55x7 tag
-               T55xxWriteBlock(clock       |
-                                               T55x7_MODULATION_MANCHESTER |
-                                               2 << T55x7_MAXBLOCK_SHIFT,
-                                               0, 0, 0);
+               data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
+       } else {
+               data[0] = (0x1F << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
        }
-       else
-               // Writing configuration for T5555(Q5) tag
-               T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT |
-                                               T5555_MODULATION_MANCHESTER |
-                                               2 << T5555_MAXBLOCK_SHIFT,
-                                               0, 0, 0);
+
+       WriteT55xx(data, 0, 3);
 
        LED_D_OFF();
        Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555",
                         (uint32_t)(id >> 32), (uint32_t)id);
 }
 
-// Clone Indala 64-bit tag by UID to T55x7
-void CopyIndala64toT55x7(int hi, int lo)
-{
-       //Program the 2 data blocks for supplied 64bit UID
-       // and the block 0 for Indala64 format
-       T55xxWriteBlock(hi,1,0,0);
-       T55xxWriteBlock(lo,2,0,0);
-       //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2)
-       T55xxWriteBlock(T55x7_BITRATE_RF_32    |
-                                       T55x7_MODULATION_PSK1 |
-                                       2 << T55x7_MAXBLOCK_SHIFT,
-                                       0, 0, 0);
-       //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
-       //      T5567WriteBlock(0x603E1042,0);
-
-       DbpString("DONE!");
-}
-
-void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
-{
-       //Program the 7 data blocks for supplied 224bit UID
-       // and the block 0 for Indala224 format
-       T55xxWriteBlock(uid1,1,0,0);
-       T55xxWriteBlock(uid2,2,0,0);
-       T55xxWriteBlock(uid3,3,0,0);
-       T55xxWriteBlock(uid4,4,0,0);
-       T55xxWriteBlock(uid5,5,0,0);
-       T55xxWriteBlock(uid6,6,0,0);
-       T55xxWriteBlock(uid7,7,0,0);
-       //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
-       T55xxWriteBlock(T55x7_BITRATE_RF_32    |
-                                       T55x7_MODULATION_PSK1 |
-                                       7 << T55x7_MAXBLOCK_SHIFT,
-                                       0,0,0);
-       //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
-       //      T5567WriteBlock(0x603E10E2,0);
-
-       DbpString("DONE!");
-}
-
 //-----------------------------------
 // EM4469 / EM4305 routines
 //-----------------------------------
index 83579ccab4f62b452f58e02e2e4fd19eaa45d298..2a763a50fe8bce117a42e248b95de8659a1cbde2 100644 (file)
@@ -255,9 +255,8 @@ uint32_t SnoopLF() {
 void doT55x7Acquisition(void){
 
        #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)
-       #define T55xx_UPPER_THRESHOLD 128+40  // 50
+       #define T55xx_READ_UPPER_THRESHOLD 128+40  // 50
        #define T55xx_READ_TOL   5
-       #define T55xx_LOWER_THRESHOLD 128-40  //-50
 
        uint8_t *dest = BigBuf_get_addr();
        uint16_t bufsize = BigBuf_max_traceLen();
@@ -265,40 +264,43 @@ void doT55x7Acquisition(void){
        if ( bufsize > T55xx_SAMPLES_SIZE )
                bufsize = T55xx_SAMPLES_SIZE;
 
+       //int adcval = 0;
        uint16_t i = 0;
        bool startFound = false;
        bool highFound = false;
-       uint8_t sample = 0;
+       uint8_t curSample = 0;
        uint8_t firstSample = 0;
-       while(!BUTTON_PRESS()) {
+       uint16_t skipCnt = 0;
+       while(!BUTTON_PRESS() && skipCnt<1000) {
                WDT_HIT();              
                if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
-                       AT91C_BASE_SSC->SSC_THR = 0x00;
+                       AT91C_BASE_SSC->SSC_THR = 0x43;
                        LED_D_ON();
                }
                if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
-                       sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+                       curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;   
                        LED_D_OFF();
                
                        // find first high sample
-                       if (!startFound && sample > T55xx_UPPER_THRESHOLD) {
-                               if (sample > firstSample) 
-                                       firstSample = sample;
-                               highFound = TRUE;
+                       if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
+                               if (curSample > firstSample) 
+                                       firstSample = curSample;
+                               highFound = true;
                        } else if (!highFound) {
+                               skipCnt++;
                                continue;
                        }
 
                        // skip until samples begin to change
-                       if (startFound || sample < firstSample - T55xx_READ_TOL){
+                       if (startFound || curSample < firstSample-T55xx_READ_TOL){
                                if (!startFound) 
                                        dest[i++] = firstSample;
-                               startFound = TRUE;
-                               dest[i++] = sample;
-                       
-                       // exit condition.
-                       if (i >= bufsize) break;
+                               startFound = true;
+                               dest[i++] = curSample;
+                               if (i >= bufsize-1) break;
                        }
                }
+               
        }
-}
\ No newline at end of file
+}
+                       
\ No newline at end of file
index 4a8715868764ebc42293c25d4503ad153234cc54..d0b1f01c4f1aac43bd2a341395f11774e3053a85 100644 (file)
@@ -736,6 +736,14 @@ int CmdHFSearch(const char *Cmd){
        return 0;
 }
 
+int CmdHFSnoop(const char *Cmd)
+{
+       char * pEnd;
+       UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}};
+       SendCommand(&c);
+       return 0;
+}
+
 static command_t CommandTable[] = 
 {
   {"help",        CmdHelp,          1, "This help"},
@@ -752,6 +760,7 @@ static command_t CommandTable[] =
   {"tune",                     CmdHFTune,      0, "Continuously measure HF antenna tuning"},
   {"list",        CmdHFList,        1, "List protocol data in trace buffer"},
   {"search",      CmdHFSearch,      1, "Search for known HF tags [preliminary]"},
+  {"snoop",       CmdHFSnoop,       0, "<samples to skip (10000)> <triggers to skip (1)> Generic LF/HF Snoop in Testing stage"},
        {NULL, NULL, 0, NULL}
 };
 
index fd06791fe7fe0d1f2fefde58e5e87fd755655b94..4aeeffd92f83274537a63451c29de395e8a17e1a 100644 (file)
@@ -611,7 +611,7 @@ int CmdHF14ADesAuth(const char *Cmd){
        
        c.d.asBytes[0] = keylength;
        memcpy(c.d.asBytes+1, key, keylength);
-       
+       clearCommandBuffer();
     SendCommand(&c);
        UsbCommand resp;
        
index 5bb9a91e7892fcd0713d78ba10641c650eb18474..076093392c4ca3744e550e0cdb7521f863458b4b 100644 (file)
@@ -1209,7 +1209,49 @@ int usage_hf_mfu_eload(void) {
        return 0;
 }
 
+int usage_hf_mfu_ucauth(void) {
+       PrintAndLog("Usage:  hf mfu cauth k <key number>");
+       PrintAndLog("      0 (default): 3DES standard key");
+       PrintAndLog("      1 : all 0x00 key");
+       PrintAndLog("      2 : 0x00-0x0F key");
+       PrintAndLog("      3 : nfc key");
+       PrintAndLog("      4 : all 0x01 key");
+       PrintAndLog("      5 : all 0xff key");
+       PrintAndLog("      6 : 0x00-0xFF key");         
+       PrintAndLog("\n      sample : hf mfu cauth k");
+       PrintAndLog("               : hf mfu cauth k 3");
+       return 0;
+}
+
+int usage_hf_mfu_ucsetpwd(void) {
+       PrintAndLog("Usage:  hf mfu setpwd <password (32 hex symbols)>");
+       PrintAndLog("       [password] - (32 hex symbols)");
+       PrintAndLog("");
+       PrintAndLog("sample: hf mfu setpwd 000102030405060708090a0b0c0d0e0f");
+       PrintAndLog("");
+       return 0;
+}
+
+int usage_hf_mfu_ucsetuid(void) {
+       PrintAndLog("Usage:  hf mfu setuid <uid (14 hex symbols)>");
+       PrintAndLog("       [uid] - (14 hex symbols)");
+       PrintAndLog("\nThis only works for Magic Ultralight tags.");
+       PrintAndLog("");
+       PrintAndLog("sample: hf mfu setuid 11223344556677");
+       PrintAndLog("");
+       return 0;
+}
+
+int  usage_hf_mfu_gendiverse(void){
+       PrintAndLog("Usage:  hf mfu gen <uid (8 hex symbols)>");
+       PrintAndLog("");
+       PrintAndLog("sample: hf mfu gen 11223344");
+       PrintAndLog("");
+       return 0;
+}
+
 //
+
 //  Mifare Ultralight / Ultralight-C / Ultralight-EV1
 //  Read and Dump Card Contents,  using auto detection of tag size.
 int CmdHF14AMfUDump(const char *Cmd){
@@ -1455,6 +1497,7 @@ int CmdHF14AMfUDump(const char *Cmd){
 // Ultralight C Methods
 //-------------------------------------------------------------------------------
 
+
 //
 // Ultralight C Authentication Demo {currently uses hard-coded key}
 //
@@ -1472,22 +1515,9 @@ int CmdHF14AMfucAuth(const char *Cmd){
                        errors = true;
        }
 
-       if (cmdp == 'h' || cmdp == 'H')
-               errors = true;
+       if (cmdp == 'h' || cmdp == 'H') errors = true;
        
-       if (errors) {
-               PrintAndLog("Usage:  hf mfu cauth k <key number>");
-               PrintAndLog("      0 (default): 3DES standard key");
-               PrintAndLog("      1 : all 0x00 key");
-               PrintAndLog("      2 : 0x00-0x0F key");
-               PrintAndLog("      3 : nfc key");
-               PrintAndLog("      4 : all 0x01 key");
-               PrintAndLog("      5 : all 0xff key");
-               PrintAndLog("      6 : 0x00-0xFF key");         
-               PrintAndLog("\n      sample : hf mfu cauth k");
-               PrintAndLog("               : hf mfu cauth k 3");
-               return 0;
-       } 
+       if (errors) return usage_hf_mfu_ucauth(); 
 
        uint8_t *key = default_3des_keys[keyNo];
        if (ulc_authentication(key, true))
@@ -1601,17 +1631,9 @@ int CmdTestDES(const char * cmd)
 int CmdHF14AMfucSetPwd(const char *Cmd){
 
        uint8_t pwd[16] = {0x00};       
-       
        char cmdp = param_getchar(Cmd, 0);
 
-       if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') {  
-               PrintAndLog("Usage:  hf mfu setpwd <password (32 hex symbols)>");
-               PrintAndLog("       [password] - (32 hex symbols)");
-               PrintAndLog("");
-               PrintAndLog("sample: hf mfu setpwd 000102030405060708090a0b0c0d0e0f");
-               PrintAndLog("");
-               return 0;
-       }
+       if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_ucsetpwd();
        
        if (param_gethex(Cmd, 0, pwd, 32)) {
                PrintAndLog("Password must include 32 HEX symbols");
@@ -1624,7 +1646,6 @@ int CmdHF14AMfucSetPwd(const char *Cmd){
        SendCommand(&c);
 
        UsbCommand resp;
-       
        if (WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
                if ( (resp.arg[0] & 0xff) == 1)
                        PrintAndLog("Ultralight-C new password: %s", sprint_hex(pwd,16));
@@ -1636,8 +1657,7 @@ int CmdHF14AMfucSetPwd(const char *Cmd){
        else {
                PrintAndLog("command execution time out");
                return 1;
-       }
-       
+       }       
        return 0;
 }
 
@@ -1650,17 +1670,8 @@ int CmdHF14AMfucSetUid(const char *Cmd){
        UsbCommand resp;
        uint8_t uid[7] = {0x00};
        char cmdp = param_getchar(Cmd, 0);
-       
-       if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') {  
-               PrintAndLog("Usage:  hf mfu setuid <uid (14 hex symbols)>");
-               PrintAndLog("       [uid] - (14 hex symbols)");
-               PrintAndLog("\nThis only works for Magic Ultralight tags.");
-               PrintAndLog("");
-               PrintAndLog("sample: hf mfu setuid 11223344556677");
-               PrintAndLog("");
-               return 0;
-       }
-       
+       if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_ucsetuid();
+
        if (param_gethex(Cmd, 0, uid, 14)) {
                PrintAndLog("UID must include 14 HEX symbols");
                return 1;
@@ -1724,14 +1735,20 @@ int CmdHF14AMfucSetUid(const char *Cmd){
 }
 
 int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
+
+       uint8_t uid[4]; 
+       
+       char cmdp = param_getchar(Cmd, 0);
+       if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_gendiverse();
+
+       if (param_gethex(Cmd, 0, uid, 8)) {
+               PrintAndLog("UID must include 8 HEX symbols");
+               return 1;
+       }
        
        uint8_t iv[8] = { 0x00 };
-       uint8_t block = 0x07;
+       uint8_t block = 0x01;
        
-       // UL-EV1
-       //04 57 b6 e2 05 3f 80 UID
-       //4a f8 4b 19   PWD
-       uint8_t uid[] = { 0xF4,0xEA, 0x54, 0x8E };
        uint8_t mifarekeyA[] = { 0xA0,0xA1,0xA2,0xA3,0xA4,0xA5 };
        uint8_t mifarekeyB[] = { 0xB0,0xB1,0xB2,0xB3,0xB4,0xB5 };
        uint8_t dkeyA[8] = { 0x00 };
@@ -1760,15 +1777,13 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
                , divkey         // output
                );
 
-       PrintAndLog("3DES version");
+       PrintAndLog("-- 3DES version");
        PrintAndLog("Masterkey    :\t %s", sprint_hex(masterkey,sizeof(masterkey)));
        PrintAndLog("UID          :\t %s", sprint_hex(uid, sizeof(uid)));
-       PrintAndLog("Sector       :\t %0d", block);
+       PrintAndLog("block        :\t %0d", block);
        PrintAndLog("Mifare key   :\t %s", sprint_hex(mifarekeyA, sizeof(mifarekeyA)));
        PrintAndLog("Message      :\t %s", sprint_hex(mix, sizeof(mix)));
        PrintAndLog("Diversified key: %s", sprint_hex(divkey+1, 6));
-               
-       PrintAndLog("\n DES version");
        
        for (int i=0; i < sizeof(mifarekeyA); ++i){
                dkeyA[i] = (mifarekeyA[i] << 1) & 0xff;
@@ -1798,20 +1813,19 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
                , newpwd         // output
                );
        
+       PrintAndLog("\n-- DES version");
        PrintAndLog("Mifare dkeyA :\t %s", sprint_hex(dkeyA, sizeof(dkeyA)));
        PrintAndLog("Mifare dkeyB :\t %s", sprint_hex(dkeyB, sizeof(dkeyB)));
        PrintAndLog("Mifare ABA   :\t %s", sprint_hex(dmkey, sizeof(dmkey)));
        PrintAndLog("Mifare Pwd   :\t %s", sprint_hex(newpwd, sizeof(newpwd)));
        
+       // next. from the diversify_key method. 
        return 0;
 }
 
 // static uint8_t * diversify_key(uint8_t * key){
        
- // for(int i=0; i<16; i++){
-   // if(i<=6) key[i]^=cuid[i];
-   // if(i>6) key[i]^=cuid[i%7];
- // }
+
  // return key;
 // }
 
index f3add53d584eaa62e80764996761c6b116532a6f..100170e30f333cba658ad4d6b2907405cfb3d47c 100644 (file)
 #include "../common/iso14443crc.h"\r
 #include "cmdhf14a.h"\r
 \r
-#define CONFIGURATION_BLOCK 0x00\r
-#define TRACE_BLOCK 0x01\r
+#define T55x7_CONFIGURATION_BLOCK 0x00\r
+#define T55x7_PAGE0 0x00\r
+#define T55x7_PAGE1 0x01\r
 #define T55x7_PWD      0x00000010\r
+#define REGULAR_READ_MODE_BLOCK 0xFF\r
 \r
 // Default configuration\r
 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00};\r
@@ -50,11 +52,12 @@ int usage_t55xx_config(){
        return 0;\r
 }\r
 int usage_t55xx_read(){\r
-       PrintAndLog("Usage:  lf t55xx read b <block> p <password> <override_safety>");\r
+       PrintAndLog("Usage:  lf t55xx read [b <block>] [p <password>] <override_safety> <page1>");\r
        PrintAndLog("Options:");\r
-    PrintAndLog("     b <block>,       block number to read. Between 0-7");\r
-    PrintAndLog("     p <password>, OPTIONAL password 4bytes (8 hex symbols)");\r
-       PrintAndLog("     o,                    OPTIONAL override safety check");\r
+       PrintAndLog("     b <block>    - block number to read. Between 0-7");\r
+       PrintAndLog("     p <password> - OPTIONAL password (8 hex characters)");\r
+       PrintAndLog("     o            - OPTIONAL override safety check");\r
+       PrintAndLog("     1            - OPTIONAL read Page 1 instead of Page 0");\r
        PrintAndLog("     ****WARNING****");\r
        PrintAndLog("     Use of read with password on a tag not configured for a pwd");\r
        PrintAndLog("     can damage the tag");\r
@@ -67,22 +70,23 @@ int usage_t55xx_read(){
        return 0;\r
 }\r
 int usage_t55xx_write(){\r
-       PrintAndLog("Usage:  lf t55xx write <block> <data> [password]");\r
+       PrintAndLog("Usage:  lf t55xx wr [b <block>] [d <data>] [p <password>] [1]");\r
        PrintAndLog("Options:");\r
-       PrintAndLog("     <block>, block number to write. Between 0-7");\r
-       PrintAndLog("     <data>,  4 bytes of data to write (8 hex symbols)");\r
-    PrintAndLog("     [password], OPTIONAL password 4bytes (8 hex symbols)");\r
+       PrintAndLog("     b <block>    - block number to write. Between 0-7");\r
+       PrintAndLog("     d <data>     - 4 bytes of data to write (8 hex characters)");\r
+       PrintAndLog("     p <password> - OPTIONAL password 4bytes (8 hex characters)");\r
+       PrintAndLog("     1            - OPTIONAL write Page 1 instead of Page 0");\r
     PrintAndLog("");\r
        PrintAndLog("Examples:");\r
-       PrintAndLog("      lf t55xx write 3 11223344           - write 11223344 to block 3");\r
-       PrintAndLog("      lf t55xx write 3 11223344 feedbeef  - write 11223344 to block 3 password feedbeef");\r
+       PrintAndLog("      lf t55xx write b 3 d 11223344            - write 11223344 to block 3");\r
+       PrintAndLog("      lf t55xx write b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");\r
        PrintAndLog("");\r
        return 0;\r
 }\r
 int usage_t55xx_trace() {\r
        PrintAndLog("Usage:  lf t55xx trace [1]");\r
        PrintAndLog("Options:");\r
-       PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
+       PrintAndLog("     [graph buffer data]  - if set, use Graphbuffer otherwise read data from tag.");\r
        PrintAndLog("");\r
        PrintAndLog("Examples:");\r
        PrintAndLog("      lf t55xx trace");\r
@@ -93,7 +97,7 @@ int usage_t55xx_trace() {
 int usage_t55xx_info() {\r
        PrintAndLog("Usage:  lf t55xx info [1]");\r
        PrintAndLog("Options:");\r
-       PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
+       PrintAndLog("     [graph buffer data]  - if set, use Graphbuffer otherwise read data from tag.");\r
        PrintAndLog("");\r
        PrintAndLog("Examples:");\r
        PrintAndLog("      lf t55xx info");\r
@@ -102,20 +106,21 @@ int usage_t55xx_info() {
        return 0;\r
 }\r
 int usage_t55xx_dump(){\r
-       PrintAndLog("Usage:  lf t55xx dump <password>");\r
+       PrintAndLog("Usage:  lf t55xx dump <password> [o]");\r
        PrintAndLog("Options:");\r
-    PrintAndLog("     <password>, OPTIONAL password 4bytes (8 hex symbols)");\r
+       PrintAndLog("     <password>  - OPTIONAL password 4bytes (8 hex symbols)");\r
+       PrintAndLog("     o           - OPTIONAL override, force pwd read despite danger to card");\r
        PrintAndLog("");\r
        PrintAndLog("Examples:");\r
        PrintAndLog("      lf t55xx dump");\r
-       PrintAndLog("      lf t55xx dump feedbeef");\r
+       PrintAndLog("      lf t55xx dump feedbeef o");\r
        PrintAndLog("");\r
        return 0;\r
 }\r
 int usage_t55xx_detect(){\r
        PrintAndLog("Usage:  lf t55xx detect [1]");\r
        PrintAndLog("Options:");\r
-       PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
+       PrintAndLog("     [graph buffer data]  - if set, use Graphbuffer otherwise read data from tag.");\r
        PrintAndLog("");\r
        PrintAndLog("Examples:");\r
        PrintAndLog("      lf t55xx detect");\r
@@ -146,8 +151,7 @@ int CmdT55xxSetConfig(const char *Cmd) {
        char tmp = 0x00;\r
        uint8_t bitRate = 0;\r
        uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};\r
-       while(param_getchar(Cmd, cmdp) != 0x00 && !errors)\r
-       {\r
+       while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
                tmp = param_getchar(Cmd, cmdp);\r
                switch(tmp)\r
                {\r
@@ -234,12 +238,43 @@ int CmdT55xxSetConfig(const char *Cmd) {
        return printConfiguration ( config );\r
 }\r
 \r
+int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){\r
+       //Password mode\r
+       if ( usepwd ) {\r
+               // try reading the config block and verify that PWD bit is set before doing this!\r
+               if ( !override ) {\r
+                       \r
+                       if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0 ) ) return 0;\r
+                       \r
+                       if ( !tryDetectModulation() ) {\r
+                               PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
+                               return 0;\r
+                       } else {\r
+                               PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");   \r
+                               usepwd = false;\r
+                               page1 = false;\r
+                       }\r
+               } else {\r
+                       PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
+               }\r
+       }\r
+\r
+       if (!AquireData(page1, block, usepwd, password) ) return 0;\r
+       if (!DecodeT55xxBlock()) return 0;\r
+\r
+       char blk[10]={0};\r
+       sprintf(blk,"%d", block);\r
+       printT55xxBlock(blk);   \r
+       return 1;\r
+}\r
+\r
 int CmdT55xxReadBlock(const char *Cmd) {\r
-       uint8_t block = 255;\r
+       uint8_t block = REGULAR_READ_MODE_BLOCK;\r
        uint32_t password = 0; //default to blank Block 7\r
-       bool usepwd = FALSE;\r
-       bool override = FALSE;  \r
-       bool errors = FALSE;\r
+       bool usepwd = false;\r
+       bool override = false;\r
+       bool page1 = false;\r
+       bool errors = false;\r
        uint8_t cmdp = 0;\r
        while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
                switch(param_getchar(Cmd, cmdp)) {\r
@@ -258,10 +293,14 @@ int CmdT55xxReadBlock(const char *Cmd) {
                        break;\r
                case 'p':\r
                case 'P':\r
-                       password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);\r
-                       usepwd = TRUE;\r
+                       password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+                       usepwd = true;\r
                        cmdp += 2;\r
                        break;\r
+               case '1':\r
+                       page1 = true;\r
+                       cmdp++;\r
+                       break;\r
                default:\r
                        PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
                        errors = true;\r
@@ -270,49 +309,13 @@ int CmdT55xxReadBlock(const char *Cmd) {
        }\r
        if (errors) return usage_t55xx_read();\r
 \r
-       if ( block > 7 ) {\r
+       if (block > 7 && block != REGULAR_READ_MODE_BLOCK       ) {\r
                PrintAndLog("Block must be between 0 and 7");\r
-               return 1;\r
-       }       \r
-\r
-       UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};\r
-\r
-       //Password mode\r
-       if ( usepwd ) {\r
-               \r
-               // try reading the config block and verify that PWD bit is set before doing this!\r
-               if ( !override ) {\r
-                       AquireData( CONFIGURATION_BLOCK );\r
-                       if ( !tryDetectModulation() ) {\r
-                               PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
-                               return 1;\r
-                       } else {                \r
-                               PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");   \r
-                       }\r
-               } else {                \r
-                       PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
-                       c.arg[0] = usepwd;\r
-               }\r
-       }\r
-\r
-       clearCommandBuffer();\r
-       SendCommand(&c);\r
-       if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
-               PrintAndLog("command execution time out");\r
-               return 2;\r
+               return 0;\r
        }\r
-       \r
-       uint8_t got[12000];\r
-       GetFromBigBuf(got,sizeof(got),0);\r
-       WaitForResponse(CMD_ACK,NULL);\r
-       setGraphBuf(got, sizeof(got));\r
-\r
-       if (!DecodeT55xxBlock()) return 3;\r
-       \r
-       char blk[10]={0};\r
-       sprintf(blk,"%d", block);       \r
-       printT55xxBlock(blk);\r
-       return 0;\r
+       PrintAndLog("Reading Page %d:", page1); \r
+       PrintAndLog("blk | hex data | binary");\r
+       return T55xxReadBlock(block, page1, usepwd, override, password);\r
 }\r
 \r
 bool DecodeT55xxBlock(){\r
@@ -323,9 +326,6 @@ bool DecodeT55xxBlock(){
        uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};\r
        DemodBufferLen = 0x00;\r
 \r
-       //trim 1/2 a clock from beginning\r
-       //snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );\r
-       //CmdLtrim(cmdStr);\r
        switch( config.modulation ){\r
                case DEMOD_FSK:\r
                        snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );\r
@@ -372,21 +372,36 @@ bool DecodeT55xxBlock(){
 \r
 int CmdT55xxDetect(const char *Cmd){\r
 \r
+       bool override = false;\r
+       //bool pwdmode = false;\r
+\r
+       uint32_t password = 0; //default to blank Block 7\r
+       bool usepwd = ( strlen(Cmd) > 0);       \r
+       if ( usepwd ){\r
+               password = param_get32ex(Cmd, 0, 0, 16);\r
+               if (param_getchar(Cmd, 1) =='o' )\r
+                       override = true;\r
+       }\r
+\r
        char cmdp = param_getchar(Cmd, 0);\r
        if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_detect();\r
        \r
-       if (strlen(Cmd)==0)\r
-               AquireData( CONFIGURATION_BLOCK );\r
+       if (strlen(Cmd)==0) {\r
+               password = param_get32ex(Cmd, 0, 0, 16);\r
+               if (param_getchar(Cmd, 1) =='o' ) override = true;\r
+       }\r
 \r
+       if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password) )\r
+               return 0;\r
+               \r
        if ( !tryDetectModulation() )\r
                PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");\r
 \r
-       return 0;\r
+       return 1;\r
 }\r
 \r
 // detect configuration?\r
 bool tryDetectModulation(){\r
-       //char cmdStr[8] = {0};\r
        uint8_t hits = 0;\r
        t55xx_conf_block_t tests[15];\r
        int bitRate=0;\r
@@ -394,8 +409,6 @@ bool tryDetectModulation(){
        save_restoreGB(1);\r
        if (GetFskClock("", FALSE, FALSE)){ \r
                fskClocks(&fc1, &fc2, &clk, FALSE);\r
-               //sprintf(cmdStr,"%d", clk/2);\r
-               //CmdLtrim(cmdStr);\r
                if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate)){\r
                        tests[hits].modulation = DEMOD_FSK;\r
                        if (fc1==8 && fc2 == 5)\r
@@ -422,8 +435,6 @@ bool tryDetectModulation(){
        } else {\r
                clk = GetAskClock("", FALSE, FALSE);\r
                if (clk>0) {\r
-                       //sprintf(cmdStr,"%d", clk/2);\r
-                       //CmdLtrim(cmdStr);\r
                        if ( ASKDemod("0 0 0", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate)) {\r
                                tests[hits].modulation = DEMOD_ASK;\r
                                tests[hits].bitrate = bitRate;\r
@@ -457,8 +468,6 @@ bool tryDetectModulation(){
                save_restoreGB(0);\r
                clk = GetNrzClock("", FALSE, FALSE);\r
                if (clk>0) {\r
-                       //sprintf(cmdStr,"%d", clk/2);\r
-                       //CmdLtrim(cmdStr);\r
                        if ( NRZrawDemod("0 0 1", FALSE)  && test(DEMOD_NRZ, &tests[hits].offset, &bitRate)) {\r
                                tests[hits].modulation = DEMOD_NRZ;\r
                                tests[hits].bitrate = bitRate;\r
@@ -480,9 +489,6 @@ bool tryDetectModulation(){
                save_restoreGB(0);\r
                clk = GetPskClock("", FALSE, FALSE);\r
                if (clk>0) {\r
-                       //PrintAndLog("clk %d",clk);\r
-                       //sprintf(cmdStr,"%d", clk/2);\r
-                       //CmdLtrim(cmdStr);     \r
                        if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate)) {\r
                                tests[hits].modulation = DEMOD_PSK1;\r
                                tests[hits].bitrate = bitRate;\r
@@ -700,66 +706,126 @@ int printConfiguration( t55xx_conf_block_t b){
        return 0;\r
 }\r
 \r
+int CmdT55xxWakeUp(const char *Cmd) {\r
+       uint32_t password = 0;\r
+       uint8_t cmdp = 0;\r
+       bool errors = false;\r
+       while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+               switch(param_getchar(Cmd, cmdp)) {\r
+               case 'h':\r
+               case 'H':\r
+                       return usage_t55xx_wakup();\r
+               case 'p':\r
+               case 'P':\r
+                       password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+                       cmdp += 2;\r
+                       errors = false;\r
+                       break;\r
+               default:\r
+                       PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+                       errors = true;\r
+                       break;\r
+               }\r
+       }\r
+       if (errors) return usage_t55xx_wakup();\r
+\r
+       UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
+       clearCommandBuffer();\r
+       SendCommand(&c);\r
+       PrintAndLog("Wake up command sent. Try read now");\r
+       return 0;\r
+}\r
+\r
 int CmdT55xxWriteBlock(const char *Cmd) {\r
-       int block = 8; //default to invalid block\r
-       int data = 0xFFFFFFFF; //default to blank Block \r
-       int password = 0xFFFFFFFF; //default to blank Block 7\r
-       \r
-       char cmdp = param_getchar(Cmd, 0);\r
-       if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_write();\r
\r
-       int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);\r
-       \r
-       if ( res < 2 || res > 3) {\r
-               usage_t55xx_write();\r
-               return 1;\r
+       uint8_t block = 0xFF; //default to invalid block\r
+       uint32_t data = 0; //default to blank Block \r
+       uint32_t password = 0; //default to blank Block 7\r
+       bool usepwd = false;\r
+       bool page1 = false;     \r
+       bool gotdata = false;\r
+       bool errors = false;\r
+       uint8_t cmdp = 0;\r
+       while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+               switch(param_getchar(Cmd, cmdp)) {\r
+               case 'h':\r
+               case 'H':\r
+                       return usage_t55xx_write();\r
+               case 'b':\r
+               case 'B':\r
+                       errors |= param_getdec(Cmd, cmdp+1, &block);\r
+                       cmdp += 2;\r
+                       break;\r
+               case 'd':\r
+               case 'D':\r
+                       data = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+                       gotdata = true;\r
+                       cmdp += 2;\r
+                       break;\r
+               case 'p':\r
+               case 'P':\r
+                       password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+                       usepwd = true;\r
+                       cmdp += 2;\r
+                       break;\r
+               case '1':\r
+                       page1 = true;\r
+                       cmdp++;\r
+                       break;\r
+               default:\r
+                       PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+                       errors = true;\r
+                       break;\r
+               }\r
        }\r
+       if (errors || !gotdata) return usage_t55xx_write();\r
 \r
        if (block > 7) {\r
                PrintAndLog("Block number must be between 0 and 7");\r
-               return 1;\r
+               return 0;\r
        }\r
        \r
        UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};\r
        UsbCommand resp;\r
-       c.d.asBytes[0] = 0x0; \r
+       c.d.asBytes[0] = (page1) ? 0x2 : 0; \r
 \r
-       PrintAndLog("Writing to block: %d  data  : 0x%08X", block, data);\r
+       PrintAndLog("Writing to page: %d  block: %d  data : 0x%08X", page1, block, data);\r
 \r
        //Password mode\r
-       if (res == 3) {\r
+       if (usepwd) {\r
                c.arg[2] = password;\r
-               c.d.asBytes[0] = 0x1; \r
+               c.d.asBytes[0] |= 0x1; \r
                PrintAndLog("pwd   : 0x%08X", password);\r
        }\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
        if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
                PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
-               return -1;\r
-       }\r
        return 0;\r
+       }\r
+       return 1;\r
 }\r
 \r
 int CmdT55xxReadTrace(const char *Cmd) {\r
        char cmdp = param_getchar(Cmd, 0);\r
-       \r
+       bool pwdmode = false;\r
+       uint32_t password = 0;  \r
        if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();\r
 \r
        if (strlen(Cmd)==0)\r
-               AquireData( TRACE_BLOCK );\r
+               if ( !AquireData( T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )\r
+                       return 0;\r
        \r
-       if (!DecodeT55xxBlock()) return 1;\r
+       if (!DecodeT55xxBlock()) return 0;\r
 \r
-       if ( !DemodBufferLen) return 1;\r
+       if ( !DemodBufferLen) return 0;\r
        \r
        RepaintGraphWindow();\r
        uint8_t repeat = 0;\r
        if (config.offset > 5) \r
                repeat = 32;\r
        uint8_t si = config.offset+repeat;\r
-       uint32_t bl0     = PackBits(si, 32, DemodBuffer);\r
-       uint32_t bl1     = PackBits(si+32, 32, DemodBuffer);\r
+       uint32_t bl1     = PackBits(si, 32, DemodBuffer);\r
+       uint32_t bl2     = PackBits(si+32, 32, DemodBuffer);\r
        \r
        uint32_t acl     = PackBits(si, 8,  DemodBuffer); si += 8;\r
        uint32_t mfc     = PackBits(si, 8,  DemodBuffer); si += 8;\r
@@ -780,7 +846,7 @@ int CmdT55xxReadTrace(const char *Cmd) {
 \r
        if ( acl != 0xE0 ) {\r
                PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");\r
-               return 1;\r
+               return 0;\r
        }\r
 \r
        PrintAndLog("");\r
@@ -797,8 +863,8 @@ int CmdT55xxReadTrace(const char *Cmd) {
        PrintAndLog("     Die Number   : %d", dw);\r
        PrintAndLog("-------------------------------------------------------------");\r
        PrintAndLog(" Raw Data - Page 1");\r
-       PrintAndLog("     Block 0  : 0x%08X  %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );\r
-       PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );\r
+       PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat,32) );\r
+       PrintAndLog("     Block 2  : 0x%08X  %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );\r
        PrintAndLog("-------------------------------------------------------------");\r
 \r
        /*\r
@@ -827,12 +893,15 @@ int CmdT55xxInfo(const char *Cmd){
                Normal mode\r
                Extended mode\r
        */\r
+       bool pwdmode = false;\r
+       uint32_t password = 0;\r
        char cmdp = param_getchar(Cmd, 0);\r
 \r
        if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();\r
        \r
        if (strlen(Cmd)==0)\r
-               AquireData( CONFIGURATION_BLOCK );\r
+               if ( !AquireData( T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password ) )\r
+                       return 1;\r
 \r
        if (!DecodeT55xxBlock()) return 1;\r
 \r
@@ -883,55 +952,50 @@ int CmdT55xxInfo(const char *Cmd){
 \r
 int CmdT55xxDump(const char *Cmd){\r
 \r
-       char s[20] = {0x00};\r
-       uint8_t pwd[4] = {0x00};\r
-       char cmdp = param_getchar(Cmd, 0);\r
+       uint32_t password = 0;\r
+       bool override = false;\r
+       char cmdp = param_getchar(Cmd, 0);      \r
        if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();\r
 \r
-       bool hasPwd = ( strlen(Cmd) > 0);       \r
-       if ( hasPwd ){\r
-               if (param_gethex(Cmd, 0, pwd, 8)) {\r
-                       PrintAndLog("password must include 8 HEX symbols");\r
-                       return 1;\r
-               }\r
+       bool usepwd = ( strlen(Cmd) > 0);       \r
+       if ( usepwd ){\r
+               password = param_get32ex(Cmd, 0, 0, 16);\r
+               if (param_getchar(Cmd, 1) =='o' )\r
+                       override = true;\r
        }\r
        \r
-       for ( int i = 0; i <8; ++i){\r
-               memset(s,0,sizeof(s));\r
-               if ( hasPwd ) {\r
-                       sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);\r
-               } else {\r
-                       sprintf(s,"%d", i);\r
-               }\r
-               CmdT55xxReadBlock(s);\r
+       PrintAndLog("Reading Page 0:"); \r
+       PrintAndLog("blk | hex data | binary");\r
+       for ( uint8_t i = 0; i < 8; ++i){\r
+               T55xxReadBlock(i, 0, usepwd, override, password);\r
        }\r
-       return 0;\r
+       PrintAndLog("Reading Page 1:"); \r
+       PrintAndLog("blk | hex data | binary");\r
+       for ( uint8_t   i = 0; i < 4; i++){\r
+               T55xxReadBlock(i, 1, usepwd, override, password);               \r
+       }\r
+       return 1;\r
 }\r
 \r
-int AquireData( uint8_t block ){\r
-       \r
-       uint32_t password = 0;\r
-       UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, password}};\r
-       \r
-       if ( block == CONFIGURATION_BLOCK ) {\r
-               c.arg[0] = 0x00 | 0x01;\r
-       }\r
-       else if (block == TRACE_BLOCK ) {\r
-               c.arg[0] = 0x02 | 0x01;\r
-       }\r
+int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){\r
+       // arg0 bitmodes:\r
+       // bit0 = pwdmode\r
+       // bit1 = page to read from\r
+       uint8_t arg0 = (page<<1) | pwdmode;\r
+       UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};\r
        \r
        clearCommandBuffer();\r
        SendCommand(&c);\r
        if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
                PrintAndLog("command execution time out");\r
-               return 1;\r
+               return 0;\r
        }\r
 \r
        uint8_t got[12000];\r
        GetFromBigBuf(got,sizeof(got),0);\r
        WaitForResponse(CMD_ACK,NULL);\r
-       setGraphBuf(got, 12000);\r
-       return 0;\r
+       setGraphBuf(got, sizeof(got));\r
+       return 1;\r
 }\r
 \r
 char * GetBitRateStr(uint32_t id){\r
@@ -1099,35 +1163,6 @@ void t55x7_create_config_block( int tagtype ){
        \r
 }\r
 \r
-int CmdT55xxWakeUp(const char *Cmd) {\r
-       uint32_t password = 0;\r
-       uint8_t cmdp = 0;\r
-       bool errors = false;\r
-       while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
-               switch(param_getchar(Cmd, cmdp)) {\r
-               case 'h':\r
-               case 'H':\r
-                       return usage_t55xx_wakup();\r
-               case 'p':\r
-               case 'P':\r
-                       password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);\r
-                       cmdp+=2;\r
-                       break;\r
-               default:\r
-                       PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
-                       errors = true;\r
-                       break;\r
-               }\r
-       }\r
-       if (errors) return usage_t55xx_wakup();\r
-\r
-       UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
-       clearCommandBuffer();\r
-       SendCommand(&c);\r
-       PrintAndLog("Wake up command sent. Try read now");\r
-       return 0;\r
-}\r
-\r
 /*\r
 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){\r
        \r
@@ -1148,14 +1183,13 @@ static command_t CommandTable[] =
   {"help",   CmdHelp,           1, "This help"},\r
   {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},\r
   {"detect", CmdT55xxDetect,    0, "[1] Try detecting the tag modulation from reading the configuration block."},\r
-  {"read",   CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},\r
-  {"write",  CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},\r
+  {"read",   CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},\r
+  {"write",  CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},\r
   {"trace",  CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},\r
   {"info",   CmdT55xxInfo,      0, "[1] Show T55xx configuration data (page 0/ blk 0)"},\r
-  {"dump",   CmdT55xxDump,      0, "[password] Dump T55xx card block 0-7. [optional password]"},\r
+  {"dump",   CmdT55xxDump,      0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},\r
   {"special", special,          0, "Show block changes with 64 different offsets"},\r
   {"wakeup", CmdT55xxWakeUp,    0, "Send AOR wakeup command"},\r
-  \r
   {NULL, NULL, 0, NULL}\r
 };\r
 \r
index 0fe1b0be71ac89b77d8fbcb7750ad9ea5451a372..ac188963ea6d8e0510cb993766aeb0d3818c0719 100644 (file)
@@ -82,6 +82,6 @@ bool DecodeT55xxBlock();
 bool tryDetectModulation();\r
 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate);\r
 int special(const char *Cmd);\r
-int AquireData( uint8_t block );\r
+int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );\r
 \r
 #endif\r
index b662b9295693f8ddb3650ddbd4c78c68ed066f72..739e24475319e0124824583bdeb46440952e5ba2 100644 (file)
@@ -196,6 +196,8 @@ typedef struct{
 #define CMD_MIFARE_DESFIRE                                                0x072e
 
 #define CMD_MIFARE_COLLECT_NONCES                                                                                0x072f
+                                
+#define CMD_HF_SNIFFER                                                    0x0800
 
 #define CMD_UNKNOWN                                                       0xFFFF
 
index dd5544cb01a25d6e55b3bf67dfda6d8f3c00f0a8..5ff64bb59c451b8c10c966717a4ea7bee91f1c45 100644 (file)
@@ -44,7 +44,7 @@ local _commands = {
        CMD_INDALA_CLONE_TAG_L =                                             0x0213,
        CMD_T55XX_READ_BLOCK =                                               0x0214,
        CMD_T55XX_WRITE_BLOCK =                                              0x0215,
-       CMD_T55XX_READ_TRACE =                                               0x0216,
+       --//CMD_T55XX_READ_TRACE =                                               0x0216,
        CMD_PCF7931_READ =                                                   0x0217,
        CMD_PCF7931_WRITE =                                                  0x0223,
        CMD_EM4X_READ_WORD =                                                 0x0218,
@@ -157,7 +157,8 @@ local _commands = {
        CMD_MIFARE_DES_READER =                                              0x072c,
        CMD_MIFARE_DESFIRE_INFO =                                            0x072d,
        CMD_MIFARE_DESFIRE =                                                 0x072e,
-       
+    CMD_HF_SNIFFER =                                                     0x0800,       
+
        CMD_UNKNOWN =                                                        0xFFFF,
 }
 
index 63d7f44e6f53e45148e355b9649bfef74902db88..5d9ce55a716b3c8380d26c27b1a51d95e0bf682c 100644 (file)
@@ -53,7 +53,7 @@ static int l_SendCommand(lua_State *L){
     const char *data = luaL_checklstring(L, 1, &size);
     if(size != sizeof(UsbCommand))
     {
-        printf("Got data size %d, expected %d" , size, sizeof(UsbCommand));
+               printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
         lua_pushstring(L,"Wrong data size");
         return 1;
     }
index 98ff4d0d8aa2ae64b5caf4d74b63c6d22d0a77f7..72ad0758b65c6d00b8c91309547de8ccc09426c1 100644 (file)
@@ -67,7 +67,8 @@ VPATH = . ../common ../fpga ../zlib
 
 INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES)
 
-CFLAGS =  -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os
+#-Wunused -Wsign-compare -Wtype-limits -Wuninitialized -Wno-deprecated -Wstrict-aliasing -Wpointer-arith -Wpointer-arith -Wformat-nonliteral -Winit-self -Wparentheses -Wunreachable-code
+CFLAGS =  -c $(INCLUDE) -Wall -Werror -pedantic -Wunused -std=c99 $(APP_CFLAGS) -Os
 LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
 
 LIBS = -lgcc
index 0f8dd4522c2127e56f493d8206b381a9f029e497..9a4051c9b125a29bc7baabf1a82d2d4b1e37de73 100644 (file)
@@ -282,6 +282,16 @@ int manrawdecode(uint8_t * BitStream, size_t *size, uint8_t invert)
        return bestErr;
 }
 
+uint32_t manchesterEncode2Bytes(uint16_t datain) {
+       uint32_t output = 0;
+       uint8_t curBit = 0;
+       for (uint8_t i=0; i<16; i++) {
+               curBit = (datain >> (15-i) & 1);
+               output |= (1<<(((15-i)*2)+curBit));
+       }
+       return output;
+}
+
 //by marshmellow
 //encode binary data into binary manchester 
 int ManchesterEncode(uint8_t *BitStream, size_t size)
index 3b807b56c8639d46d27ab6cfb2d22a108149d88e..758201992fa43d3e1322f00d74fd74336e21a5c4 100644 (file)
@@ -30,6 +30,7 @@ int      DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t
 uint8_t  Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
 int      fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
 int      getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
+uint32_t manchesterEncode2Bytes(uint16_t datain);
 int      ManchesterEncode(uint8_t *BitStream, size_t size);
 int      manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert);
 int      nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr);
index 0a523da3ab993021fc13318903c3114a9326c16c..ee8abaddcf65fbebcc559a65542411d08b522f28 100644 (file)
@@ -3,13 +3,36 @@
 #include <stdint.h>
 #include <stdarg.h>
 #include "protocols.h"
+
+// ATA55xx shared presets & routines
+uint32_t GetT55xxClockBit(uint32_t clock) {
+       switch (clock) {
+               case 128:
+                       return T55x7_BITRATE_RF_128;
+               case 100:
+                       return T55x7_BITRATE_RF_100;
+               case 64:
+                       return T55x7_BITRATE_RF_64;
+               case 50:
+                       return T55x7_BITRATE_RF_50;
+               case 40:
+                       return T55x7_BITRATE_RF_40;
+               case 32:
+                       return T55x7_BITRATE_RF_32;
+               case 16:
+                       return T55x7_BITRATE_RF_16;
+               case 8:
+                       return T55x7_BITRATE_RF_8;
+               default:
+                       return 0;
+       }
+}
+
 #ifndef ON_DEVICE
 #include "ui.h"
 #define prnt PrintAndLog
-#endif
-
-
 
+// iclass / picopass chip config structures and shared routines
 typedef struct {
        uint8_t app_limit;      //[8]
        uint8_t otp[2];         //[9-10]
@@ -31,20 +54,7 @@ typedef struct {
 
 }picopass_hdr;
 
-
-//#define prnt printf
-/*void prnt(char *fmt,...)
-{
-       va_list argptr;
-       va_start(argptr, fmt);
-       vprintf(fmt, argptr);
-       printf("          "); // cleaning prompt
-       va_end(argptr);
-       printf("\n");
-}
-*/
-uint8_t isset(uint8_t val, uint8_t mask)
-{
+uint8_t isset(uint8_t val, uint8_t mask) {
        return (val & mask);
 }
 
@@ -52,8 +62,7 @@ uint8_t notset(uint8_t val, uint8_t mask){
        return !(val & mask);
 }
 
-void fuse_config(const picopass_hdr *hdr)
-{
+void fuse_config(const picopass_hdr *hdr) {
        uint8_t fuses = hdr->conf.fuses;
 
        if (isset(fuses,FUSE_FPERS))prnt("      Mode: Personalization [Programmable]");
@@ -104,8 +113,7 @@ void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *
        }
 }
 
-void mem_app_config(const picopass_hdr *hdr)
-{
+void mem_app_config(const picopass_hdr *hdr) {
        uint8_t mem = hdr->conf.mem_config;
        uint8_t chip = hdr->conf.chip_config;
        uint8_t applimit = hdr->conf.app_limit;
@@ -118,28 +126,25 @@ void mem_app_config(const picopass_hdr *hdr)
        prnt("  AA1: blocks 06-%02X", applimit);
        prnt("  AA2: blocks %02X-%02X", applimit+1, max_blk);
 }
-void print_picopass_info(const picopass_hdr *hdr)
-{
+void print_picopass_info(const picopass_hdr *hdr) {
        fuse_config(hdr);
        mem_app_config(hdr);
 }
-void printIclassDumpInfo(uint8_t* iclass_dump)
-{
-//     picopass_hdr hdr;
-//     memcpy(&hdr, iclass_dump, sizeof(picopass_hdr));
+void printIclassDumpInfo(uint8_t* iclass_dump) {
        print_picopass_info((picopass_hdr *) iclass_dump);
 }
 
 /*
-void test()
-{
+void test() {
        picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
        prnt("Picopass configuration:");
        print_picopass_info(&hdr);
 }
-int main(int argc, char *argv[])
-{
+int main(int argc, char *argv[]) {
        test();
        return 0;
 }
 */
+
+#endif
+//ON_DEVICE
index e676cbfe59837568bcfc1a97ce7ee54b7d30454d..d20c95fc29c51a8e033f0d6eb4a134fbb3d4a202 100644 (file)
@@ -267,4 +267,57 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 void printIclassDumpInfo(uint8_t* iclass_dump);
 void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb);
 
-#endif // PROTOCOLS_H
+/* T55x7 configuration register definitions */
+#define T55x7_POR_DELAY                        0x00000001
+#define T55x7_ST_TERMINATOR            0x00000008
+#define T55x7_PWD                      0x00000010
+#define T55x7_MAXBLOCK_SHIFT           5
+#define T55x7_AOR                      0x00000200
+#define T55x7_PSKCF_RF_2               0
+#define T55x7_PSKCF_RF_4               0x00000400
+#define T55x7_PSKCF_RF_8               0x00000800
+#define T55x7_MODULATION_DIRECT                0
+#define T55x7_MODULATION_PSK1          0x00001000
+#define T55x7_MODULATION_PSK2          0x00002000
+#define T55x7_MODULATION_PSK3          0x00003000
+#define T55x7_MODULATION_FSK1          0x00004000
+#define T55x7_MODULATION_FSK2          0x00005000
+#define T55x7_MODULATION_FSK1a         0x00006000
+#define T55x7_MODULATION_FSK2a         0x00007000
+#define T55x7_MODULATION_MANCHESTER    0x00008000
+#define T55x7_MODULATION_BIPHASE       0x00010000
+#define T55x7_MODULATION_DIPHASE       0x00018000
+#define T55x7_BITRATE_RF_8             0
+#define T55x7_BITRATE_RF_16            0x00040000
+#define T55x7_BITRATE_RF_32            0x00080000
+#define T55x7_BITRATE_RF_40            0x000C0000
+#define T55x7_BITRATE_RF_50            0x00100000
+#define T55x7_BITRATE_RF_64            0x00140000
+#define T55x7_BITRATE_RF_100           0x00180000
+#define T55x7_BITRATE_RF_128           0x001C0000
+
+/* T5555 (Q5) configuration register definitions */
+#define T5555_ST_TERMINATOR            0x00000001
+#define T5555_MAXBLOCK_SHIFT           0x00000001
+#define T5555_MODULATION_MANCHESTER    0
+#define T5555_MODULATION_PSK1          0x00000010
+#define T5555_MODULATION_PSK2          0x00000020
+#define T5555_MODULATION_PSK3          0x00000030
+#define T5555_MODULATION_FSK1          0x00000040
+#define T5555_MODULATION_FSK2          0x00000050
+#define T5555_MODULATION_BIPHASE       0x00000060
+#define T5555_MODULATION_DIRECT                0x00000070
+#define T5555_INVERT_OUTPUT            0x00000080
+#define T5555_PSK_RF_2                 0
+#define T5555_PSK_RF_4                 0x00000100
+#define T5555_PSK_RF_8                 0x00000200
+#define T5555_USE_PWD                  0x00000400
+#define T5555_USE_AOR                  0x00000800
+#define T5555_BITRATE_SHIFT            12
+#define T5555_FAST_WRITE               0x00004000
+#define T5555_PAGE_SELECT              0x00008000
+
+uint32_t GetT55xxClockBit(uint32_t clock);
+
+#endif 
+// PROTOCOLS_H
index fad2ff04c13ab90f4285e631932c4ae803d97335..e58d6fc4126fe3e47173543f59b9b7de0840367f 100644 (file)
@@ -9,7 +9,7 @@ fpga_hf.ngc: fpga_hf.v fpga.ucf xst_hf.scr util.v hi_simulate.v hi_read_tx.v hi_
        $(DELETE) $@
        $(XILINX_TOOLS_PREFIX)xst -ifn xst_hf.scr
 
-fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v
+fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v hi_sniffer.v
        $(DELETE) $@
        $(XILINX_TOOLS_PREFIX)xst -ifn xst_lf.scr
 
index 8a465e75c5304452b598d5d28d5f2f4ae16f8c6f..264e1b0c61beea3dc1b3248f1b73293b5d41311f 100644 (file)
@@ -17,6 +17,7 @@
 `include "hi_read_rx_xcorr.v"
 `include "hi_simulate.v"
 `include "hi_iso14443a.v"
+`include "hi_sniffer.v"
 `include "util.v"
 
 module fpga_hf(
@@ -122,25 +123,36 @@ hi_iso14443a hisn(
        hi_simulate_mod_type
 );
 
+hi_sniffer he(
+       pck0, ck_1356meg, ck_1356megb,
+       he_pwr_lo, he_pwr_hi, he_pwr_oe1, he_pwr_oe2, he_pwr_oe3,       he_pwr_oe4,
+       adc_d, he_adc_clk,
+       he_ssp_frame, he_ssp_din, ssp_dout, he_ssp_clk,
+       cross_hi, cross_lo,
+       he_dbg,
+       hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
+);
+
 // Major modes:
 
 //   000 --  HF reader, transmitting to tag; modulation depth selectable
 //   001 --  HF reader, receiving from tag, correlating as it goes; frequency selectable
 //   010 --  HF simulated tag
 //   011 --  HF ISO14443-A
+//   100 --  HF Snoop
 //   111 --  everything off
 
-mux8 mux_ssp_clk               (major_mode, ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_din               (major_mode, ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_frame             (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe1               (major_mode, pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe2               (major_mode, pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe3               (major_mode, pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe4               (major_mode, pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_lo                        (major_mode, pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_hi                        (major_mode, pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_adc_clk               (major_mode, adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_dbg                   (major_mode, dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_clk               (major_mode, ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   he_ssp_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_din               (major_mode, ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   he_ssp_din, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_frame             (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, he_ssp_frame, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe1               (major_mode, pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   he_pwr_oe1, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe2               (major_mode, pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   he_pwr_oe2, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe3               (major_mode, pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   he_pwr_oe3, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe4               (major_mode, pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   he_pwr_oe4, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_lo                        (major_mode, pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    he_pwr_lo, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_hi                        (major_mode, pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    he_pwr_hi, 1'b0, 1'b0, 1'b0);
+mux8 mux_adc_clk               (major_mode, adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   he_adc_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_dbg                   (major_mode, dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       he_dbg, 1'b0, 1'b0, 1'b0);
 
 // In all modes, let the ADC's outputs be enabled.
 assign adc_noe = 1'b0;
diff --git a/fpga/hi_sniffer.v b/fpga/hi_sniffer.v
new file mode 100644 (file)
index 0000000..f9d8ba9
--- /dev/null
@@ -0,0 +1,77 @@
+
+module hi_sniffer(
+    pck0, ck_1356meg, ck_1356megb,
+    pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
+    adc_d, adc_clk,
+    ssp_frame, ssp_din, ssp_dout, ssp_clk,
+    cross_hi, cross_lo,
+    dbg,
+    xcorr_is_848, snoop, xcorr_quarter_freq // not used.
+);
+    input pck0, ck_1356meg, ck_1356megb;
+    output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
+    input [7:0] adc_d;
+    output adc_clk;
+    input ssp_dout;
+    output ssp_frame, ssp_din, ssp_clk;
+    input cross_hi, cross_lo;
+    output dbg;
+    input xcorr_is_848, snoop, xcorr_quarter_freq; // not used.
+
+// We are only snooping, all off.
+assign pwr_hi  = 1'b0;// ck_1356megb & (~snoop);
+assign pwr_oe1 = 1'b0;
+assign pwr_oe2 = 1'b0;
+assign pwr_oe3 = 1'b0;
+assign pwr_oe4 = 1'b0;
+
+reg ssp_clk = 1'b0;
+reg ssp_frame;
+reg adc_clk;
+reg [7:0] adc_d_out = 8'd0;
+reg [7:0] ssp_cnt = 8'd0;
+reg [7:0] pck_divider = 8'd0;
+reg ant_lo = 1'b0;
+reg bit_to_send = 1'b0;
+
+always @(ck_1356meg, pck0) // should synthetisize to a mux..
+  begin
+    adc_clk = ck_1356meg;
+    ssp_clk = ~ck_1356meg;
+  end
+
+reg [7:0] cnt_test = 8'd0; // test
+
+always @(posedge pck0)
+begin
+    ant_lo <= 1'b0;
+end
+
+always @(posedge ssp_clk) // ~1356 (hf)
+begin
+  if(ssp_cnt[7:0] == 8'd255) // SSP counter for divides.
+    ssp_cnt[7:0] <= 8'd0;
+  else
+    ssp_cnt <= ssp_cnt + 1;
+
+      if((ssp_cnt[2:0] == 3'b000) && !ant_lo) // To set frame  length
+        begin
+          adc_d_out[7:0] = adc_d; // disable for test
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b1;
+        end
+      else
+        begin
+          adc_d_out[6:0] = adc_d_out[7:1];
+          adc_d_out[7] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b0;
+        end
+end
+
+assign ssp_din = bit_to_send && !ant_lo;//bit_to_send && !ant_lo; // && .. not needed i guess?
+
+assign pwr_lo = ant_lo;
+      
+
+endmodule
index 114e6d081a877bda23c7830dd4dc8f1af9f3f6db..547043a2ae31ac0201eb344b1613b2a723019b00 100644 (file)
@@ -200,6 +200,8 @@ typedef struct{
 
 #define CMD_MIFARE_COLLECT_NONCES                                                                                0x072f
 
+#define CMD_HF_SNIFFER                                                    0x0800
+
 #define CMD_UNKNOWN                                                       0xFFFF
 
 
Impressum, Datenschutz