## [unreleased][unreleased]
### Added
+- Added markers in the graph around found Sequence Terminator after askmandemod.
+- Added data mtrim <start> <stop> command to trim out samples between start and stop
+- Added data setgraphmarkers <orange> <blue> command to set two extra markers on the graph (marshmellow)
- Added EM4x05/EM4x69 chip detection to lf search (marshmellow)
- Added lf em 4x05dump command to read and output all the blocks of the chip (marshmellow)
- Added lf em 4x05info command to read and display information about the chip (marshmellow)
- Added option c to 'hf list' (mark CRC bytes) (piwi)
### Changed
+- hf mf dump - added retry loops to try each read attempt up to 3 times. makes getting a complete dump easier with many antennas.
- small changes to lf psk and fsk demods to improve results when the trace begins with noise or the chip isn't broadcasting yet (marshmellow)
- NOTE CHANGED ALL `lf em4x em*` cmds to simpler `lf em ` - example: `lf em4x em410xdemod` is now `lf em 410xdemod`
- Renamed and rebuilt `lf em readword` && readwordpwd to `lf em 4x05readword` - it now demods and outputs the read block (marshmellow/iceman)
fwd_write_ptr = forwardLink_data;
fwd_bit_sz = fwd_bit_count;
- // Set up FPGA, 125kHz
+ // Set up FPGA, 125kHz or 95 divisor
LFSetupFPGAForADC(95, true);
// force 1st mod pulse (start gap must be longer for 4305)
fwd_bit_sz--; //prepare next bit modulation
fwd_write_ptr++;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(56*8); //55 cycles off (8us each)for 4305 /another reader has 37 here...
+ WaitUS(55*8); //55 cycles off (8us each)for 4305 //another reader has 37 here...
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(18*8); //16 cycles on (8us each) // another reader has 18 here
+ WaitUS(18*8); //18 cycles on (8us each)
// now start writting
while(fwd_bit_sz-- > 0) { //prepare next bit modulation
if(((*fwd_write_ptr++) & 1) == 1)
- SpinDelayUs(32*8); //32 cycles at 125Khz (8us each)
+ WaitUS(32*8); //32 cycles at 125Khz (8us each)
else {
//These timings work for 4469/4269/4305 (with the 55*8 above)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(23*8); //16-4 cycles off (8us each) //23 //one reader goes as high as 25 here
+ WaitUS(23*8); //23 cycles off (8us each)
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(16*8); //16 cycles on (8us each) //9 // another reader goes to 17 here
+ WaitUS(18*8); //18 cycles on (8us each)
}
}
}
BigBuf_Clear_ext(false);
LED_A_ON();
+ StartTicks();
//If password mode do login
if (PwdMode == 1) EM4xLogin(Pwd);
fwd_bit_count += Prepare_Addr( Address );
SendForward(fwd_bit_count);
- SpinDelayUs(400);
+ WaitUS(400);
// Now do the acquisition
DoPartialAcquisition(20, true, 6000);
BigBuf_Clear_ext(false);
LED_A_ON();
+ StartTicks();
//If password mode do login
if (PwdMode) EM4xLogin(Pwd);
//Wait for write to complete
//SpinDelay(10);
- SpinDelayUs(6500);
+ WaitUS(6500);
//Capture response if one exists
DoPartialAcquisition(20, true, 6000);
askAmp(BitStream, BitLen);
}
bool st = false;
- if (*stCheck) st = DetectST(BitStream, &BitLen, &foundclk);
+ size_t ststart = 0, stend = 0;
+ if (*stCheck) st = DetectST_ext(BitStream, &BitLen, &foundclk, &ststart, &stend);
if (st) {
*stCheck = st;
clk = (clk == 0) ? foundclk : clk;
- if (verbose || g_debugMode) PrintAndLog("\nFound Sequence Terminator");
+ CursorCPos = ststart;
+ CursorDPos = stend;
+ if (verbose || g_debugMode) PrintAndLog("\nFound Sequence Terminator - First one is shown by orange and blue graph markers");
}
int errCnt = askdemod(BitStream, &BitLen, &clk, &invert, maxErr, askamp, askType);
if (errCnt<0 || BitLen<16){ //if fatal error (or -1)
return 0;
}
+int CmdSetGraphMarkers(const char *Cmd) {
+ sscanf(Cmd, "%i %i", &CursorCPos, &CursorDPos);
+ RepaintGraphWindow();
+ return 0;
+}
+
int CmdHexsamples(const char *Cmd)
{
int i, j;
return 0;
}
+// trim graph (middle) piece
+int CmdMtrim(const char *Cmd) {
+ int start = 0, stop = 0;
+ sscanf(Cmd, "%i %i", &start, &stop);
+
+ if (start > GraphTraceLen || stop > GraphTraceLen || start > stop) return 0;
+ start++; //leave start position sample
+
+ GraphTraceLen -= stop - start;
+ for (int i = 0; i < GraphTraceLen; i++) {
+ GraphBuffer[start+i] = GraphBuffer[stop+i];
+ }
+ return 0;
+}
+
+
int CmdNorm(const char *Cmd)
{
int i;
{"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"},
{"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"},
{"rtrim", CmdRtrim, 1, "<location to end trace> -- Trim samples from right of trace"},
+ {"mtrim", CmdMtrim, 1, "<start> <stop> -- Trim out samples from the specified start to the specified stop"},
{"manrawdecode", Cmdmandecoderaw, 1, "[invert] [maxErr] -- Manchester decode binary stream in DemodBuffer"},
{"norm", CmdNorm, 1, "Normalize max/min to +/-128"},
{"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"},
{"rawdemod", CmdRawDemod, 1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},
{"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
{"save", CmdSave, 1, "<filename> -- Save trace (from graph window)"},
+ {"setgraphmarkers", CmdSetGraphMarkers, 1, "[orange_marker] [blue_marker] (in graph window)"},
{"scale", CmdScale, 1, "<int> -- Set cursor display scale"},
{"setdebugmode", CmdSetDebugMode, 1, "<0|1|2> -- Turn on or off Debugging Level for lf demods"},
{"shiftgraphzero", CmdGraphShiftZero, 1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
- \r
+ uint8_t tries = 0;\r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- SendCommand(&c);\r
+ for (tries = 0; tries < 3; tries++) { \r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ SendCommand(&c);\r
\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- uint8_t *data = resp.d.asBytes;\r
- if (isOK){\r
- rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0\r
- rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1\r
- rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2\r
- rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ uint8_t *data = resp.d.asBytes;\r
+ if (isOK){\r
+ rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0\r
+ rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1\r
+ rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2\r
+ rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer\r
+ break;\r
+ } else if (tries == 2) { // on last try set defaults\r
+ PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);\r
+ rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
+ rights[sectorNo][3] = 0x01;\r
+ }\r
} else {\r
- PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);\r
+ PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);\r
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
rights[sectorNo][3] = 0x01;\r
}\r
- } else {\r
- PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);\r
- rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
- rights[sectorNo][3] = 0x01;\r
}\r
}\r
\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
bool received = false;\r
- \r
- if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- SendCommand(&c);\r
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
- } else { // data block. Check if it can be read with key A or key B\r
- uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r
- if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
- memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
- SendCommand(&c);\r
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
- } else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
- isOK = false;\r
- PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
- } else { // key A would work\r
+ for (tries = 0; tries < 3; tries++) { \r
+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ } else { // data block. Check if it can be read with key A or key B\r
+ uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r
+ if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
+ memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ } else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
+ isOK = false;\r
+ PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
+ tries = 2;\r
+ } else { // key A would work\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ }\r
+ }\r
+ if (received) {\r
+ isOK = resp.arg[0] & 0xff;\r
+ if (isOK) break;\r
}\r
}\r
\r
extern int GraphBuffer[MAX_GRAPH_TRACE_LEN];
extern int GraphTraceLen;
extern double CursorScaleFactor;
-extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault;
+extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos;
extern int CommandFinished;
extern int offline;
void ProxWidget::paintEvent(QPaintEvent *event)
{
QPainter painter(this);
- QPainterPath penPath, whitePath, greyPath, lightgreyPath, cursorAPath, cursorBPath;
+ QPainterPath penPath, whitePath, greyPath, lightgreyPath, cursorAPath, cursorBPath, cursorCPath, cursorDPath;
QRect r;
QBrush brush(QColor(100, 255, 100));
QPen pen(QColor(100, 255, 100));
CursorAPos= 0;
if(CursorBPos > GraphTraceLen)
CursorBPos= 0;
+ if(CursorCPos > GraphTraceLen)
+ CursorCPos= 0;
+ if(CursorDPos > GraphTraceLen)
+ CursorDPos= 0;
r = rect();
penPath.moveTo(x,y);
}
- if(i == CursorAPos || i == CursorBPos) {
+ if(i == CursorAPos || i == CursorBPos || i == CursorCPos || i == CursorDPos) {
QPainterPath *cursorPath;
if(i == CursorAPos) {
cursorPath = &cursorAPath;
- } else {
+ } else if (i == CursorBPos) {
cursorPath = &cursorBPath;
+ } else if (i == CursorCPos) {
+ cursorPath = &cursorCPath;
+ } else {
+ cursorPath = &cursorDPath;
}
cursorPath->moveTo(x, r.top());
cursorPath->lineTo(x, r.bottom());
painter.drawPath(cursorAPath);
painter.setPen(QColor(255, 0, 255));
painter.drawPath(cursorBPath);
+ painter.setPen(QColor(255, 153, 0)); //orange
+ painter.drawPath(cursorCPath);
+ painter.setPen(QColor(0, 0, 205)); //light blue
+ painter.drawPath(cursorDPath);
char str[200];
sprintf(str, "@%d max=%d min=%d mean=%d n=%d/%d dt=%d [%.3f] zoom=%.3f CursorA=%d [%d] CursorB=%d [%d] GridX=%d GridY=%d (%s)",
#include "ui.h"
double CursorScaleFactor;
-int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64;
+int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64, CursorCPos= 0, CursorDPos= 0;
int offline;
int flushAfterWrite = 0; //buzzy
extern pthread_mutex_t print_lock;
void SetLogFilename(char *fn);
extern double CursorScaleFactor;
-extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault;
+extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos;
extern int offline;
extern int flushAfterWrite; //buzzy
uint8_t FmtLen = 10; // sets of 4 bits = end data
*startIdx = 0;
errChk = preambleSearch(BitStream, preamble, sizeof(preamble), size, startIdx);
- if (errChk == 0 || *size < 64) return 0;
- if (*size == 110) FmtLen = 22; // 22 sets of 4 bits
+ if ( errChk == 0 || (*size != 64 && *size != 128) ) return 0;
+ if (*size == 128) FmtLen = 22; // 22 sets of 4 bits
//skip last 4bit parity row for simplicity
*size = removeParity(BitStream, *startIdx + sizeof(preamble), 5, 0, FmtLen * 5);
return errCnt;
}
+bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) {
+ size_t ststart = 0, stend = 0;
+ return DetectST_ext(buffer, size, foundclock, &ststart, &stend);
+}
+
//by marshmellow
//attempt to identify a Sequence Terminator in ASK modulated raw wave
-bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) {
+bool DetectST_ext(uint8_t buffer[], size_t *size, int *foundclock, size_t *ststart, size_t *stend) {
size_t bufsize = *size;
//need to loop through all samples and identify our clock, look for the ST pattern
uint8_t fndClk[] = {8,16,32,40,50,64,128};
size_t newloc = 0;
i=0;
if (g_debugMode==2) prnt("DEBUG STT: Starting STT trim - start: %d, datalen: %d ",dataloc, datalen);
-
+ bool firstrun = true;
// warning - overwriting buffer given with raw wave data with ST removed...
while ( dataloc < bufsize-(clk/2) ) {
//compensate for long high at end of ST not being high due to signal loss... (and we cut out the start of wave high part)
for(i=0; i < clk/2-tol; ++i) {
buffer[dataloc+i] = high+5;
}
+ } //test for single sample outlier (high between two lows) in the case of very strong waves
+ if (buffer[dataloc] >= high && buffer[dataloc+2] <= low) {
+ buffer[dataloc] = buffer[dataloc+2];
+ buffer[dataloc+1] = buffer[dataloc+2];
+ }
+ if (firstrun) {
+ *stend = dataloc;
+ *ststart = dataloc-(clk*4);
+ firstrun=false;
}
for (i=0; i<datalen; ++i) {
if (i+newloc < bufsize) {
int DetectPSKClock(uint8_t dest[], size_t size, int clock);
int DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t low);
bool DetectST(uint8_t buffer[], size_t *size, int *foundclock);
+bool DetectST_ext(uint8_t buffer[], size_t *size, int *foundclock, size_t *ststart, size_t *stend);
int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
uint32_t manchesterEncode2Bytes(uint16_t datain);
projects / proxmark3-svn / commitdiff