From: iceman1001 Date: Tue, 10 Feb 2015 07:58:14 +0000 (+0100) Subject: Merge branch 'master' of https://github.com/Proxmark/proxmark3 X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/2b61c242127b54c6f8a92bf6991cdf9bd9aa27af?ds=inline;hp=-c Merge branch 'master' of https://github.com/Proxmark/proxmark3 Conflicts: armsrc/appmain.c armsrc/apps.h armsrc/lfops.c --- 2b61c242127b54c6f8a92bf6991cdf9bd9aa27af diff --combined armsrc/Makefile index 52317165,fb693006..c0070652 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@@ -14,7 -14,7 +14,7 @@@ APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 #-DWITH_LCD #SRC_LCD = fonts.c LCD.c - SRC_LF = lfops.c hitag2.c + SRC_LF = lfops.c hitag2.c lfsampling.c SRC_ISO15693 = iso15693.c iso15693tools.c SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c SRC_ISO14443b = iso14443.c @@@ -44,7 -44,6 +44,7 @@@ ARMSRC = fpgaloader.c iclass.c \ BigBuf.c \ + # stdint.h provided locally until GCC 4.5 becomes C99 compliant APP_CFLAGS += -I. diff --combined armsrc/appmain.c index 00e9ba4d,cb1b9f73..271ff3f8 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@@ -10,20 -10,20 +10,20 @@@ // executes. //----------------------------------------------------------------------------- -#include "usb_cdc.h" -#include "cmd.h" +#include "../common/usb_cdc.h" +#include "../common/cmd.h" -#include "proxmark3.h" +#include "../include/proxmark3.h" #include "apps.h" #include "util.h" #include "printf.h" #include "string.h" - #include #include "legicrf.h" -#include +#include "../include/hitag2.h" - + #include "lfsampling.h" + #ifdef WITH_LCD #include "LCD.h" #endif @@@ -166,7 -166,7 +166,7 @@@ void MeasureAntennaTuning(void int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0 int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV - LED_B_ON(); + LED_B_ON(); /* * Sweeps the useful LF range of the proxmark from @@@ -200,7 -200,7 +200,7 @@@ for (i=18; i >= 0; i--) LF_Results[i] = 0; - LED_A_ON(); + LED_A_ON(); // Let the FPGA drive the high-frequency antenna around 13.56 MHz. FpgaDownloadAndGo(FPGA_BITSTREAM_HF); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); @@@ -211,9 -211,9 +211,9 @@@ cmd_send(CMD_MEASURED_ANTENNA_TUNING,vLf125|(vLf134<<16),vHf,peakf|(peakv<<16),LF_Results,256); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_A_OFF(); - LED_B_OFF(); - return; + LED_A_OFF(); + LED_B_OFF(); + return; } void MeasureAntennaTuningHf(void) @@@ -358,7 -358,7 +358,7 @@@ void SamyRun( for (;;) { usb_poll(); - WDT_HIT(); + WDT_HIT(); // Was our button held down or pressed? int button_pressed = BUTTON_HELD(1000); @@@ -622,20 -622,21 +622,21 @@@ void UsbPacketReceived(uint8_t *packet { UsbCommand *c = (UsbCommand *)packet; -// Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]); + //Dbprintf("received %d bytes, with command: 0x%04x and args: %d %d %d",len,c->cmd,c->arg[0],c->arg[1],c->arg[2]); switch(c->cmd) { #ifdef WITH_LF + case CMD_SET_LF_SAMPLING_CONFIG: + setSamplingConfig((sample_config *) c->d.asBytes); + break; case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: - AcquireRawAdcSamples125k(c->arg[0]); - cmd_send(CMD_ACK,0,0,0,0,0); + cmd_send(CMD_ACK,SampleLF(),0,0,0,0); break; case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); break; case CMD_LF_SNOOP_RAW_ADC_SAMPLES: - SnoopLFRawAdcSamples(c->arg[0], c->arg[1]); - cmd_send(CMD_ACK,0,0,0,0,0); + cmd_send(CMD_ACK,SnoopLF(),0,0,0,0); break; case CMD_HID_DEMOD_FSK: CmdHIDdemodFSK(c->arg[0], 0, 0, 1); @@@ -665,8 -666,9 +666,8 @@@ WriteTItag(c->arg[0],c->arg[1],c->arg[2]); break; case CMD_SIMULATE_TAG_125K: - LED_A_ON(); - SimulateTagLowFrequency(c->arg[0], c->arg[1], 1); - LED_A_OFF(); + SimulateTagLowFrequency(c->arg[0], c->arg[1], 0); + //SimulateTagLowFrequencyA(c->arg[0], c->arg[1]); break; case CMD_LF_SIMULATE_BIDIR: SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]); @@@ -788,10 -790,6 +789,10 @@@ EPA_PACE_Collect_Nonce(c); break; + // case CMD_EPA_: + // EpaFoo(c); + // break; + case CMD_READER_MIFARE: ReaderMifare(c->arg[0]); break; @@@ -809,7 -807,7 +810,7 @@@ break; case CMD_MIFAREU_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes); - break; + break; case CMD_MIFAREUC_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes); break; @@@ -882,7 -880,7 +883,7 @@@ ReaderIClass(c->arg[0]); break; case CMD_READER_ICLASS_REPLAY: - ReaderIClass_Replay(c->arg[0], c->d.asBytes); + ReaderIClass_Replay(c->arg[0], c->d.asBytes); break; #endif @@@ -921,7 -919,7 +922,7 @@@ cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,traceLen,BigBuf+c->arg[0]+i,len); } // Trigger a finish downloading signal with an ACK frame - cmd_send(CMD_ACK,0,0,traceLen,0,0); + cmd_send(CMD_ACK,1,0,traceLen,getSamplingConfig(),sizeof(sample_config)); LED_B_OFF(); break; @@@ -1012,7 -1010,7 +1013,7 @@@ void __attribute__((noreturn)) AppMain LED_A_OFF(); // Init USB device - usb_enable(); + usb_enable(); // The FPGA gets its clock from us from PCK0 output, so set that up. AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0; @@@ -1042,12 -1040,12 +1043,12 @@@ size_t rx_len; for(;;) { - if (usb_poll()) { - rx_len = usb_read(rx,sizeof(UsbCommand)); - if (rx_len) { - UsbPacketReceived(rx,rx_len); - } - } + if (usb_poll()) { + rx_len = usb_read(rx,sizeof(UsbCommand)); + if (rx_len) { + UsbPacketReceived(rx,rx_len); + } + } WDT_HIT(); #ifdef WITH_LF diff --combined armsrc/apps.h index c8802dc1,58a2a621..f8786703 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@@ -14,13 -14,11 +14,13 @@@ #include #include -#include "common.h" -#include "hitag2.h" -#include "mifare.h" +#include +#include +#include +#include #include "../common/crc32.h" #include "BigBuf.h" +#include "../include/hitag2.h" extern const uint8_t OddByteParity[256]; extern int rsamples; // = 0; @@@ -45,12 -43,6 +45,6 @@@ int AvgAdc(int ch) void ToSendStuffBit(int b); void ToSendReset(void); void ListenReaderField(int limit); - void AcquireRawAdcSamples125k(int at134khz); - void SnoopLFRawAdcSamples(int divisor, int trigger_threshold); - void DoAcquisition125k_internal(int trigger_threshold, bool silent); - void DoAcquisition125k_threshold(int trigger_threshold); - void DoAcquisition125k(); - extern int ToSendMax; extern uint8_t ToSend[]; @@@ -110,15 -102,17 +104,19 @@@ void SetAdcMuxFor(uint32_t whichGpio) #define FPGA_HF_ISO14443A_READER_MOD (4<<0) /// lfops.h + extern uint8_t decimation; + extern uint8_t bits_per_sample ; + extern bool averaging; + void AcquireRawAdcSamples125k(int divisor); void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,uint8_t *command); void ReadTItag(void); void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc); void AcquireTiType(void); void AcquireRawBitsTI(void); -void SimulateTagLowFrequency(int period, int gap, int ledcontrol); +void SimulateTagLowFrequency( uint16_t period, uint32_t gap, uint8_t ledcontrol); +//void SimulateTagLowFrequencyA(int period, int gap); + void CmdHIDsimTAG(int hi, int lo, int ledcontrol); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); @@@ -132,7 -126,6 +130,7 @@@ void CopyIndala224toT55x7(int uid1, in void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode); void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode ); void T55xxReadTrace(void); +void TurnReadLFOn(); int DemodPCF7931(uint8_t **outBlocks); int IsBlock0PCF7931(uint8_t *Block); int IsBlock1PCF7931(uint8_t *Block); diff --combined armsrc/lfops.c index 98045d81,479da772..c5f4a37a --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@@ -15,132 -15,44 +15,44 @@@ #include "crc16.h" #include "string.h" #include "lfdemod.h" + #include "lfsampling.h" /** - * Does the sample acquisition. If threshold is specified, the actual sampling - * is not commenced until the threshold has been reached. - * @param trigger_threshold - the threshold - * @param silent - is true, now outputs are made. If false, dbprints the status - */ - void DoAcquisition125k_internal(int trigger_threshold,bool silent) - { - uint8_t *dest = BigBuf_get_addr(); - int n = BigBuf_max_traceLen(); - int i; - - memset(dest, 0, n); - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - LED_D_ON(); - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - LED_D_OFF(); - if (trigger_threshold != -1 && dest[i] < trigger_threshold) - continue; - else - trigger_threshold = -1; - if (++i >= n) break; - } - } - if(!silent) - { - Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", - dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); - - } - } - /** - * Perform sample aquisition. - */ - void DoAcquisition125k(int trigger_threshold) - { - DoAcquisition125k_internal(trigger_threshold, false); - } - - /** - * Setup the FPGA to listen for samples. This method downloads the FPGA bitstream - * if not already loaded, sets divisor and starts up the antenna. - * @param divisor : 1, 88> 255 or negative ==> 134.8 KHz - * 0 or 95 ==> 125 KHz - * - **/ - void LFSetupFPGAForADC(int divisor, bool lf_field) - { - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - if ( (divisor == 1) || (divisor < 0) || (divisor > 255) ) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else if (divisor == 0) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0)); - - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(150); - - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - } - /** - * Initializes the FPGA, and acquires the samples. - **/ - void AcquireRawAdcSamples125k(int divisor) - { - LFSetupFPGAForADC(divisor, true); - // Now call the acquisition routine - DoAcquisition125k_internal(-1,false); - } - /** - * Initializes the FPGA for snoop-mode, and acquires the samples. - **/ - - void SnoopLFRawAdcSamples(int divisor, int trigger_threshold) - { - LFSetupFPGAForADC(divisor, false); - DoAcquisition125k(trigger_threshold); - } - + * Function to do a modulation and then get samples. + * @param delay_off + * @param period_0 + * @param period_1 + * @param command + */ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) { - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); - - int divisor_used = 95; // 125 KHz // see if 'h' was specified if (command[strlen((char *) command) - 1] == 'h') divisor_used = 88; // 134.8 KHz + sample_config sc = { 0,0,1, divisor_used, 0}; + setSamplingConfig(&sc); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - /* Make sure the tag is reset */ - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); ++ /* Make sure the tag is reset */ ++ FpgaDownloadAndGo(FPGA_BITSTREAM_LF); ++ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); ++ SpinDelay(2500); + + LFSetupFPGAForADC(sc.divisor, 1); - // And a little more time for the tag to fully power up - SpinDelay(2000); + // And a little more time for the tag to fully power up + SpinDelay(2000); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - // now modulate the reader field while(*command != '\0' && *command != ' ') { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); LED_D_ON(); @@@ -152,14 -64,16 +64,16 @@@ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); SpinDelayUs(delay_off); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor_used); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); // now do the read - DoAcquisition125k(-1); + DoAcquisition_config(false); } + + /* blank r/w tag data stream ...0000000000000000 01111111 1010101010101010101010101010101010101010101010101010101010101010 @@@ -467,7 -381,7 +381,7 @@@ void WriteTItag(uint32_t idhi, uint32_ DbpString("Now use tiread to check"); } -void SimulateTagLowFrequency(int period, int gap, int ledcontrol) +void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol) { int i; uint8_t *tab = BigBuf_get_addr(); @@@ -647,8 -561,8 +561,8 @@@ void CmdHIDdemodFSK(int findone, int *h WDT_HIT(); if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); + DoAcquisition_default(-1,true); - // FSK demodulator + // FSK demodulator size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo); @@@ -736,8 -650,8 +650,8 @@@ void CmdEM410xdemod(int findone, int *h WDT_HIT(); if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); + DoAcquisition_default(-1,true); - size = BigBuf_max_traceLen(); + size = BigBuf_max_traceLen(); //Dbprintf("DEBUG: Buffer got"); //askdemod and manchester decode errCnt = askmandemod(dest, &size, &clk, &invert); @@@ -789,8 -703,8 +703,8 @@@ void CmdIOdemodFSK(int findone, int *hi while(!BUTTON_PRESS()) { WDT_HIT(); if (ledcontrol) LED_A_ON(); - DoAcquisition125k_internal(-1,true); + DoAcquisition_default(-1,true); - //fskdemod and get start index + //fskdemod and get start index WDT_HIT(); idx = IOdemodFSK(dest, BigBuf_max_traceLen()); if (idx>0){ @@@ -899,20 -813,10 +813,20 @@@ * To compensate antenna falling times shorten the write times * and enlarge the gap ones. */ -#define START_GAP 250 -#define WRITE_GAP 160 -#define WRITE_0 144 // 192 -#define WRITE_1 400 // 432 for T55x7; 448 for E5550 +#define START_GAP 30*8 // 10 - 50fc 250 +#define WRITE_GAP 20*8 // 8 - 30fc +#define WRITE_0 24*8 // 16 - 31fc 24fc 192 +#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 + +// VALUES TAKEN FROM EM4x function: SendForward +// START_GAP = 440; (55*8) cycles at 125Khz (8us = 1cycle) +// WRITE_GAP = 128; (16*8) +// WRITE_1 = 256 32*8; (32*8) + +// These timings work for 4469/4269/4305 (with the 55*8 above) +// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8); + +#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) // Write one bit to card void T55xxWriteBit(int bit) @@@ -920,7 -824,7 +834,7 @@@ FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - if (bit == 0) + if (!bit) SpinDelayUs(WRITE_0); else SpinDelayUs(WRITE_1); @@@ -931,11 -835,16 +845,11 @@@ // Write one card block in page 0, no lock void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { - //unsigned int i; //enio adjustment 12/10/14 - uint32_t i; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + uint32_t i = 0; - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); // Now start writting FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@@ -972,15 -881,26 +886,15 @@@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { uint8_t *dest = BigBuf_get_addr(); - //int m=0, i=0; //enio adjustment 12/10/14 - uint32_t m=0, i=0; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting + //uint16_t bufferlength = BigBuf_max_traceLen(); + uint16_t bufferlength = T55xx_SAMPLES_SIZE; + uint32_t i = 0; + // Clear destination buffer before sending the command 0x80 = average. + memset(dest, 0x80, bufferlength); + + // Set up FPGA, 125kHz + // Wait for config.. (192+8190xPOW)x8 == 67ms + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@@ -999,40 -919,53 +913,40 @@@ T55xxWriteBit(Block & i); // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + TurnReadLFOn(); // Now do the acquisition i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + //AT91C_BASE_SSC->SSC_THR = 0xff; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - // if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; - i++; - if (i >= m) break; + ++i; + LED_D_OFF(); + if (i >= bufferlength) break; } } + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); } // Read card traceability data (page 1) void T55xxReadTrace(void){ uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; - - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - LED_D_ON(); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); - - // Give it a bit of time for the resonant antenna to settle. - // And for the tag to fully power up - SpinDelay(150); - - // Now start writting + //uint16_t bufferlength = BigBuf_max_traceLen(); + uint16_t bufferlength = T55xx_SAMPLES_SIZE; + uint32_t i = 0; + + // Clear destination buffer before sending the command 0x80 = average + memset(dest, 0x80, bufferlength); + + LFSetupFPGAForADC(0, true); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@@ -1041,34 -974,25 +955,34 @@@ T55xxWriteBit(1); //Page 1 // Turn field on to read the response - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + TurnReadLFOn(); // Now do the acquisition - i = 0; for(;;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } - + ++i; + LED_D_OFF(); + + if (i >= bufferlength) break; + } + } + + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); - DbpString("DONE!"); +} + +void TurnReadLFOn(){ + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + // Give it a bit of time for the resonant antenna to settle. + //SpinDelay(30); + SpinDelayUs(8*150); } /*-------------- Cloning routines -----------*/ @@@ -1386,7 -1310,9 +1300,9 @@@ int DemodPCF7931(uint8_t **outBlocks) int lmin=128, lmax=128; uint8_t dir; - AcquireRawAdcSamples125k(0); + LFSetupFPGAForADC(95, true); + DoAcquisition_default(0, 0); + lmin = 64; lmax = 192; @@@ -1792,14 -1718,9 +1708,14 @@@ void EM4xLogin(uint32_t Password) void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) { + uint8_t *dest = BigBuf_get_addr(); + uint16_t bufferlength = BigBuf_max_traceLen(); + uint32_t i = 0; + + // Clear destination buffer before sending the command 0x80 = average. + memset(dest, 0x80, bufferlength); + uint8_t fwd_bit_count; - uint8_t *dest = BigBuf_get_addr(); - int m=0, i=0; //If password mode do login if (PwdMode == 1) EM4xLogin(Pwd); @@@ -1808,6 -1729,9 +1724,6 @@@ fwd_bit_count = Prepare_Cmd( FWD_CMD_READ ); fwd_bit_count += Prepare_Addr( Address ); - m = BigBuf_max_traceLen(); - // Clear destination buffer before sending the command - memset(dest, 128, m); // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); // Now set up the SSC to get the ADC samples that are now streaming at us. @@@ -1823,12 -1747,10 +1739,12 @@@ } if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - i++; - if (i >= m) break; - } - } + ++i; + if (i >= bufferlength) break; + } + } + + cmd_send(CMD_ACK,0,0,0,0,0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off LED_D_OFF(); } diff --combined client/Makefile index 46fa3b2a,e63581ba..fcbd4d7c --- a/client/Makefile +++ b/client/Makefile @@@ -37,15 -37,6 +37,15 @@@ LDLIBS += -ld LUAPLATFORM = linux endif +# QT version, 4 or 5 +qtplatform = $(shell $(MOC) -v) +ifneq (, $(findstring moc 5,$(qtplatform))) + CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets -I/mingw/include + QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets +else + CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui + QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 +endif ifneq ($(QTLDLIBS),) QTGUI = $(OBJDIR)/proxgui.o $(OBJDIR)/proxguiqt.o $(OBJDIR)/proxguiqt.moc.o @@@ -146,17 -137,6 +146,6 @@@ clean tarbin: $(BINS) $(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(BINS:%=client/%) - # must be run as root - install_kext: Info.plist - mkdir -p /System/Library/Extensions/Proxmark3.kext/Contents - cp Info.plist /System/Library/Extensions/Proxmark3.kext/Contents - chown -R root:wheel /System/Library/Extensions/Proxmark3.kext - chmod 755 /System/Library/Extensions/Proxmark3.kext /System/Library/Extensions/Proxmark3.kext/Contents - chmod 644 /System/Library/Extensions/Proxmark3.kext/Contents/Info.plist - rm -rf /System/Library/Caches/com.apple.kext.caches - touch /System/Library/Extensions - @echo "*** You may need to reboot for the kext to take effect." - lua_build: @echo Compiling liblua, using platform $(LUAPLATFORM) cd ../liblua && make $(LUAPLATFORM) diff --combined client/cmddata.c index 533caeb5,430afb17..7343af9c --- a/client/cmddata.c +++ b/client/cmddata.c @@@ -21,6 -21,8 +21,8 @@@ #include "cmdmain.h" #include "cmddata.h" #include "lfdemod.h" + #include "usb_cmd.h" + uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; uint8_t g_debugMode; int DemodBufferLen; @@@ -30,12 -32,6 +32,12 @@@ static int CmdHelp(const char *Cmd) //by marshmellow void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx) { + if (buff == NULL) + return; + + if ( size >= MAX_DEMOD_BUF_LEN) + size = MAX_DEMOD_BUF_LEN; + size_t i = 0; for (; i < size; i++){ DemodBuffer[i]=buff[startIdx++]; @@@ -575,6 -571,43 +577,43 @@@ int CmdDec(const char *Cmd RepaintGraphWindow(); return 0; } + /** + * Undecimate - I'd call it 'interpolate', but we'll save that + * name until someone does an actual interpolation command, not just + * blindly repeating samples + * @param Cmd + * @return + */ + int CmdUndec(const char *Cmd) + { + if(param_getchar(Cmd, 0) == 'h') + { + PrintAndLog("Usage: data undec [factor]"); + PrintAndLog("This function performs un-decimation, by repeating each sample N times"); + PrintAndLog("Options: "); + PrintAndLog(" h This help"); + PrintAndLog(" factor The number of times to repeat each sample.[default:2]"); + PrintAndLog("Example: 'data undec 3'"); + return 0; + } + + uint8_t factor = param_get8ex(Cmd, 0,2, 10); + //We have memory, don't we? + int swap[MAX_GRAPH_TRACE_LEN] = { 0 }; + uint32_t g_index = 0 ,s_index = 0; + while(g_index < GraphTraceLen && s_index < MAX_GRAPH_TRACE_LEN) + { + int count = 0; + for(count = 0; count < factor && s_index+count < MAX_GRAPH_TRACE_LEN; count ++) + swap[s_index+count] = GraphBuffer[g_index]; + s_index+=count; + } + + memcpy(GraphBuffer,swap, s_index * sizeof(int)); + GraphTraceLen = s_index; + RepaintGraphWindow(); + return 0; + } //by marshmellow //shift graph zero up or down based on input + or - @@@ -1497,25 -1530,79 +1536,79 @@@ int CmdHpf(const char *Cmd RepaintGraphWindow(); return 0; } + typedef struct { + uint8_t * buffer; + uint32_t numbits; + uint32_t position; + }BitstreamOut; + + bool _headBit( BitstreamOut *stream) + { + int bytepos = stream->position >> 3; // divide by 8 + int bitpos = (stream->position++) & 7; // mask out 00000111 + return (*(stream->buffer + bytepos) >> (7-bitpos)) & 1; + } + + uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b) + { + int i; + uint8_t val = 0; + for(i =0 ; i < bits_per_sample; i++) + { + val |= (_headBit(b) << (7-i)); + } + return val; + } int CmdSamples(const char *Cmd) { - uint8_t got[BIGBUF_SIZE] = {0x00}; + //If we get all but the last byte in bigbuf, + // we don't have to worry about remaining trash + // in the last byte in case the bits-per-sample + // does not line up on byte boundaries + uint8_t got[BIGBUF_SIZE-1] = { 0 }; int n = strtol(Cmd, NULL, 0); if (n == 0) - n = 20000; + n = sizeof(got); if (n > sizeof(got)) n = sizeof(got); - PrintAndLog("Reading %d samples from device memory\n", n); + PrintAndLog("Reading %d bytes from device memory\n", n); GetFromBigBuf(got,n,0); - WaitForResponse(CMD_ACK,NULL); - for (int j = 0; j < n; j++) { - GraphBuffer[j] = ((int)got[j]) - 128; + PrintAndLog("Data fetched"); + UsbCommand response; + WaitForResponse(CMD_ACK, &response); + uint8_t bits_per_sample = 8; + + //Old devices without this feature would send 0 at arg[0] + if(response.arg[0] > 0) + { + sample_config *sc = (sample_config *) response.d.asBytes; + PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample + , sc->decimation); + bits_per_sample = sc->bits_per_sample; } - GraphTraceLen = n; + if(bits_per_sample < 8) + { + PrintAndLog("Unpacking..."); + BitstreamOut bout = { got, bits_per_sample * n, 0}; + int j =0; + for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) { + uint8_t sample = getByte(bits_per_sample, &bout); + GraphBuffer[j] = ((int) sample )- 128; + } + GraphTraceLen = j; + PrintAndLog("Unpacked %d samples" , j ); + }else + { + for (int j = 0; j < n; j++) { + GraphBuffer[j] = ((int)got[j]) - 128; + } + GraphTraceLen = n; + } + RepaintGraphWindow(); return 0; } @@@ -2050,7 -2137,8 +2143,8 @@@ static command_t CommandTable[] {"threshold", CmdThreshold, 1, " -- Maximize/minimize every value in the graph window depending on threshold"}, {"dirthreshold", CmdDirectionalThreshold, 1, " -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."}, {"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"}, - {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"}, + {"undec", CmdUndec, 1, "Un-decimate samples by 2"}, + {"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"}, {NULL, NULL, 0, NULL} }; diff --combined include/usb_cmd.h index ecdf8ac1,6ee6509e..295f0ebf --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@@ -33,6 -33,14 +33,14 @@@ typedef struct uint32_t asDwords[USB_CMD_DATA_SIZE/4]; } d; } PACKED UsbCommand; + // A struct used to send sample-configs over USB + typedef struct{ + uint8_t decimation; + uint8_t bits_per_sample; + bool averaging; + int divisor; + int trigger_threshold; + } sample_config; // For the bootloader #define CMD_DEVICE_INFO 0x0000 @@@ -82,6 -90,8 +90,8 @@@ #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B #define CMD_EM410X_DEMOD 0x021c + // Sampling configuration for LF reader/snooper + #define CMD_SET_LF_SAMPLING_CONFIG 0x021d /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ @@@ -115,12 -125,11 +125,12 @@@ #define CMD_READER_LEGIC_RF 0x0388 #define CMD_WRITER_LEGIC_RF 0x0389 #define CMD_EPA_PACE_COLLECT_NONCE 0x038A +//#define CMD_EPA_ 0x038B #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 -#define CMD_READER_ICLASS_REPLAY 0x0395 +#define CMD_READER_ICLASS_REPLAY 0x0395 #define CMD_ICLASS_ISO14443A_WRITE 0x0397 // For measurements of the antenna tuning @@@ -150,11 -159,9 +160,11 @@@ #define CMD_MIFARE_NESTED 0x0612 #define CMD_MIFARE_READBL 0x0620 -#define CMD_MIFAREU_READBL 0x0720 +#define CMD_MIFAREU_READBL 0x0720 + #define CMD_MIFARE_READSC 0x0621 -#define CMD_MIFAREU_READCARD 0x0721 +#define CMD_MIFAREU_READCARD 0x0721 + #define CMD_MIFARE_WRITEBL 0x0622 #define CMD_MIFAREU_WRITEBL 0x0722 #define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 @@@ -187,9 -194,10 +197,10 @@@ //Iclass reader flags -#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 #define FLAG_ICLASS_READER_GET_CC 0x02 + // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: /* Whether a bootloader that understands the common_area is present */ #define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0)