From: Martin Holst Swende Date: Mon, 12 Jan 2015 21:08:57 +0000 (+0100) Subject: Documentation to apps.h, documentation/renaming to iclass X-Git-Tag: v2.0.0-rc1~56 X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/55eaed8f2ad26b9db249e2259c13444c38906795?hp=--cc Documentation to apps.h, documentation/renaming to iclass --- 55eaed8f2ad26b9db249e2259c13444c38906795 diff --git a/armsrc/apps.h b/armsrc/apps.h index eafee559..ea70144e 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -37,6 +37,25 @@ uint32_t BigBuf[BIGBUF_SIZE / sizeof(uint32_t)]; #define FREE_BUFFER_OFFSET (CARD_MEMORY_OFFSET + CARD_MEMORY_SIZE) #define FREE_BUFFER_SIZE (BIGBUF_SIZE - FREE_BUFFER_OFFSET - 1) +/* +The statements above translates into this : +BIGBUF_SIZE = 40000 +TRACE_OFFSET = 0 +TRACE_SIZE = 3000 +RECV_CMD_OFFSET = 3000 +MAX_FRAME_SIZE = 256 +MAX_PARITY_SIZE = 32 +RECV_CMD_PAR_OFFSET = 3256 +RECV_RESP_OFFSET = 3288 +RECV_RESP_PAR_OFFSET= 3544 +CARD_MEMORY_OFFSET = 3576 +CARD_MEMORY_SIZE = 4096 +DMA_BUFFER_OFFSET = 3576 +DMA_BUFFER_SIZE = 4096 +FREE_BUFFER_OFFSET = 7672 +FREE_BUFFER_SIZE = 32327 + */ + extern const uint8_t OddByteParity[256]; extern uint8_t *trace; // = (uint8_t *) BigBuf; extern int traceLen; // = 0; diff --git a/armsrc/iclass.c b/armsrc/iclass.c index ea9af7d4..64abc84a 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -687,7 +687,8 @@ void RAMFUNC SnoopIClass(void) SetAdcMuxFor(GPIO_MUXSEL_HIPKD); uint32_t time_0 = GetCountSspClk(); - + uint32_t time_start = 0; + uint32_t time_stop = 0; int div = 0; //int div2 = 0; @@ -738,6 +739,7 @@ void RAMFUNC SnoopIClass(void) smpl = decbyter; if(OutOfNDecoding((smpl & 0xF0) >> 4)) { rsamples = samples - Uart.samples; + time_stop = (GetCountSspClk()-time_0) << 4; LED_C_ON(); //if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,TRUE)) break; @@ -745,7 +747,7 @@ void RAMFUNC SnoopIClass(void) if(tracing) { uint8_t parity[MAX_PARITY_SIZE]; GetParity(Uart.output, Uart.byteCnt, parity); - LogTrace(Uart.output,Uart.byteCnt, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, TRUE); + LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, TRUE); } @@ -756,6 +758,8 @@ void RAMFUNC SnoopIClass(void) Demod.state = DEMOD_UNSYNCD; LED_B_OFF(); Uart.byteCnt = 0; + }else{ + time_start = (GetCountSspClk()-time_0) << 4; } decbyter = 0; } @@ -763,21 +767,24 @@ void RAMFUNC SnoopIClass(void) if(div > 3) { smpl = decbyte; if(ManchesterDecoding(smpl & 0x0F)) { - rsamples = samples - Demod.samples; + time_stop = (GetCountSspClk()-time_0) << 4; + + rsamples = samples - Demod.samples; LED_B_ON(); if(tracing) { uint8_t parity[MAX_PARITY_SIZE]; GetParity(Demod.output, Demod.len, parity); - LogTrace(Demod.output, Demod.len, (GetCountSspClk()-time_0) << 4, (GetCountSspClk()-time_0) << 4, parity, FALSE); + LogTrace(Demod.output, Demod.len, time_start, time_stop, parity, FALSE); } - // And ready to receive another response. memset(&Demod, 0, sizeof(Demod)); Demod.output = tagToReaderResponse; Demod.state = DEMOD_UNSYNCD; LED_C_OFF(); + }else{ + time_start = (GetCountSspClk()-time_0) << 4; } div = 0; @@ -928,6 +935,7 @@ static void CodeIClassTagSOF() // Convert from last byte pos to length ToSendMax++; } + int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf); /** * @brief SimulateIClass simulates an iClass card. @@ -997,7 +1005,9 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain */ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf) { + // CSN followed by two CRC bytes + uint8_t response1[] = { 0x0F} ; uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0}; memcpy(response3,csn,sizeof(response3)); @@ -1020,11 +1030,11 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader // Reader 81 anticoll. CSN // Tag CSN - uint8_t *resp; - int respLen; - uint8_t* respdata = NULL; - int respsize = 0; - uint8_t sof = 0x0f; + uint8_t *modulated_response; + int modulated_response_size; + uint8_t* trace_data = NULL; + int trace_data_size = 0; + //uint8_t sof = 0x0f; // Respond SOF -- takes 8 bytes uint8_t *resp1 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET); @@ -1089,11 +1099,6 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader LED_A_ON(); bool buttonPressed = false; - /** Hack for testing - memcpy(reader_mac_buf,csn,8); - exitLoop = true; - end hack **/ - while(!exitLoop) { LED_B_OFF(); @@ -1112,35 +1117,35 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader // Okay, look at the command now. if(receivedCmd[0] == 0x0a ) { // Reader in anticollission phase - resp = resp1; respLen = resp1Len; //order = 1; - respdata = &sof; - respsize = sizeof(sof); + modulated_response = resp1; modulated_response_size = resp1Len; //order = 1; + trace_data = response1; + trace_data_size = sizeof(response1); } else if(receivedCmd[0] == 0x0c) { // Reader asks for anticollission CSN - resp = resp2; respLen = resp2Len; //order = 2; - respdata = response2; - respsize = sizeof(response2); + modulated_response = resp2; modulated_response_size = resp2Len; //order = 2; + trace_data = response2; + trace_data_size = sizeof(response2); //DbpString("Reader requests anticollission CSN:"); } else if(receivedCmd[0] == 0x81) { // Reader selects anticollission CSN. // Tag sends the corresponding real CSN - resp = resp3; respLen = resp3Len; //order = 3; - respdata = response3; - respsize = sizeof(response3); + modulated_response = resp3; modulated_response_size = resp3Len; //order = 3; + trace_data = response3; + trace_data_size = sizeof(response3); //DbpString("Reader selects anticollission CSN:"); } else if(receivedCmd[0] == 0x88) { // Read e-purse (88 02) - resp = resp4; respLen = resp4Len; //order = 4; - respdata = response4; - respsize = sizeof(response4); + modulated_response = resp4; modulated_response_size = resp4Len; //order = 4; + trace_data = response4; + trace_data_size = sizeof(response4); LED_B_ON(); } else if(receivedCmd[0] == 0x05) { // Reader random and reader MAC!!! // Do not respond // We do not know what to answer, so lets keep quiet - resp = resp1; respLen = 0; //order = 5; - respdata = NULL; - respsize = 0; + modulated_response = resp1; modulated_response_size = 0; //order = 5; + trace_data = NULL; + trace_data_size = 0; if (breakAfterMacReceived){ // dbprintf:ing ... Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x" @@ -1157,9 +1162,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader } } else if(receivedCmd[0] == 0x00 && len == 1) { // Reader ends the session - resp = resp1; respLen = 0; //order = 0; - respdata = NULL; - respsize = 0; + modulated_response = resp1; modulated_response_size = 0; //order = 0; + trace_data = NULL; + trace_data_size = 0; } else { //#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44 // Never seen this command before @@ -1169,9 +1174,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader receivedCmd[3], receivedCmd[4], receivedCmd[5], receivedCmd[6], receivedCmd[7], receivedCmd[8]); // Do not respond - resp = resp1; respLen = 0; //order = 0; - respdata = NULL; - respsize = 0; + modulated_response = resp1; modulated_response_size = 0; //order = 0; + trace_data = NULL; + trace_data_size = 0; } if(cmdsRecvd > 100) { @@ -1181,9 +1186,16 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader else { cmdsRecvd++; } - - if(respLen > 0) { - SendIClassAnswer(resp, respLen, 21); + /** + After changes to parity calculation + Time between reader EOT and pm3 SOF + delay 21 -> 480uS + delay 10 -> 220us + delay 16 -> 388us + A legit tag has about 380us. + **/ + if(modulated_response_size > 0) { + SendIClassAnswer(modulated_response, modulated_response_size, timeout); t2r_time = GetCountSspClk(); } @@ -1192,9 +1204,9 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader GetParity(receivedCmd, len, parity); LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, TRUE); - if (respdata != NULL) { - GetParity(respdata, respsize, parity); - LogTrace(respdata, respsize, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE); + if (trace_data != NULL) { + GetParity(trace_data, trace_data_size, parity); + LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE); } if(!tracing) { DbpString("Trace full");