Proxmark/proxmark3
1
1
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2024-09-21 07:16:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed: hf mf sim failed on fast reader responses

Browse source 
In Miller Decoder: don't wait too long for a stable signal
In Miller Decoder: Don't accept sequences of four or more zeroes as start bit
In EmSendCmd14443aRaw: don't wait for emptying the FPGA delay queue if it isn't filled
This commit is contained in:
pwpiwi 2015-02-08 22:14:20 +01:00
parent 6d3e6c740b
commit 0c8d25ebd8
1 changed files with 33 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
armsrc/iso14443a.c
View file

@ -312,7 +312,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (Uart.state == STATE_UNSYNCD) { // not yet synced if (Uart.state == STATE_UNSYNCD) { // not yet synced
if (Uart.highCnt < 7) { // wait for a stable unmodulated signal if (Uart.highCnt < 2) { // wait for a stable unmodulated signal
if (Uart.twoBits == 0xffff) { if (Uart.twoBits == 0xffff) {
Uart.highCnt++; Uart.highCnt++;
} else { } else {
@ -320,16 +320,17 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
} }
} else { } else {
Uart.syncBit = 0xFFFF; // not set Uart.syncBit = 0xFFFF; // not set
// look for 00xx1111 (the start bit) // we look for a ...1111111100x11111xxxxxx pattern (the start bit)
if ((Uart.twoBits & 0x6780) == 0x0780) Uart.syncBit = 7; if ((Uart.twoBits & 0xDF00) == 0x1F00) Uart.syncBit = 8; // mask is 11x11111 xxxxxxxx,
else if ((Uart.twoBits & 0x33C0) == 0x03C0) Uart.syncBit = 6; // check for 00x11111 xxxxxxxx
else if ((Uart.twoBits & 0x19E0) == 0x01E0) Uart.syncBit = 5; else if ((Uart.twoBits & 0xEF80) == 0x8F80) Uart.syncBit = 7; // both masks shifted right one bit, left padded with '1'
else if ((Uart.twoBits & 0x0CF0) == 0x00F0) Uart.syncBit = 4; else if ((Uart.twoBits & 0xF7C0) == 0xC7C0) Uart.syncBit = 6; // ...
else if ((Uart.twoBits & 0x0678) == 0x0078) Uart.syncBit = 3; else if ((Uart.twoBits & 0xFBE0) == 0xE3E0) Uart.syncBit = 5;
else if ((Uart.twoBits & 0x033C) == 0x003C) Uart.syncBit = 2; else if ((Uart.twoBits & 0xFDF0) == 0xF1F0) Uart.syncBit = 4;
else if ((Uart.twoBits & 0x019E) == 0x001E) Uart.syncBit = 1; else if ((Uart.twoBits & 0xFEF8) == 0xF8F8) Uart.syncBit = 3;
else if ((Uart.twoBits & 0x00CF) == 0x000F) Uart.syncBit = 0; else if ((Uart.twoBits & 0xFF7C) == 0xFC7C) Uart.syncBit = 2;
if (Uart.syncBit != 0xFFFF) { else if ((Uart.twoBits & 0xFFBE) == 0xFE3E) Uart.syncBit = 1;
if (Uart.syncBit != 0xFFFF) { // found a sync bit
Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8); Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
Uart.startTime -= Uart.syncBit; Uart.startTime -= Uart.syncBit;
Uart.endTime = Uart.startTime; Uart.endTime = Uart.startTime;
@ -342,11 +343,9 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (IsMillerModulationNibble1(Uart.twoBits >> Uart.syncBit)) { if (IsMillerModulationNibble1(Uart.twoBits >> Uart.syncBit)) {
if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) { // Modulation in both halves - error if (IsMillerModulationNibble2(Uart.twoBits >> Uart.syncBit)) { // Modulation in both halves - error
UartReset(); UartReset();
Uart.highCnt = 6;
} else { // Modulation in first half = Sequence Z = logic "0" } else { // Modulation in first half = Sequence Z = logic "0"
if (Uart.state == STATE_MILLER_X) { // error - must not follow after X if (Uart.state == STATE_MILLER_X) { // error - must not follow after X
UartReset(); UartReset();
Uart.highCnt = 6;
} else { } else {
Uart.bitCount++; Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
@ -401,12 +400,13 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (Uart.len) { if (Uart.len) {
return TRUE; // we are finished with decoding the raw data sequence return TRUE; // we are finished with decoding the raw data sequence
} else { } else {
UartReset(); // Nothing receiver - start over UartReset(); // Nothing received - start over
Uart.highCnt = 1;
} }
} }
if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
UartReset(); UartReset();
Uart.highCnt = 6; Uart.highCnt = 1;
} else { // a logic "0" } else { // a logic "0"
Uart.bitCount++; Uart.bitCount++;
Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
@ -1425,6 +1425,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p
CodeIso14443aBitsAsReaderPar(cmd, len*8, parity); CodeIso14443aBitsAsReaderPar(cmd, len*8, parity);
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Wait for commands from reader // Wait for commands from reader
// Stop when button is pressed (return 1) or field was gone (return 2) // Stop when button is pressed (return 1) or field was gone (return 2)
@ -1447,9 +1448,9 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
// Set ADC to read field strength // Set ADC to read field strength
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
AT91C_BASE_ADC->ADC_MR = AT91C_BASE_ADC->ADC_MR =
ADC_MODE_PRESCALE(32) | ADC_MODE_PRESCALE(63) |
ADC_MODE_STARTUP_TIME(16) | ADC_MODE_STARTUP_TIME(1) |
ADC_MODE_SAMPLE_HOLD_TIME(8); ADC_MODE_SAMPLE_HOLD_TIME(15);
AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF); AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
// start ADC // start ADC
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
@ -1471,7 +1472,7 @@ static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF]; analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
if (analogCnt >= 32) { if (analogCnt >= 32) {
if ((33000 * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) { if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
vtime = GetTickCount(); vtime = GetTickCount();
if (!timer) timer = vtime; if (!timer) timer = vtime;
// 50ms no field --> card to idle state // 50ms no field --> card to idle state
@ -1546,7 +1547,8 @@ static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNe
} }
// Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again: // Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
for (i = 0; i < 2 ; ) { uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
for (i = 0; i <= fpga_queued_bits/8 + 1; ) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = SEC_F; AT91C_BASE_SSC->SSC_THR = SEC_F;
FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR; FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@ -2264,6 +2266,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
// free eventually allocated BigBuf memory but keep Emulator Memory // free eventually allocated BigBuf memory but keep Emulator Memory
BigBuf_free_keep_EM(); BigBuf_free_keep_EM();
// clear trace // clear trace
iso14a_clear_trace(); iso14a_clear_trace();
iso14a_set_tracing(TRUE); iso14a_set_tracing(TRUE);
@ -2328,10 +2331,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
WDT_HIT(); WDT_HIT();
// find reader field // find reader field
// Vref = 3300mV, and an 10:1 voltage divider on the input
// can measure voltages up to 33000 mV
if (cardSTATE == MFEMUL_NOFIELD) { if (cardSTATE == MFEMUL_NOFIELD) {
vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
if (vHf > MF_MINFIELDV) { if (vHf > MF_MINFIELDV) {
cardSTATE_TO_IDLE(); cardSTATE_TO_IDLE();
LED_A_ON(); LED_A_ON();
@ -2406,6 +2407,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break; break;
} }
uint32_t ar = bytes_to_num(receivedCmd, 4); uint32_t ar = bytes_to_num(receivedCmd, 4);
uint32_t nr = bytes_to_num(&receivedCmd[4], 4); uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
@ -2512,6 +2514,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
num_to_bytes(ans, 4, rAUTH_AT); num_to_bytes(ans, 4, rAUTH_AT);
} }
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT)); EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
//Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]); //Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
cardSTATE = MFEMUL_AUTH1; cardSTATE = MFEMUL_AUTH1;
@ -2712,6 +2715,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
} }
} }
if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, traceLen); if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, traceLen);
} }