Proxmark/proxmark3
1
1
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2024-09-21 23:36:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #166 from marshmellow42/master

Browse source 
Add LF ASK ST detect and demodulate...
This commit is contained in:
Martin Holst Swende 2016-02-21 17:41:58 +01:00
parent 12bad10c46 b66ff08113
commit d889dacc9d
15 changed files with 276 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
## [unreleased][unreleased]
### Added
- Added a LF ASK Sequence Terminator detection option to the standard ask demod - and applied it to `lf search u`, `lf t55xx detect`, and `data rawdemod am s` (marshmellow)
- `lf t55xx bruteforce <start password> <end password> [i <*.dic>]` - Simple bruteforce attack to find password - (iceman and others)
- `lf viking clone`- clone viking tag to t55x7 or Q5 from 4byte hex ID input
- `lf viking sim` - sim full viking tag from 4byte hex ID input

4
armsrc/BigBuf.c
View file

@ -61,6 +61,10 @@ void BigBuf_Clear_ext(bool verbose)
Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
}
void BigBuf_Clear_keep_EM(void)
{
memset(BigBuf,0,BigBuf_hi);
}
// allocate a chunk of memory from BigBuf. We allocate high memory first. The unallocated memory
// at the beginning of BigBuf is always for traces/samples

1
armsrc/BigBuf.h
View file

@ -26,6 +26,7 @@ extern uint8_t *BigBuf_get_EM_addr(void);
extern uint16_t BigBuf_max_traceLen(void);
extern void BigBuf_Clear(void);
extern void BigBuf_Clear_ext(bool verbose);
extern void BigBuf_Clear_keep_EM(void);
extern uint8_t *BigBuf_malloc(uint16_t);
extern void BigBuf_free(void);
extern void BigBuf_free_keep_EM(void);

13
armsrc/lfops.c
View file

@ -37,6 +37,8 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint
sample_config sc = { 0,0,1, divisor_used, 0};
setSamplingConfig(&sc);
//clear read buffer
BigBuf_Clear_keep_EM();
/* Make sure the tag is reset */
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -752,6 +754,9 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
//clear read buffer
BigBuf_Clear_keep_EM();
while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
WDT_HIT();
@ -837,6 +842,8 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
uint8_t *dest = BigBuf_get_addr();
size_t size;
int idx=0;
//clear read buffer
BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -927,6 +934,8 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
int clk=0, invert=0, errCnt=0, maxErr=20;
uint32_t hi=0;
uint64_t lo=0;
//clear read buffer
BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -986,6 +995,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
uint8_t version=0;
uint8_t facilitycode=0;
uint16_t number=0;
//clear read buffer
BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -1079,7 +1090,7 @@ void T55xxWriteBit(int bit) {
void T55xxResetRead(void) {
LED_A_ON();
//clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
BigBuf_Clear_keep_EM();
// Set up FPGA, 125kHz
LFSetupFPGAForADC(95, true);

2
armsrc/lfsampling.c
View file

@ -124,7 +124,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag
uint8_t *dest = BigBuf_get_addr();
int bufsize = BigBuf_max_traceLen();
memset(dest, 0, bufsize);
//memset(dest, 0, bufsize); //creates issues with cmdread (marshmellow)
if(bits_per_sample < 1) bits_per_sample = 1;
if(bits_per_sample > 8) bits_per_sample = 8;

2
armsrc/pcf7931.c
View file

@ -29,6 +29,8 @@ int DemodPCF7931(uint8_t **outBlocks) {
int num_blocks = 0;
int lmin=128, lmax=128;
uint8_t dir;
//clear read buffer
BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(95, true);
DoAcquisition_default(0, true);

55
client/cmddata.c
View file

@ -277,7 +277,8 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo )
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose)
{
if (!ASKDemod(Cmd, FALSE, FALSE, 1)) return 0;
bool st = TRUE;
if (!ASKDemod_ext(Cmd, FALSE, FALSE, 1, &st)) return 0;
return AskEm410xDecode(verbose, hi, lo);
}
@ -312,8 +313,7 @@ int CmdAskEM410xDemod(const char *Cmd)
//verbose will print results and demoding messages
//emSearch will auto search for EM410x format in bitstream
//askType switches decode: ask/raw = 0, ask/manchester = 1
int ASKDemod(const char *Cmd, bool verbose, bool emSearch, uint8_t askType)
{
int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, bool *stCheck) {
int invert=0;
int clk=0;
int maxErr=100;
@ -334,15 +334,22 @@ int ASKDemod(const char *Cmd, bool verbose, bool emSearch, uint8_t askType)
if (amp == 'a' || amp == 'A') askAmp=1;
size_t BitLen = getFromGraphBuf(BitStream);
if (g_debugMode) PrintAndLog("DEBUG: Bitlen from grphbuff: %d",BitLen);
if (BitLen<255) return 0;
if (maxLen<BitLen && maxLen != 0) BitLen = maxLen;
if (BitLen < 255) return 0;
if (maxLen < BitLen && maxLen != 0) BitLen = maxLen;
int foundclk = 0;
bool st = false;
if (*stCheck) st = DetectST(BitStream, &BitLen, &foundclk);
if (st) {
*stCheck = st;
clk = (clk == 0) ? foundclk : clk;
if (verbose || g_debugMode) PrintAndLog("\nFound Sequence Terminator");
}
int errCnt = askdemod(BitStream, &BitLen, &clk, &invert, maxErr, askAmp, askType);
if (errCnt<0 || BitLen<16){ //if fatal error (or -1)
if (g_debugMode) PrintAndLog("DEBUG: no data found %d, errors:%d, bitlen:%d, clock:%d",errCnt,invert,BitLen,clk);
return 0;
}
if (errCnt>maxErr){
if (errCnt > maxErr){
if (g_debugMode) PrintAndLog("DEBUG: Too many errors found, errors:%d, bits:%d, clock:%d",errCnt, BitLen, clk);
return 0;
}
@ -365,6 +372,10 @@ int ASKDemod(const char *Cmd, bool verbose, bool emSearch, uint8_t askType)
}
return 1;
}
int ASKDemod(const char *Cmd, bool verbose, bool emSearch, uint8_t askType) {
bool st = false;
return ASKDemod_ext(Cmd, verbose, emSearch, askType, &st);
}
//by marshmellow
//takes 5 arguments - clock, invert, maxErr, maxLen as integers and amplify as char == 'a'
@ -374,7 +385,8 @@ int Cmdaskmandemod(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 25 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: data rawdemod am [clock] <invert> [maxError] [maxLen] [amplify]");
PrintAndLog("Usage: data rawdemod am <s> [clock] <invert> [maxError] [maxLen] [amplify]");
PrintAndLog(" ['s'] optional, check for Sequence Terminator");
PrintAndLog(" [set clock as integer] optional, if not set, autodetect");
PrintAndLog(" <invert>, 1 to invert output");
PrintAndLog(" [set maximum allowed errors], default = 100");
@ -388,7 +400,13 @@ int Cmdaskmandemod(const char *Cmd)
PrintAndLog(" : data rawdemod am 64 1 0 = demod an ask/manchester tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors");
return 0;
}
return ASKDemod(Cmd, TRUE, TRUE, 1);
bool st = TRUE;
if (Cmd[0]=='s')
return ASKDemod_ext(Cmd++, TRUE, TRUE, 1, &st);
else if (Cmd[1] == 's')
return ASKDemod_ext(Cmd+=2, TRUE, TRUE, 1, &st);
else
return ASKDemod(Cmd, TRUE, TRUE, 1);
}
//by marshmellow
@ -595,7 +613,7 @@ int CmdG_Prox_II_Demod(const char *Cmd)
if ((idx+1) % 5 == 0){
//spacer bit - should be 0
if (DemodBuffer[startIdx+idx] != 0) {
if (g_debugMode) PrintAndLog("Error spacer not 0: %d, pos: %d",DemodBuffer[startIdx+idx],startIdx+idx);
if (g_debugMode) PrintAndLog("Error spacer not 0: %u, pos: %u", (unsigned int)DemodBuffer[startIdx+idx],(unsigned int)(startIdx+idx));
return 0;
}
continue;
@ -603,21 +621,21 @@ int CmdG_Prox_II_Demod(const char *Cmd)
if (keyCnt<8){ //lsb first
xorKey = xorKey | (DemodBuffer[startIdx+idx]<<keyCnt);
keyCnt++;
if (keyCnt==8 && g_debugMode) PrintAndLog("xorKey Found: %02x", xorKey);
if (keyCnt==8 && g_debugMode) PrintAndLog("xorKey Found: %02x", (unsigned int)xorKey);
continue;
}
//lsb first
ByteStream[ByteCnt] = ByteStream[ByteCnt] | (DemodBuffer[startIdx+idx]<<bitCnt);
bitCnt++;
if (bitCnt % 8 == 0){
if (g_debugMode) PrintAndLog("byte %d: %02x",ByteCnt,ByteStream[ByteCnt]);
if (g_debugMode) PrintAndLog("byte %u: %02x", (unsigned int)ByteCnt, ByteStream[ByteCnt]);
bitCnt=0;
ByteCnt++;
}
}
for (uint8_t i = 0; i < ByteCnt; i++){
ByteStream[i] ^= xorKey; //xor
if (g_debugMode) PrintAndLog("byte %d after xor: %02x", i, ByteStream[i]);
if (g_debugMode) PrintAndLog("byte %u after xor: %02x", (unsigned int)i, ByteStream[i]);
}
//now ByteStream contains 64 bytes of decrypted raw tag data
//
@ -631,13 +649,13 @@ int CmdG_Prox_II_Demod(const char *Cmd)
if (fmtLen==36){
FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1);
Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5);
PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card);
PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d", fmtLen, FC, Card);
} else if(fmtLen==26){
FC = ((ByteStream[3] & 0x7F)<<1) | (ByteStream[4]>>7);
Card = ((ByteStream[4]&0x7F)<<9) | (ByteStream[5]<<1) | (ByteStream[6]>>7);
PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",fmtLen,FC,Card);
PrintAndLog("G-Prox-II Found: FmtLen %d, FC %d, Card %d",(unsigned int)fmtLen,FC,Card);
} else {
PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",fmtLen);
PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",(int)fmtLen);
}
PrintAndLog("Raw: %08x%08x%08x", raw1,raw2,raw3);
setDemodBuf(DemodBuffer+ans, 96, 0);
@ -664,7 +682,7 @@ int CmdVikingDemod(const char *Cmd)
uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32);
uint32_t cardid = bytebits_to_byte(DemodBuffer+ans+24, 32);
uint8_t checksum = bytebits_to_byte(DemodBuffer+ans+32+24, 8);
PrintAndLog("Viking Tag Found: Card ID %08X, Checksum: %02X", cardid, checksum);
PrintAndLog("Viking Tag Found: Card ID %08X, Checksum: %02X", cardid, (unsigned int) checksum);
PrintAndLog("Raw: %08X%08X", raw1,raw2);
setDemodBuf(DemodBuffer+ans, 64, 0);
return 1;
@ -952,6 +970,7 @@ int FSKrawDemod(const char *Cmd, bool verbose)
invert = param_get8(Cmd, 1);
fchigh = param_get8(Cmd, 2);
fclow = param_get8(Cmd, 3);
if (strlen(Cmd)>0 && strlen(Cmd)<=2) {
if (rfLen==1) {
invert = 1; //if invert option only is used
@ -961,7 +980,6 @@ int FSKrawDemod(const char *Cmd, bool verbose)
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
size_t BitLen = getFromGraphBuf(BitStream);
if (BitLen==0) return 0;
if (g_debugMode==2) PrintAndLog("DEBUG: Got samples");
//get field clock lengths
uint16_t fcs=0;
if (!fchigh || !fclow) {
@ -989,6 +1007,7 @@ int FSKrawDemod(const char *Cmd, bool verbose)
PrintAndLog("%s decoded bitstream:",GetFSKType(fchigh,fclow,invert));
printDemodBuff();
}
return 1;
} else {
if (g_debugMode) PrintAndLog("no FSK data found");

1
client/cmddata.h
View file

@ -63,6 +63,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo );
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose);
int ASKbiphaseDemod(const char *Cmd, bool verbose);
int ASKDemod(const char *Cmd, bool verbose, bool emSearch, uint8_t askType);
int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, bool *stCheck);
int FSKrawDemod(const char *Cmd, bool verbose);
int PSKDemod(const char *Cmd, bool verbose);
int NRZrawDemod(const char *Cmd, bool verbose);

3
client/cmdlf.c
View file

@ -1193,7 +1193,8 @@ int CmdLFfind(const char *Cmd)
return 1;
}
}
ans=ASKDemod("0 0 0",TRUE,FALSE,1);
bool st = TRUE;
ans=ASKDemod_ext("0 0 0",TRUE,FALSE,1,&st);
if (ans>0) {
PrintAndLog("\nUnknown ASK Modulated and Manchester encoded Tag Found!");
PrintAndLog("\nif it does not look right it could instead be ASK/Biphase - try 'data rawdemod ab'");

34
client/cmdlft55xx.c
View file

@ -48,6 +48,7 @@ int usage_t55xx_config(){
PrintAndLog(" i [1] Invert data signal, defaults to normal");
PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");
PrintAndLog(" Q5 Set as Q5(T5555) chip instead of T55x7");
PrintAndLog(" ST Set Sequence Terminator on");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx config d FSK - FSK demodulation");
@ -270,6 +271,11 @@ int CmdT55xxSetConfig(const char *Cmd) {
config.Q5 = TRUE;
cmdp++;
break;
case 'S':
case 's':
config.ST = TRUE;
cmdp++;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = TRUE;
@ -370,6 +376,7 @@ bool DecodeT55xxBlock(){
char buf[30] = {0x00};
char *cmdStr = buf;
int ans = 0;
bool ST = config.ST;
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
DemodBufferLen = 0x00;
@ -390,7 +397,7 @@ bool DecodeT55xxBlock(){
break;
case DEMOD_ASK:
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = ASKDemod(cmdStr, FALSE, FALSE, 1);
ans = ASKDemod_ext(cmdStr, FALSE, FALSE, 1, &ST);
break;
case DEMOD_PSK1:
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
@ -482,7 +489,6 @@ bool tryDetectModulation(){
t55xx_conf_block_t tests[15];
int bitRate=0;
uint8_t fc1 = 0, fc2 = 0, clk=0;
if (GetFskClock("", FALSE, FALSE)){
fskClocks(&fc1, &fc2, &clk, FALSE);
if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
@ -494,6 +500,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
@ -505,19 +512,22 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
} else {
clk = GetAskClock("", FALSE, FALSE);
if (clk>0) {
if ( ASKDemod("0 0 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].ST = TRUE;
if ( ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].modulation = DEMOD_ASK;
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
if ( ASKDemod("0 1 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].ST = TRUE;
if ( ASKDemod_ext("0 1 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].modulation = DEMOD_ASK;
tests[hits].bitrate = bitRate;
tests[hits].inverted = TRUE;
@ -529,6 +539,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
if ( ASKbiphaseDemod("0 0 1 2", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {
@ -536,6 +547,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
}
@ -548,6 +560,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
@ -556,6 +569,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
}
@ -571,6 +585,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
if ( PSKDemod("0 1 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
@ -578,6 +593,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
// PSK2 - needs a call to psk1TOpsk2.
@ -588,6 +604,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
} // inverse waves does not affect this demod
@ -599,6 +616,7 @@ bool tryDetectModulation(){
tests[hits].bitrate = bitRate;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].ST = FALSE;
++hits;
}
} // inverse waves does not affect this demod
@ -613,6 +631,7 @@ bool tryDetectModulation(){
config.offset = tests[0].offset;
config.block0 = tests[0].block0;
config.Q5 = tests[0].Q5;
config.ST = tests[0].ST;
printConfiguration( config );
return TRUE;
}
@ -765,14 +784,14 @@ bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5)
uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode
uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1;
//uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //could check psk cr
uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode
uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;
//uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode
//uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;
//if extended mode
bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;
if (!extMode){
if (nml01 || nml02 || xtRate) continue;
if (xtRate) continue; //nml01 || nml02 || caused issues on noralys tags
}
//test modulation
if (!testModulation(mode, modread)) continue;
@ -836,6 +855,7 @@ int printConfiguration( t55xx_conf_block_t b){
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );
PrintAndLog("Offset : %d", b.offset);
PrintAndLog("Seq. Term. : %s", (b.ST) ? "Yes" : "No" );
PrintAndLog("Block0 : 0x%08X", b.block0);
PrintAndLog("");
return 0;

1
client/cmdlft55xx.h
View file

@ -63,6 +63,7 @@ typedef struct {
RF_128 = 0x07,
} bitrate;
bool Q5;
bool ST;
} t55xx_conf_block_t;
t55xx_conf_block_t Get_t55xx_Config();
void Set_t55xx_Config(t55xx_conf_block_t conf);

8
client/graph.c
View file

@ -143,9 +143,13 @@ int GetAskClock(const char str[], bool printAns, bool verbose)
PrintAndLog("Failed to copy from graphbuffer");
return -1;
}
int start = DetectASKClock(grph, size, &clock, 20);
bool st = DetectST(grph, &size, &clock);
int start = 0;
if (st == false) {
start = DetectASKClock(grph, size, &clock, 20);
}
// Only print this message if we're not looping something
if (printAns){
if (printAns) {
PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start);
}
return clock;

10
client/util.c
View file

@ -94,7 +94,7 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount)
memset(fileName, 0x00, 200);
for (int j = 0; j < byteCount; j++, fnameptr += 2)
sprintf(fnameptr, "%02x", uid[j]);
sprintf(fnameptr, "%02x", (unsigned int) uid[j]);
sprintf(fnameptr, "%s", ext);
}
@ -119,7 +119,7 @@ char *sprint_hex(const uint8_t *data, const size_t len) {
size_t i;
for (i=0; i < maxLen; ++i, tmp += 3)
sprintf(tmp, "%02x ", data[i]);
sprintf(tmp, "%02x ", (unsigned int) data[i]);
return buf;
}
@ -142,7 +142,7 @@ char *sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t brea
for (size_t out_index=0; out_index < max_len; out_index++) {
// set character - (should be binary but verify it isn't more than 1 digit)
if (data[in_index]<10)
sprintf(tmp++, "%u", data[in_index]);
sprintf(tmp++, "%u", (unsigned int) data[in_index]);
// check if a line break is needed and we have room to print it in our array
if ( (breaks > 0) && !((in_index+1) % breaks) && (out_index+1 != max_len) ) {
// increment and print line break
@ -215,7 +215,7 @@ char * printBits(size_t const size, void const * const ptr)
{
byte = b[i] & (1<<j);
byte >>= j;
sprintf(tmp, "%u", byte);
sprintf(tmp, "%u", (unsigned int)byte);
tmp++;
}
}
@ -451,7 +451,7 @@ int binarraytohex(char *target,char *source, int length)
{
for(i= x= 0 ; i < 4 ; ++i)
x += ( source[i] << (3 - i));
sprintf(target,"%X", x);
sprintf(target,"%X", (unsigned int)x);
++target;
source += 4;
j -= 4;

183
common/lfdemod.c
View file

@ -9,11 +9,10 @@
//-----------------------------------------------------------------------------
#include <stdlib.h>
#include <string.h>
#include "lfdemod.h"
#include "common.h"
#include <string.h>
//un_comment to allow debug print calls when used not on device
//to allow debug print calls when used not on device
void dummy(char *fmt, ...){}
#ifndef ON_DEVICE
@ -218,6 +217,7 @@ int cleanAskRawDemod(uint8_t *BinStream, size_t *size, int clk, int invert, int
if (smplCnt > clk-(clk/4)-1) { //full clock
if (smplCnt > clk + (clk/4)+1) { //too many samples
errCnt++;
if (g_debugMode==2) prnt("DEBUG ASK: Modulation Error at: %u", i);
BinStream[bitCnt++]=7;
} else if (waveHigh) {
BinStream[bitCnt++] = invert;
@ -274,7 +274,7 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr
if (*clk==0 || start < 0) return -3;
if (*invert != 1) *invert = 0;
if (amp==1) askAmp(BinStream, *size);
if (g_debugMode==2) prnt("DEBUG: clk %d, beststart %d", *clk, start);
if (g_debugMode==2) prnt("DEBUG ASK: clk %d, beststart %d", *clk, start);
uint8_t initLoopMax = 255;
if (initLoopMax > *size) initLoopMax = *size;
@ -287,20 +287,21 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr
size_t errCnt = 0;
// if clean clipped waves detected run alternate demod
if (DetectCleanAskWave(BinStream, *size, high, low)) {
if (g_debugMode==2) prnt("DEBUG: Clean Wave Detected");
if (g_debugMode==2) prnt("DEBUG ASK: Clean Wave Detected - using clean wave demod");
errCnt = cleanAskRawDemod(BinStream, size, *clk, *invert, high, low);
if (askType) //askman
return manrawdecode(BinStream, size, 0);
else //askraw
return errCnt;
}
if (g_debugMode==2) prnt("DEBUG ASK: Weak Wave Detected - using weak wave demod");
int lastBit; //set first clock check - can go negative
int lastBit; //set first clock check - can go negative
size_t i, bitnum = 0; //output counter
uint8_t midBit = 0;
uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
if (*clk <= 32) tol = 1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
size_t MaxBits = 3072;
if (*clk <= 32) tol = 1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
size_t MaxBits = 3072; //max bits to collect
lastBit = start - *clk;
for (i = start; i < *size; ++i) {
@ -311,6 +312,7 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr
BinStream[bitnum++] = *invert ^ 1;
} else if (i-lastBit >= *clk+tol) {
if (bitnum > 0) {
if (g_debugMode==2) prnt("DEBUG ASK: Modulation Error at: %u", i);
BinStream[bitnum++]=7;
errCnt++;
}
@ -1199,7 +1201,7 @@ int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert)
return (int) startidx;
}
// by marshmellow - demodulate NRZ wave
// by marshmellow - demodulate NRZ wave - requires a read with strong signal
// peaks invert bit (high=1 low=0) each clock cycle = 1 bit determined by last peak
int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert){
if (justNoise(dest, *size)) return -1;
@ -1518,3 +1520,166 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert)
*size = numBits;
return errCnt;
}
//by marshmellow
//attempt to identify a Sequence Terminator in ASK modulated raw wave
bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) {
size_t bufsize = *size;
//need to loop through all samples and identify our clock, look for the ST pattern
uint8_t fndClk[] = {8,16,32,40,50,64,128};
int clk = 0;
int tol = 0;
int i, j, skip, start, end, low, high, minClk, waveStart;
bool complete = false;
int tmpbuff[bufsize / 64];
int waveLen[bufsize / 64];
size_t testsize = (bufsize < 512) ? bufsize : 512;
int phaseoff = 0;
high = low = 128;
memset(tmpbuff, 0, sizeof(tmpbuff));
if ( getHiLo(buffer, testsize, &high, &low, 80, 80) == -1 ) {
if (g_debugMode==2) prnt("DEBUG STT: just noise detected - quitting");
return false; //just noise
}
i = 0;
j = 0;
minClk = 255;
// get to first full low to prime loop and skip incomplete first pulse
while ((buffer[i] < high) && (i < bufsize))
++i;
while ((buffer[i] > low) && (i < bufsize))
++i;
skip = i;
// populate tmpbuff buffer with pulse lengths
while (i < bufsize) {
// measure from low to low
while ((buffer[i] > low) && (i < bufsize))
++i;
start= i;
while ((buffer[i] < high) && (i < bufsize))
++i;
//first high point for this wave
waveStart = i;
while ((buffer[i] > low) && (i < bufsize))
++i;
if (j >= (bufsize/64)) {
break;
}
waveLen[j] = i - waveStart; //first high to first low
tmpbuff[j++] = i - start;
if (i-start < minClk && i < bufsize) {
minClk = i - start;
}
}
// set clock - might be able to get this externally and remove this work...
if (!clk) {
for (uint8_t clkCnt = 0; clkCnt<7; clkCnt++) {
tol = fndClk[clkCnt]/8;
if (minClk >= fndClk[clkCnt]-tol && minClk <= fndClk[clkCnt]+1) {
clk=fndClk[clkCnt];
break;
}
}
// clock not found - ERROR
if (!clk) {
if (g_debugMode==2) prnt("DEBUG STT: clock not found - quitting");
return false;
}
} else tol = clk/8;
*foundclock = clk;
// look for Sequence Terminator - should be pulses of clk*(1 or 1.5), clk*2, clk*(1.5 or 2)
start = -1;
for (i = 0; i < j - 4; ++i) {
skip += tmpbuff[i];
if (tmpbuff[i] >= clk*1-tol && tmpbuff[i] <= (clk*2)+tol && waveLen[i] < clk+tol) { //1 to 2 clocks depending on 2 bits prior
if (tmpbuff[i+1] >= clk*2-tol && tmpbuff[i+1] <= clk*2+tol && waveLen[i+1] > clk*3/2-tol) { //2 clocks and wave size is 1 1/2
if (tmpbuff[i+2] >= (clk*3)/2-tol && tmpbuff[i+2] <= clk*2+tol && waveLen[i+2] > clk-tol) { //1 1/2 to 2 clocks and at least one full clock wave
if (tmpbuff[i+3] >= clk*1-tol && tmpbuff[i+3] <= clk*2+tol) { //1 to 2 clocks for end of ST + first bit
start = i + 3;
break;
}
}
}
}
}
// first ST not found - ERROR
if (start < 0) {
if (g_debugMode==2) prnt("DEBUG STT: first STT not found - quitting");
return false;
}
if (waveLen[i+2] > clk*1+tol)
phaseoff = 0;
else
phaseoff = clk/2;
// skip over the remainder of ST
skip += clk*7/2; //3.5 clocks from tmpbuff[i] = end of st - also aligns for ending point
// now do it again to find the end
end = skip;
for (i += 3; i < j - 4; ++i) {
end += tmpbuff[i];
if (tmpbuff[i] >= clk*1-tol && tmpbuff[i] <= (clk*2)+tol) { //1 to 2 clocks depending on 2 bits prior
if (tmpbuff[i+1] >= clk*2-tol && tmpbuff[i+1] <= clk*2+tol && waveLen[i+1] > clk*3/2-tol) { //2 clocks and wave size is 1 1/2
if (tmpbuff[i+2] >= (clk*3)/2-tol && tmpbuff[i+2] <= clk*2+tol && waveLen[i+2] > clk-tol) { //1 1/2 to 2 clocks and at least one full clock wave
if (tmpbuff[i+3] >= clk*1-tol && tmpbuff[i+3] <= clk*2+tol) { //1 to 2 clocks for end of ST + first bit
complete = true;
break;
}
}
}
}
}
end -= phaseoff;
//didn't find second ST - ERROR
if (!complete) {
if (g_debugMode==2) prnt("DEBUG STT: second STT not found - quitting");
return false;
}
if (g_debugMode==2) prnt("DEBUG STT: start of data: %d end of data: %d, datalen: %d, clk: %d, bits: %d, phaseoff: %d", skip, end, end-skip, clk, (end-skip)/clk, phaseoff);
//now begin to trim out ST so we can use normal demod cmds
start = skip;
size_t datalen = end - start;
// check validity of datalen (should be even clock increments) - use a tolerance of up to 1/8th a clock
if (datalen % clk > clk/8) {
if (g_debugMode==2) prnt("DEBUG STT: datalen not divisible by clk: %u %% %d = %d - quitting", datalen, clk, datalen % clk);
return false;
} else {
// padd the amount off - could be problematic... but shouldn't happen often
datalen += datalen % clk;
}
// if datalen is less than one t55xx block - ERROR
if (datalen/clk < 8*4) {
if (g_debugMode==2) prnt("DEBUG STT: datalen is less than 1 full t55xx block - quitting");
return false;
}
size_t dataloc = start;
size_t newloc = 0;
i=0;
// warning - overwriting buffer given with raw wave data with ST removed...
while ( dataloc < bufsize-(clk/2) ) {
//compensate for long high at end of ST not being high... (we cut out the high part)
if (buffer[dataloc]<high && buffer[dataloc]>low && buffer[dataloc+3]<high && buffer[dataloc+3]>low) {
for(i=0; i < clk/2-tol; ++i) {
buffer[dataloc+i] = high+5;
}
}
for (i=0; i<datalen; ++i) {
if (i+newloc < bufsize) {
if (i+newloc < dataloc)
buffer[i+newloc] = buffer[dataloc];
dataloc++;
}
}
newloc += i;
//skip next ST
dataloc += clk*4;
}
*size = newloc;
return true;
}

2
common/lfdemod.h
View file

@ -14,6 +14,7 @@
#ifndef LFDEMOD_H__
#define LFDEMOD_H__
#include <stdint.h>
#include "common.h" //for bool
//generic
size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t pLen, uint8_t pType);
@ -28,6 +29,7 @@ uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t f
int DetectNRZClock(uint8_t dest[], size_t size, int clock);
int DetectPSKClock(uint8_t dest[], size_t size, int clock);
int DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t low);
bool DetectST(uint8_t buffer[], size_t *size, int *foundclock);
int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
uint32_t manchesterEncode2Bytes(uint16_t datain);