This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
- fix: IQ demodulator (FPGA)
- fix: approximately align reader signal delay to tag response delay (FPGA)
- fix: remove deprecated RSSI calculation to improve decoder speed (iso14443b.c)
- fix: better approximation of signal amplitude to avoid false carrier detection (iso14443b.c)
- fix: remove initial power off in iso14443b raw command (iso14443b.c)
- add: enable tracing for iso14443b raw command (iso14443b.c)
- fix: client crashed when checking CRC for incomplete responses (iso14433b.c)
- speeding up snoop to avoid circular buffer overflow
- added some comments for better documentation
- rename functions (iso14443 -> iso14443b)
- remove unused code in hi_read_rx_xcorr.v
- most significant bit of tag data (which happens to be the sign bit)
had been dropped when snooping (FPGA change)
- avoid trying to decode both tag and reader data when snooping (we don't
have the time to do so).
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support.. but why?)
relabeled a few device side mfu functions to be clearer.
Add target to make fpga_compressor when client is not yet compiled.
Get version information and cache it when client starts (avoids clearing
BigBuf when calling hw version).
Add some comments and remove debugging printouts.
Add version info and ChangeLog in modified zlib.
fpga_loader.c: change to unweave fpga_lf and fpga_hf accordingly
prepare fpga_compress, fpga_loader and Makefile to handle more than two FPGA config files
revert removal of fullimage Makefile target. Remove osimage instead.
backend:
askman and askraw demods merged into askdemod (args adjusted
accordingly)
re-arranged lfdemod.h in alphabetical order and by category
front end:
data detectclock a (ask) now also reports the selected best start
position for demod
data manrawdecode takes an invert arg now
- added compiler options -fdata-sections and -ffunction-sections (thanks to iceman for the hint)
- removed float operations from common/lfdemod.c to avoid adding float libraries to the ARM os image
- moved the fpga images to the data section to avoid reserving unused space for a separate section
applies icemans full ata55x7 read/write settings
adds checksum to ioprox (thanks to iceman)
adds silent mode for lf read and getSamples
fix lf em em410xwatch and lf em410xspoof
improve data rawdemod ar - for biphase demods
improve detectclock a for strong antennas
lf t5xx commands updated from ICEMAN
lf em410x commands updated
lf search bug fix for 2 args
test scripts from iceman
lf demod:
better ask clock detection with Strong fully clipped waves
better ask raw demod with strong fully clipped waves
fsk demod add back in skipped bits during demod
nrz demod add back in skipped bits during demod
chg: use -O2 instead of -Os when compiling ARM sources
chg: don't clear the Miller decoders input buffer on reset
chg: be more specific for the Miller decoders start bit pattern
add: new option c in hf list: mark CRC bytes (default is off)
refactored Startbit detection in MillerDecoding()
relaxed startbit detection in MillerDecoding()
fixed CRC checking and CRC bytes marking in hf list
fixed topaz multi frame command listing in hf list topaz
fix: reduce length of expected unmodulated signal in Miller decoder in order
to allow decoding of NFC reader communications
add: hf list nfc: aggregate reader commands into one line
add: hf list nfc: CRC check for NFC communications
- hf 14a reader now exits gracefully in case of proprietary anticollision sequence
- changed miller decoder to handle Topaz 8 data bits/no parity frames from reader
- started to implement hf list topaz
show command to UI:
data printdemodbuffer - allow printing of demod buffer
Add:
data askgproxiidemod - demod a gproxii tag
Fix:
adjust lf simxxx commands further for testing
added SimulateTagLowFrequencyTest function
with some adjustments that help ASK simulations
FSK and PSK still need help. Left original HID sim alone as for some it
may partially work.
In Miller Decoder: don't wait too long for a stable signal
In Miller Decoder: Don't accept sequences of four or more zeroes as start bit
In EmSendCmd14443aRaw: don't wait for emptying the FPGA delay queue if it isn't filled
- provided a BigBuf_malloc() function to dynamically allocate parts of BigBuf
e.g. for DMA-Buffers, Frame-Buffers, Emulator-Memory
- the whole rest of BigBuf is now available for traces (instead of a small fixed amount)
- send actual traceLen together with trace data
- changed client side to cope with varying traceLen
- changed small buffers to automatic variables instead of parts of BigBuf
added data fskparadoxdemod
added data setdebugmode (for demods)
added data shiftgraphzero (to help clean weak reads)
fixed a few bugs with the data detectaskclock
added data fskfcdetect to detect FSK clocks
adjusted most of my demods to put raw tag binary to demod buffer for
future sim and clone commands (psk still needs work)
ADD: added a manufacturer list in "hf 14a reader", only viable when UID is double or triple size. Thanks to Asper for the list.
ADD: detect chinese magic backdoor commands in "hf 14a reader"
CHG: minor code clean up.
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
fixed a few bugs in lf demod that the streamlining added. added new lf
em em410xdemod command that loops until button pressed. (similar to lf
hid fskdemod
- introduced with the big frame and parity support (commit 6a1f2d82): tag responses with len%8 == 0 were dropped - thanks iceman for testing and finding
- after unsuccessful hf 14a reader the field stayed on. Thanks to iceman for proposing the fix.
- unified hw tune and Enio's great data tune
- don't use BigBuf (and hardcoded Offset)
- removed special handling of CMD_MEASURED_ANTENNA_TUNING
in UsbCommandReceived()
- buffers were too small to handle 256 byte frames
- parity bits were only handled for up to 32 byte frames
- trace format was inefficient
- removed parity calculation from decoders in iclass.c (parity not used on air anyway)
- hf mf rdsc (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (fix): Access Condition 011 not handled correctly (tried to access with key A)
- hf mf restore (add): added (optional) card size parameter and support for non 1K cards
- hf mf nested (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf nested (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf chk (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf eget (fix): displayed three instead of one block
- hf mf eload (add): load 4K .eml files (but accepts 1K .eml files for backwards compatibility)
- hf mf esave (add): always save the whole emulator memory (4K) instead of 1K only
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
- output of debug messages caused communication failures due to timing issues.
hf mf dbg 4 now required to see these debug messages.
- changed help text for hf mf dbg
- fixed minor bugs in help texts for hf mf sim and hf mf ecset
- display "key A" or "key B" instead of "key=0" or "key=1 in hf mf sim
- tracing was not always enabled when starting hf mf sniff or hf 14a snoop
- ATQA was displayed in wrong byte order in hf mf sniff
- 4 Byte UIDs were displayed as 7 Byte UIDs (padded with 0x000000) in hf mf sniff
- same for logfile names.
- assignment (=) had been used instead of == in comparisons (shouldn't have been relevant though)
This is a new LF edge detection algorithm for the FPGA.
- It uses a low-pass IIR filter to clean the signal
(see https://fail0verflow.com/blog/2014/proxmark3-fpga-iir-filter.html)
- The algorithm is able to detect consecutive peaks in the same
direction
- It uses an envelope follower to dynamically adjust the peak thresholds
- The main threshold used in the envelope follower can be set from the ARM side
fpga/lf_edge_detect.v,
fpga/lp20khz_1MSa_iir_filter.v,
fpga/min_max_tracker.v: New file.
fpga/lo_edge_detect.v, fpga/fpga_lf.v: Modify accordingly.
armsrc/apps.h (FPGA_CMD_SET_USER_BYTE1,
FPGA_CMD_SET_EDGE_DETECT_THRESHOLD): New FPGA command.
fpga/fpga_lf.v: Modify accordingly/Add a 8bit user register.
fpga/fpga_lf.bit: Update accordingly.
fpga/tests: New directory for testbenches
fpga/tests/Makefile: New file. It compiles the testbenches
and runs all the tests by default (comparing with the golden output)
fpga/tests/tb_lp20khz_1MSa_iir_filter.v,
fpga/tests/tb_min_max_tracker.v,
fpga/tests/tb_lf_edge_detect.v: New testbenches
fpga/tests/plot_edgedetect.py: New script to plot the results from
the edge detection tests.
fpga/tests/tb_data: New directory for data and golden outputs