proxmark3/armsrc/hfsnoop.c

//-----------------------------------------------------------------------------
// piwi, 2019
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to get sample data from FPGA.
//-----------------------------------------------------------------------------
#include "hfsnoop.h"
#include "proxmark3_arm.h"
#include "BigBuf.h"
#include "fpgaloader.h"
#include "ticks.h"
#include "dbprint.h"
#include "util.h"
#include "fpga.h"
#include "appmain.h"
#include "cmd.h"

static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {
    while (dsize > 0) {
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
            dest++;
            dsize -= sizeof(dsize);
        }
    }
}

int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) {
    BigBuf_free();
    BigBuf_Clear_ext(false);

    Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);

    LED_D_ON();

    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

    SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

    // Set up the synchronous serial port
    FpgaSetupSsc();

    // Setting Frame Mode For better performance on high speed data transfer.
    AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16);

    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
    SpinDelay(100);

    *len = (BigBuf_max_traceLen() & 0xFFFE);
    uint8_t *mem = BigBuf_malloc(*len);

    uint32_t trigger_cnt = 0;    
    uint16_t r = 0, interval = 0;

    bool pressed = false;
    while (pressed == false) {
        WDT_HIT();

        // cancel w usb command.
        if (interval == 2000) {
            if (data_available())
                break;

            interval = 0;
        } else {
            interval++;
        }

        // check if trigger is reached
        if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
            r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;

            r = MAX(r & 0xFF, r >> 8);

            // 180 (0xB4) arbitary value to see if a strong RF field is near.
            if (r > 180) {
               
                if (++trigger_cnt > triggersToSkip) {
                    break;
                }
            }
        }

        pressed = BUTTON_PRESS();
    }

    if (pressed == false) {

        // skip samples loop
        while (samplesToSkip != 0) {

            if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
                samplesToSkip--;
            }
        }

        optimizedSniff((uint16_t*)mem, *len);

        if (DBGLEVEL >= DBG_INFO)   {
            Dbprintf("Trigger kicked in (%d >= 180)", r);
            Dbprintf("Collected %u samples", *len);
        }
    }

    //Resetting Frame mode (First set in fpgaloader.c)
    AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
    LED_D_OFF();
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    BigBuf_free();
    return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;
}

void HfPlotDownload(void) {
    uint8_t *buf = ToSend;
    uint8_t *this_buf = buf;

    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

    FpgaSetupSsc();

    AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;   // Disable DMA Transfer
    AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) this_buf; // start transfer to this memory address
    AT91C_BASE_PDC_SSC->PDC_RCR = PM3_CMD_DATA_SIZE;   // transfer this many samples
    buf[0] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;         // clear receive register
    AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;    // Start DMA transfer

    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_GET_TRACE);   // let FPGA transfer its internal Block-RAM

    LED_B_ON();
    for (size_t i = 0; i < FPGA_TRACE_SIZE; i += PM3_CMD_DATA_SIZE) {
        // prepare next DMA transfer:
        uint8_t *next_buf = buf + ((i + PM3_CMD_DATA_SIZE) % (2 * PM3_CMD_DATA_SIZE));

        AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t)next_buf;
        AT91C_BASE_PDC_SSC->PDC_RNCR = PM3_CMD_DATA_SIZE;

        size_t len = MIN(FPGA_TRACE_SIZE - i, PM3_CMD_DATA_SIZE);

        while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX))) {}; // wait for DMA transfer to complete

        reply_old(CMD_FPGAMEM_DOWNLOADED, i, len, FPGA_TRACE_SIZE, this_buf, len);
        this_buf = next_buf;
    }

    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

    // Trigger a finish downloading signal with an ACK frame
    reply_mix(CMD_ACK, 1, 0, FPGA_TRACE_SIZE, 0, 0);
    LED_B_OFF();
}
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00			`//-----------------------------------------------------------------------------`
			`// piwi, 2019`
			`//`
			`// This code is licensed to you under the terms of the GNU GPL, version 2 or,`
			`// at your option, any later version. See the LICENSE.txt file for the text of`
			`// the license.`
			`//-----------------------------------------------------------------------------`
			`// Routines to get sample data from FPGA.`
			`//-----------------------------------------------------------------------------`
make sure all .c include their own .h 2019-10-27 00:56:36 +08:00			`#include "hfsnoop.h"`
summer restructuring: * .h include only the strict minimum for their own parsing * this forces all files to include explicitment their needs and not count on far streched dependencies * this helps Makefile to rebuild only the minimum * according to this rule, most standalone .h are now gone * big app.h is gone * remove seldom __cplusplus, if c++ happens, everything will have to be done properly anyway * all unrequired include were removed * split common/ into common/ (client+arm) and common_arm/ (os+bootloader) * bring zlib to common/ * bring stuff not really/not yet used in common back to armsrc/ or client/ * bring liblua into client/ * bring uart into client/ * move some portions of code around (dbprint, protocols,...) * rename unused files into _disabled.[ch] to make it explicit rename soft Uarts between 14a, 14b and iclass, so a standalone could use several without clash * remove PrintAndLogDevice * move deprecated-hid-flasher from client to tools * Makefiles * treat deps in armsrc/ as in client/ * client: stop on warning (-Werror), same as for armsrc/ Tested on: * all standalone modes * Linux 2019-08-08 22:57:33 +08:00			`#include "proxmark3_arm.h"`
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. ADD: added the "t55x7" refactoring by @marshmellow42 2015-10-28 04:47:21 +08:00			`#include "BigBuf.h"`
summer restructuring: * .h include only the strict minimum for their own parsing * this forces all files to include explicitment their needs and not count on far streched dependencies * this helps Makefile to rebuild only the minimum * according to this rule, most standalone .h are now gone * big app.h is gone * remove seldom __cplusplus, if c++ happens, everything will have to be done properly anyway * all unrequired include were removed * split common/ into common/ (client+arm) and common_arm/ (os+bootloader) * bring zlib to common/ * bring stuff not really/not yet used in common back to armsrc/ or client/ * bring liblua into client/ * bring uart into client/ * move some portions of code around (dbprint, protocols,...) * rename unused files into _disabled.[ch] to make it explicit rename soft Uarts between 14a, 14b and iclass, so a standalone could use several without clash * remove PrintAndLogDevice * move deprecated-hid-flasher from client to tools * Makefiles * treat deps in armsrc/ as in client/ * client: stop on warning (-Werror), same as for armsrc/ Tested on: * all standalone modes * Linux 2019-08-08 22:57:33 +08:00			`#include "fpgaloader.h"`
			`#include "ticks.h"`
			`#include "dbprint.h"`
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. ADD: added the "t55x7" refactoring by @marshmellow42 2015-10-28 04:47:21 +08:00			`#include "util.h"`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00			`#include "fpga.h"`
			`#include "appmain.h"`
			`#include "cmd.h"`
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. ADD: added the "t55x7" refactoring by @marshmellow42 2015-10-28 04:47:21 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`while (dsize > 0) {`
make style 2019-03-10 07:00:59 +08:00			`if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);`
			`dest++;`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`dsize -= sizeof(dsize);`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`}`
			`}`
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. ADD: added the "t55x7" refactoring by @marshmellow42 2015-10-28 04:47:21 +08:00			`}`

chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) {`
make style 2019-03-10 07:00:59 +08:00			`BigBuf_free();`
make style 2020-06-20 00:34:47 +08:00			`BigBuf_Clear_ext(false);`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);`
CHG: Added calling clear bigbuff to zero out it also, instead of just "free" it. ADD: downloading the EML part from BigBuffer specially. 2016-03-12 16:03:28 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`LED_D_ON();`
initial commit to be in sync the-soon-defunct repo pm3rdv40. 2018-08-13 03:54:31 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`FpgaDownloadAndGo(FPGA_BITSTREAM_HF);`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`SetAdcMuxFor(GPIO_MUXSEL_HIPKD);`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`// Set up the synchronous serial port`
			`FpgaSetupSsc();`
initial commit to be in sync the-soon-defunct repo pm3rdv40. 2018-08-13 03:54:31 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`// Setting Frame Mode For better performance on high speed data transfer.`
			`AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16);`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);`
fix: 'hf snoop' - buffer overflow (@satuoni) 2017-10-08 20:56:04 +08:00			`SpinDelay(100);`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`*len = (BigBuf_max_traceLen() & 0xFFFE);`
			`uint8_t mem = BigBuf_malloc(len);`

chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`uint32_t trigger_cnt = 0;`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`uint16_t r = 0, interval = 0;`
make style 2020-06-20 00:34:47 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`bool pressed = false;`
			`while (pressed == false) {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`WDT_HIT();`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`// cancel w usb command.`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`if (interval == 2000) {`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`if (data_available())`
			`break;`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`interval = 0;`
			`} else {`
			`interval++;`
			`}`

			`// check if trigger is reached`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {`
			`r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00
			`r = MAX(r & 0xFF, r >> 8);`

			`// 180 (0xB4) arbitary value to see if a strong RF field is near.`
			`if (r > 180) {`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00
			`if (++trigger_cnt > triggersToSkip) {`
make style 2019-03-10 07:00:59 +08:00			`break;`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`}`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`}`
			`}`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00
			`pressed = BUTTON_PRESS();`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`}`

chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`if (pressed == false) {`

			`// skip samples loop`
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`while (samplesToSkip != 0) {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {`
			`samplesToSkip--;`
			`}`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`}`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`optimizedSniff((uint16_t)mem, len);`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00
chg: 'hf sniff' - now malloc and is interupable 2020-06-22 00:13:14 +08:00			`if (DBGLEVEL >= DBG_INFO) {`
			`Dbprintf("Trigger kicked in (%d >= 180)", r);`
			`Dbprintf("Collected %u samples", *len);`
			`}`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`}`

			`//Resetting Frame mode (First set in fpgaloader.c)`
			`AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) \| AT91C_SSC_MSBF \| SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);`
			`LED_D_OFF();`
chg: 'hf sniff' - remake to mallc and report back size, also use NG 2020-06-18 17:54:19 +08:00			`FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);`
			`BigBuf_free();`
			`return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;`
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. ADD: added the "t55x7" refactoring by @marshmellow42 2015-10-28 04:47:21 +08:00			`}`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
			`void HfPlotDownload(void) {`
style 2020-01-13 00:28:12 +08:00			`uint8_t *buf = ToSend;`
			`uint8_t *this_buf = buf;`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`FpgaDownloadAndGo(FPGA_BITSTREAM_HF);`

			`FpgaSetupSsc();`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer`
			`AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) this_buf; // start transfer to this memory address`
			`AT91C_BASE_PDC_SSC->PDC_RCR = PM3_CMD_DATA_SIZE; // transfer this many samples`
			`buf[0] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; // clear receive register`
			`AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // Start DMA transfer`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_GET_TRACE); // let FPGA transfer its internal Block-RAM`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`LED_B_ON();`
			`for (size_t i = 0; i < FPGA_TRACE_SIZE; i += PM3_CMD_DATA_SIZE) {`
			`// prepare next DMA transfer:`
			`uint8_t next_buf = buf + ((i + PM3_CMD_DATA_SIZE) % (2 PM3_CMD_DATA_SIZE));`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t)next_buf;`
			`AT91C_BASE_PDC_SSC->PDC_RNCR = PM3_CMD_DATA_SIZE;`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`size_t len = MIN(FPGA_TRACE_SIZE - i, PM3_CMD_DATA_SIZE);`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX))) {}; // wait for DMA transfer to complete`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`reply_old(CMD_FPGAMEM_DOWNLOADED, i, len, FPGA_TRACE_SIZE, this_buf, len);`
			`this_buf = next_buf;`
			`}`

			`FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00
style 2020-01-13 00:28:12 +08:00			`// Trigger a finish downloading signal with an ACK frame`
			`reply_mix(CMD_ACK, 1, 0, FPGA_TRACE_SIZE, 0, 0);`
			`LED_B_OFF();`
add 'hf plot' - from offical repo (piwi) 2020-01-12 23:45:24 +08:00			`}`