2022-06-25 05:36:42 +08:00
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
|
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
|
|
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// See LICENSE.txt for the text of the license.
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
|
// HF general operations
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
#include "hfops.h"
|
|
|
|
|
|
2022-06-26 16:29:34 +08:00
|
|
|
#include <string.h>
|
2022-07-03 03:45:32 +08:00
|
|
|
#include "appmain.h"
|
2022-06-25 05:36:42 +08:00
|
|
|
#include "proxmark3_arm.h"
|
|
|
|
|
#include "cmd.h"
|
|
|
|
|
#include "BigBuf.h"
|
|
|
|
|
#include "fpgaloader.h"
|
|
|
|
|
#include "ticks.h"
|
|
|
|
|
#include "dbprint.h"
|
|
|
|
|
#include "util.h"
|
|
|
|
|
#include "commonutil.h"
|
2022-06-25 20:42:11 +08:00
|
|
|
#include "lfsampling.h"
|
2022-06-25 05:36:42 +08:00
|
|
|
|
2022-06-25 19:56:24 +08:00
|
|
|
int HfReadADC(uint32_t samplesCount, bool ledcontrol) {
|
|
|
|
|
if (ledcontrol) LEDsoff();
|
2022-06-25 05:36:42 +08:00
|
|
|
|
2022-06-25 19:56:24 +08:00
|
|
|
BigBuf_Clear_ext(false);
|
2022-06-26 16:29:34 +08:00
|
|
|
// connect Demodulated Signal to ADC:
|
|
|
|
|
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
|
2022-06-25 05:36:42 +08:00
|
|
|
|
2022-06-26 16:29:34 +08:00
|
|
|
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
2022-06-25 19:56:24 +08:00
|
|
|
// And put the FPGA in the appropriate mode
|
2022-06-27 05:30:49 +08:00
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_212_KHZ | FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE);
|
2022-06-25 05:36:42 +08:00
|
|
|
|
2022-06-27 05:30:49 +08:00
|
|
|
// Setup
|
2022-06-25 19:56:24 +08:00
|
|
|
FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);
|
|
|
|
|
|
|
|
|
|
if (ledcontrol) LED_A_ON();
|
|
|
|
|
|
2022-06-25 20:42:11 +08:00
|
|
|
uint32_t sbs = samplesCount;
|
|
|
|
|
initSampleBuffer(&sbs);
|
|
|
|
|
|
2022-06-27 05:30:49 +08:00
|
|
|
uint32_t wdtcntr = 0;
|
2022-06-25 19:56:24 +08:00
|
|
|
for (;;) {
|
|
|
|
|
if (BUTTON_PRESS()) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-27 05:30:49 +08:00
|
|
|
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
|
|
|
|
volatile uint16_t sample = AT91C_BASE_SSC->SSC_RHR;
|
|
|
|
|
|
|
|
|
|
// FPGA side:
|
|
|
|
|
// corr_i_out <= {2'b00, corr_amplitude[13:8]};
|
|
|
|
|
// corr_q_out <= corr_amplitude[7:0];
|
|
|
|
|
if (sample > 0x1fff)
|
|
|
|
|
sample = 0xff;
|
|
|
|
|
else
|
|
|
|
|
sample = sample >> 5;
|
|
|
|
|
logSample(sample & 0xff, 1, 8, false);
|
|
|
|
|
if (getSampleCounter() >= samplesCount)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
if (wdtcntr++ > 512) {
|
|
|
|
|
WDT_HIT();
|
|
|
|
|
wdtcntr = 0;
|
2022-06-26 16:29:34 +08:00
|
|
|
}
|
2022-06-27 05:30:49 +08:00
|
|
|
} else {
|
|
|
|
|
continue;
|
2022-06-25 19:56:24 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FpgaDisableTracing();
|
|
|
|
|
|
|
|
|
|
FpgaSetupSsc(FPGA_MAJOR_MODE_OFF);
|
|
|
|
|
// Turn the field off
|
|
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
|
|
|
|
|
2022-06-25 21:11:59 +08:00
|
|
|
uint32_t scnt = getSampleCounter();
|
2022-06-28 16:45:48 +08:00
|
|
|
reply_ng(CMD_HF_ACQ_RAW_ADC, PM3_SUCCESS, (uint8_t *)&scnt, 4);
|
2022-06-25 19:56:24 +08:00
|
|
|
if (ledcontrol) LEDsoff();
|
2022-06-25 05:36:42 +08:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-04 03:54:58 +08:00
|
|
|
uint8_t encode_acc = 0;
|
|
|
|
|
uint8_t encode_acc_bit_count = 0;
|
|
|
|
|
uint32_t encode_indx = 0;
|
|
|
|
|
|
|
|
|
|
static void EncodeInit(void) {
|
|
|
|
|
encode_acc = 0;
|
|
|
|
|
encode_acc_bit_count = 0;
|
|
|
|
|
encode_indx = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-04 05:35:44 +08:00
|
|
|
static void EncodeAddBit(uint8_t *data, uint8_t bit, uint8_t bit_count) {
|
2022-07-04 03:54:58 +08:00
|
|
|
for (int i = 0; i < bit_count; i++) {
|
|
|
|
|
encode_acc = (encode_acc << 1) | (bit & 0x01);
|
|
|
|
|
encode_acc_bit_count++;
|
|
|
|
|
if (encode_acc_bit_count > 7) {
|
|
|
|
|
data[encode_indx++] = encode_acc;
|
|
|
|
|
encode_acc = 0;
|
|
|
|
|
encode_acc_bit_count = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-04 05:35:44 +08:00
|
|
|
static uint32_t EncodeFinish(uint8_t *data) {
|
2022-07-04 03:54:58 +08:00
|
|
|
if (encode_acc_bit_count > 0) {
|
|
|
|
|
encode_acc = encode_acc << (8 - encode_acc_bit_count);
|
|
|
|
|
data[encode_indx++] = encode_acc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return encode_indx;
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-06 19:45:06 +08:00
|
|
|
static uint32_t HfEncodeTkm(const uint8_t *uid, uint8_t modulation, uint8_t *data) {
|
2022-07-03 05:09:55 +08:00
|
|
|
uint32_t len = 0;
|
|
|
|
|
if (modulation == 0) {
|
|
|
|
|
// TK-13
|
|
|
|
|
// 74ns 1 field cycle,
|
2022-07-04 02:59:55 +08:00
|
|
|
// carrier frequency is fc/64 (212kHz), 4.7 mks
|
2022-07-04 03:54:58 +08:00
|
|
|
// 100 field cycle = impulse 1.6 ( 1 bit from real tag)
|
|
|
|
|
// 1000 field cycle = `1` 15.6 (17 bit from real tag)
|
|
|
|
|
// 500 field cycle = `0` 7.8 ( 7 bit from real tag)
|
2022-07-03 05:09:55 +08:00
|
|
|
|
2022-07-04 03:54:58 +08:00
|
|
|
EncodeInit();
|
2022-07-03 05:20:56 +08:00
|
|
|
for (int i = 0; i < 8; i++) {
|
|
|
|
|
for (int j = 0; j < 8; j++) {
|
|
|
|
|
if (((uid[i] << j) & 0x80) != 0) {
|
|
|
|
|
// `1`
|
2022-07-04 03:54:58 +08:00
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 17);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 7);
|
2022-07-03 05:20:56 +08:00
|
|
|
} else {
|
|
|
|
|
// `0`
|
2022-07-04 03:54:58 +08:00
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 7);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 17);
|
2022-07-03 05:20:56 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-04 03:54:58 +08:00
|
|
|
len = EncodeFinish(data);
|
2022-07-03 05:09:55 +08:00
|
|
|
} else {
|
|
|
|
|
// TK-17
|
|
|
|
|
// 74ns 1 field cycle,
|
2022-07-04 05:18:57 +08:00
|
|
|
// carrier frequency is fc/64 (212kHz), 4.7 mks
|
|
|
|
|
// 0 --- 8 --- 12-15 --- 18-19 --- 26-28 --- 32
|
2022-07-04 05:27:22 +08:00
|
|
|
// DO NOT NORMALIZE!!!! it must be with some error like this!!!!
|
2022-07-04 05:18:57 +08:00
|
|
|
// `00` -- 1-25-1-5
|
2022-07-04 05:35:44 +08:00
|
|
|
// `01` -- 1-12-1-18
|
2022-07-04 05:18:57 +08:00
|
|
|
// `10` -- 1-17-1-13
|
|
|
|
|
// `11` -- 1-7-1-23
|
2022-07-03 05:09:55 +08:00
|
|
|
|
2022-07-04 05:18:57 +08:00
|
|
|
EncodeInit();
|
|
|
|
|
for (int i = 0; i < 8; i++) {
|
|
|
|
|
for (int j = 0; j < 8; j += 2) {
|
|
|
|
|
uint8_t twobit = ((uid[i] >> j) & 0x03);
|
|
|
|
|
if (twobit == 0x00) {
|
|
|
|
|
// `00`
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 25);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 5);
|
|
|
|
|
} else if (twobit == 0x01) {
|
|
|
|
|
// `01`
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 12);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 18);
|
|
|
|
|
} else if (twobit == 0x02) {
|
|
|
|
|
// `10`
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 17);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 13);
|
|
|
|
|
} else { // twobit == 0x03
|
|
|
|
|
// `11`
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 7);
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
EncodeAddBit(data, 0, 23);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
EncodeAddBit(data, 1, 1);
|
|
|
|
|
len = EncodeFinish(data);
|
2022-07-03 05:09:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return len;
|
2022-07-03 03:45:32 +08:00
|
|
|
}
|
|
|
|
|
|
2022-07-07 00:03:17 +08:00
|
|
|
int HfSimulateTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
|
2022-07-03 03:45:32 +08:00
|
|
|
// free eventually allocated BigBuf memory
|
|
|
|
|
BigBuf_free_keep_EM();
|
|
|
|
|
|
|
|
|
|
LEDsoff();
|
|
|
|
|
|
2022-07-04 05:35:44 +08:00
|
|
|
uint8_t *data = BigBuf_calloc(256);
|
2022-07-03 05:20:56 +08:00
|
|
|
uint32_t elen = HfEncodeTkm(uid, modulation, data);
|
2022-07-03 03:45:32 +08:00
|
|
|
if (elen == 0) {
|
|
|
|
|
DbpString("encode error");
|
|
|
|
|
reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_EAPDU_ENCODEFAIL, NULL, 0);
|
|
|
|
|
return PM3_EAPDU_ENCODEFAIL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LED_C_ON();
|
2022-07-03 05:09:55 +08:00
|
|
|
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
|
|
|
|
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
|
2022-07-04 02:32:29 +08:00
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_212K);
|
2022-07-03 23:19:57 +08:00
|
|
|
FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR);
|
2022-07-03 03:45:32 +08:00
|
|
|
|
|
|
|
|
bool button_pressed = false;
|
|
|
|
|
bool exit_loop = false;
|
2022-07-04 03:07:03 +08:00
|
|
|
bool field_on = false;
|
2022-07-06 19:45:06 +08:00
|
|
|
|
2022-07-03 03:45:32 +08:00
|
|
|
while (exit_loop == false) {
|
|
|
|
|
|
|
|
|
|
button_pressed = BUTTON_PRESS();
|
2022-07-06 19:45:06 +08:00
|
|
|
if (button_pressed || data_available()) {
|
2022-07-03 03:45:32 +08:00
|
|
|
break;
|
2022-07-06 19:45:06 +08:00
|
|
|
}
|
2022-07-03 03:45:32 +08:00
|
|
|
|
|
|
|
|
WDT_HIT();
|
|
|
|
|
|
2022-07-06 19:45:06 +08:00
|
|
|
// in mV
|
|
|
|
|
int vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15;
|
2022-07-03 03:45:32 +08:00
|
|
|
if (vHf > MF_MINFIELDV) {
|
2022-07-06 19:45:06 +08:00
|
|
|
if (field_on == false) {
|
2022-07-04 03:07:03 +08:00
|
|
|
LED_A_ON();
|
|
|
|
|
SpinDelay(50);
|
|
|
|
|
}
|
|
|
|
|
field_on = true;
|
2022-07-03 03:45:32 +08:00
|
|
|
} else {
|
2022-07-04 03:07:03 +08:00
|
|
|
if (field_on) {
|
|
|
|
|
LED_A_OFF();
|
|
|
|
|
}
|
|
|
|
|
field_on = false;
|
2022-07-03 03:45:32 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-04 03:07:03 +08:00
|
|
|
SpinDelay(3);
|
2022-07-06 19:45:06 +08:00
|
|
|
|
2022-07-04 03:54:58 +08:00
|
|
|
for (int i = 0; i < elen;) {
|
|
|
|
|
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
|
2022-07-06 19:45:06 +08:00
|
|
|
AT91C_BASE_SSC->SSC_THR = data[i++];
|
2022-07-03 05:09:55 +08:00
|
|
|
}
|
|
|
|
|
}
|
2022-07-03 03:45:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch_off();
|
|
|
|
|
|
|
|
|
|
if (button_pressed)
|
|
|
|
|
DbpString("button pressed");
|
|
|
|
|
|
|
|
|
|
reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_SUCCESS, NULL, 0);
|
|
|
|
|
|
|
|
|
|
return PM3_SUCCESS;
|
|
|
|
|
}
|
