proxmark3/armsrc/Standalone/lf_em4100rwc.c

//-----------------------------------------------------------------------------
// Artyom Gnatyuk, 2020
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// LF rwc   -   This mode can simulate ID from selected slot, read ID to
//              selected slot, write from selected slot to T5555 tag and store
//              readed ID to flash (only RDV4). Also you can set predefined IDs
//              in any slot.
//              To recall stored ID from flash execute:
//                  mem spifss dump o emdump p
//              or:
//                  mem spifss dump o emdump f emdump
//              then from shell:
//                  hexdump emdump -e '5/1 "%02X" /0 "\n"'
//-----------------------------------------------------------------------------
#include "standalone.h"
#include "proxmark3_arm.h"
#include "appmain.h"
#include "fpgaloader.h"
#include "lfops.h"
#include "util.h"
#include "dbprint.h"
#include "ticks.h"
#include "string.h"
#include "BigBuf.h"
#include "spiffs.h"
#include "commonutil.h"

#ifdef WITH_FLASH
#include "flashmem.h"
#endif

#define MAX_IND 16 // 4 LEDs - 2^4 combinations
#define LF_CLOCK 64   // for 125kHz

// low & high - array for storage IDs. Its length must be equal.
// Predefined IDs must be stored in low[].
// In high[] must be nulls
static uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
static uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
static uint8_t slots_count;
static int buflen;

void ModInfo(void) {
    DbpString("  LF EM4100 read/write/clone mode");
}

static uint64_t rev_quads(uint64_t bits) {
    uint64_t result = 0;
    for (int i = 0; i < 16; i++) {
        result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
    }
    return result >> 24;
}

static void fill_buff(uint8_t bit) {
    uint8_t *bba = BigBuf_get_addr();
    memset(bba + buflen, bit, LF_CLOCK / 2);
    buflen += (LF_CLOCK / 2);
    memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
    buflen += (LF_CLOCK / 2);
}

static void construct_EM410x_emul(uint64_t id) {

    int i, j;
    int binary[4] = {0, 0, 0, 0};
    int parity[4] = {0, 0, 0, 0};
    buflen = 0;

    for (i = 0; i < 9; i++)
        fill_buff(1);

    for (i = 0; i < 10; i++) {
        for (j = 3; j >= 0; j--, id /= 2)
            binary[j] = id % 2;

        for (j = 0; j < 4; j++)
            fill_buff(binary[j]);

        fill_buff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
        for (j = 0; j < 4; j++)
            parity[j] ^= binary[j];
    }

    for (j = 0; j < 4; j++)
        fill_buff(parity[j]);

    fill_buff(0);
}

static void led_slot(int i) {
    LEDsoff();
    if (slots_count > 4) {
        LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4
    } else {
        LED(1 << i, 0); //simple indication for slots_count <=4
    }
}

static void flash_leds(uint32_t speed, uint8_t times) {
    for (uint16_t i = 0; i < times * 2; i++) {
        LED_A_INV();
        LED_B_INV();
        LED_C_INV();
        LED_D_INV();
        SpinDelay(speed);
    }
}

#ifdef WITH_FLASH
static void SaveIDtoFlash(int addr, uint64_t id) {
    uint8_t bt[5];
    const char *filename = "emdump";
    rdv40_spiffs_mount();
    for (int i = 0; i < 5; i++) {
        bt[4 - i] = (uint8_t)(id >> 8 * i & 0xff);
    }
    if (exists_in_spiffs(filename) == false) {
        rdv40_spiffs_write(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL);
    } else {
        rdv40_spiffs_append(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL);
    }
}
#endif

void RunMod(void) {
    StandAloneMode();
    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
    Dbprintf("[=] >>  LF EM4100 read/write/clone started  <<");

    int selected = 0;
    //state 0 - select slot
    //      1 - read tag to selected slot,
    //      2 - simulate tag from selected slot
    //      3 - write to T5555 tag
    uint8_t state = 0;
    slots_count = ARRAYLEN(low);
    led_slot(selected);
    for (;;) {

        WDT_HIT();

        if (data_available()) break;

        int button_pressed = BUTTON_HELD(1000);
        SpinDelay(300);

        switch (state) {
            case 0:
                // Select mode
                if (button_pressed == BUTTON_HOLD) {
                    // Long press - switch to simulate mode
                    SpinUp(100);
                    led_slot(selected);
                    state = 2;
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
                    // Click - switch to next slot
                    selected = (selected + 1) % slots_count;
                    led_slot(selected);
                }
                break;
            case 1:
                // Read mode.
                if (button_pressed == BUTTON_HOLD) {
                    // Long press - switch to read mode
                    SpinUp(100);
                    led_slot(selected);
                    state = 3;
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
                    // Click - exit to select mode
                    lf_em410x_watch(1, &high[selected], &low[selected]);
                    flash_leds(100, 5);
#ifdef WITH_FLASH
                    SaveIDtoFlash(selected, low[selected]);
#endif
                    state = 0;
                }
                break;
            case 2:
                // Simulate mode
                if (button_pressed == BUTTON_HOLD) {
                    // Long press - switch to read mode
                    SpinDown(100);
                    led_slot(selected);
                    state = 1;
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
                    // Click - start simulating. Click again to exit from simulate mode
                    led_slot(selected);

                    construct_EM410x_emul(rev_quads(low[selected]));
                    flash_leds(100, 5);

                    SimulateTagLowFrequency(buflen, 0, true);
                    led_slot(selected);
                    state = 0; // Switch to select mode
                }
                break;
            case 3:
                // Write tag mode
                if (button_pressed == BUTTON_HOLD) {
                    // Long press - switch to select mode
                    SpinDown(100);
                    led_slot(selected);
                    state = 0;
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
                    // Click - write ID to tag
                    copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
                    led_slot(selected);
                    state = 0; // Switch to select mode
                }
                break;
        }
    }
}
Add missed files 2020-03-08 01:07:38 +08:00			`//-----------------------------------------------------------------------------`
			`// Artyom Gnatyuk, 2020`
			`//`
			`// This code is licensed to you under the terms of the GNU GPL, version 2 or,`
			`// at your option, any later version. See the LICENSE.txt file for the text of`
			`// the license.`
			`//-----------------------------------------------------------------------------`
Make style 2020-03-21 22:39:30 +08:00			`// LF rwc - This mode can simulate ID from selected slot, read ID to`
			`// selected slot, write from selected slot to T5555 tag and store`
[RDV4] Readed IDs store to file in spiffs 2020-03-21 22:27:57 +08:00			`// readed ID to flash (only RDV4). Also you can set predefined IDs`
Make style 2020-03-21 22:39:30 +08:00			`// in any slot.`
Add missed files 2020-03-08 01:07:38 +08:00			`// To recall stored ID from flash execute:`
[RDV4] Readed IDs store to file in spiffs 2020-03-21 22:27:57 +08:00			`// mem spifss dump o emdump p`
			`// or:`
			`// mem spifss dump o emdump f emdump`
			`// then from shell:`
			`// hexdump emdump -e '5/1 "%02X" /0 "\n"'`
Add missed files 2020-03-08 01:07:38 +08:00			`//-----------------------------------------------------------------------------`
			`#include "standalone.h"`
			`#include "proxmark3_arm.h"`
			`#include "appmain.h"`
			`#include "fpgaloader.h"`
			`#include "lfops.h"`
			`#include "util.h"`
			`#include "dbprint.h"`
			`#include "ticks.h"`
			`#include "string.h"`
			`#include "BigBuf.h"`
[RDV4] Readed IDs store to file in spiffs 2020-03-21 22:27:57 +08:00			`#include "spiffs.h"`
fix standalone warnings 2020-05-11 00:04:50 +08:00			`#include "commonutil.h"`
Add missed files 2020-03-08 01:07:38 +08:00
			`#ifdef WITH_FLASH`
			`#include "flashmem.h"`
			`#endif`

			`#define MAX_IND 16 // 4 LEDs - 2^4 combinations`
rework 2020-07-14 21:57:21 +08:00			`#define LF_CLOCK 64 // for 125kHz`
Add missed files 2020-03-08 01:07:38 +08:00
			`// low & high - array for storage IDs. Its length must be equal.`
Make style 2020-03-21 22:39:30 +08:00			`// Predefined IDs must be stored in low[].`
Add missed files 2020-03-08 01:07:38 +08:00			`// In high[] must be nulls`
armsrc: clarify static vars vs global vars, part 2 2020-05-19 23:25:50 +08:00			`static uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};`
			`static uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};`
standalone mode LF_EM4100RWC, LF_EM4100RSWB - odd big buff static pointer usage 2021-01-28 06:18:01 +08:00			`static uint8_t slots_count;`
armsrc: clarify static vars vs global vars, part 2 2020-05-19 23:25:50 +08:00			`static int buflen;`
Add missed files 2020-03-08 01:07:38 +08:00
			`void ModInfo(void) {`
Add my modes after merging. 2020-03-22 01:03:16 +08:00			`DbpString(" LF EM4100 read/write/clone mode");`
Add missed files 2020-03-08 01:07:38 +08:00			`}`

fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`static uint64_t rev_quads(uint64_t bits) {`
Make style 2020-03-21 22:39:30 +08:00			`uint64_t result = 0;`
			`for (int i = 0; i < 16; i++) {`
			`result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);`
			`}`
			`return result >> 24;`
Add missed files 2020-03-08 01:07:38 +08:00			`}`

minor renaming 2021-01-28 06:30:37 +08:00			`static void fill_buff(uint8_t bit) {`
standalone mode LF_EM4100RWC, LF_EM4100RSWB - odd big buff static pointer usage 2021-01-28 06:18:01 +08:00			`uint8_t *bba = BigBuf_get_addr();`
rework 2020-07-14 21:57:21 +08:00			`memset(bba + buflen, bit, LF_CLOCK / 2);`
			`buflen += (LF_CLOCK / 2);`
			`memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);`
			`buflen += (LF_CLOCK / 2);`
Add missed files 2020-03-08 01:07:38 +08:00			`}`

fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`static void construct_EM410x_emul(uint64_t id) {`
make style 2020-08-13 18:25:04 +08:00
rework 2020-07-14 21:57:21 +08:00			`int i, j;`
make style 2021-02-09 23:56:55 +08:00			`int binary[4] = {0, 0, 0, 0};`
			`int parity[4] = {0, 0, 0, 0};`
Make style 2020-03-21 22:39:30 +08:00			`buflen = 0;`
make style 2020-08-13 18:25:04 +08:00
rework 2020-07-14 21:57:21 +08:00			`for (i = 0; i < 9; i++)`
minor renaming 2021-01-28 06:30:37 +08:00			`fill_buff(1);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
rework 2020-07-14 21:57:21 +08:00			`for (i = 0; i < 10; i++) {`
			`for (j = 3; j >= 0; j--, id /= 2)`
Add missed files 2020-03-08 01:07:38 +08:00			`binary[j] = id % 2;`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
rework 2020-07-14 21:57:21 +08:00			`for (j = 0; j < 4; j++)`
minor renaming 2021-01-28 06:30:37 +08:00			`fill_buff(binary[j]);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
minor renaming 2021-01-28 06:30:37 +08:00			`fill_buff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);`
rework 2020-07-14 21:57:21 +08:00			`for (j = 0; j < 4; j++)`
Make style 2020-03-21 22:39:30 +08:00			`parity[j] ^= binary[j];`
Add missed files 2020-03-08 01:07:38 +08:00			`}`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
rework 2020-07-14 21:57:21 +08:00			`for (j = 0; j < 4; j++)`
minor renaming 2021-01-28 06:30:37 +08:00			`fill_buff(parity[j]);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
minor renaming 2021-01-28 06:30:37 +08:00			`fill_buff(0);`
Add missed files 2020-03-08 01:07:38 +08:00			`}`

fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`static void led_slot(int i) {`
Make style 2020-03-21 22:39:30 +08:00			`LEDsoff();`
			`if (slots_count > 4) {`
			`LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4`
			`} else {`
			`LED(1 << i, 0); //simple indication for slots_count <=4`
			`}`
Add missed files 2020-03-08 01:07:38 +08:00			`}`

fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`static void flash_leds(uint32_t speed, uint8_t times) {`
			`for (uint16_t i = 0; i < times * 2; i++) {`
Add missed files 2020-03-08 01:07:38 +08:00			`LED_A_INV();`
			`LED_B_INV();`
			`LED_C_INV();`
			`LED_D_INV();`
			`SpinDelay(speed);`
			`}`
			`}`

			`#ifdef WITH_FLASH`
fix standalone warnings 2020-05-11 00:04:50 +08:00			`static void SaveIDtoFlash(int addr, uint64_t id) {`
Make style 2020-03-21 22:39:30 +08:00			`uint8_t bt[5];`
fix standalone warnings 2020-05-11 00:04:50 +08:00			`const char *filename = "emdump";`
Make style 2020-03-21 22:39:30 +08:00			`rdv40_spiffs_mount();`
			`for (int i = 0; i < 5; i++) {`
			`bt[4 - i] = (uint8_t)(id >> 8 * i & 0xff);`
			`}`
			`if (exists_in_spiffs(filename) == false) {`
			`rdv40_spiffs_write(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL);`
			`} else {`
			`rdv40_spiffs_append(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL);`
			`}`
Add missed files 2020-03-08 01:07:38 +08:00			`}`
			`#endif`

arm: fix prototypes 2020-05-10 22:59:38 +08:00			`void RunMod(void) {`
Add missed files 2020-03-08 01:07:38 +08:00			`StandAloneMode();`
			`FpgaDownloadAndGo(FPGA_BITSTREAM_LF);`
textual 2020-03-30 21:12:37 +08:00			`Dbprintf("[=] >> LF EM4100 read/write/clone started <<");`
make style 2020-04-16 15:01:14 +08:00
Make style 2020-03-21 22:39:30 +08:00			`int selected = 0;`
			`//state 0 - select slot`
			`// 1 - read tag to selected slot,`
			`// 2 - simulate tag from selected slot`
			`// 3 - write to T5555 tag`
			`uint8_t state = 0;`
arraylen 2020-04-25 00:44:42 +08:00			`slots_count = ARRAYLEN(low);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`for (;;) {`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
Make style 2020-03-21 22:39:30 +08:00			`WDT_HIT();`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
Add missed files 2020-03-08 01:07:38 +08:00			`if (data_available()) break;`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
Make style 2020-03-21 22:39:30 +08:00			`int button_pressed = BUTTON_HELD(1000);`
			`SpinDelay(300);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00
Make style 2020-03-21 22:39:30 +08:00			`switch (state) {`
			`case 0:`
			`// Select mode`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`if (button_pressed == BUTTON_HOLD) {`
Make style 2020-03-21 22:39:30 +08:00			`// Long press - switch to simulate mode`
			`SpinUp(100);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 2;`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`} else if (button_pressed == BUTTON_SINGLE_CLICK) {`
Make style 2020-03-21 22:39:30 +08:00			`// Click - switch to next slot`
			`selected = (selected + 1) % slots_count;`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`}`
			`break;`
			`case 1:`
			`// Read mode.`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`if (button_pressed == BUTTON_HOLD) {`
Make style 2020-03-21 22:39:30 +08:00			`// Long press - switch to read mode`
			`SpinUp(100);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 3;`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`} else if (button_pressed == BUTTON_SINGLE_CLICK) {`
Make style 2020-03-21 22:39:30 +08:00			`// Click - exit to select mode`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`lf_em410x_watch(1, &high[selected], &low[selected]);`
			`flash_leds(100, 5);`
Make style 2020-03-21 22:39:30 +08:00			`#ifdef WITH_FLASH`
			`SaveIDtoFlash(selected, low[selected]);`
			`#endif`
			`state = 0;`
			`}`
			`break;`
			`case 2:`
			`// Simulate mode`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`if (button_pressed == BUTTON_HOLD) {`
Make style 2020-03-21 22:39:30 +08:00			`// Long press - switch to read mode`
			`SpinDown(100);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 1;`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`} else if (button_pressed == BUTTON_SINGLE_CLICK) {`
Make style 2020-03-21 22:39:30 +08:00			`// Click - start simulating. Click again to exit from simulate mode`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`

			`construct_EM410x_emul(rev_quads(low[selected]));`
			`flash_leds(100, 5);`

syntax 2021-03-15 22:54:15 +08:00			`SimulateTagLowFrequency(buflen, 0, true);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 0; // Switch to select mode`
			`}`
			`break;`
			`case 3:`
			`// Write tag mode`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`if (button_pressed == BUTTON_HOLD) {`
Make style 2020-03-21 22:39:30 +08:00			`// Long press - switch to select mode`
			`SpinDown(100);`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 0;`
clarify BUTTON macro usages 2020-05-15 06:00:42 +08:00			`} else if (button_pressed == BUTTON_SINGLE_CLICK) {`
Make style 2020-03-21 22:39:30 +08:00			`// Click - write ID to tag`
rework 2020-07-14 21:57:21 +08:00			`copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));`
fix: lf_em4100rwx 2020-06-23 18:10:09 +08:00			`led_slot(selected);`
Make style 2020-03-21 22:39:30 +08:00			`state = 0; // Switch to select mode`
			`}`
			`break;`
			`}`
			`}`
Add missed files 2020-03-08 01:07:38 +08:00			`}`