prepare to update the LF T55XX commands

2025-03-17 18:50:32 +08:00 · 2015-02-04 11:48:36 +01:00 · 2015-02-04 11:48:36 +01:00 · 385f398740
commit 385f398740
parent a8d4906ba5
6 changed files with 110 additions and 94 deletions
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -20,6 +20,7 @@
 #include <strings.h>
 #include "../common/crc32.h"
 #include "BigBuf.h"
+#include "../include/hitag2.h"

 extern const uint8_t OddByteParity[256];
 extern int rsamples;   // = 0;
@ -116,9 +117,9 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc);
 void AcquireTiType(void);
 void AcquireRawBitsTI(void);
 void SimulateTagLowFrequency( uint16_t period, uint32_t gap, uint8_t ledcontrol);
-void SimulateTagLowFrequencyA(int period, int gap);
+//void SimulateTagLowFrequencyA(int period, int gap);

-void CmdHIDsimTAG(int hi, int lo, uint8_t ledcontrol);
+void CmdHIDsimTAG(int hi, int lo, int ledcontrol);
 void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
 void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
 void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol);
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@ -15,6 +15,7 @@
 #include "epa.h"
 #include "../common/cmd.h"

+
 // Protocol and Parameter Selection Request
 // use regular (1x) speed in both directions
 // CRC is already included
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@ -13,6 +13,7 @@
 #ifndef __ISO14443A_H
 #define __ISO14443A_H
 #include "../include/common.h"
+#include "../include/mifare.h"
 #include "mifaresniff.h"

 typedef struct {
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -82,8 +82,10 @@ void LFSetupFPGAForADC(int divisor, bool lf_field)

    // Connect the A/D to the peak-detected low-frequency path.
    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+	
    // Give it a bit of time for the resonant antenna to settle.
-    SpinDelay(50);
+	SpinDelay(150);
+	
    // Now set up the SSC to get the ADC samples that are now streaming at us.
    FpgaSetupSsc();
 }
@ -465,7 +467,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
    DbpString("Now use tiread to check");
 }

-void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
+void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
 {
    int i;
    uint8_t *tab = BigBuf_get_addr();
@ -897,10 +899,20 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 * To compensate antenna falling times shorten the write times
 * and enlarge the gap ones.
 */
-#define START_GAP 250
-#define WRITE_GAP 160
-#define WRITE_0   144 // 192
-#define WRITE_1   400 // 432 for T55x7; 448 for E5550
+#define START_GAP 30*8 // 10 - 50fc 250
+#define WRITE_GAP 20*8 //  8 - 30fc
+#define WRITE_0   24*8 // 16 - 31fc 24fc 192
+#define WRITE_1   54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
+
+//  VALUES TAKEN FROM EM4x function: SendForward
+//  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
+//  WRITE_GAP = 128;       (16*8)
+//  WRITE_1   = 256 32*8;  (32*8) 
+
+//  These timings work for 4469/4269/4305 (with the 55*8 above)
+//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); 
+
+#define T55xx_SAMPLES_SIZE		12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)

 // Write one bit to card
 void T55xxWriteBit(int bit)
@ -908,7 +920,7 @@ void T55xxWriteBit(int bit)
    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-    if (bit == 0)
+	if (!bit)
        SpinDelayUs(WRITE_0);
    else
        SpinDelayUs(WRITE_1);
@ -919,16 +931,11 @@ void T55xxWriteBit(int bit)
 // Write one card block in page 0, no lock
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
-    //unsigned int i;  //enio adjustment 12/10/14
-    uint32_t i;
+	uint32_t i = 0;

-    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-
-    // Give it a bit of time for the resonant antenna to settle.
-    // And for the tag to fully power up
-    SpinDelay(150);
+	// Set up FPGA, 125kHz
+	// Wait for config.. (192+8190xPOW)x8 == 67ms
+	LFSetupFPGAForADC(0, true);

    // Now start writting
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -965,26 +972,15 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
    uint8_t *dest = BigBuf_get_addr();
-    //int m=0, i=0; //enio adjustment 12/10/14
-    uint32_t m=0, i=0;
-    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-    m = BigBuf_max_traceLen();
-    // Clear destination buffer before sending the command
-    memset(dest, 128, m);
-    // Connect the A/D to the peak-detected low-frequency path.
-    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-    // Now set up the SSC to get the ADC samples that are now streaming at us.
-    FpgaSetupSsc();
-
-    LED_D_ON();
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-
-    // Give it a bit of time for the resonant antenna to settle.
-    // And for the tag to fully power up
-    SpinDelay(150);
-
-    // Now start writting
+    //uint16_t bufferlength = BigBuf_max_traceLen();
+	uint16_t bufferlength = T55xx_SAMPLES_SIZE;
+    uint32_t i = 0;
+	// Clear destination buffer before sending the command  0x80 = average.
+	memset(dest, 0x80, bufferlength);	   
+	
+	// Set up FPGA, 125kHz
+	// Wait for config.. (192+8190xPOW)x8 == 67ms
+	LFSetupFPGAForADC(0, true);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    SpinDelayUs(START_GAP);

@ -1003,53 +999,40 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
        T55xxWriteBit(Block & i);

    // Turn field on to read the response
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+	TurnReadLFOn();

    // Now do the acquisition
    i = 0;
    for(;;) {
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
            AT91C_BASE_SSC->SSC_THR = 0x43;
+			//AT91C_BASE_SSC->SSC_THR = 0xff;
+			LED_D_ON();
        }
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-            // we don't care about actual value, only if it's more or less than a
-            // threshold essentially we capture zero crossings for later analysis
-            //			if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
-            i++;
-            if (i >= m) break;
+			++i;
+			LED_D_OFF();
+			if (i >= bufferlength) break;
        }
    }

+	cmd_send(CMD_ACK,0,0,0,0,0);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
    LED_D_OFF();
-    DbpString("DONE!");
 }

 // Read card traceability data (page 1)
 void T55xxReadTrace(void){
    uint8_t *dest = BigBuf_get_addr();
-    int m=0, i=0;
+    //uint16_t bufferlength = BigBuf_max_traceLen();
+	uint16_t bufferlength = T55xx_SAMPLES_SIZE;
+	uint32_t i = 0;

-    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-    m = BigBuf_max_traceLen();
-    // Clear destination buffer before sending the command
-    memset(dest, 128, m);
-    // Connect the A/D to the peak-detected low-frequency path.
-    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-    // Now set up the SSC to get the ADC samples that are now streaming at us.
-    FpgaSetupSsc();
-
-    LED_D_ON();
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-
-    // Give it a bit of time for the resonant antenna to settle.
-    // And for the tag to fully power up
-    SpinDelay(150);
-
-    // Now start writting
+	// Clear destination buffer before sending the command 0x80 = average
+	memset(dest, 0x80, bufferlength);  
+  
+	LFSetupFPGAForADC(0, true);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    SpinDelayUs(START_GAP);

@ -1058,25 +1041,34 @@ void T55xxReadTrace(void){
    T55xxWriteBit(1); //Page 1

    // Turn field on to read the response
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+	TurnReadLFOn();

    // Now do the acquisition
-    i = 0;
    for(;;) {
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
            AT91C_BASE_SSC->SSC_THR = 0x43;
+			LED_D_ON();
        }
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-            i++;
-            if (i >= m) break;
-        }
-    }
-
+			++i;
+			LED_D_OFF();
+		
+			if (i >= bufferlength) break;
+		}
+	}
+  
+	cmd_send(CMD_ACK,0,0,0,0,0);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
    LED_D_OFF();
-    DbpString("DONE!");
+}
+
+void TurnReadLFOn(){
+	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+	// Give it a bit of time for the resonant antenna to settle.
+	//SpinDelay(30);
+	SpinDelayUs(8*150);
 }

 /*-------------- Cloning routines -----------*/
@ -1800,9 +1792,14 @@ void EM4xLogin(uint32_t Password) {

 void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {

+  	uint8_t *dest =  BigBuf_get_addr();
+	uint16_t bufferlength = BigBuf_max_traceLen();
+	uint32_t i = 0;
+
+	// Clear destination buffer before sending the command  0x80 = average.
+	memset(dest, 0x80, bufferlength);
+	
    uint8_t fwd_bit_count;
-    uint8_t *dest = BigBuf_get_addr();
-    int m=0, i=0;

    //If password mode do login
    if (PwdMode == 1) EM4xLogin(Pwd);
@ -1811,9 +1808,6 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
    fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
    fwd_bit_count += Prepare_Addr( Address );

-    m = BigBuf_max_traceLen();
-    // Clear destination buffer before sending the command
-    memset(dest, 128, m);
    // Connect the A/D to the peak-detected low-frequency path.
    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
    // Now set up the SSC to get the ADC samples that are now streaming at us.
@ -1829,10 +1823,12 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
        }
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-            i++;
-            if (i >= m) break;
-        }
-    }
+			++i;
+			if (i >= bufferlength) break;
+		}
+	}
+  
+	cmd_send(CMD_ACK,0,0,0,0,0);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
    LED_D_OFF();
 }
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@ -65,8 +65,12 @@ int CmdReadBlk(const char *Cmd)
 	int invert = 0;
 	int clk = 0;
 	int block = -1;
+	int errCnt;
+	size_t bitlen;
+	//int decodedBitlen;
+	uint32_t blockData;
 	uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0x00};
-
+	
 	sscanf(Cmd, "%d", &block);
 	
 	if ((block > 7) | (block < 0)) {
@ -78,21 +82,21 @@ int CmdReadBlk(const char *Cmd)
 	SendCommand(&c);
 	if ( !WaitForResponseTimeout(CMD_ACK,NULL,1500) ) {
 		PrintAndLog("command execution time out");
-		return 1;
+		return 2;
 	}
 	
-	CmdSamples("");
+	CmdSamples("12000");

-	size_t bitlen = getFromGraphBuf(bits);
+	bitlen = getFromGraphBuf(bits);
 	
-	int errCnt = askrawdemod(bits, &bitlen, &clk, &invert);
+	errCnt = askrawdemod(bits, &bitlen, &clk, &invert);
 	
 	//throw away static - allow 1 and -1 (in case of threshold command first)
 	if ( errCnt == -1 || bitlen < 16 ){  
 		PrintAndLog("no data found");
 		if (g_debugMode) 
 			PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
-		return 0;
+		return 3;
 	}
 	if (g_debugMode) 
 		PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d", clk, invert, bitlen);
@ -100,6 +104,23 @@ int CmdReadBlk(const char *Cmd)
 	//move bits back to DemodBuffer
 	setDemodBuf(bits, bitlen, 0);
 	printBitStream(bits,bitlen);
+	
+	// bits has the manchester encoded data.
+	errCnt = manrawdecode(bits, &bitlen);	
+	if ( errCnt == -1 || bitlen < 16 ){  
+		PrintAndLog("no data found");
+		if (g_debugMode) 
+			PrintAndLog("errCnt: %d, bitlen: %d, clk: %d, invert: %d", errCnt, bitlen, clk, invert);
+		return 4;
+	}
+
+	blockData = PackBits(0, 32, bits);
+
+	if ( block < 0)
+		PrintAndLog(" Decoded     : 0x%08X  %s", blockData, sprint_bin(bits,32) );
+	else
+		PrintAndLog(" Block %d    : 0x%08X  %s", block, blockData, sprint_bin(bits,32) );
+	
 	return 0;
 }

@ -391,9 +412,7 @@ int ManchesterDemod(int blockNum){
 	uint8_t  bits[LF_BITSSTREAM_LEN] = {0x00};
 	uint8_t * bitstream = bits;
 	
-	//manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream, LF_BITSSTREAM_LEN);	
 	manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bits, LF_BITSSTREAM_LEN);	
-    //blockData = PackBits(offset, sizebyte, bitstream);
 	blockData = PackBits(offset, sizebyte, bits);

 	if ( blockNum < 0)
@ -524,7 +543,7 @@ static command_t CommandTable[] =
  {"trace",  CmdReadTrace,   0, "[1] Read T55xx traceability data (page 1/ blk 0-1)"},
  {"info",   CmdInfo,        0, "[1] Read T55xx configuration data (page 0/ blk 0)"},
  {"dump",   CmdDump,        0, "[password] Dump T55xx card block 0-7. optional with password"},
-  {"fsk",    CmdIceFsk,      0, "FSK demod"},
+  //{"fsk",    CmdIceFsk,      0, "FSK demod"},
  {"man",    CmdIceManchester,      0, "Manchester demod (with SST)"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/ui.c
+++ b/client/ui.c
@ -213,8 +213,6 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout,  size_t
 
 int ManchesterConvertFrom1(const int * data, const size_t len, uint8_t * dataout,int dataoutlen, int clock, int startIndex){

-	PrintAndLog(" Path B");
- 
 	int i,j, bitindex, lc, tolerance, warnings;
 	warnings = 0;
 	int upperlimit = len*2/clock+8;