mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-22 00:06:13 +08:00
Merge pull request #3 from RfidResearchGroup/master
Updated from upstream
This commit is contained in:
commit
3e870ac05b
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde)
|
||||
- Fix em4x50 demodulation error (@tharexde)
|
||||
- Fix `hf mfdes` authentification issues, DES working (@bkerler)
|
||||
- Add Android cross-compilation to client cmake (@dxl, @doegox)
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
|[Notes on external flash](/doc/ext_flash_notes.md)|[Notes on loclass](/doc/loclass_notes.md)|[Notes on Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md)|
|
||||
|[Notes on file formats used with Proxmark3](/doc/extensions_notes.md)|[Notes on MFU binary format](/doc/mfu_binary_format_notes.md)|[Notes on FPGA & ARM](/doc/fpga_arm_notes.md)|
|
||||
|[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode)||
|
||||
|[Notes on Color usage](/doc/colors_notes.md)||
|
||||
|[Notes on Color usage](/doc/colors_notes.md)|[Makefile vs CMake](/doc/md/Development/Makefile-vs-CMake.md)|
|
||||
|
||||
|
||||
## Build for non-RDV4 Proxmark3 platforms
|
||||
|
|
|
@ -63,6 +63,12 @@ else
|
|||
SRC_HITAG =
|
||||
endif
|
||||
|
||||
ifneq (,$(findstring WITH_EM4x50,$(APP_CFLAGS)))
|
||||
SRC_EM4x50 = em4x50.c
|
||||
else
|
||||
SRC_EM4x50 =
|
||||
endif
|
||||
|
||||
ifneq (,$(findstring WITH_LCD,$(APP_CFLAGS)))
|
||||
SRC_LCD = fonts.c LCD.c
|
||||
else
|
||||
|
@ -99,6 +105,7 @@ THUMBSRC = start.c \
|
|||
$(SRC_SMARTCARD) \
|
||||
$(SRC_FPC) \
|
||||
$(SRC_HITAG) \
|
||||
$(SRC_EM4x50) \
|
||||
$(SRC_SPIFFS) \
|
||||
$(SRC_ISO14443a) \
|
||||
$(SRC_ISO14443b) \
|
||||
|
|
|
@ -39,7 +39,6 @@
|
|||
#include "proxmark3_arm.h"
|
||||
#include "appmain.h"
|
||||
#include "fpgaloader.h"
|
||||
#include "lfops.h"
|
||||
#include "util.h"
|
||||
#include "dbprint.h"
|
||||
#include "ticks.h"
|
||||
|
@ -48,6 +47,7 @@
|
|||
#include "spiffs.h"
|
||||
#include "inttypes.h"
|
||||
#include "parity.h"
|
||||
#include "lfops.h"
|
||||
|
||||
#ifdef WITH_FLASH
|
||||
#include "flashmem.h"
|
||||
|
@ -205,7 +205,7 @@ static void PrintFcAndCardNum(uint64_t lowData) {
|
|||
Dbprintf("[=] READ TAG ID: %"PRIx64" - FC: %u - Card: %u", lowData, fc, cardnum);
|
||||
}
|
||||
|
||||
static int ButeEMTag(uint64_t originalCard, int slot) {
|
||||
static int BruteEMTag(uint64_t originalCard, int slot) {
|
||||
int speed_count = 4;
|
||||
|
||||
int direction = 1;
|
||||
|
@ -256,7 +256,7 @@ static int ExecuteMode(int mode, int slot) {
|
|||
//default first mode is simulate
|
||||
case LF_RWSB_MODE_READ:
|
||||
Dbprintf("[=] >> Read mode started <<");
|
||||
CmdEM410xdemod(1, &high[slot], &low[slot]);
|
||||
lf_em410x_watch(1, &high[slot], &low[slot]);
|
||||
LED_Update(mode, slot);
|
||||
Dbprintf("[=] >> Tag found. Saving. <<");
|
||||
FlashLEDs(100, 5);
|
||||
|
@ -272,11 +272,11 @@ static int ExecuteMode(int mode, int slot) {
|
|||
return LF_RWSB_UNKNOWN_RESULT;
|
||||
case LF_RWSB_MODE_WRITE:
|
||||
Dbprintf("[!!] >> Write mode started <<");
|
||||
WriteEM410x(LF_RWSB_T55XX_TYPE, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff));
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff));
|
||||
return LF_RWSB_UNKNOWN_RESULT;
|
||||
case LF_RWSB_MODE_BRUTE:
|
||||
Dbprintf("[=] >> Bruteforce mode started <<");
|
||||
return ButeEMTag(low[slot], slot);
|
||||
return BruteEMTag(low[slot], slot);
|
||||
}
|
||||
return LF_RWSB_UNKNOWN_RESULT;
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ void ModInfo(void) {
|
|||
DbpString(" LF EM4100 read/write/clone mode");
|
||||
}
|
||||
|
||||
static uint64_t ReversQuads(uint64_t bits) {
|
||||
static uint64_t rev_quads(uint64_t bits) {
|
||||
uint64_t result = 0;
|
||||
for (int i = 0; i < 16; i++) {
|
||||
result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
|
||||
|
@ -56,35 +56,41 @@ static uint64_t ReversQuads(uint64_t bits) {
|
|||
return result >> 24;
|
||||
}
|
||||
|
||||
static void FillBuff(uint8_t bit) {
|
||||
static void fillbuff(uint8_t bit) {
|
||||
memset(bba + buflen, bit, CLOCK / 2);
|
||||
buflen += (CLOCK / 2);
|
||||
memset(bba + buflen, bit ^ 1, CLOCK / 2);
|
||||
buflen += (CLOCK / 2);
|
||||
}
|
||||
|
||||
static void ConstructEM410xEmulBuf(uint64_t id) {
|
||||
static void construct_EM410x_emul(uint64_t id) {
|
||||
|
||||
int i, j, binary[4], parity[4];
|
||||
int binary[4] = {0};
|
||||
int parity[4] = {0};
|
||||
buflen = 0;
|
||||
for (i = 0; i < 9; i++)
|
||||
FillBuff(1);
|
||||
parity[0] = parity[1] = parity[2] = parity[3] = 0;
|
||||
for (i = 0; i < 10; i++) {
|
||||
for (j = 3; j >= 0; j--, id /= 2)
|
||||
|
||||
for (uint8_t i = 0; i < 9; i++)
|
||||
fillbuff(1);
|
||||
|
||||
for (uint8_t i = 0; i < 10; i++) {
|
||||
for (uint8_t j = 3; j > 0; j--, id /= 2)
|
||||
binary[j] = id % 2;
|
||||
for (j = 0; j < 4; j++)
|
||||
FillBuff(binary[j]);
|
||||
FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
|
||||
for (j = 0; j < 4; j++)
|
||||
|
||||
for (uint8_t j = 0; j < 4; j++)
|
||||
fillbuff(binary[j]);
|
||||
|
||||
fillbuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
|
||||
for (uint8_t j = 0; j < 4; j++)
|
||||
parity[j] ^= binary[j];
|
||||
}
|
||||
for (j = 0; j < 4; j++)
|
||||
FillBuff(parity[j]);
|
||||
FillBuff(0);
|
||||
|
||||
for (uint8_t j = 0; j < 4; j++)
|
||||
fillbuff(parity[j]);
|
||||
|
||||
fillbuff(0);
|
||||
}
|
||||
|
||||
static void LED_Slot(int i) {
|
||||
static void led_slot(int i) {
|
||||
LEDsoff();
|
||||
if (slots_count > 4) {
|
||||
LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4
|
||||
|
@ -93,8 +99,8 @@ static void LED_Slot(int i) {
|
|||
}
|
||||
}
|
||||
|
||||
static void FlashLEDs(uint32_t speed, uint8_t times) {
|
||||
for (int i = 0; i < times * 2; i++) {
|
||||
static void flash_leds(uint32_t speed, uint8_t times) {
|
||||
for (uint16_t i = 0; i < times * 2; i++) {
|
||||
LED_A_INV();
|
||||
LED_B_INV();
|
||||
LED_C_INV();
|
||||
|
@ -132,24 +138,28 @@ void RunMod(void) {
|
|||
uint8_t state = 0;
|
||||
slots_count = ARRAYLEN(low);
|
||||
bba = BigBuf_get_addr();
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
for (;;) {
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
if (data_available()) break;
|
||||
|
||||
int button_pressed = BUTTON_HELD(1000);
|
||||
SpinDelay(300);
|
||||
|
||||
switch (state) {
|
||||
case 0:
|
||||
// Select mode
|
||||
if (button_pressed == BUTTON_HOLD) {
|
||||
// Long press - switch to simulate mode
|
||||
SpinUp(100);
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
state = 2;
|
||||
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
|
||||
// Click - switch to next slot
|
||||
selected = (selected + 1) % slots_count;
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
}
|
||||
break;
|
||||
case 1:
|
||||
|
@ -157,12 +167,12 @@ void RunMod(void) {
|
|||
if (button_pressed == BUTTON_HOLD) {
|
||||
// Long press - switch to read mode
|
||||
SpinUp(100);
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
state = 3;
|
||||
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
|
||||
// Click - exit to select mode
|
||||
CmdEM410xdemod(1, &high[selected], &low[selected]);
|
||||
FlashLEDs(100, 5);
|
||||
lf_em410x_watch(1, &high[selected], &low[selected]);
|
||||
flash_leds(100, 5);
|
||||
#ifdef WITH_FLASH
|
||||
SaveIDtoFlash(selected, low[selected]);
|
||||
#endif
|
||||
|
@ -174,15 +184,17 @@ void RunMod(void) {
|
|||
if (button_pressed == BUTTON_HOLD) {
|
||||
// Long press - switch to read mode
|
||||
SpinDown(100);
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
state = 1;
|
||||
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
|
||||
// Click - start simulating. Click again to exit from simulate mode
|
||||
LED_Slot(selected);
|
||||
ConstructEM410xEmulBuf(ReversQuads(low[selected]));
|
||||
FlashLEDs(100, 5);
|
||||
led_slot(selected);
|
||||
|
||||
construct_EM410x_emul(rev_quads(low[selected]));
|
||||
flash_leds(100, 5);
|
||||
|
||||
SimulateTagLowFrequency(buflen, 0, 1);
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
state = 0; // Switch to select mode
|
||||
}
|
||||
break;
|
||||
|
@ -191,12 +203,12 @@ void RunMod(void) {
|
|||
if (button_pressed == BUTTON_HOLD) {
|
||||
// Long press - switch to select mode
|
||||
SpinDown(100);
|
||||
LED_Slot(selected);
|
||||
led_slot(selected);
|
||||
state = 0;
|
||||
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
|
||||
// Click - write ID to tag
|
||||
WriteEM410x(0, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
|
||||
LED_Slot(selected);
|
||||
copy_em410x_to_t55xx(0, CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
|
||||
led_slot(selected);
|
||||
state = 0; // Switch to select mode
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -75,7 +75,7 @@ void RunMod(void) {
|
|||
// record
|
||||
DbpString("[=] starting recording");
|
||||
|
||||
CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
|
||||
lf_hid_watch(1, &high[selected], &low[selected]);
|
||||
Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
|
||||
|
||||
LEDsoff();
|
||||
|
|
|
@ -56,9 +56,8 @@ void RunMod(void) {
|
|||
|
||||
DbpString("[=] starting recording");
|
||||
|
||||
|
||||
// findone, high, low, no ledcontrol (A)
|
||||
CmdHIDdemodFSK(1, &high, &low, 0);
|
||||
// findone, high, low
|
||||
lf_hid_watch(1, &high, &low);
|
||||
|
||||
Dbprintf("[=] recorded | %x%08x", high, low);
|
||||
|
||||
|
|
|
@ -77,7 +77,7 @@ void RunMod(void) {
|
|||
|
||||
// findone, high, low, no ledcontrol (A)
|
||||
uint32_t hi = 0, lo = 0;
|
||||
CmdHIDdemodFSK(1, &hi, &lo, 0);
|
||||
lf_hid_watch(1, &hi, &lo);
|
||||
high[selected] = hi;
|
||||
low[selected] = lo;
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#include "felica.h"
|
||||
#include "hitag2.h"
|
||||
#include "hitagS.h"
|
||||
#include "em4x50.h"
|
||||
#include "iclass.h"
|
||||
#include "legicrfsim.h"
|
||||
#include "epa.h"
|
||||
|
@ -454,6 +455,11 @@ static void SendCapabilities(void) {
|
|||
#else
|
||||
capabilities.compiled_with_hitag = false;
|
||||
#endif
|
||||
#ifdef WITH_EM4x50
|
||||
capabilities.compiled_with_em4x50 = true;
|
||||
#else
|
||||
capabilities.compiled_with_em4x50 = false;
|
||||
#endif
|
||||
#ifdef WITH_HFSNIFF
|
||||
capabilities.compiled_with_hfsniff = true;
|
||||
#else
|
||||
|
@ -1000,6 +1006,21 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef WITH_EM4x50
|
||||
case CMD_LF_EM4X50_INFO: {
|
||||
em4x50_info((em4x50_data_t *)packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_EM4X50_WRITE: {
|
||||
em4x50_write((em4x50_data_t *)packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_EM4X50_WRITE_PASSWORD: {
|
||||
em4x50_write_password((em4x50_data_t *)packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WITH_ISO15693
|
||||
case CMD_HF_ISO15693_ACQ_RAW_ADC: {
|
||||
AcquireRawAdcSamplesIso15693();
|
||||
|
|
911
armsrc/em4x50.c
Normal file
911
armsrc/em4x50.c
Normal file
|
@ -0,0 +1,911 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2020 tharexde
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Low frequency EM4x50 commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "fpgaloader.h"
|
||||
#include "ticks.h"
|
||||
#include "dbprint.h"
|
||||
#include "lfadc.h"
|
||||
#include "commonutil.h"
|
||||
#include "em4x50.h"
|
||||
|
||||
// 4 data bytes
|
||||
// + byte with row parities
|
||||
// + column parity byte
|
||||
// + byte with stop bit
|
||||
|
||||
static em4x50_tag_t tag = {
|
||||
.sectors = {
|
||||
[0] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // password
|
||||
[1] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // protection word
|
||||
[2] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // control word
|
||||
[3] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[4] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[5] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[7] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[9] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[10] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[11] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[12] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[13] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[14] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[15] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[17] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[18] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[19] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[20] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[21] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[22] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[23] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[25] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[26] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[27] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[28] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[29] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[30] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[31] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
|
||||
[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device serial number
|
||||
[33] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device identification
|
||||
},
|
||||
};
|
||||
|
||||
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
|
||||
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
|
||||
// EM4x50 units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier)
|
||||
// T0 = TIMER_CLOCK1 / 125000 = 192
|
||||
|
||||
#ifndef T0
|
||||
#define T0 192
|
||||
#endif
|
||||
|
||||
#define EM4X50_T_TAG_QUARTER_PERIOD 16
|
||||
#define EM4X50_T_TAG_HALF_PERIOD 32
|
||||
#define EM4X50_T_TAG_THREE_QUARTER_PERIOD 48
|
||||
#define EM4X50_T_TAG_FULL_PERIOD 64
|
||||
#define EM4X50_T_WAITING_FOR_LIW 500
|
||||
#define EM4X50_T_TAG_TPP 64
|
||||
#define EM4X50_T_TAG_TWA 64
|
||||
|
||||
#define EM4X50_TAG_TOLERANCE 8
|
||||
#define EM4X50_TAG_WORD 45
|
||||
|
||||
#define EM4X50_BIT_0 0
|
||||
#define EM4X50_BIT_1 1
|
||||
#define EM4X50_BIT_OTHER 2
|
||||
|
||||
#define EM4X50_COMMAND_LOGIN 0x01
|
||||
#define EM4X50_COMMAND_RESET 0x80
|
||||
#define EM4X50_COMMAND_WRITE 0x12
|
||||
#define EM4X50_COMMAND_WRITE_PASSWORD 0x11
|
||||
#define EM4X50_COMMAND_SELECTIVE_READ 0x0A
|
||||
|
||||
#define FPGA_TIMER_0 0
|
||||
|
||||
int gHigh = 0;
|
||||
int gLow = 0;
|
||||
|
||||
// auxiliary functions
|
||||
|
||||
static void init_tag(void) {
|
||||
|
||||
// initialize global tag structure
|
||||
|
||||
for (int i = 0; i < 34; i++)
|
||||
for (int j = 0; j < 7; j++)
|
||||
tag.sectors[i][j] = 0x00;
|
||||
}
|
||||
|
||||
static uint8_t bits2byte(uint8_t *bits, int length) {
|
||||
|
||||
// converts <length> separate bits into a single "byte"
|
||||
|
||||
uint8_t byte = 0;
|
||||
|
||||
for (int i = 0; i < length; i++) {
|
||||
|
||||
byte |= bits[i];
|
||||
|
||||
if (i != length-1)
|
||||
byte <<= 1;
|
||||
}
|
||||
|
||||
return byte;
|
||||
}
|
||||
|
||||
static void msb2lsb_word(uint8_t *word) {
|
||||
|
||||
// reorders given <word> according to EM4x50 datasheet (msb -> lsb)
|
||||
|
||||
uint8_t buff[4];
|
||||
|
||||
buff[0] = reflect8(word[3]);
|
||||
buff[1] = reflect8(word[2]);
|
||||
buff[2] = reflect8(word[1]);
|
||||
buff[3] = reflect8(word[0]);
|
||||
|
||||
word[0] = buff[0];
|
||||
word[1] = buff[1];
|
||||
word[2] = buff[2];
|
||||
word[3] = buff[3];
|
||||
}
|
||||
|
||||
static void save_word(int pos, uint8_t bits[EM4X50_TAG_WORD]) {
|
||||
|
||||
// split "raw" word into data, row and column parity bits and stop bit and
|
||||
// save them in global tag structure
|
||||
|
||||
uint8_t row_parity[4];
|
||||
uint8_t col_parity[8];
|
||||
|
||||
// data and row parities
|
||||
for (int i = 0; i < 4; i++) {
|
||||
tag.sectors[pos][i] = bits2byte(&bits[9*i],8);
|
||||
row_parity[i] = bits[9*i+8];
|
||||
}
|
||||
|
||||
tag.sectors[pos][4] = bits2byte(row_parity,4);
|
||||
|
||||
// column parities
|
||||
for (int i = 0; i < 8; i++)
|
||||
col_parity[i] = bits[36+i];
|
||||
|
||||
tag.sectors[pos][5] = bits2byte(col_parity,8);
|
||||
|
||||
// stop bit
|
||||
tag.sectors[pos][6] = bits[44];
|
||||
}
|
||||
|
||||
static void wait_timer(int timer, uint32_t period) {
|
||||
|
||||
// do nothing for <period> using timer <timer>
|
||||
|
||||
if (timer == FPGA_TIMER_0) {
|
||||
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
while (AT91C_BASE_TC0->TC_CV < period);
|
||||
|
||||
} else {
|
||||
|
||||
AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG;
|
||||
while (AT91C_BASE_TC1->TC_CV < period);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static void em4x50_setup_read(void) {
|
||||
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
|
||||
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
|
||||
|
||||
// 50ms for the resonant antenna to settle.
|
||||
SpinDelay(50);
|
||||
// Now set up the SSC to get the ADC samples that are now streaming at us.
|
||||
FpgaSetupSsc();
|
||||
// start a 1.5ticks is 1us
|
||||
StartTicks();
|
||||
|
||||
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125);
|
||||
|
||||
// Connect the A/D to the peak-detected low-frequency path.
|
||||
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
|
||||
|
||||
// Steal this pin from the SSP (SPI communication channel with fpga) and
|
||||
// use it to control the modulation
|
||||
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
|
||||
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
|
||||
|
||||
// Disable modulation at default, which means enable the field
|
||||
LOW(GPIO_SSC_DOUT);
|
||||
|
||||
// Enable Peripheral Clock for
|
||||
// TIMER_CLOCK0, used to measure exact timing before answering
|
||||
// TIMER_CLOCK1, used to capture edges of the tag frames
|
||||
AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1);
|
||||
AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME;
|
||||
|
||||
// Disable timer during configuration
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
|
||||
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
|
||||
|
||||
// TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers
|
||||
AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK;
|
||||
|
||||
// TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers
|
||||
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK;
|
||||
|
||||
// Enable and reset counters
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
|
||||
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
|
||||
|
||||
// synchronized startup procedure
|
||||
while (AT91C_BASE_TC0->TC_CV > 0) {}; // wait until TC1 returned to zero
|
||||
|
||||
// Watchdog hit
|
||||
WDT_HIT();
|
||||
}
|
||||
|
||||
// functions for "reader" use case
|
||||
|
||||
static void get_signalproperties(void) {
|
||||
|
||||
// calculate signal properties (mean amplitudes) from measured data:
|
||||
// 32 amplitudes (maximum values) -> mean amplitude value -> gHigh -> gLow
|
||||
|
||||
int no_periods = 32, pct = 75, noise = 140;
|
||||
uint8_t sample = 0, sample_ref = 127;
|
||||
uint8_t sample_max_mean = 0;
|
||||
uint8_t sample_max[no_periods];
|
||||
uint32_t sample_max_sum = 0;
|
||||
|
||||
// wait until signal/noise > 1
|
||||
while (AT91C_BASE_SSC->SSC_RHR < noise);
|
||||
|
||||
// calculate mean maximum value of 32 periods, each period has a length of
|
||||
// 3 single "full periods" to eliminate the influence of a listen window
|
||||
for (int i = 0; i < no_periods; i++) {
|
||||
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * 3 * EM4X50_T_TAG_FULL_PERIOD) {
|
||||
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
if (sample > sample_max[i])
|
||||
sample_max[i] = sample;
|
||||
|
||||
}
|
||||
|
||||
sample_max_sum += sample_max[i];
|
||||
}
|
||||
|
||||
sample_max_mean = sample_max_sum / no_periods;
|
||||
|
||||
// set global envelope variables
|
||||
gHigh = sample_ref + pct * (sample_max_mean - sample_ref) / 100;
|
||||
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
|
||||
|
||||
}
|
||||
|
||||
static int get_next_bit(void) {
|
||||
|
||||
// returns bit value (or EM4X50_BIT_OTHER -> no bit pattern) by evaluating
|
||||
// a single sample within a bit period (given there is no LIW, ACK or NAK)
|
||||
// This function is not used for decoding, it is only used for identifying
|
||||
// a listen window (return value = EM4X50_BIT_OTHER) in functions
|
||||
// "find_double_listen_window" and "check_ack"
|
||||
|
||||
uint8_t sample;
|
||||
|
||||
// get sample at 3/4 of bit period
|
||||
wait_timer(0, T0 * EM4X50_T_TAG_THREE_QUARTER_PERIOD);
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
// wait until end of bit period
|
||||
wait_timer(0, T0 * EM4X50_T_TAG_QUARTER_PERIOD);
|
||||
|
||||
// decide wether "0" or "1"
|
||||
if (sample > gHigh)
|
||||
return EM4X50_BIT_0;
|
||||
else if (sample < gLow)
|
||||
return EM4X50_BIT_1;
|
||||
|
||||
return EM4X50_BIT_OTHER;
|
||||
}
|
||||
|
||||
static uint32_t get_pulse_length(void) {
|
||||
|
||||
// iterates pulse length (low -> high -> low)
|
||||
|
||||
uint8_t sample = 0;
|
||||
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
while (sample > gLow)
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG;
|
||||
|
||||
while (sample < gHigh)
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
while (sample > gLow)
|
||||
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
|
||||
|
||||
return (uint32_t)AT91C_BASE_TC1->TC_CV;
|
||||
}
|
||||
|
||||
static bool check_pulse_length(uint32_t pl, int length) {
|
||||
|
||||
// check if pulse length <pl> corresponds to given length <length>
|
||||
|
||||
if ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) &
|
||||
(pl <= T0 * (length + EM4X50_TAG_TOLERANCE)))
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
static void em4x50_send_bit(int bit) {
|
||||
|
||||
// send single bit according to EM4x50 application note and datasheet
|
||||
|
||||
// reset clock for the next bit
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
|
||||
if (bit == 0) {
|
||||
|
||||
// disable modulation (drop the field) for 7 cycles of carrier
|
||||
// period (Opt64)
|
||||
LOW(GPIO_SSC_DOUT);
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * 7);
|
||||
|
||||
// enable modulation (activates the field) for remaining first
|
||||
// half of bit period
|
||||
HIGH(GPIO_SSC_DOUT);
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_HALF_PERIOD);
|
||||
|
||||
// disable modulation for second half of bit period
|
||||
LOW(GPIO_SSC_DOUT);
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD);
|
||||
|
||||
} else {
|
||||
|
||||
// bit = "1" means disable modulation for full bit period
|
||||
LOW(GPIO_SSC_DOUT);
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD);
|
||||
}
|
||||
}
|
||||
|
||||
static void em4x50_send_byte(uint8_t byte) {
|
||||
|
||||
// send byte (without parity)
|
||||
|
||||
for (int i = 0; i < 8; i++)
|
||||
em4x50_send_bit((byte >> (7-i)) & 1);
|
||||
|
||||
}
|
||||
|
||||
static void em4x50_send_byte_with_parity(uint8_t byte) {
|
||||
|
||||
// send byte followed by its (equal) parity bit
|
||||
|
||||
int parity = 0, bit = 0;
|
||||
|
||||
for (int i = 0; i < 8; i++) {
|
||||
bit = (byte >> (7-i)) & 1;
|
||||
em4x50_send_bit(bit);
|
||||
parity ^= bit;
|
||||
}
|
||||
|
||||
em4x50_send_bit(parity);
|
||||
}
|
||||
|
||||
static void em4x50_send_word(const uint8_t bytes[4]) {
|
||||
|
||||
// send 32 bit word with parity bits according to EM4x50 datasheet
|
||||
|
||||
for (int i = 0; i < 4; i++)
|
||||
em4x50_send_byte_with_parity(bytes[i]);
|
||||
|
||||
// send column parities
|
||||
em4x50_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]);
|
||||
|
||||
// send final stop bit (always "0")
|
||||
em4x50_send_bit(0);
|
||||
}
|
||||
|
||||
static bool find_double_listen_window(bool bcommand) {
|
||||
|
||||
// find two successive listen windows that indicate the beginning of
|
||||
// data transmission
|
||||
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_WAITING_FOR_LIW) {
|
||||
|
||||
// identification of listen window is done via evaluation of
|
||||
// pulse lengths
|
||||
if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// first listen window found
|
||||
|
||||
if (bcommand) {
|
||||
|
||||
// data transmission from card has to be stopped, because
|
||||
// a commamd shall be issued
|
||||
|
||||
// unfortunately the posititon in listen window (where
|
||||
// command request has to be sent) has gone, so if a
|
||||
// second window follows - sync on this to issue a command
|
||||
|
||||
// skip the next bit...
|
||||
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_FULL_PERIOD);
|
||||
|
||||
// ...and check if the following bit does make sense
|
||||
// (if not it is the correct position within the second
|
||||
// listen window)
|
||||
if (get_next_bit() == EM4X50_BIT_OTHER) {
|
||||
|
||||
// send RM for request mode
|
||||
em4x50_send_bit(0);
|
||||
em4x50_send_bit(0);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// return although second listen window consists of one
|
||||
// more bit period but this period is necessary for
|
||||
// evaluating further pulse lengths
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool request_receive_mode(void) {
|
||||
|
||||
// To issue a command we have to find a listen window first.
|
||||
// Because identification and sychronization at the same time is not
|
||||
// possible when using pulse lengths a double listen window is used.
|
||||
|
||||
bool bcommand = true;
|
||||
|
||||
return find_double_listen_window(bcommand);
|
||||
}
|
||||
|
||||
static bool check_ack(bool bliw) {
|
||||
|
||||
// returns true if signal structue corresponds to ACK, anything else is
|
||||
// counted as NAK (-> false)
|
||||
// Only relevant for pasword writing function:
|
||||
// If <bliw> is true then within the single listen window right after the
|
||||
// ack signal a RM request has to be sent.
|
||||
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
while (AT91C_BASE_TC0->TC_CV < T0 * 4 * EM4X50_T_TAG_FULL_PERIOD) {
|
||||
|
||||
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// The received signal is either ACK or NAK.
|
||||
|
||||
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// Now the signal must be ACK.
|
||||
|
||||
if (!bliw) {
|
||||
|
||||
return true;
|
||||
|
||||
} else {
|
||||
|
||||
// send RM request after ack signal
|
||||
|
||||
// wait for 2 bits (remaining "bit" of ACK signal + first
|
||||
// "bit" of listen window)
|
||||
wait_timer(FPGA_TIMER_0, T0 * 2 * EM4X50_T_TAG_FULL_PERIOD);
|
||||
|
||||
// check for listen window (if first bit cannot be inerpreted
|
||||
// as a valid bit it must belong to a listen window)
|
||||
if (get_next_bit() == EM4X50_BIT_OTHER) {
|
||||
|
||||
// send RM for request mode
|
||||
em4x50_send_bit(0);
|
||||
em4x50_send_bit(0);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static int get_word_from_bitstream(uint8_t bits[EM4X50_TAG_WORD]) {
|
||||
|
||||
// decodes one word by evaluating pulse lengths and previous bit;
|
||||
// word must have 45 bits in total:
|
||||
// 32 data bits + 4 row parity bits + 8 column parity bits + 1 stop bit
|
||||
|
||||
bool bbitchange = false;
|
||||
int i = 0;
|
||||
uint32_t pl = 0;
|
||||
|
||||
// initial bit value depends on last pulse length of listen window
|
||||
pl = get_pulse_length();
|
||||
if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) {
|
||||
|
||||
// pulse length = 1.5
|
||||
bits[0] = 1;
|
||||
|
||||
} else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// pulse length = 2
|
||||
bits[0] = 0;
|
||||
bbitchange = true;
|
||||
|
||||
} else {
|
||||
|
||||
// pulse length = 2.5
|
||||
bits[0] = 0;
|
||||
bits[1] = 1;
|
||||
i++;
|
||||
}
|
||||
|
||||
// identify remaining bits based on pulse lengths
|
||||
// between two listen windows only pulse lengths of 1, 1.5 and 2 are possible
|
||||
while (true) {
|
||||
|
||||
i++;
|
||||
pl = get_pulse_length();
|
||||
|
||||
if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// pulse length = 1 -> keep former bit value
|
||||
bits[i] = bits[i-1];
|
||||
|
||||
} else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) {
|
||||
|
||||
// pulse length = 1.5 -> decision on bit change
|
||||
|
||||
if (bbitchange) {
|
||||
|
||||
// if number of pulse lengths with 1.5 periods is even -> add bit
|
||||
bits[i] = (bits[i-1] == 1) ? 1 : 0;
|
||||
|
||||
// pulse length of 1.5 changes bit value
|
||||
bits[i+1] = (bits[i] == 1) ? 0 : 1;
|
||||
i++;
|
||||
|
||||
// next time add only one bit
|
||||
bbitchange = false;
|
||||
|
||||
} else {
|
||||
|
||||
bits[i] = (bits[i-1] == 1) ? 0 : 1;
|
||||
|
||||
// next time two bits have to be added
|
||||
bbitchange = true;
|
||||
}
|
||||
|
||||
} else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// pulse length of 2 means: adding 2 bits "01"
|
||||
bits[i] = 0;
|
||||
bits[i+1] = 1;
|
||||
i++;
|
||||
|
||||
} else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_FULL_PERIOD)) {
|
||||
|
||||
// pulse length of 3 indicates listen window -> clear last
|
||||
// bit (= 0) and return
|
||||
return --i;
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// login function
|
||||
|
||||
static bool login(uint8_t password[4]) {
|
||||
|
||||
// simple login to EM4x50,
|
||||
// used in operations that require authentication
|
||||
|
||||
if (request_receive_mode ()) {
|
||||
|
||||
// send login command
|
||||
em4x50_send_byte_with_parity(EM4X50_COMMAND_LOGIN);
|
||||
|
||||
// send password
|
||||
em4x50_send_word(password);
|
||||
|
||||
// check if ACK is returned
|
||||
if (check_ack(false))
|
||||
return true;
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("error in command request");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// reset function
|
||||
|
||||
static bool reset(void) {
|
||||
|
||||
// resets EM4x50 tag (used by write function)
|
||||
|
||||
if (request_receive_mode ()) {
|
||||
|
||||
// send login command
|
||||
em4x50_send_byte_with_parity(EM4X50_COMMAND_RESET);
|
||||
|
||||
if (check_ack(false))
|
||||
return true;
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("error in command request");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// read functions
|
||||
|
||||
static bool standard_read(int *now) {
|
||||
|
||||
// reads data that tag transmits when exposed to reader field
|
||||
// (standard read mode); number of read words is saved in <now>
|
||||
|
||||
int fwr = *now;
|
||||
uint8_t bits[EM4X50_TAG_WORD] = {0};
|
||||
|
||||
// start with the identification of two succsessive listening windows
|
||||
if (find_double_listen_window(false)) {
|
||||
|
||||
// read and save words until following double listen window is detected
|
||||
while (get_word_from_bitstream(bits) == EM4X50_TAG_WORD)
|
||||
save_word((*now)++, bits);
|
||||
|
||||
// number of detected words
|
||||
*now -= fwr;
|
||||
|
||||
return true;
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("didn't find a listen window");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool selective_read(uint8_t addresses[4]) {
|
||||
|
||||
// reads from "first word read" (fwr = addresses[3]) to "last word read"
|
||||
// (lwr = addresses[2])
|
||||
// result is verified by "standard read mode"
|
||||
|
||||
int fwr = addresses[3]; // first word read
|
||||
int lwr = addresses[2]; // last word read
|
||||
int now = fwr; // number of words
|
||||
|
||||
if (request_receive_mode()) {
|
||||
|
||||
// send selective read command
|
||||
em4x50_send_byte_with_parity(EM4X50_COMMAND_SELECTIVE_READ);
|
||||
|
||||
// send address data
|
||||
em4x50_send_word(addresses);
|
||||
|
||||
// look for ACK sequence
|
||||
if (check_ack(false))
|
||||
|
||||
// save and verify via standard read mode (compare number of words)
|
||||
if (standard_read(&now))
|
||||
if (now == (lwr - fwr + 1))
|
||||
return true;
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("error in command request");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
void em4x50_info(em4x50_data_t *etd) {
|
||||
|
||||
// collects as much information as possible via selective read mode
|
||||
// if no password is given -> try with standard password "0x00000000"
|
||||
// otherwise continue without login
|
||||
|
||||
bool bsuccess = false, blogin = false;
|
||||
uint8_t status = 0;
|
||||
uint8_t addresses[] = {0x00, 0x00, 0x21, 0x00}; // fwr = 0, lwr = 33
|
||||
uint8_t password[] = {0x00, 0x00, 0x00, 0x00}; // default password
|
||||
|
||||
init_tag();
|
||||
em4x50_setup_read();
|
||||
|
||||
// set gHigh and gLow
|
||||
get_signalproperties();
|
||||
|
||||
if (etd->pwd_given) {
|
||||
|
||||
// try to login with given password
|
||||
blogin = login(etd->password);
|
||||
|
||||
} else {
|
||||
|
||||
// if no password is given, try to login with "0x00000000"
|
||||
blogin = login(password);
|
||||
|
||||
}
|
||||
|
||||
bsuccess = selective_read(addresses);
|
||||
|
||||
status = (bsuccess << 1) + blogin;
|
||||
|
||||
lf_finalize();
|
||||
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
|
||||
}
|
||||
|
||||
// write functions
|
||||
|
||||
static bool write(uint8_t word[4], uint8_t address) {
|
||||
|
||||
// writes <word> to specified <address>
|
||||
|
||||
if (request_receive_mode()) {
|
||||
|
||||
// send write command
|
||||
em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE);
|
||||
|
||||
// send address data
|
||||
em4x50_send_byte_with_parity(address);
|
||||
|
||||
// send data
|
||||
em4x50_send_word(word);
|
||||
|
||||
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
|
||||
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
|
||||
|
||||
// look for ACK sequence
|
||||
if (check_ack(false)) {
|
||||
|
||||
// now EM4x50 needs T0 * EM4X50_T_TAG_TWEE (EEPROM write time)
|
||||
// for saving data and should return with ACK
|
||||
if (check_ack(false))
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("error in command request");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool write_password(uint8_t password[4], uint8_t new_password[4]) {
|
||||
|
||||
// changes password from <password> to <new_password>
|
||||
|
||||
if (request_receive_mode()) {
|
||||
|
||||
// send write password command
|
||||
em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE_PASSWORD);
|
||||
|
||||
// send address data
|
||||
em4x50_send_word(password);
|
||||
|
||||
// wait for T0 * EM4x50_T_TAG_TPP (processing pause time)
|
||||
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TPP);
|
||||
|
||||
// look for ACK sequence and send rm request
|
||||
// during following listen window
|
||||
if (check_ack(true)) {
|
||||
|
||||
// send new password
|
||||
em4x50_send_word(new_password);
|
||||
|
||||
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
|
||||
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
|
||||
|
||||
if (check_ack(false))
|
||||
if (check_ack(false))
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
if (DBGLEVEL >= DBG_ERROR)
|
||||
Dbprintf("error in command request");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
void em4x50_write(em4x50_data_t *etd) {
|
||||
|
||||
// write operation process for EM4x50 tag,
|
||||
// single word is written to given address, verified by selective read operation
|
||||
|
||||
bool bsuccess = false, blogin = false;
|
||||
uint8_t status = 0;
|
||||
uint8_t word[4] = {0x00, 0x00, 0x00, 0x00};
|
||||
uint8_t addresses[4] = {0x00, 0x00, 0x00, 0x00};
|
||||
|
||||
init_tag();
|
||||
em4x50_setup_read();
|
||||
|
||||
// set gHigh and gLow
|
||||
get_signalproperties();
|
||||
|
||||
// reorder word according to datasheet
|
||||
msb2lsb_word(etd->word);
|
||||
|
||||
// if password is given try to login first
|
||||
if (etd->pwd_given)
|
||||
blogin = login(etd->password);
|
||||
|
||||
// write word to given address
|
||||
if (write(etd->word, etd->address)) {
|
||||
|
||||
// to verify result reset EM4x50
|
||||
if (reset()) {
|
||||
|
||||
// if password is given login
|
||||
if (etd->pwd_given)
|
||||
blogin &= login(etd->password);
|
||||
|
||||
// perform a selective read
|
||||
addresses[2] = addresses[3] = etd->address;
|
||||
if (selective_read(addresses)) {
|
||||
|
||||
// compare with given word
|
||||
word[0] = tag.sectors[etd->address][0];
|
||||
word[1] = tag.sectors[etd->address][1];
|
||||
word[2] = tag.sectors[etd->address][2];
|
||||
word[3] = tag.sectors[etd->address][3];
|
||||
msb2lsb_word(word);
|
||||
|
||||
bsuccess = true;
|
||||
for (int i = 0; i < 4; i++)
|
||||
bsuccess &= (word[i] == etd->word[i]) ? true : false;
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
status = (bsuccess << 1) + blogin;
|
||||
|
||||
lf_finalize();
|
||||
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
|
||||
}
|
||||
|
||||
void em4x50_write_password(em4x50_data_t *etd) {
|
||||
|
||||
// sinmple change of password
|
||||
|
||||
bool bsuccess = false;
|
||||
|
||||
init_tag();
|
||||
em4x50_setup_read();
|
||||
|
||||
// set gHigh and gLow
|
||||
get_signalproperties();
|
||||
|
||||
// login and change password
|
||||
if (login(etd->password)) {
|
||||
bsuccess = write_password(etd->password, etd->new_password);
|
||||
}
|
||||
|
||||
lf_finalize();
|
||||
reply_ng(CMD_ACK, bsuccess, 0, 0);
|
||||
}
|
24
armsrc/em4x50.h
Normal file
24
armsrc/em4x50.h
Normal file
|
@ -0,0 +1,24 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2020 tharexde
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Low frequency EM4x50 commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef EM4X50_H
|
||||
#define EM4X50_H
|
||||
|
||||
#include "../include/em4x50.h"
|
||||
|
||||
typedef struct {
|
||||
uint8_t sectors[34][7];
|
||||
} em4x50_tag_t;
|
||||
|
||||
void em4x50_info(em4x50_data_t *etd);
|
||||
void em4x50_write(em4x50_data_t *etd);
|
||||
void em4x50_write_password(em4x50_data_t *etd);
|
||||
|
||||
#endif /* EM4X50_H */
|
|
@ -36,7 +36,7 @@
|
|||
#include "lfsampling.h"
|
||||
#include "lfdemod.h"
|
||||
#include "commonutil.h"
|
||||
|
||||
#include "appmain.h"
|
||||
|
||||
#define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1
|
||||
#define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8)))
|
||||
|
@ -1002,15 +1002,20 @@ void SniffHitag2(void) {
|
|||
size_t periods = 0;
|
||||
uint8_t periods_bytes[4];
|
||||
|
||||
int16_t checked = 0;
|
||||
// int16_t checked = 0;
|
||||
|
||||
/*bool waiting_for_first_edge = true;*/
|
||||
LED_C_ON();
|
||||
|
||||
uint32_t signal_size = 10000;
|
||||
while (!BUTTON_PRESS()) {
|
||||
|
||||
// use malloc
|
||||
initSampleBufferEx(&signal_size, false);
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
/*
|
||||
// only every 1000th times, in order to save time when collecting samples.
|
||||
if (checked == 1000) {
|
||||
if (data_available()) {
|
||||
|
@ -1021,13 +1026,14 @@ void SniffHitag2(void) {
|
|||
}
|
||||
}
|
||||
++checked;
|
||||
*/
|
||||
|
||||
|
||||
// Receive frame, watch for at most T0*EOF periods
|
||||
// lf_reset_counter();
|
||||
|
||||
// Wait "infinite" for reader modulation
|
||||
periods = lf_detect_gap(20000);
|
||||
periods = lf_detect_gap(10000);
|
||||
|
||||
// Test if we detected the first reader modulation edge
|
||||
if (periods != 0) {
|
||||
|
@ -1042,7 +1048,6 @@ void SniffHitag2(void) {
|
|||
num_to_bytes(periods, 4, periods_bytes);
|
||||
LogTrace(periods_bytes, 4, 0, 0, NULL, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
lf_finalize();
|
||||
|
@ -1064,7 +1069,7 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
|
|||
int response = 0;
|
||||
uint8_t rx[HITAG_FRAME_LEN] = {0};
|
||||
size_t rxlen = 0;
|
||||
uint8_t tx[HITAG_FRAME_LEN];
|
||||
uint8_t tx[HITAG_FRAME_LEN] = {0};
|
||||
size_t txlen = 0;
|
||||
|
||||
auth_table_len = 0;
|
||||
|
@ -1108,8 +1113,11 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
|
|||
// int16_t checked = 0;
|
||||
|
||||
// SIMULATE
|
||||
uint32_t signal_size = 10000;
|
||||
while (BUTTON_PRESS() == false) {
|
||||
|
||||
while (!BUTTON_PRESS()) {
|
||||
// use malloc
|
||||
initSampleBufferEx(&signal_size, true);
|
||||
|
||||
LED_D_ON();
|
||||
|
||||
|
@ -1283,9 +1291,9 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
|
|||
uint32_t command_start = 0, command_duration = 0;
|
||||
uint32_t response_start = 0, response_duration = 0;
|
||||
|
||||
uint8_t rx[HITAG_FRAME_LEN];
|
||||
uint8_t rx[HITAG_FRAME_LEN] = {0};
|
||||
size_t rxlen = 0;
|
||||
uint8_t txbuf[HITAG_FRAME_LEN];
|
||||
uint8_t txbuf[HITAG_FRAME_LEN] = {0};
|
||||
uint8_t *tx = txbuf;
|
||||
size_t txlen = 0;
|
||||
|
||||
|
@ -1430,12 +1438,17 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
|
|||
size_t nrzs = 0;
|
||||
int16_t checked = 0;
|
||||
|
||||
while (!bStop && !BUTTON_PRESS()) {
|
||||
uint32_t signal_size = 10000;
|
||||
|
||||
while (bStop == false && BUTTON_PRESS() == false) {
|
||||
|
||||
// use malloc
|
||||
initSampleBufferEx(&signal_size, true);
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
// only every 1000th times, in order to save time when collecting samples.
|
||||
if (checked == 1000) {
|
||||
if (checked == 4000) {
|
||||
if (data_available()) {
|
||||
checked = -1;
|
||||
break;
|
||||
|
@ -1615,13 +1628,13 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
|
|||
}
|
||||
|
||||
// Pack the response into a byte array
|
||||
for (size_t i = 5; i < nrzs; i++) {
|
||||
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
|
||||
uint8_t bit = nrz_samples[i];
|
||||
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
|
||||
DBG Dbprintf("Error in Manchester decoding, abort");
|
||||
break;
|
||||
}
|
||||
rx[rxlen / 8] |= bit << (7 - (rxlen % 8));
|
||||
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
|
||||
rxlen++;
|
||||
}
|
||||
|
||||
|
@ -1756,10 +1769,14 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
|
|||
size_t nrzs = 0;
|
||||
|
||||
int16_t checked = 0;
|
||||
while (!bStop && !BUTTON_PRESS()) {
|
||||
uint32_t signal_size = 10000;
|
||||
while (bStop == false && BUTTON_PRESS() == false) {
|
||||
|
||||
// only every 1000th times, in order to save time when collecting samples.
|
||||
if (checked == 1000) {
|
||||
// use malloc
|
||||
initSampleBufferEx(&signal_size, true);
|
||||
|
||||
// only every 4000th times, in order to save time when collecting samples.
|
||||
if (checked == 4000) {
|
||||
if (data_available()) {
|
||||
checked = -1;
|
||||
break;
|
||||
|
@ -1920,12 +1937,13 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
|
|||
}
|
||||
|
||||
// Pack the response into a byte array
|
||||
for (size_t i = 5; i < nrzs; i++) {
|
||||
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
|
||||
uint8_t bit = nrz_samples[i];
|
||||
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
|
||||
break;
|
||||
}
|
||||
rx[rxlen / 8] |= bit << (7 - (rxlen % 8));
|
||||
// >> 3 instead of div by 8
|
||||
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
|
||||
rxlen++;
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
#include "fpgaloader.h"
|
||||
#include "ticks.h"
|
||||
#include "dbprint.h"
|
||||
#include "appmain.h"
|
||||
|
||||
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
|
||||
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
|
||||
|
@ -72,27 +73,11 @@ void lf_sample_mean(void) {
|
|||
|
||||
static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
|
||||
size_t periods = 0;
|
||||
volatile uint8_t adc_val;
|
||||
uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3;
|
||||
// int16_t checked = 0;
|
||||
|
||||
while (!BUTTON_PRESS()) {
|
||||
|
||||
// only every 100th times, in order to save time when collecting samples.
|
||||
/*
|
||||
if (checked == 1000) {
|
||||
if (data_available()) {
|
||||
break;
|
||||
} else {
|
||||
checked = 0;
|
||||
}
|
||||
}
|
||||
++checked;
|
||||
*/
|
||||
WDT_HIT();
|
||||
|
||||
while (BUTTON_PRESS() == false) {
|
||||
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
||||
adc_val = AT91C_BASE_SSC->SSC_RHR;
|
||||
volatile uint8_t adc_val = AT91C_BASE_SSC->SSC_RHR;
|
||||
periods++;
|
||||
|
||||
if (g_logging) logSampleSimple(adc_val);
|
||||
|
@ -105,6 +90,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
|
|||
if (adc_val == 0) {
|
||||
return periods;
|
||||
}
|
||||
|
||||
} else {
|
||||
// Trigger on a modulation swap by observing an edge change
|
||||
if (rising_edge) {
|
||||
|
@ -125,6 +111,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
|
|||
if (periods >= max) return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (g_logging) logSampleSimple(0xFF);
|
||||
return 0;
|
||||
}
|
||||
|
@ -161,6 +148,7 @@ bool lf_get_reader_modulation(void) {
|
|||
}
|
||||
|
||||
void lf_wait_periods(size_t periods) {
|
||||
// wait detect gap
|
||||
lf_count_edge_periods_ex(periods, true, false);
|
||||
}
|
||||
|
||||
|
@ -250,23 +238,22 @@ void lf_finalize(void) {
|
|||
}
|
||||
|
||||
size_t lf_detect_field_drop(size_t max) {
|
||||
/*
|
||||
size_t periods = 0;
|
||||
// int16_t checked = 0;
|
||||
|
||||
while (!BUTTON_PRESS()) {
|
||||
while (BUTTON_PRESS() == false) {
|
||||
|
||||
/*
|
||||
// only every 1000th times, in order to save time when collecting samples.
|
||||
if (checked == 1000) {
|
||||
if (data_available()) {
|
||||
checked = -1;
|
||||
break;
|
||||
} else {
|
||||
checked = 0;
|
||||
}
|
||||
}
|
||||
++checked;
|
||||
*/
|
||||
// // only every 1000th times, in order to save time when collecting samples.
|
||||
// if (checked == 4000) {
|
||||
// if (data_available()) {
|
||||
// checked = -1;
|
||||
// break;
|
||||
// } else {
|
||||
// checked = 0;
|
||||
// }
|
||||
// }
|
||||
// ++checked;
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
|
@ -284,6 +271,7 @@ size_t lf_detect_field_drop(size_t max) {
|
|||
if (periods == max) return 0;
|
||||
}
|
||||
}
|
||||
*/
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
#include "util.h"
|
||||
#include "lfdemod.h"
|
||||
#include "string.h" // memset
|
||||
#include "appmain.h" // print stack
|
||||
|
||||
/*
|
||||
Default LF config is set to:
|
||||
|
@ -29,6 +30,12 @@ Default LF config is set to:
|
|||
*/
|
||||
static sample_config config = { 1, 8, 1, LF_DIVISOR_125, 0, 0, 1} ;
|
||||
|
||||
// Holds bit packed struct of samples.
|
||||
static BitstreamOut data = {0, 0, 0};
|
||||
|
||||
// internal struct to keep track of samples gathered
|
||||
static sampling_t samples = {0, 0, 0, 0};
|
||||
|
||||
void printConfig(void) {
|
||||
uint32_t d = config.divisor;
|
||||
DbpString(_CYAN_("LF Sampling config"));
|
||||
|
@ -38,6 +45,18 @@ void printConfig(void) {
|
|||
Dbprintf(" [a] averaging...........%s", (config.averaging) ? "Yes" : "No");
|
||||
Dbprintf(" [t] trigger threshold...%d", config.trigger_threshold);
|
||||
Dbprintf(" [s] samples to skip.....%d ", config.samples_to_skip);
|
||||
|
||||
DbpString(_CYAN_("LF Sampling Stack"));
|
||||
print_stack_usage();
|
||||
}
|
||||
|
||||
void printSamples(void) {
|
||||
DbpString(_CYAN_("LF Sampling memory"));
|
||||
Dbprintf(" decimation counter.....%d ", samples.dec_counter);
|
||||
Dbprintf(" sum.....%u ", samples.sum);
|
||||
Dbprintf(" counter.....%u ", samples.counter);
|
||||
Dbprintf(" total saved.....%u ", samples.total_saved);
|
||||
print_stack_usage();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -99,12 +118,6 @@ static void pushBit(BitstreamOut *stream, uint8_t bit) {
|
|||
stream->numbits++;
|
||||
}
|
||||
|
||||
// Holds bit packed struct of samples.
|
||||
static BitstreamOut data = {0, 0, 0};
|
||||
|
||||
// internal struct to keep track of samples gathered
|
||||
static sampling_t samples = {0, 0, 0, 0};
|
||||
|
||||
void initSampleBuffer(uint32_t *sample_size) {
|
||||
initSampleBufferEx(sample_size, false);
|
||||
}
|
||||
|
@ -116,9 +129,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
|
|||
}
|
||||
BigBuf_free();
|
||||
|
||||
|
||||
// We can't erase the buffer now, it would drastically delay the acquisition
|
||||
|
||||
if (use_malloc) {
|
||||
|
||||
if (*sample_size == 0) {
|
||||
|
@ -141,7 +152,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
|
|||
//
|
||||
samples.dec_counter = 0;
|
||||
samples.sum = 0;
|
||||
samples.counter = 0;
|
||||
samples.counter = *sample_size;
|
||||
samples.total_saved = 0;
|
||||
}
|
||||
|
||||
|
@ -157,13 +168,13 @@ void logSample(uint8_t sample, uint8_t decimation, uint8_t bits_per_sample, bool
|
|||
|
||||
if (!data.buffer) return;
|
||||
|
||||
if (bits_per_sample == 0) bits_per_sample = 1;
|
||||
// keep track of total gather samples regardless how many was discarded.
|
||||
if (samples.counter-- == 0) return;
|
||||
|
||||
if (bits_per_sample == 0) bits_per_sample = 1;
|
||||
if (bits_per_sample > 8) bits_per_sample = 8;
|
||||
if (decimation == 0) decimation = 1;
|
||||
|
||||
// keep track of total gather samples regardless how many was discarded.
|
||||
samples.counter++;
|
||||
|
||||
if (avg) {
|
||||
samples.sum += sample;
|
||||
}
|
||||
|
@ -224,6 +235,7 @@ void LFSetupFPGAForADC(int divisor, bool reader_field) {
|
|||
|
||||
// Connect the A/D to the peak-detected low-frequency path.
|
||||
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
|
||||
|
||||
// 50ms for the resonant antenna to settle.
|
||||
if (reader_field)
|
||||
SpinDelay(50);
|
||||
|
@ -255,6 +267,11 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
|
|||
|
||||
initSampleBuffer(&sample_size);
|
||||
|
||||
if (DBGLEVEL >= DBG_DEBUG) {
|
||||
Dbprintf("lf sampling - after init");
|
||||
printSamples();
|
||||
}
|
||||
|
||||
uint32_t cancel_counter = 0;
|
||||
int16_t checked = 0;
|
||||
|
||||
|
@ -262,7 +279,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
|
|||
|
||||
// only every 1000th times, in order to save time when collecting samples.
|
||||
// interruptible only when logging not yet triggered
|
||||
if ((checked == 2000) && (trigger_threshold > 0)) {
|
||||
if ((checked == 4000) && (trigger_threshold > 0)) {
|
||||
if (data_available()) {
|
||||
checked = -1;
|
||||
break;
|
||||
|
@ -306,7 +323,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
|
|||
if (samples.total_saved >= sample_size) break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (checked == -1 && verbose) {
|
||||
Dbprintf("lf sampling aborted");
|
||||
}
|
||||
|
@ -397,10 +414,19 @@ void doT55x7Acquisition(size_t sample_size) {
|
|||
bool lowFound = false;
|
||||
|
||||
uint16_t checker = 0;
|
||||
|
||||
if (DBGLEVEL >= DBG_DEBUG) {
|
||||
Dbprintf("doT55x7Acquisition - after init");
|
||||
print_stack_usage();
|
||||
}
|
||||
|
||||
while (skipCnt < 1000 && (i < bufsize)) {
|
||||
if (checker == 1000) {
|
||||
if (BUTTON_PRESS() || data_available())
|
||||
|
||||
if (BUTTON_PRESS())
|
||||
break;
|
||||
|
||||
if (checker == 4000) {
|
||||
if (data_available())
|
||||
break;
|
||||
else
|
||||
checker = 0;
|
||||
|
@ -462,21 +488,24 @@ void doT55x7Acquisition(size_t sample_size) {
|
|||
void doCotagAcquisition(size_t sample_size) {
|
||||
|
||||
uint8_t *dest = BigBuf_get_addr();
|
||||
uint16_t bufsize = BigBuf_max_traceLen();
|
||||
|
||||
if (bufsize > sample_size)
|
||||
bufsize = sample_size;
|
||||
uint16_t bufsize = MIN(sample_size, BigBuf_max_traceLen());
|
||||
|
||||
dest[0] = 0;
|
||||
uint8_t firsthigh = 0, firstlow = 0;
|
||||
uint16_t i = 0;
|
||||
uint16_t noise_counter = 0;
|
||||
|
||||
uint16_t checker = 0;
|
||||
uint16_t i = 0, noise_counter = 0, checker = 0;
|
||||
|
||||
if (DBGLEVEL >= DBG_DEBUG) {
|
||||
Dbprintf("doCotagAcquisition - after init");
|
||||
print_stack_usage();
|
||||
}
|
||||
|
||||
while ((i < bufsize) && (noise_counter < (COTAG_T1 << 1))) {
|
||||
if (checker == 1000) {
|
||||
if (BUTTON_PRESS() || data_available())
|
||||
|
||||
if (BUTTON_PRESS())
|
||||
break;
|
||||
|
||||
if (checker == 4000) {
|
||||
if (data_available())
|
||||
break;
|
||||
else
|
||||
checker = 0;
|
||||
|
@ -530,21 +559,26 @@ void doCotagAcquisition(size_t sample_size) {
|
|||
uint32_t doCotagAcquisitionManchester(void) {
|
||||
|
||||
uint8_t *dest = BigBuf_get_addr();
|
||||
uint16_t bufsize = BigBuf_max_traceLen();
|
||||
|
||||
if (bufsize > COTAG_BITS)
|
||||
bufsize = COTAG_BITS;
|
||||
uint16_t bufsize = MIN(COTAG_BITS, BigBuf_max_traceLen());
|
||||
|
||||
dest[0] = 0;
|
||||
uint8_t firsthigh = 0, firstlow = 0;
|
||||
uint16_t sample_counter = 0, period = 0;
|
||||
uint8_t curr = 0, prev = 0;
|
||||
uint16_t noise_counter = 0;
|
||||
uint16_t checker = 0;
|
||||
|
||||
uint16_t sample_counter = 0, period = 0;
|
||||
uint16_t noise_counter = 0, checker = 0;
|
||||
|
||||
if (DBGLEVEL >= DBG_DEBUG) {
|
||||
Dbprintf("doCotagAcquisitionManchester - after init");
|
||||
print_stack_usage();
|
||||
}
|
||||
|
||||
while ((sample_counter < bufsize) && (noise_counter < (COTAG_T1 << 1))) {
|
||||
if (checker == 1000) {
|
||||
if (BUTTON_PRESS() || data_available())
|
||||
|
||||
if (BUTTON_PRESS())
|
||||
break;
|
||||
|
||||
if (checker == 4000) {
|
||||
if ( data_available())
|
||||
break;
|
||||
else
|
||||
checker = 0;
|
||||
|
|
|
@ -100,5 +100,6 @@ void setSamplingConfig(sample_config *sc);
|
|||
sample_config *getSamplingConfig(void);
|
||||
|
||||
void printConfig(void);
|
||||
void printSamples(void);
|
||||
|
||||
#endif // __LFSAMPLING_H
|
||||
|
|
|
@ -63,18 +63,23 @@ if (NOT SKIPPYTHON EQUAL 1)
|
|||
pkg_search_module(PYTHON3EMBED QUIET python3-embed)
|
||||
endif (NOT SKIPPYTHON EQUAL 1)
|
||||
|
||||
# If build on android cross, we need to init source and build.
|
||||
if (ANDROID)
|
||||
# If cross-compiled, we need to init source and build.
|
||||
if (CMAKE_TOOLCHAIN_FILE)
|
||||
set(CFLAGS_EXTERNAL_LIB "CFLAGS=--target=${CMAKE_C_COMPILER_TARGET} -w")
|
||||
set(EMBED_READLINE ON)
|
||||
set(EMBED_BZIP2 ON)
|
||||
endif (CMAKE_TOOLCHAIN_FILE)
|
||||
|
||||
if (EMBED_READLINE OR EMBED_BZIP2)
|
||||
include(ExternalProject)
|
||||
endif (ANDROID)
|
||||
endif (EMBED_READLINE OR EMBED_BZIP2)
|
||||
|
||||
if (NOT SKIPREADLINE EQUAL 1)
|
||||
if (APPLE)
|
||||
find_path(READLINE_INCLUDE_DIRS readline/readline.h /usr/local/opt/readline/include /opt/local/include /opt/include /usr/local/include /usr/include NO_DEFAULT_PATH)
|
||||
find_library(READLINE_LIBRARIES readline /usr/local/opt/readline/lib /opt/local/lib /opt/lib /usr/local/lib /usr/lib NO_DEFAULT_PATH)
|
||||
endif (APPLE)
|
||||
if (ANDROID)
|
||||
if (EMBED_READLINE)
|
||||
ExternalProject_Add(ncurses
|
||||
URL http://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.0.tar.gz
|
||||
PREFIX deps/ncurses
|
||||
|
@ -100,10 +105,10 @@ if (NOT SKIPREADLINE EQUAL 1)
|
|||
ExternalProject_Add_StepTargets(readline configure build install)
|
||||
set(READLINE_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/)
|
||||
set(READLINE_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/readline/libreadline.a ${CMAKE_CURRENT_BINARY_DIR}/deps/ncurses/src/ncurses/lib/libtinfo.a)
|
||||
else (ANDROID)
|
||||
else (EMBED_READLINE)
|
||||
find_path(READLINE_INCLUDE_DIRS readline/readline.h)
|
||||
find_library(READLINE_LIBRARIES readline)
|
||||
endif (ANDROID)
|
||||
endif (EMBED_READLINE)
|
||||
if (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES)
|
||||
set(READLINE_FOUND ON)
|
||||
endif (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES)
|
||||
|
@ -122,7 +127,7 @@ if (NOT SKIPJANSSONSYSTEM EQUAL 1)
|
|||
endif (JANSSON_INCLUDE_DIRS AND JANSSON_LIBRARIES)
|
||||
endif (NOT SKIPJANSSONSYSTEM EQUAL 1)
|
||||
|
||||
if(ANDROID)
|
||||
if(EMBED_BZIP2)
|
||||
set(BZIP2_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
|
||||
ExternalProject_Add(bzip2
|
||||
GIT_REPOSITORY https://android.googlesource.com/platform/external/bzip2
|
||||
|
@ -139,9 +144,9 @@ if(ANDROID)
|
|||
set(BZIP2_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
|
||||
set(BZIP2_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2/libbz2.a)
|
||||
set(BZIP2_FOUND ON)
|
||||
else()
|
||||
else(EMBED_BZIP2)
|
||||
find_package (BZip2 REQUIRED)
|
||||
endif(ANDROID)
|
||||
endif(EMBED_BZIP2)
|
||||
|
||||
if (NOT SKIPWHEREAMISYSTEM EQUAL 1)
|
||||
find_path(WHEREAMI_INCLUDE_DIRS whereami.h)
|
||||
|
@ -240,6 +245,7 @@ set (TARGET_SOURCES
|
|||
${PM3_ROOT}/client/src/cmdlfawid.c
|
||||
${PM3_ROOT}/client/src/cmdlfcotag.c
|
||||
${PM3_ROOT}/client/src/cmdlfem4x.c
|
||||
${PM3_ROOT}/client/src/cmdlfem4x50.c
|
||||
${PM3_ROOT}/client/src/cmdlffdx.c
|
||||
${PM3_ROOT}/client/src/cmdlfgallagher.c
|
||||
${PM3_ROOT}/client/src/cmdlfguard.c
|
||||
|
@ -392,6 +398,12 @@ else (SKIPBT EQUAL 1)
|
|||
endif (BLUEZ_FOUND)
|
||||
endif(SKIPBT EQUAL 1)
|
||||
|
||||
if (EMBED_BZIP2)
|
||||
message("Bzip2 library: embedded")
|
||||
else (EMBED_BZIP2)
|
||||
message("Bzip2 library: system library found")
|
||||
endif (EMBED_BZIP2)
|
||||
|
||||
if (SKIPJANSSONSYSTEM EQUAL 1)
|
||||
message("Jansson library: local library forced")
|
||||
else (SKIPJANSSONSYSTEM EQUAL 1)
|
||||
|
@ -418,7 +430,11 @@ if (SKIPREADLINE EQUAL 1)
|
|||
message("Readline library: skipped")
|
||||
else (SKIPREADLINE EQUAL 1)
|
||||
if (READLINE_FOUND)
|
||||
message("Readline library: enabled")
|
||||
if (EMBED_READLINE)
|
||||
message("Readline library: embedded")
|
||||
else (EMBED_READLINE)
|
||||
message("Readline library: system library found")
|
||||
endif (EMBED_READLINE)
|
||||
else (READLINE_FOUND)
|
||||
message("Readline library: Readline not found, disabled")
|
||||
endif (READLINE_FOUND)
|
||||
|
@ -442,12 +458,14 @@ add_executable(proxmark3
|
|||
)
|
||||
|
||||
target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3)
|
||||
if (ANDROID)
|
||||
if (EMBED_READLINE)
|
||||
if (NOT SKIPREADLINE EQUAL 1)
|
||||
add_dependencies(proxmark3 ncurses readline)
|
||||
endif (NOT SKIPREADLINE EQUAL 1)
|
||||
endif (EMBED_READLINE)
|
||||
if (EMBED_BZIP2)
|
||||
add_dependencies(proxmark3 bzip2)
|
||||
endif (ANDROID)
|
||||
endif (EMBED_BZIP2)
|
||||
|
||||
if (MINGW)
|
||||
# Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
|
||||
|
|
|
@ -439,6 +439,7 @@ SRCS = aidsearch.c \
|
|||
cmdlfawid.c \
|
||||
cmdlfcotag.c \
|
||||
cmdlfem4x.c \
|
||||
cmdlfem4x50.c \
|
||||
cmdlffdx.c \
|
||||
cmdlfguard.c \
|
||||
cmdlfgallagher.c \
|
||||
|
|
|
@ -1240,15 +1240,14 @@ static int handler_desfire_signature(uint8_t *signature, size_t *signature_len)
|
|||
}
|
||||
|
||||
// --- KEY SETTING
|
||||
static int desfire_print_keysetting(uint8_t key_settings, mifare_des_authalgo_t algo) {
|
||||
|
||||
static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys, int algo) {
|
||||
PrintAndLogEx(SUCCESS, " AID Key settings : 0x%02x", key_settings);
|
||||
// 2 MSB denotes
|
||||
const char *str = " Max key number and type : %d, " _YELLOW_("%s");
|
||||
|
||||
if (algo == MFDES_ALGO_DES) PrintAndLogEx(SUCCESS, str, "(3)DES");
|
||||
else if (algo == MFDES_ALGO_AES) PrintAndLogEx(SUCCESS, str, "AES");
|
||||
else if (algo == MFDES_ALGO_3K3DES) PrintAndLogEx(SUCCESS, str, "3K3DES");
|
||||
if (algo == MFDES_ALGO_DES) PrintAndLogEx(SUCCESS, str, num_keys & 0x3F, "(3)DES");
|
||||
else if (algo == MFDES_ALGO_AES) PrintAndLogEx(SUCCESS, str, num_keys & 0x3F, "AES");
|
||||
else if (algo == MFDES_ALGO_3K3DES) PrintAndLogEx(SUCCESS, str, num_keys & 0x3F, "3K3DES");
|
||||
|
||||
//PrintAndLogEx(SUCCESS, " Max number of keys in AID : %d", num_keys & 0x3F);
|
||||
PrintAndLogEx(INFO, "-------------------------------------------------------------");
|
||||
|
@ -1449,14 +1448,14 @@ static int handler_desfire_select_application(uint8_t *aid) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int key_setting_to_algo(uint8_t aid[3], uint8_t *key_setting, mifare_des_authalgo_t *algo) {
|
||||
static int key_setting_to_algo(uint8_t aid[3], uint8_t *key_setting, mifare_des_authalgo_t *algo, uint8_t *num_keys) {
|
||||
int res = handler_desfire_select_application(aid);
|
||||
if (res != PM3_SUCCESS) return res;
|
||||
|
||||
uint8_t num_keys = 0;
|
||||
res = handler_desfire_getkeysettings(key_setting, &num_keys);
|
||||
*num_keys = 0;
|
||||
res = handler_desfire_getkeysettings(key_setting, num_keys);
|
||||
if (res == PM3_SUCCESS) {
|
||||
switch (num_keys >> 6) {
|
||||
switch (*num_keys >> 6) {
|
||||
case 0:
|
||||
*algo = MFDES_ALGO_DES;
|
||||
break;
|
||||
|
@ -1863,8 +1862,8 @@ static int getKeySettings(uint8_t *aid) {
|
|||
// KEY Settings - AMK
|
||||
uint8_t num_keys = 0;
|
||||
uint8_t key_setting = 0;
|
||||
mifare_des_authalgo_t algo;
|
||||
res = key_setting_to_algo(aid, &key_setting, &algo);
|
||||
mifare_des_authalgo_t algo=MFDES_ALGO_DES;
|
||||
res = key_setting_to_algo(aid, &key_setting, &algo, &num_keys);
|
||||
|
||||
if (res == PM3_SUCCESS) {
|
||||
// number of Master keys (0x01)
|
||||
|
@ -1915,10 +1914,10 @@ static int getKeySettings(uint8_t *aid) {
|
|||
// KEY Settings - AMK
|
||||
uint8_t num_keys = 0;
|
||||
uint8_t key_setting = 0;
|
||||
mifare_des_authalgo_t algo;
|
||||
res = key_setting_to_algo(aid, &key_setting, &algo);
|
||||
mifare_des_authalgo_t algo=MFDES_ALGO_DES;
|
||||
res = key_setting_to_algo(aid, &key_setting, &algo, &num_keys);
|
||||
if (res == PM3_SUCCESS) {
|
||||
desfire_print_keysetting(key_setting, algo);
|
||||
desfire_print_keysetting(key_setting, num_keys, algo);
|
||||
} else {
|
||||
PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings"));
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "cmdlfem4x.h"
|
||||
#include "cmdlfem4x50.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
@ -149,20 +150,6 @@ static int usage_lf_em4x50_read(void) {
|
|||
PrintAndLogEx(NORMAL, " lf em 4x50_read 1 11223344");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
static int usage_lf_em4x50_write(void) {
|
||||
PrintAndLogEx(NORMAL, "Write EM 4x50/4x69. Tag must be on antenna. ");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] <address> <data> <pwd>");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h - this help");
|
||||
PrintAndLogEx(NORMAL, " address - memory address to write to. (0-15)");
|
||||
PrintAndLogEx(NORMAL, " data - data to write (hex)");
|
||||
PrintAndLogEx(NORMAL, " pwd - password (hex) (optional)");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de 11223344");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
//////////////// 4205 / 4305 commands
|
||||
static int usage_lf_em4x05_dump(void) {
|
||||
|
@ -1052,16 +1039,6 @@ static int CmdEM4x50Read(const char *Cmd) {
|
|||
return EM4x50Read(Cmd, true);
|
||||
}
|
||||
|
||||
static int CmdEM4x50Write(const char *Cmd) {
|
||||
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
|
||||
if (ctmp == 'h') return usage_lf_em4x50_write();
|
||||
PrintAndLogEx(NORMAL, "no implemented yet");
|
||||
//
|
||||
// PrintAndLogEx(SUCCESS, "Done");
|
||||
// PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x50_read`") " to verify");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int CmdEM4x50Dump(const char *Cmd) {
|
||||
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
|
||||
if (ctmp == 'h') return usage_lf_em4x50_dump();
|
||||
|
@ -1779,7 +1756,9 @@ static command_t CommandTable[] = {
|
|||
{"4x50_demod", CmdEM4x50Demod, AlwaysAvailable, "demodulate a EM4x50 tag from the GraphBuffer"},
|
||||
{"4x50_dump", CmdEM4x50Dump, IfPm3Lf, "dump EM4x50 tag"},
|
||||
{"4x50_read", CmdEM4x50Read, IfPm3Lf, "read word data from EM4x50"},
|
||||
{"4x50_info", CmdEM4x50Info, IfPm3Lf, "read complete data from EM4x50"},
|
||||
{"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"},
|
||||
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3Lf, "change passwword of EM4x50 tag"},
|
||||
{NULL, NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
|
|
663
client/src/cmdlfem4x50.c
Normal file
663
client/src/cmdlfem4x50.c
Normal file
|
@ -0,0 +1,663 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2020 tharexde
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Low frequency EM4x50 commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "cmdlfem4x50.h"
|
||||
#include <ctype.h>
|
||||
#include "fileutils.h"
|
||||
#include "comms.h"
|
||||
#include "commonutil.h"
|
||||
#include "em4x50.h"
|
||||
|
||||
#define EM4X50_NO_WORDS 34
|
||||
|
||||
// special words
|
||||
#define EM4X50_DEVICE_PASSWORD 0
|
||||
#define EM4X50_PROTECTION 1
|
||||
#define EM4X50_CONTROL 2
|
||||
#define EM4X50_DEVICE_SERIAL 32
|
||||
#define EM4X50_DEVICE_ID 33
|
||||
|
||||
// control word (word = 4 bytes)
|
||||
#define FIRST_WORD_READ 0 // first byte
|
||||
#define LAST_WORD_READ 1 // second byte
|
||||
#define CONFIG_BLOCK 2 // third byte
|
||||
#define PASSWORD_CHECK 0x80 // first bit in third byte
|
||||
#define READ_AFTER_WRITE 0x40 // second bit in third byte
|
||||
|
||||
// protection word
|
||||
#define FIRST_WORD_READ_PROTECTED 0 // first byte
|
||||
#define LAST_WORD_READ_PROTECTED 1 // second byte
|
||||
#define FIRST_WORD_WRITE_INHIBITED 2 // third byte
|
||||
#define LAST_WORD_WRITE_INHIBITED 3 // fourth byte
|
||||
|
||||
// misc
|
||||
#define STATUS_SUCCESS 0x2
|
||||
#define STATUS_LOGIN 0x1
|
||||
#define NO_CHARS_MAX 400
|
||||
|
||||
int usage_lf_em4x50_info(void) {
|
||||
PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna.");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p <pwd>]");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h - this help");
|
||||
PrintAndLogEx(NORMAL, " v - verbose output");
|
||||
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_info");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_info p fa225de1\n");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_info v p fa225de1\n");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
int usage_lf_em4x50_write(void) {
|
||||
PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. ");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] a <address> w <data>");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h - this help");
|
||||
PrintAndLogEx(NORMAL, " a <addr> - memory address to write to (dec)");
|
||||
PrintAndLogEx(NORMAL, " w <word> - word to write (hex)");
|
||||
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_write a 3 w deadc0de");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
int usage_lf_em4x50_write_password(void) {
|
||||
PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. ");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] p <pwd> n <pwd>");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h - this help");
|
||||
PrintAndLogEx(NORMAL, " p <pwd> - password (hex)");
|
||||
PrintAndLogEx(NORMAL, " n <pwd> - new password (hex)");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_write_password p 11223344 n 01020304");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
|
||||
|
||||
// restructure received result in "em4x50_word_t" structure and check all
|
||||
// parities including stop bit; result of each check is stored in structure
|
||||
|
||||
int p = 0, c[8] = {0, 0, 0, 0, 0, 0, 0, 0};
|
||||
|
||||
for (int i = fwr; i <= lwr; i++) {
|
||||
|
||||
words[i].stopparity = true;
|
||||
words[i].parity = true;
|
||||
|
||||
for (int j = 0; j < 8; j++)
|
||||
c[j] = 0;
|
||||
|
||||
for (int j = 0; j < 4; j++) {
|
||||
words[i].byte[j] = byte[i*7+j];
|
||||
words[i].row_parity[j] = (byte[i*7+4] >> (3-j)) & 1;
|
||||
|
||||
// collect parities
|
||||
p = 0;
|
||||
|
||||
for (int k = 0; k < 8; k++) {
|
||||
|
||||
// row parity
|
||||
p ^= (words[i].byte[j] >> k) & 1;
|
||||
|
||||
// column parity
|
||||
c[k] ^= (words[i].byte[j] >> (7-k)) & 1;
|
||||
}
|
||||
|
||||
// check row parities
|
||||
words[i].rparity[j] = (words[i].row_parity[j] == p) ? true : false;
|
||||
|
||||
if (!words[i].rparity[j])
|
||||
words[i].parity = false;
|
||||
}
|
||||
|
||||
// check column parities
|
||||
words[i].col_parity = byte[i*7+5] ;
|
||||
|
||||
for (int j = 0; j < 8; j++) {
|
||||
words[i].cparity[j] = (((words[i].col_parity >> (7-j)) & 1) == c[j]) ? true : false;
|
||||
|
||||
if (!words[i].cparity[j])
|
||||
words[i].parity = false;
|
||||
}
|
||||
|
||||
// check stop bit
|
||||
words[i].stopbit = byte[i*7+6] & 1;
|
||||
|
||||
if (words[i].stopbit == 1)
|
||||
words[i].stopparity = false;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static void print_bit_table(const em4x50_word_t word) {
|
||||
|
||||
// generate output in table form for each word including parities, stop
|
||||
// bit, result of parity checks and hex notation of each row in msb/lsb
|
||||
// notation
|
||||
// individual parity errors will be highlighted in red
|
||||
|
||||
int bit = 0;
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
|
||||
// print binary data
|
||||
for (int j = 0; j < 4; j++) {
|
||||
|
||||
strcat(string, " ");
|
||||
|
||||
// lsb notation
|
||||
for (int k = 0; k < 8; k++) {
|
||||
sprintf(pstring, "%i", (word.byte[j] >> (7-k)) & 1);
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
strcat(string, " | ");
|
||||
|
||||
// binary row parities + hex bytes of word
|
||||
sprintf(pstring, (word.rparity[j]) ? "%i" : _RED_("%i"), word.row_parity[j]);
|
||||
strcat(string, pstring);
|
||||
|
||||
if (j == 0)
|
||||
sprintf(pstring, " msb: 0x%02x lsb: 0x%02x", word.byte[j], reflect8(word.byte[j]));
|
||||
else
|
||||
sprintf(pstring, " 0x%02x 0x%02x", word.byte[j], reflect8(word.byte[j]));
|
||||
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,string);
|
||||
|
||||
string[0] = '\0';
|
||||
}
|
||||
|
||||
strcat(string, " ------------ --------------------\n ");
|
||||
|
||||
// binary column parities
|
||||
for (int k = 0; k < 8; k++) {
|
||||
|
||||
bit = (word.col_parity >> (7-k)) & 1;
|
||||
|
||||
// if column parity is false -> highlight bit in red
|
||||
sprintf(pstring, (word.cparity[k]) ? "%i" : _RED_("%i"), bit);
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
// binary stop bit
|
||||
strcat(string, " | ");
|
||||
sprintf(pstring, (word.stopparity) ? "%i" : _RED_("%i"), word.stopbit);
|
||||
strcat(pstring, " parities ");
|
||||
strcat(string, pstring);
|
||||
|
||||
// parities passed/failed
|
||||
sprintf(pstring, (word.parity) ? _GREEN_("ok") : _RED_("failed"));
|
||||
strcat(string, pstring);
|
||||
|
||||
PrintAndLogEx(NORMAL,string);
|
||||
|
||||
string[0] = '\0';
|
||||
}
|
||||
|
||||
static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
|
||||
|
||||
// print available information for given word from fwr to lwr, i.e.
|
||||
// bit table + summary lines with hex notation of word (msb + lsb)
|
||||
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
|
||||
for (int i = fwr; i <= lwr; i++) {
|
||||
|
||||
// blank line before each bit table
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
|
||||
// print bit table
|
||||
print_bit_table(words[i]);
|
||||
|
||||
// final result
|
||||
sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i);
|
||||
strcat(string, pstring);
|
||||
|
||||
for (int j = 0; j < 4; j++) {
|
||||
sprintf(pstring, _GREEN_("%02x"), words[i].byte[j]);
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
sprintf(pstring, "\n word[%i] lsb: 0x", i);
|
||||
strcat(string, pstring);
|
||||
|
||||
for (int j = 0; j < 4; j++) {
|
||||
sprintf(pstring, "%02x", reflect8(words[i].byte[3-j]));
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,string);
|
||||
|
||||
string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
||||
static void print_info_result(PacketResponseNG *resp, const em4x50_data_t *etd, bool bverbose) {
|
||||
|
||||
// display all information of info result in structured format
|
||||
|
||||
uint8_t *data = resp->data.asBytes;
|
||||
em4x50_word_t words[EM4X50_NO_WORDS];
|
||||
char pstring[NO_CHARS_MAX] = {0}, string[NO_CHARS_MAX] = {0};
|
||||
|
||||
bool bpwd_given = etd->pwd_given;
|
||||
bool bsuccess = resp->status & STATUS_SUCCESS;
|
||||
bool blogin = resp->status & STATUS_LOGIN;
|
||||
|
||||
prepare_result(data, 0, EM4X50_NO_WORDS - 1, words);
|
||||
|
||||
bool bpwc = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & PASSWORD_CHECK;
|
||||
bool braw = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & READ_AFTER_WRITE;
|
||||
int fwr = reflect8(words[EM4X50_CONTROL].byte[FIRST_WORD_READ]);
|
||||
int lwr = reflect8(words[EM4X50_CONTROL].byte[LAST_WORD_READ]);
|
||||
int fwrp = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_READ_PROTECTED]);
|
||||
int lwrp = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_READ_PROTECTED]);
|
||||
int fwwi = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_WRITE_INHIBITED]);
|
||||
int lwwi = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_WRITE_INHIBITED]);
|
||||
|
||||
// data section
|
||||
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 data:"));
|
||||
|
||||
if (bverbose) {
|
||||
|
||||
// detailed data section
|
||||
print_result(words, 0, EM4X50_NO_WORDS - 1);
|
||||
|
||||
} else {
|
||||
|
||||
// condensed data section
|
||||
for (int i = 0; i < EM4X50_NO_WORDS; i++) {
|
||||
|
||||
sprintf(pstring, " word[%2i]: ", i);
|
||||
strcat(string, pstring);
|
||||
|
||||
for (int j = 0; j < 4; j++) {
|
||||
sprintf(pstring, "%02x", words[i].byte[j]);
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
switch(i) {
|
||||
case EM4X50_DEVICE_PASSWORD:
|
||||
sprintf(pstring, _YELLOW_(" password, write only"));
|
||||
break;
|
||||
case EM4X50_PROTECTION:
|
||||
sprintf(pstring, _YELLOW_(" protection word, write inhibited"));
|
||||
break;
|
||||
case EM4X50_CONTROL:
|
||||
sprintf(pstring, _YELLOW_(" control word, write inhibited"));
|
||||
break;
|
||||
case EM4X50_DEVICE_SERIAL:
|
||||
sprintf(pstring, _YELLOW_(" device serial number, read only"));
|
||||
break;
|
||||
case EM4X50_DEVICE_ID:
|
||||
sprintf(pstring, _YELLOW_(" device identification, read only"));
|
||||
break;
|
||||
default:
|
||||
sprintf(pstring, " user data");
|
||||
break;
|
||||
}
|
||||
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,"%s", string);
|
||||
string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
||||
// configuration section
|
||||
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 configuration"));
|
||||
PrintAndLogEx(NORMAL," control: | protection:");
|
||||
|
||||
sprintf(pstring, " first word read: %3i |", fwr);
|
||||
strcat(string, pstring);
|
||||
sprintf(pstring, " first word read protected: %3i", fwrp);
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,"%s", string);
|
||||
string[0] = '\0';
|
||||
|
||||
sprintf(pstring, " last word read: %3i |", lwr);
|
||||
strcat(string, pstring);
|
||||
sprintf(pstring, " last word read protected: %3i", lwrp);
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,"%s", string);
|
||||
string[0] = '\0';
|
||||
|
||||
sprintf(pstring, " password check: %3s |", (bpwc) ? "on" : "off");
|
||||
strcat(string, pstring);
|
||||
sprintf(pstring, " first word write inhibited: %3i", fwwi);
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,"%s", string);
|
||||
string[0] = '\0';
|
||||
|
||||
sprintf(pstring, " read after write: %3s |", (braw) ? "on" : "off");
|
||||
strcat(string, pstring);
|
||||
sprintf(pstring, " last word write inhibited: %3i", lwwi);
|
||||
strcat(string, pstring);
|
||||
PrintAndLogEx(NORMAL,"%s", string);
|
||||
string[0] = '\0';
|
||||
|
||||
PrintAndLogEx(NORMAL, "\n zero values may indicate read protection!");
|
||||
|
||||
// status line
|
||||
sprintf(pstring, " reading ");
|
||||
strcat(string, pstring);
|
||||
|
||||
if (!bsuccess) {
|
||||
|
||||
sprintf(pstring, _RED_("failed"));
|
||||
strcat(string, pstring);
|
||||
|
||||
} else {
|
||||
|
||||
sprintf(pstring, _GREEN_("ok "));
|
||||
strcat(string, pstring);
|
||||
|
||||
if (blogin) {
|
||||
|
||||
if (bpwd_given) {
|
||||
|
||||
sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)",
|
||||
etd->password[0], etd->password[1],
|
||||
etd->password[2], etd->password[3]);
|
||||
strcat(string, pstring);
|
||||
|
||||
} else {
|
||||
|
||||
sprintf(pstring, "(login with default password 0x00000000)");
|
||||
strcat(string, pstring);
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if (bpwd_given) {
|
||||
|
||||
sprintf(pstring, "(login failed)");
|
||||
strcat(string, pstring);
|
||||
|
||||
} else {
|
||||
|
||||
sprintf(pstring, "(no login)");
|
||||
strcat(string, pstring);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,"%s\n", string);
|
||||
}
|
||||
|
||||
int CmdEM4x50Info(const char *Cmd) {
|
||||
|
||||
// envoke reading of a EM4x50 tag which has to be on the antenna because
|
||||
// decoding is done by the device (not on client side)
|
||||
|
||||
bool errors = false, verbose = false, success = false;
|
||||
uint8_t cmdp = 0;
|
||||
em4x50_data_t etd;
|
||||
PacketResponseNG resp;
|
||||
|
||||
// init
|
||||
etd.pwd_given = false;
|
||||
|
||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||
|
||||
case 'h':
|
||||
return usage_lf_em4x50_info();
|
||||
|
||||
case 'p':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
etd.pwd_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
case 'v':
|
||||
verbose = true;
|
||||
cmdp += 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
||||
errors = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// validation
|
||||
if (errors)
|
||||
return usage_lf_em4x50_info();
|
||||
|
||||
// call info command
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X50_INFO, (uint8_t *)&etd, sizeof(etd));
|
||||
|
||||
|
||||
// get result
|
||||
if (!WaitForResponse(CMD_ACK, &resp)) {
|
||||
PrintAndLogEx(WARNING, " timeout while waiting for reply.");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// print result
|
||||
print_info_result(&resp, &etd, verbose);
|
||||
|
||||
success = resp.status & STATUS_SUCCESS;
|
||||
return (success) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
||||
static void print_write_result(PacketResponseNG *resp, const em4x50_data_t *etd) {
|
||||
|
||||
// display result of writing operation in structured format
|
||||
|
||||
bool pwd_given = etd->pwd_given;
|
||||
bool success = resp->status & STATUS_SUCCESS;
|
||||
bool login = resp->status & STATUS_LOGIN;
|
||||
uint8_t *data = resp->data.asBytes;
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
em4x50_word_t word;
|
||||
|
||||
if (!success) {
|
||||
|
||||
sprintf(pstring, "\n writing " _RED_("failed"));
|
||||
strcat(string, pstring);
|
||||
|
||||
} else {
|
||||
|
||||
prepare_result(data, etd->address, etd->address, &word);
|
||||
print_result(&word, etd->address, etd->address);
|
||||
|
||||
sprintf(pstring, "\n writing " _GREEN_("ok "));
|
||||
strcat(string, pstring);
|
||||
|
||||
if (pwd_given) {
|
||||
|
||||
if (login) {
|
||||
sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)",
|
||||
etd->password[0], etd->password[1],
|
||||
etd->password[2], etd->password[3]);
|
||||
strcat(string, pstring);
|
||||
} else {
|
||||
sprintf(pstring, "(login failed)");
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
} else {
|
||||
sprintf(pstring, "(no login)");
|
||||
strcat(string, pstring);
|
||||
}
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,"%s\n", string);
|
||||
}
|
||||
|
||||
int CmdEM4x50Write(const char *Cmd) {
|
||||
|
||||
// envoke writing a single word (32 bit) to a EM4x50 tag
|
||||
|
||||
bool errors = false, bword = false, baddr = false, success = false;
|
||||
uint8_t cmdp = 0;
|
||||
em4x50_data_t etd;
|
||||
PacketResponseNG resp;
|
||||
|
||||
// init
|
||||
etd.pwd_given = false;
|
||||
|
||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||
|
||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||
case 'h':
|
||||
return usage_lf_em4x50_write();
|
||||
|
||||
case 'p':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
etd.pwd_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
case 'w':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.word, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n word has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
bword = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
case 'a':
|
||||
param_getdec(Cmd, cmdp + 1, &etd.address);
|
||||
|
||||
// validation
|
||||
if (etd.address < 1 || etd.address > 31) {
|
||||
PrintAndLogEx(FAILED, "\n error, address has to be in range [1-31]\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
baddr = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
default:
|
||||
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
|
||||
errors = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (errors || !bword || !baddr)
|
||||
return usage_lf_em4x50_write();
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd));
|
||||
|
||||
|
||||
if (!WaitForResponse(CMD_ACK, &resp)) {
|
||||
PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// get, prepare and print response
|
||||
print_write_result(&resp, &etd);
|
||||
|
||||
success = resp.status & STATUS_SUCCESS;
|
||||
return (success) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
||||
static void print_write_password_result(PacketResponseNG *resp, const em4x50_data_t *etd) {
|
||||
|
||||
// display result of password changing operation
|
||||
|
||||
bool success = resp->status;
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
|
||||
if (!success) {
|
||||
|
||||
sprintf(pstring, "\n writing new password " _RED_("failed"));
|
||||
strcat(string, pstring);
|
||||
|
||||
} else {
|
||||
|
||||
sprintf(pstring, "\n writing new password " _GREEN_("ok"));
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,"%s\n", string);
|
||||
}
|
||||
|
||||
int CmdEM4x50WritePassword(const char *Cmd) {
|
||||
|
||||
// envokes changing the password of EM4x50 tag
|
||||
|
||||
bool errors = false, bpwd = false, bnpwd = false;
|
||||
uint8_t cmdp = 0;
|
||||
em4x50_data_t etd;
|
||||
PacketResponseNG resp;
|
||||
|
||||
// init
|
||||
etd.pwd_given = false;
|
||||
etd.newpwd_given = false;
|
||||
|
||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||
|
||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||
case 'h':
|
||||
return usage_lf_em4x50_write_password();
|
||||
|
||||
case 'p':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
bpwd = true;
|
||||
etd.pwd_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
case 'n':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.new_password, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
bnpwd = true;
|
||||
etd.newpwd_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
default:
|
||||
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
|
||||
errors = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (errors || !bpwd || !bnpwd)
|
||||
return usage_lf_em4x50_write_password();
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X50_WRITE_PASSWORD, (uint8_t *)&etd, sizeof(etd));
|
||||
|
||||
if (!WaitForResponse(CMD_ACK, &resp)) {
|
||||
PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// get, prepare and print response
|
||||
print_write_password_result(&resp, &etd);
|
||||
|
||||
return ((bool)resp.status) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
22
client/src/cmdlfem4x50.h
Normal file
22
client/src/cmdlfem4x50.h
Normal file
|
@ -0,0 +1,22 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2020 tharexde
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Low frequency EM4x50 commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef CMDLFEM4X50_H__
|
||||
#define CMDLFEM4X50_H__
|
||||
|
||||
int usage_lf_em4x50_info(void);
|
||||
int usage_lf_em4x50_write(void);
|
||||
int usage_lf_em4x50_write_password(void);
|
||||
|
||||
int CmdEM4x50Info(const char *Cmd);
|
||||
int CmdEM4x50Write(const char *Cmd);
|
||||
int CmdEM4x50WritePassword(const char *Cmd);
|
||||
|
||||
#endif
|
|
@ -584,7 +584,7 @@ static int CmdLFHitagReader(const char *Cmd) {
|
|||
clearCommandBuffer();
|
||||
SendCommandMIX(cmd, htf, 0, 0, &htd, sizeof(htd));
|
||||
PacketResponseNG resp;
|
||||
if (!WaitForResponseTimeout(CMD_ACK, &resp, 4000)) {
|
||||
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
|
|
@ -199,7 +199,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr
|
|||
if (tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr) > traceLen) {
|
||||
return traceLen;
|
||||
}
|
||||
|
||||
|
||||
uint8_t *frame = hdr->frame;
|
||||
uint8_t *parityBytes = hdr->frame + data_len;
|
||||
|
||||
|
@ -495,7 +495,7 @@ static int CmdTraceLoad(const char *Cmd) {
|
|||
|
||||
g_traceLen = (long)len;
|
||||
|
||||
PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes) loaded from " _YELLOW_("%s"), g_traceLen, filename);
|
||||
PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes)", g_traceLen);
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -81,7 +81,8 @@ endif
|
|||
# common LF support
|
||||
PLATFORM_DEFS += \
|
||||
-DWITH_LF \
|
||||
-DWITH_HITAG
|
||||
-DWITH_HITAG \
|
||||
-DWITH_EM4x50
|
||||
|
||||
# common HF support
|
||||
PLATFORM_DEFS += \
|
||||
|
|
|
@ -26,7 +26,7 @@ At the moment both are maintained because they don't perfectly overlap yet.
|
|||
| bluez detection | pc | pkg_search_module | |
|
||||
| `SKIPBT` | yes | yes | |
|
||||
| dep bzip2 | sys | sys | |
|
||||
| bzip2 detection | **none** | find_package, Android:gitclone | |
|
||||
| bzip2 detection | **none** | find_package, Cross:gitclone | |
|
||||
| dep cliparser | in_deps | in_deps | |
|
||||
| dep hardnested | in_deps | in_deps | |
|
||||
| hardn arch autodetect | `uname -m` =? 86 or amd64; `$(CC) -E -mavx512f`? +AVX512` | `CMAKE_SYSTEM_PROCESSOR` =? x86 or x86_64 or i686 or AMD64 (1) | (1) currently it always includes AVX512 on Intel arch |
|
||||
|
@ -53,7 +53,7 @@ At the moment both are maintained because they don't perfectly overlap yet.
|
|||
| Qt detection | pc(qt5)/pc(qt4)/`QTDIR`(1) (2) | find_package(qt5) (3) | (1) if `QTDIR`: hardcode path (2) OSX: pkg-config hook for Brew (3) OSX: add search path|
|
||||
| `SKIPQT` | yes | yes | |
|
||||
| dep readline | sys | sys | |
|
||||
| readline detection | **none** (1) | find*(2), Android:getzip | (1) OSX: hardcoded path (2) additional paths for OSX |
|
||||
| readline detection | **none** (1) | find*(2), Cross:getzip | (1) OSX: hardcoded path (2) additional paths for OSX |
|
||||
| `SKIPREADLINE` | yes | yes | CLI not fully functional without Readline |
|
||||
| dep reveng | in_deps | in_deps | |
|
||||
| `SKIPREVENGTEST` | yes(1) | **no**(2) | (1) e.g. if cross-compilation (2) tests aren't compiled/ran with cmake |
|
||||
|
|
37
include/em4x50.h
Normal file
37
include/em4x50.h
Normal file
|
@ -0,0 +1,37 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2020 tharexde
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Low frequency EM4x50 structs
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef EM4X50_H__
|
||||
#define EM4X50_H__
|
||||
|
||||
typedef struct {
|
||||
bool fwr_given;
|
||||
bool lwr_given;
|
||||
bool pwd_given;
|
||||
bool newpwd_given;
|
||||
uint8_t password[4];
|
||||
uint8_t new_password[4];
|
||||
uint8_t addresses[4];
|
||||
uint8_t address;
|
||||
uint8_t word[4];
|
||||
} em4x50_data_t;
|
||||
|
||||
typedef struct {
|
||||
uint8_t byte[4];
|
||||
uint8_t row_parity[4];
|
||||
uint8_t col_parity;
|
||||
uint8_t stopbit;
|
||||
bool rparity[4];
|
||||
bool cparity[8];
|
||||
bool stopparity;
|
||||
bool parity;
|
||||
} em4x50_word_t;
|
||||
|
||||
#endif /* EM4X50_H__ */
|
|
@ -187,6 +187,7 @@ typedef struct {
|
|||
// lf
|
||||
bool compiled_with_lf : 1;
|
||||
bool compiled_with_hitag : 1;
|
||||
bool compiled_with_em4x50 : 1;
|
||||
// hf
|
||||
bool compiled_with_hfsniff : 1;
|
||||
bool compiled_with_hfplot : 1;
|
||||
|
@ -401,6 +402,9 @@ typedef struct {
|
|||
#define CMD_LF_EM4X_WRITEWORD 0x0219
|
||||
#define CMD_LF_IO_WATCH 0x021A
|
||||
#define CMD_LF_EM410X_WATCH 0x021C
|
||||
#define CMD_LF_EM4X50_INFO 0x0240
|
||||
#define CMD_LF_EM4X50_WRITE 0x0241
|
||||
#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242
|
||||
// Sampling configuration for LF reader/sniffer
|
||||
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D
|
||||
#define CMD_LF_FSK_SIMULATE 0x021E
|
||||
|
|
|
@ -330,7 +330,6 @@ static void *find_state(void *thread_d) {
|
|||
const bitslice_value_t filter4 = f_c_bs(filter4_0, filter4_1, filter4_2, filter4_3, filter4_4);
|
||||
bitslice_t results4;
|
||||
results4.value = results3.value & (filter4 ^ keystream[4].value);
|
||||
|
||||
if (results4.bytes64[0] == 0
|
||||
&& results4.bytes64[1] == 0
|
||||
&& results4.bytes64[2] == 0
|
||||
|
@ -339,7 +338,9 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 56].value = lfsr_bs(8);
|
||||
const bitslice_value_t filter5_3 = f_b_bs(state[-2 + 33].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 38].value);
|
||||
const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value);
|
||||
const bitslice_value_t filter12_2 = f_b_bs(state[-2 + 29].value, state[-2 + 33].value, state[-2 + 35].value, state[-2 + 38].value);
|
||||
|
||||
for (uint8_t i5 = 0; i5 < (1 << bits[5]); i5++) {
|
||||
|
@ -358,8 +359,9 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 57].value = lfsr_bs(9);
|
||||
const bitslice_value_t filter6_3 = f_b_bs(state[-2 + 34].value, state[-2 + 35].value, state[-2 + 37].value, state[-2 + 39].value);
|
||||
|
||||
const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value);
|
||||
for (uint8_t i6 = 0; i6 < (1 << bits[6]); i6++) {
|
||||
state[-2 + 40].value = ((bool)(i6 & 0x1)) ? bs_ones.value : bs_zeroes.value;
|
||||
// 0xffe7ffffffff
|
||||
|
@ -376,8 +378,9 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 58].value = lfsr_bs(10);
|
||||
const bitslice_value_t filter7_3 = f_b_bs(state[-2 + 35].value, state[-2 + 36].value, state[-2 + 38].value, state[-2 + 40].value);
|
||||
|
||||
const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value);
|
||||
for (uint8_t i7 = 0; i7 < (1 << bits[7]); i7++) {
|
||||
state[-2 + 41].value = ((bool)(i7 & 0x1)) ? bs_ones.value : bs_zeroes.value;
|
||||
// 0xfff7ffffffff
|
||||
|
@ -393,16 +396,14 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 59].value = lfsr_bs(11);
|
||||
const bitslice_value_t filter8_3 = f_b_bs(state[-2 + 36].value, state[-2 + 37].value, state[-2 + 39].value, state[-2 + 41].value);
|
||||
const bitslice_value_t filter10_3 = f_b_bs(state[-2 + 38].value, state[-2 + 39].value, state[-2 + 41].value, state[-2 + 43].value);
|
||||
const bitslice_value_t filter12_3 = f_b_bs(state[-2 + 40].value, state[-2 + 41].value, state[-2 + 43].value, state[-2 + 45].value);
|
||||
|
||||
for (uint8_t i8 = 0; i8 < (1 << bits[8]); i8++) {
|
||||
state[-2 + 42].value = ((bool)(i8 & 0x1)) ? bs_ones.value : bs_zeroes.value;
|
||||
// 0xffffffffffff
|
||||
const bitslice_value_t filter8_4 = f_a_bs(state[-2 + 42].value, state[-2 + 51].value, state[-2 + 52].value, state[-2 + 54].value);
|
||||
const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value);
|
||||
const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value);
|
||||
const bitslice_value_t filter8 = f_c_bs(filter8_0, filter8_1, filter8_2, filter8_3, filter8_4);
|
||||
bitslice_t results8;
|
||||
results8.value = results7.value & (filter8 ^ keystream[8].value);
|
||||
|
@ -415,6 +416,7 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value);
|
||||
const bitslice_value_t filter9 = f_c_bs(filter9_0, filter9_1, filter9_2, filter9_3, filter9_4);
|
||||
results8.value &= (filter9 ^ keystream[9].value);
|
||||
|
||||
|
@ -425,8 +427,7 @@ static void *find_state(void *thread_d) {
|
|||
) {
|
||||
continue;
|
||||
}
|
||||
state[-2 + 56].value = lfsr_bs(8);
|
||||
const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value);
|
||||
|
||||
const bitslice_value_t filter10 = f_c_bs(filter10_0, filter10_1, filter10_2, filter10_3, filter10_4);
|
||||
results8.value &= (filter10 ^ keystream[10].value);
|
||||
|
||||
|
@ -438,8 +439,7 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 57].value = lfsr_bs(9);
|
||||
const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value);
|
||||
const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value);
|
||||
const bitslice_value_t filter11 = f_c_bs(filter11_0, filter11_1, filter11_2, filter11_3, filter11_4);
|
||||
results8.value &= (filter11 ^ keystream[11].value);
|
||||
|
||||
|
@ -451,8 +451,6 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 58].value = lfsr_bs(10);
|
||||
const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value);
|
||||
const bitslice_value_t filter12 = f_c_bs(filter12_0, filter12_1, filter12_2, filter12_3, filter12_4);
|
||||
results8.value &= (filter12 ^ keystream[12].value);
|
||||
|
||||
|
@ -464,7 +462,6 @@ static void *find_state(void *thread_d) {
|
|||
continue;
|
||||
}
|
||||
|
||||
state[-2 + 59].value = lfsr_bs(11);
|
||||
const bitslice_value_t filter13_0 = f_a_bs(state[-2 + 15].value, state[-2 + 16].value, state[-2 + 18].value, state[-2 + 19].value);
|
||||
const bitslice_value_t filter13_1 = f_b_bs(state[-2 + 21].value, state[-2 + 25].value, state[-2 + 27].value, state[-2 + 28].value);
|
||||
const bitslice_value_t filter13_2 = f_b_bs(state[-2 + 30].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 39].value);
|
||||
|
|
Loading…
Reference in a new issue