RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-12-29 20:06:06 +08:00
Code Issues Projects Releases Packages Wiki Activity

chg: 'hf felica litedump' - more stable impl. Will not break when run twice in a row. Still device can be in a loop if 100sec timeout occures. :(

Browse source
This commit is contained in:
iceman1001 2018-01-05 17:39:04 +01:00
parent 6e93ed80a3
commit 82dbfba827
2 changed files with 58 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
armsrc/felica.c
View file

@ -203,7 +203,7 @@ void HfSnoopISO18(uint32_t samplesToSkip, uint32_t triggersToSkip) {
// connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
BigBuf_free(); BigBuf_Clear();
BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace();
FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092|FPGA_HF_ISO18092_FLAG_NOMOD);
@ -262,14 +262,14 @@ void HfSnoopISO18(uint32_t samplesToSkip, uint32_t triggersToSkip) {
}
}
switch_off();
//reset framing
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
set_tracelen(numbts);
LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen());
cmd_send(CMD_ACK,1,0,0,0,0);
cmd_send(CMD_ACK,1, numbts,0,0,0);
}
// poll-0: 0xb2,0x4d,0x06,0x00,0xff,0xff,0x00,0x00,0x09,0x21,
@ -515,7 +515,7 @@ void HfSimLite( uint64_t nfcid) {
if( BUTTON_PRESS()) break;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
switch_off();
DbpString("Felica Lite-S sim end");
}
@ -562,7 +562,7 @@ void HfDumpFelicaLiteS() {
FpgaSetupSsc();
// allocate command receive buffer
BigBuf_free(); BigBuf_Clear();
BigBuf_free(); BigBuf_Clear_ext(false);
LED_D_ON();
@ -595,7 +595,7 @@ void HfDumpFelicaLiteS() {
WDT_HIT();
TransmitFor18092_AsReader(poll, 10, GetCountSspClk()+8,1,0);
TransmitFor18092_AsReader(poll, 10, GetCountSspClk()+8, 1, 0);
if (WaitForFelicaReply(512) && NFCFrame.framebytes[3] == FELICA_POLL_ACK) {
@ -629,15 +629,15 @@ void HfDumpFelicaLiteS() {
}
}
break;
}
//SpinDelay(500);
}
}
switch_off();
//Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
//setting tracelen - important! it was set by buffer overflow before
//setting tracelen - important! it was set by buffer overflow before
set_tracelen(cnt);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,1,0,0,0,0);
}
cmd_send(CMD_ACK, 1, cnt, 0, 0, 0);
}

79
client/cmdhffelica.c
View file

@ -46,6 +46,7 @@ int usage_hf_felica_simlite(void) {
}
int usage_hf_felica_dumplite(void) {
PrintAndLog("\n Dump ISO/18092 FeliCa Lite tag \n");
PrintAndLog("press button to abort run, otherwise it will loop for 200sec.");
PrintAndLog("usage: hf felica litedump [h]");
PrintAndLog("options: ");
PrintAndLog(" h : This help");
@ -159,8 +160,7 @@ int CmdHFFelicaSim(const char *Cmd) {
PrintAndLog("Press pm3-button to abort simulation");
while( !ukbhit() ){
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;
}
return 0;
}
@ -216,10 +216,13 @@ int CmdHFFelicaSimLite(const char *Cmd) {
return 0;
}
static void printSep() {
PrintAndLog("------------------------------------------------------------------------------------");
}
uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
if (tracepos+19 >= tracelen)
return tracelen;
trace += tracepos;
uint8_t blocknum = trace[0];
uint8_t status1 = trace[1];
@ -230,7 +233,7 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
snprintf(line+( j * 4),110, "%02x ", trace[j+3]);
}
PrintAndLog( "Block number %02x, status: %02x %02x",blocknum,status1, status2);
PrintAndLog("block number %02x, status: %02x %02x",blocknum,status1, status2);
switch (blocknum) {
case 0x00: PrintAndLog( "S_PAD0: %s",line);break;
case 0x01: PrintAndLog( "S_PAD1: %s",line);break;
@ -324,46 +327,50 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
int CmdHFFelicaDumpLite(const char *Cmd) {
//usage_hf_felica_dumplite();
char ctmp = param_getchar(Cmd, 0);
if ( ctmp == 'h' || ctmp == 'H') return usage_hf_felica_dumplite();
PrintAndLog("[+] FeliCa lite - dump started");
UsbCommand c = {CMD_FELICA_LITE_DUMP, {0,0,0}};
clearCommandBuffer();
SendCommand(&c);
uint16_t tracepos = 0;
uint8_t *trace;
UsbCommand resp;
trace = malloc(USB_CMD_DATA_SIZE);
if ( trace == NULL ) {
PrintAndLog("Cannot allocate memory for trace");
return 1;
}
// Query for the size of the trace
UsbCommand response;
GetFromBigBuf(trace, USB_CMD_DATA_SIZE, 0);
if ( !WaitForResponseTimeout(CMD_ACK, &response, 4000) ) {
PrintAndLog("timeout while waiting for reply.");
return 1;
}
uint16_t traceLen = response.arg[2];
if (traceLen > USB_CMD_DATA_SIZE) {
uint8_t *p = realloc(trace, traceLen);
if (p == NULL) {
PrintAndLog("Cannot allocate memory for trace");
free(trace);
return 2;
uint8_t timeout = 0;
while ( !WaitForResponseTimeout(CMD_ACK, &resp, 2000) ) {
timeout++;
printf("."); fflush(stdout);
if (ukbhit()) {
int gc = getchar(); (void)gc;
printf("\n[!] aborted via keyboard!\n");
return 1;
}
if (timeout > 100) {
PrintAndLog("[!] timeout while waiting for reply.");
return 1;
}
trace = p;
GetFromBigBuf(trace, traceLen, 0);
WaitForResponse(CMD_ACK, NULL);
}
PrintAndLog("Recorded Activity (TraceLen = %d bytes)", traceLen);
while (tracepos < traceLen) {
tracepos = PrintFliteBlock(tracepos, trace, traceLen);
}
uint64_t tracelen = resp.arg[1];
uint8_t *trace = malloc(tracelen);
if ( trace == NULL ) {
PrintAndLog("[!] Cannot allocate memory for trace");
return 1;
}
// only download data if there is any.
if ( tracelen > 0 ) {
GetFromBigBuf(trace, tracelen, 0);
PrintAndLog("[+] Recorded Activity (trace len = %d bytes)", tracelen);
printSep();
uint16_t tracepos = 0;
while (tracepos < tracelen)
tracepos = PrintFliteBlock(tracepos, trace, tracelen);
printSep();
}
free(trace);
return 0;
}