RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-01 21:22:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

chg: 'hf felica litedump' - more stable impl. Will not break when run twice in a row. Still device can be in a loop if 100sec timeout occures. :(

Browse source
This commit is contained in:
iceman1001 2018-01-05 17:39:04 +01:00
parent 6e93ed80a3
commit 82dbfba827
2 changed files with 58 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
armsrc/felica.c
View file

@ -203,7 +203,7 @@ void HfSnoopISO18(uint32_t samplesToSkip, uint32_t triggersToSkip) {
// connect Demodulated Signal to ADC: // connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD); SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
BigBuf_free(); BigBuf_Clear(); BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace(); clear_trace();
FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092|FPGA_HF_ISO18092_FLAG_NOMOD); FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092|FPGA_HF_ISO18092_FLAG_NOMOD);
@ -262,14 +262,14 @@ void HfSnoopISO18(uint32_t samplesToSkip, uint32_t triggersToSkip) {
} }
} }
switch_off();
//reset framing //reset framing
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
set_tracelen(numbts); set_tracelen(numbts);
LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen()); Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen());
cmd_send(CMD_ACK,1,0,0,0,0); cmd_send(CMD_ACK,1, numbts,0,0,0);
} }
// poll-0: 0xb2,0x4d,0x06,0x00,0xff,0xff,0x00,0x00,0x09,0x21, // poll-0: 0xb2,0x4d,0x06,0x00,0xff,0xff,0x00,0x00,0x09,0x21,
@ -515,7 +515,7 @@ void HfSimLite( uint64_t nfcid) {
if( BUTTON_PRESS()) break; if( BUTTON_PRESS()) break;
} }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); switch_off();
DbpString("Felica Lite-S sim end"); DbpString("Felica Lite-S sim end");
} }
@ -562,7 +562,7 @@ void HfDumpFelicaLiteS() {
FpgaSetupSsc(); FpgaSetupSsc();
// allocate command receive buffer // allocate command receive buffer
BigBuf_free(); BigBuf_Clear(); BigBuf_free(); BigBuf_Clear_ext(false);
LED_D_ON(); LED_D_ON();
@ -595,7 +595,7 @@ void HfDumpFelicaLiteS() {
WDT_HIT(); WDT_HIT();
TransmitFor18092_AsReader(poll, 10, GetCountSspClk()+8,1,0); TransmitFor18092_AsReader(poll, 10, GetCountSspClk()+8, 1, 0);
if (WaitForFelicaReply(512) && NFCFrame.framebytes[3] == FELICA_POLL_ACK) { if (WaitForFelicaReply(512) && NFCFrame.framebytes[3] == FELICA_POLL_ACK) {
@ -629,15 +629,15 @@ void HfDumpFelicaLiteS() {
} }
} }
break; break;
} }
//SpinDelay(500);
} }
switch_off();
//Resetting Frame mode (First set in fpgaloader.c) //Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
//setting tracelen - important! it was set by buffer overflow before
//setting tracelen - important! it was set by buffer overflow before
set_tracelen(cnt); set_tracelen(cnt);
cmd_send(CMD_ACK, 1, cnt, 0, 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); }
cmd_send(CMD_ACK,1,0,0,0,0);
}

79
client/cmdhffelica.c
View file

@ -46,6 +46,7 @@ int usage_hf_felica_simlite(void) {
} }
int usage_hf_felica_dumplite(void) { int usage_hf_felica_dumplite(void) {
PrintAndLog("\n Dump ISO/18092 FeliCa Lite tag \n"); PrintAndLog("\n Dump ISO/18092 FeliCa Lite tag \n");
PrintAndLog("press button to abort run, otherwise it will loop for 200sec.");
PrintAndLog("usage: hf felica litedump [h]"); PrintAndLog("usage: hf felica litedump [h]");
PrintAndLog("options: "); PrintAndLog("options: ");
PrintAndLog(" h : This help"); PrintAndLog(" h : This help");
@ -159,8 +160,7 @@ int CmdHFFelicaSim(const char *Cmd) {
PrintAndLog("Press pm3-button to abort simulation"); PrintAndLog("Press pm3-button to abort simulation");
while( !ukbhit() ){ while( !ukbhit() ){
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;
} }
return 0; return 0;
} }
@ -216,10 +216,13 @@ int CmdHFFelicaSimLite(const char *Cmd) {
return 0; return 0;
} }
static void printSep() {
PrintAndLog("------------------------------------------------------------------------------------");
}
uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) { uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
if (tracepos+19 >= tracelen) if (tracepos+19 >= tracelen)
return tracelen; return tracelen;
trace += tracepos; trace += tracepos;
uint8_t blocknum = trace[0]; uint8_t blocknum = trace[0];
uint8_t status1 = trace[1]; uint8_t status1 = trace[1];
@ -230,7 +233,7 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
snprintf(line+( j * 4),110, "%02x ", trace[j+3]); snprintf(line+( j * 4),110, "%02x ", trace[j+3]);
} }
PrintAndLog( "Block number %02x, status: %02x %02x",blocknum,status1, status2); PrintAndLog("block number %02x, status: %02x %02x",blocknum,status1, status2);
switch (blocknum) { switch (blocknum) {
case 0x00: PrintAndLog( "S_PAD0: %s",line);break; case 0x00: PrintAndLog( "S_PAD0: %s",line);break;
case 0x01: PrintAndLog( "S_PAD1: %s",line);break; case 0x01: PrintAndLog( "S_PAD1: %s",line);break;
@ -324,46 +327,50 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) {
int CmdHFFelicaDumpLite(const char *Cmd) { int CmdHFFelicaDumpLite(const char *Cmd) {
//usage_hf_felica_dumplite(); char ctmp = param_getchar(Cmd, 0);
if ( ctmp == 'h' || ctmp == 'H') return usage_hf_felica_dumplite();
PrintAndLog("[+] FeliCa lite - dump started");
UsbCommand c = {CMD_FELICA_LITE_DUMP, {0,0,0}}; UsbCommand c = {CMD_FELICA_LITE_DUMP, {0,0,0}};
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
UsbCommand resp;
uint16_t tracepos = 0;
uint8_t *trace;
trace = malloc(USB_CMD_DATA_SIZE); uint8_t timeout = 0;
if ( trace == NULL ) { while ( !WaitForResponseTimeout(CMD_ACK, &resp, 2000) ) {
PrintAndLog("Cannot allocate memory for trace"); timeout++;
return 1; printf("."); fflush(stdout);
} if (ukbhit()) {
int gc = getchar(); (void)gc;
// Query for the size of the trace printf("\n[!] aborted via keyboard!\n");
UsbCommand response; return 1;
GetFromBigBuf(trace, USB_CMD_DATA_SIZE, 0); }
if ( !WaitForResponseTimeout(CMD_ACK, &response, 4000) ) { if (timeout > 100) {
PrintAndLog("timeout while waiting for reply."); PrintAndLog("[!] timeout while waiting for reply.");
return 1; return 1;
}
uint16_t traceLen = response.arg[2];
if (traceLen > USB_CMD_DATA_SIZE) {
uint8_t *p = realloc(trace, traceLen);
if (p == NULL) {
PrintAndLog("Cannot allocate memory for trace");
free(trace);
return 2;
} }
trace = p;
GetFromBigBuf(trace, traceLen, 0);
WaitForResponse(CMD_ACK, NULL);
} }
PrintAndLog("Recorded Activity (TraceLen = %d bytes)", traceLen); uint64_t tracelen = resp.arg[1];
while (tracepos < traceLen) { uint8_t *trace = malloc(tracelen);
tracepos = PrintFliteBlock(tracepos, trace, traceLen); if ( trace == NULL ) {
} PrintAndLog("[!] Cannot allocate memory for trace");
return 1;
}
// only download data if there is any.
if ( tracelen > 0 ) {
GetFromBigBuf(trace, tracelen, 0);
PrintAndLog("[+] Recorded Activity (trace len = %d bytes)", tracelen);
printSep();
uint16_t tracepos = 0;
while (tracepos < tracelen)
tracepos = PrintFliteBlock(tracepos, trace, tracelen);
printSep();
}
free(trace); free(trace);
return 0; return 0;
} }