RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-12-31 04:39:49 +08:00
Code Issues Projects Releases Packages Wiki Activity

new coverity scan complains..

Browse source 
fix 'lf hitag'  bit comparisions wrong
fix 'standalone mode'  logically dead code
This commit is contained in:
iceman1001 2017-07-07 15:45:40 +02:00
parent 4406f4ee2a
commit 8bc17414fd
6 changed files with 150 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
armsrc/appmain.c
View file

@ -574,72 +574,67 @@ void StandAloneMode14a()
LED(selected + 1, 0);
// Begin transmitting
if (playing)
{
LED(LED_GREEN, 0);
DbpString("Playing");
for ( ; ; ) {
WDT_HIT();
int button_action = BUTTON_HELD(1000);
if (button_action == 0) { // No button action, proceed with sim
LED(LED_GREEN, 0);
DbpString("Playing");
for ( ; ; ) {
WDT_HIT();
int button_action = BUTTON_HELD(1000);
if (button_action == 0) { // No button action, proceed with sim
uint8_t flags = FLAG_4B_UID_IN_DATA;
uint8_t data[USB_CMD_DATA_SIZE] = {0}; // in case there is a read command received we shouldn't break
uint8_t flags = FLAG_4B_UID_IN_DATA;
uint8_t data[USB_CMD_DATA_SIZE] = {0}; // in case there is a read command received we shouldn't break
memcpy(data, uids[selected].uid, uids[selected].uidlen);
uint64_t tmpuid = bytes_to_num(uids[selected].uid, uids[selected].uidlen);
if ( uids[selected].uidlen == 7 ) {
flags = FLAG_7B_UID_IN_DATA;
Dbprintf("Simulating ISO14443a tag with uid: %014" PRIx64 " [Bank: %d]", tmpuid, selected);
} else {
Dbprintf("Simulating ISO14443a tag with uid: %08" PRIx64 " [Bank: %d]", tmpuid, selected);
}
if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 1k");
SimulateIso14443aTag(1, flags, data);
} else if (uids[selected].sak == 0x18 && uids[selected].atqa[0] == 0x02 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (4b uid)");
SimulateIso14443aTag(8, flags, data);
} else if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (7b uid)");
SimulateIso14443aTag(8, flags, data);
} else if (uids[selected].sak == 0x00 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Ultralight");
SimulateIso14443aTag(2, flags, data);
} else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0x03) {
DbpString("Mifare DESFire");
SimulateIso14443aTag(3, flags, data);
}
else {
Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
SimulateIso14443aTag(1, flags, data);
}
memcpy(data, uids[selected].uid, uids[selected].uidlen);
uint64_t tmpuid = bytes_to_num(uids[selected].uid, uids[selected].uidlen);
if ( uids[selected].uidlen == 7 ) {
flags = FLAG_7B_UID_IN_DATA;
Dbprintf("Simulating ISO14443a tag with uid: %014" PRIx64 " [Bank: %d]", tmpuid, selected);
} else {
Dbprintf("Simulating ISO14443a tag with uid: %08" PRIx64 " [Bank: %d]", tmpuid, selected);
}
else if (button_action == BUTTON_SINGLE_CLICK) {
selected = (selected + 1) % OPTS;
Dbprintf("Done playing. Switching to record mode on bank %d", selected);
iGotoRecord = 1;
break;
if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 1k");
SimulateIso14443aTag(1, flags, data);
} else if (uids[selected].sak == 0x18 && uids[selected].atqa[0] == 0x02 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (4b uid)");
SimulateIso14443aTag(8, flags, data);
} else if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (7b uid)");
SimulateIso14443aTag(8, flags, data);
} else if (uids[selected].sak == 0x00 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Ultralight");
SimulateIso14443aTag(2, flags, data);
} else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0x03) {
DbpString("Mifare DESFire");
SimulateIso14443aTag(3, flags, data);
}
else if (button_action == BUTTON_HOLD) {
Dbprintf("Playtime over. Begin cloning...");
iGotoClone = 1;
break;
else {
Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
SimulateIso14443aTag(1, flags, data);
}
WDT_HIT();
}
/* We pressed a button so ignore it here with a delay */
SpinDelay(300);
LEDsoff();
LED(selected + 1, 0);
else if (button_action == BUTTON_SINGLE_CLICK) {
selected = (selected + 1) % OPTS;
Dbprintf("Done playing. Switching to record mode on bank %d", selected);
iGotoRecord = 1;
break;
}
else if (button_action == BUTTON_HOLD) {
Dbprintf("Playtime over. Begin cloning...");
iGotoClone = 1;
break;
}
WDT_HIT();
}
else
while(BUTTON_PRESS())
WDT_HIT();
/* We pressed a button so ignore it here with a delay */
SpinDelay(300);
LEDsoff();
LED(selected + 1, 0);
}
}
}

143
armsrc/hitagS.c
View file

@ -116,7 +116,7 @@ static u32 hitag2_byte(u64 *x) {
#define HITAG_FRAME_LEN 20
#define HITAG_T_STOP 36 /* T_EOF should be > 36 */
#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */
#define HITAG_T_LOW 8 /* T_LOW should be 4..10 */
#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */
#define HITAG_T_1_MIN 25 /* T[1] should be 26..30 */
//#define HITAG_T_EOF 40 /* T_EOF should be > 36 */
@ -127,16 +127,16 @@ static u32 hitag2_byte(u64 *x) {
#define HITAG_T_TAG_ONE_HALF_PERIOD 10
#define HITAG_T_TAG_TWO_HALF_PERIOD 25
#define HITAG_T_TAG_THREE_HALF_PERIOD 41
#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
#define HITAG_T_TAG_THREE_HALF_PERIOD 41
#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
#define HITAG_T_TAG_HALF_PERIOD 16
#define HITAG_T_TAG_FULL_PERIOD 32
#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_THREE_HALF 41
#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57
#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_THREE_HALF 41
#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57
#define DEBUG 0
@ -167,25 +167,25 @@ static void hitag_send_bit(int bit) {
if (bit == 0) {
// AC Coding --__
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 64)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 64) {};
} else {
// AC coding -_-_
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 48)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 48) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 64)
;;
while (AT91C_BASE_TC0->TC_CV < T0 * 64) {};
}
LED_A_OFF();
break;
@ -193,25 +193,24 @@ static void hitag_send_bit(int bit) {
if (bit == 0) {
// AC Coding --__
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD)
;
while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_HALF_PERIOD) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD)
;
while (AT91C_BASE_TC0->TC_CV < T0 * HITAG_T_TAG_FULL_PERIOD) {};
} else {
// AC coding -_-_
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 8)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 24)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 24) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32)
;;
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
}
LED_A_OFF();
break;
@ -219,19 +218,19 @@ static void hitag_send_bit(int bit) {
if (bit == 0) {
// Manchester: Unloaded, then loaded |__--|
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
} else {
// Manchester: Loaded, then unloaded |--__|
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 32)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 32) {};
}
LED_A_OFF();
break;
@ -239,19 +238,19 @@ static void hitag_send_bit(int bit) {
if (bit == 0) {
// Manchester: Unloaded, then loaded |__--|
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 8)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
} else {
// Manchester: Loaded, then unloaded |--__|
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 8)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 8) {};
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 16)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 16) {};
}
LED_A_OFF();
break;
@ -288,8 +287,8 @@ static void hitag_reader_send_bit(int bit) {
HIGH(GPIO_SSC_DOUT);
if (test == 1) {
// Wait for 4-10 times the carrier period
while (AT91C_BASE_TC0->TC_CV < T0 * 6)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
// SpinDelayUs(8*8);
// Disable modulation, just activates the field again
@ -297,19 +296,19 @@ static void hitag_reader_send_bit(int bit) {
if (bit == 0) {
// Zero bit: |_-|
while (AT91C_BASE_TC0->TC_CV < T0 * 11)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 11) {};
// SpinDelayUs(16*8);
} else {
// One bit: |_--|
while (AT91C_BASE_TC0->TC_CV < T0 * 14)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 14) {};
// SpinDelayUs(22*8);
}
} else {
// Wait for 4-10 times the carrier period
while (AT91C_BASE_TC0->TC_CV < T0 * 6)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
// SpinDelayUs(8*8);
// Disable modulation, just activates the field again
@ -317,13 +316,13 @@ static void hitag_reader_send_bit(int bit) {
if (bit == 0) {
// Zero bit: |_-|
while (AT91C_BASE_TC0->TC_CV < T0 * 22)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 22) {};
// SpinDelayUs(16*8);
} else {
// One bit: |_--|
while (AT91C_BASE_TC0->TC_CV < T0 * 28)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 28) {};
// SpinDelayUs(22*8);
}
}
@ -344,8 +343,8 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) {
// Enable modulation, which means, drop the the field
HIGH(GPIO_SSC_DOUT);
// Wait for 4-10 times the carrier period
while (AT91C_BASE_TC0->TC_CV < T0 * 6)
;
while (AT91C_BASE_TC0->TC_CV < T0 * 6) {};
// Disable modulation, just activates the field again
LOW(GPIO_SSC_DOUT);
}
@ -988,39 +987,39 @@ void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data) {
tag.max_page=0;
//con1
tag.auth=0;
if((tag.pages[1][2]&0x80)==1)
if((tag.pages[1][2]&0x80) == 0x80)
tag.auth=1;
tag.LCON=0;
if((tag.pages[1][2]&0x2)==1)
if((tag.pages[1][2]&0x2) == 0x02)
tag.LCON=1;
tag.LKP=0;
if((tag.pages[1][2]&0x1)==1)
if((tag.pages[1][2]&0x1) == 0x01)
tag.LKP=1;
//con2
//0=read write 1=read only
tag.LCK7=0;
if((tag.pages[1][1]&0x80)==1)
if((tag.pages[1][1]&0x80) == 0x80)
tag.LCK7=1;
tag.LCK6=0;
if((tag.pages[1][1]&0x40)==1)
if((tag.pages[1][1]&0x40) == 0x040)
tag.LCK6=1;
tag.LCK5=0;
if((tag.pages[1][1]&0x20)==1)
if((tag.pages[1][1]&0x20) == 0x20)
tag.LCK5=1;
tag.LCK4=0;
if((tag.pages[1][1]&0x10)==1)
if((tag.pages[1][1]&0x10) == 0x10)
tag.LCK4=1;
tag.LCK3=0;
if((tag.pages[1][1]&0x8)==1)
if((tag.pages[1][1]&0x8) == 0x08)
tag.LCK3=1;
tag.LCK2=0;
if((tag.pages[1][1]&0x4)==1)
if((tag.pages[1][1]&0x4) == 0x04)
tag.LCK2=1;
tag.LCK1=0;
if((tag.pages[1][1]&0x2)==1)
if((tag.pages[1][1]&0x2) == 0x02)
tag.LCK1=1;
tag.LCK0=0;
if((tag.pages[1][1]&0x1)==1)
if((tag.pages[1][1]&0x1) == 0x01)
tag.LCK0=1;
// Set up simulator mode, frequency divisor which will drive the FPGA

11
client/cmdhf.c
View file

@ -879,11 +879,6 @@ int CmdHFSearch(const char *Cmd){
PrintAndLog("\nValid ISO14443-A Tag Found - Quiting Search\n");
return ans;
}
ans = HF14BReader(false); //CmdHF14BReader("s");
if (ans) {
PrintAndLog("\nValid ISO14443-B Tag Found - Quiting Search\n");
return ans;
}
ans = HF15Reader("", false);
if (ans) {
PrintAndLog("\nValid ISO15693 Tag Found - Quiting Search\n");
@ -899,6 +894,12 @@ int CmdHFSearch(const char *Cmd){
PrintAndLog("\nValid Topaz Tag Found - Quiting Search\n");
return 1;
}
// 14b and iclass is the longest test (put last)
ans = HF14BReader(false); //CmdHF14BReader("s");
if (ans) {
PrintAndLog("\nValid ISO14443-B Tag Found - Quiting Search\n");
return ans;
}
ans = HFiClassReader("", false, false);
if (ans) {
PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n");

2
client/cmdhf14a.c
View file

@ -719,7 +719,7 @@ static void waitCmd(uint8_t iSelect) {
UsbCommand resp;
uint16_t len = 0;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
len = iSelect ? (resp.arg[1] & 0xffff) : (resp.arg[0] & 0xffff);
PrintAndLog("received %i octets", len);
if(!len)

5
client/default_keys.dic
View file

@ -451,4 +451,7 @@ E241E8AFCBAF,
#
# Data from forum post
123F8888F322,
050908080008,
050908080008,
#
# Data from hoist
4f9f59c9c875,

22
fpga/hi_read_rx_xcorr.v
View file

@ -15,9 +15,9 @@ module hi_read_rx_xcorr(
input pck0, ck_1356meg, ck_1356megb;
output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
input [7:0] adc_d;
output adc_clk, ssp_frame, ssp_din;
output adc_clk;
input ssp_dout;
output ssp_clk;
output ssp_frame, ssp_din, ssp_clk;
input cross_hi, cross_lo;
output dbg;
input xcorr_is_848, snoop;
@ -28,11 +28,18 @@ assign pwr_oe1 = 1'b0;
assign pwr_oe3 = 1'b0;
assign pwr_oe4 = 1'b0;
wire adc_clk = ck_1356megb;
reg fc_div_2;
// Clock divider
reg [0:0] fc_divider;
always @(negedge ck_1356megb)
fc_div_2 <= fc_div_2 + 1;
fc_divider <= fc_divider + 1;
wire fc_div2 = fc_divider[0];
reg adc_clk;
always @(ck_1356megb)
if (xcorr_is_848)
adc_clk <= ck_1356megb;
else
adc_clk <= fc_div2;
// When we're a reader, we just need to do the BPSK demod; but when we're an
// eavesdropper, we also need to pick out the commands sent by the reader,
@ -77,7 +84,6 @@ reg ssp_frame;
always @(negedge adc_clk)
begin
if (xcorr_is_848 | fc_div_2)
corr_i_cnt <= corr_i_cnt + 1;
end
@ -137,7 +143,7 @@ begin
begin
ssp_clk <= 1'b1;
// Don't shift if we just loaded new data, obviously.
if(corr_i_cnt != 7'd0)
if(corr_i_cnt != 6'd0)
begin
corr_i_out[7:0] <= {corr_i_out[6:0], corr_q_out[7]};
corr_q_out[7:1] <= corr_q_out[6:0];