proxmark3/armsrc/lfzx.c
2023-08-14 23:07:19 -07:00

196 lines
4.7 KiB
C

//-----------------------------------------------------------------------------
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// Low frequency ZX8211 funtions
//-----------------------------------------------------------------------------
#include "lfzx.h"
#include "zx8211.h"
#include "BigBuf.h"
#include "crc.h" // CRC-8 / Hitag1 / ZX8211
#include "fpgaloader.h"
#include "dbprint.h"
#include "lfops.h" // turn_read_lf_on / off
#include "lfadc.h"
#include "lfsampling.h" // getSamplingConfig
#include "pm3_cmd.h" // struct
#include "ticks.h"
/*
ZX8211
RWE to tag
----------
ASK w 100% modulation index
When power field is:
off, its considered LOW field
on, its considered HIGH field
Binary Pulse Length Coding (BPLC)
ZERO = 8 off, 8 on (14-22)
ONE = 8 off, 28 on (26-32)
EOF = 8 off, 30 on (38 or more)
Protection
----------
32bit read password
32bit write password
Config bits
-------------
Timings
-------
Tx = 8us = 1fc
*/
#define ZX_START_GAP 170
#define ZX_WAIT_GAP 90
#define ZX_GAP 8 // 4 - 10
#define ZX_T0 18
#define ZX_T0_MIN 14
#define ZX_T0_MAX 22
#define ZX_T1 28
#define ZX_T1_MIN 26
#define ZX_T1_MAX 32
#define ZX_TEOF 38
#define ZX_RESET_GAP 35000 // 35ms
#define ZX_RESPONSE_GAP 208
#define ZX_PROG 716
#define ZX_PROG_CT 4470
// TTF switch to RTF
#define ZX_SWITCH_RTF 350
// ZX commands
#define LF_ZX_GET_UID 0b00110
#define LF_ZX_READ
#define LF_ZX_WRITE
static void zx8211_setup_read(void) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
// Make sure the tag is reset
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// use lf config settings
sample_config *sc = getSamplingConfig();
LFSetupFPGAForADC(sc->divisor, true);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_ADC_READER_FIELD);
// 50ms for the resonant antenna to settle.
WaitMS(50);
// Now set up the SSC to get the ADC samples that are now streaming at us.
FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125);
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Start the timer
StartTicks();
// Watchdog hit
WDT_HIT();
}
static void zx_send(const uint8_t *cmd, uint8_t clen) {
if (clen == 0)
return;
turn_read_lf_on(ZX_START_GAP);
// now start writing with bitbanging the antenna.
while (clen-- > 0) {
turn_read_lf_off(ZX_GAP * 8);
if (((*cmd++) & 1) == 1) {
turn_read_lf_on(ZX_T1 * 8);
} else {
turn_read_lf_on(ZX_T0 * 8);
}
}
// send eof
turn_read_lf_off(ZX_GAP * 8);
turn_read_lf_on(ZX_TEOF * 8);
}
static void zx_get(bool ledcontrol) {
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol && (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY)) {
LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
volatile uint8_t sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
(void)sample;
// Test point 8 (TP8) can be used to trigger oscilloscope
if (ledcontrol) LED_D_OFF();
}
}
}
int zx8211_read(zx8211_data_t *zxd, bool ledcontrol) {
zx8211_setup_read();
// clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
if (ledcontrol) LED_A_ON();
// send GET_UID
zx_send(NULL, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_ADC_READER_FIELD);
zx_get(ledcontrol);
//uint32_t cs = CRC8Hitag1(uint8_t *buff, size_t size);
if (ledcontrol) LEDsoff();
StopTicks();
lf_finalize(ledcontrol);
reply_ng(CMD_LF_ZX_READ, PM3_SUCCESS, NULL, 0);
return PM3_SUCCESS;
}
int zx8211_write(zx8211_data_t *zxd, bool ledcontrol) {
zx8211_setup_read();
StopTicks();
lf_finalize(ledcontrol);
//reply_ng(CMD_LF_ZX_WRITE, status, tag.data, sizeof(tag.data));
return PM3_SUCCESS;
}