Permalink
Browse files

MAJOR update, added hitag2 reader, emulation and eavesdropping, lots …

…of new code, including FPGA tweaks, part 2
  • Loading branch information...
1 parent db09cb3 commit d19929cbe8d681b60496ca6d9d9cbd806822e163 roel@libnfc.org committed Sep 18, 2012
View
@@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
#remove one of the following defines and comment out the relevant line
#in the next section to remove that particular feature from compilation
-APP_CFLAGS = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF
+APP_CFLAGS = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG
#-DWITH_LCD
#SRC_LCD = fonts.c LCD.c
View
@@ -19,6 +19,7 @@
#include <stdarg.h>
#include "legicrf.h"
+#include <hitag2.h>
#ifdef WITH_LCD
# include "fonts.h"
@@ -125,23 +126,27 @@ void Dbprintf(const char *fmt, ...) {
}
// prints HEX & ASCII
-void Dbhexdump(int len, uint8_t *d) {
+void Dbhexdump(int len, uint8_t *d, bool bAsci) {
int l=0,i;
char ascii[9];
-
+
while (len>0) {
if (len>8) l=8;
else l=len;
memcpy(ascii,d,l);
- ascii[l]=0;
+ ascii[l]=0;
// filter safe ascii
- for (i=0;i<l;i++)
+ for (i=0;i<l;i++)
if (ascii[i]<32 || ascii[i]>126) ascii[i]='.';
-
- Dbprintf("%-8s %*D",ascii,l,d," ");
-
+
+ if (bAsci) {
+ Dbprintf("%-8s %*D",ascii,l,d," ");
+ } else {
+ Dbprintf("%*D",l,d," ");
+ }
+
len-=8;
d+=8;
}
@@ -185,14 +190,15 @@ int AvgAdc(int ch) // was static - merlok
void MeasureAntennaTuning(void)
{
- uint8_t *dest = (uint8_t *)BigBuf;
+ uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
UsbCommand c;
- DbpString("Measuring antenna characteristics, please wait.");
- memset(BigBuf,0,sizeof(BigBuf));
+ LED_B_ON();
+ DbpString("Measuring antenna characteristics, please wait...");
+ memset(dest,0,sizeof(FREE_BUFFER_SIZE));
/*
* Sweeps the useful LF range of the proxmark from
@@ -202,8 +208,10 @@ void MeasureAntennaTuning(void)
* the resonating frequency of your LF antenna
* ( hopefully around 95 if it is tuned to 125kHz!)
*/
+
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
for (i=255; i>19; i--) {
+ WDT_HIT();
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
SpinDelay(20);
// Vref = 3.3V, and a 10000:240 voltage divider on the input
@@ -221,6 +229,7 @@ void MeasureAntennaTuning(void)
}
}
+ LED_A_ON();
// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(20);
@@ -232,7 +241,14 @@ void MeasureAntennaTuning(void)
c.arg[0] = (vLf125 << 0) | (vLf134 << 16);
c.arg[1] = vHf;
c.arg[2] = peakf | (peakv << 16);
+
+ DbpString("Measuring complete, sending report back to host");
+
UsbSendPacket((uint8_t *)&c, sizeof(c));
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LED_A_OFF();
+ LED_B_OFF();
+ return;
}
void MeasureAntennaTuningHf(void)
@@ -258,8 +274,7 @@ void MeasureAntennaTuningHf(void)
void SimulateTagHfListen(void)
{
- uint8_t *dest = (uint8_t *)BigBuf;
- int n = sizeof(BigBuf);
+ uint8_t *dest = (uint8_t *)BigBuf+FREE_BUFFER_OFFSET;
uint8_t v = 0;
int i;
int p = 0;
@@ -293,7 +308,7 @@ void SimulateTagHfListen(void)
p = 0;
i++;
- if(i >= n) {
+ if(i >= FREE_BUFFER_SIZE) {
break;
}
}
@@ -644,6 +659,18 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
#endif
+#ifdef WITH_HITAG
+ case CMD_SNOOP_HITAG: // Eavesdrop Hitag tag, args = type
+ SnoopHitag(c->arg[0]);
+ break;
+ case CMD_SIMULATE_HITAG: // Simulate Hitag tag, args = memory content
+ SimulateHitagTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
+ break;
+ case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
+ ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
+ break;
+#endif
+
#ifdef WITH_ISO15693
case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
AcquireRawAdcSamplesIso15693();
@@ -822,16 +849,14 @@ void UsbPacketReceived(uint8_t *packet, int len)
LED_B_ON();
UsbSendPacket((uint8_t *)&n, sizeof(n));
LED_B_OFF();
- break;
- }
+ } break;
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
uint8_t *b = (uint8_t *)BigBuf;
memcpy(b+c->arg[0], c->d.asBytes, 48);
//Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
UsbSendPacket((uint8_t*)&ack, sizeof(ack));
- break;
- }
+ } break;
case CMD_READ_MEM:
ReadMem(c->arg[0]);
@@ -854,10 +879,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
SendVersion();
break;
-#ifdef WITH_LF
-
-#endif
-
#ifdef WITH_LCD
case CMD_LCD_RESET:
LCDReset();
@@ -868,36 +889,36 @@ void UsbPacketReceived(uint8_t *packet, int len)
#endif
case CMD_SETUP_WRITE:
case CMD_FINISH_WRITE:
- case CMD_HARDWARE_RESET:
+ case CMD_HARDWARE_RESET: {
USB_D_PLUS_PULLUP_OFF();
SpinDelay(1000);
SpinDelay(1000);
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
for(;;) {
// We're going to reset, and the bootrom will take control.
}
- break;
+ } break;
- case CMD_START_FLASH:
+ case CMD_START_FLASH: {
if(common_area.flags.bootrom_present) {
common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE;
}
USB_D_PLUS_PULLUP_OFF();
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
for(;;);
- break;
+ } break;
case CMD_DEVICE_INFO: {
UsbCommand c;
c.cmd = CMD_DEVICE_INFO;
c.arg[0] = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
if(common_area.flags.bootrom_present) c.arg[0] |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
UsbSendPacket((uint8_t*)&c, sizeof(c));
- }
- break;
- default:
+ } break;
+
+ default: {
Dbprintf("%s: 0x%04x","unknown command:",c->cmd);
- break;
+ } break;
}
}
View
@@ -14,7 +14,8 @@
#include <stdint.h>
#include <stddef.h>
-typedef unsigned char byte_t;
+#include "common.h"
+#include "hitag2.h"
// The large multi-purpose buffer, typically used to hold A/D samples,
// maybe processed in some way.
@@ -49,7 +50,7 @@ void SamyRun(void);
//void DbpIntegers(int a, int b, int c);
void DbpString(char *str);
void Dbprintf(const char *fmt, ...);
-void Dbhexdump(int len, uint8_t *d);
+void Dbhexdump(int len, uint8_t *d, bool bAsci);
int AvgAdc(int ch);
@@ -69,33 +70,31 @@ void FpgaDownloadAndGo(void);
void FpgaGatherVersion(char *dst, int len);
void FpgaSetupSsc(void);
void SetupSpi(int mode);
-void FpgaSetupSscDma(uint8_t *buf, int len);
-void inline FpgaDisableSscDma(void){
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
-}
-void inline FpgaEnableSscDma(void){
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
-}
+bool FpgaSetupSscDma(uint8_t *buf, int len);
+#define FpgaDisableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
+#define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
void SetAdcMuxFor(uint32_t whichGpio);
// Definitions for the FPGA commands.
#define FPGA_CMD_SET_CONFREG (1<<12)
#define FPGA_CMD_SET_DIVISOR (2<<12)
// Definitions for the FPGA configuration word.
#define FPGA_MAJOR_MODE_LF_READER (0<<5)
-#define FPGA_MAJOR_MODE_LF_SIMULATOR (1<<5)
+#define FPGA_MAJOR_MODE_LF_EDGE_DETECT (1<<5)
#define FPGA_MAJOR_MODE_HF_READER_TX (2<<5)
#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (3<<5)
#define FPGA_MAJOR_MODE_HF_SIMULATOR (4<<5)
#define FPGA_MAJOR_MODE_HF_ISO14443A (5<<5)
#define FPGA_MAJOR_MODE_LF_PASSTHRU (6<<5)
#define FPGA_MAJOR_MODE_OFF (7<<5)
+// Options for LF_EDGE_DETECT
+#define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0)
// Options for the HF reader, tx to tag
#define FPGA_HF_READER_TX_SHALLOW_MOD (1<<0)
// Options for the HF reader, correlating against rx from tag
#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0)
#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1)
-#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2)
+#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2)
// Options for the HF simulated tag, how to modulate
#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0)
#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0)
@@ -139,7 +138,7 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack);
int RAMFUNC LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader);
uint32_t GetParity(const uint8_t * pbtCmd, int iLen);
void iso14a_set_trigger(int enable);
-void iso14a_clear_tracelen(void);
+void iso14a_clear_trace(void);
void iso14a_set_tracing(int enable);
void RAMFUNC SniffMifare(uint8_t param);
@@ -176,6 +175,11 @@ void RAMFUNC SnoopIClass(void);
void SimulateIClass(uint8_t arg0, uint8_t *datain);
void ReaderIClass(uint8_t arg0);
+// hitag2.h
+void SnoopHitag(uint32_t type);
+void SimulateHitagTag(bool tag_mem_supplied, byte_t* data);
+void ReaderHitag(hitag_function htf, hitag_data* htd);
+
/// util.h
#endif
View
@@ -136,18 +136,20 @@ void FpgaSetupSsc(void)
// ourselves, not to another buffer). The stuff to manipulate those buffers
// is in apps.h, because it should be inlined, for speed.
//-----------------------------------------------------------------------------
-void FpgaSetupSscDma(uint8_t *buf, int len)
+bool FpgaSetupSscDma(uint8_t *buf, int len)
{
+ if (buf == NULL) {
+ return false;
+ }
+
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
-
AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
AT91C_BASE_PDC_SSC->PDC_RCR = len;
AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
AT91C_BASE_PDC_SSC->PDC_RNCR = len;
-
- if (buf != NULL) {
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
- }
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
+
+ return true;
}
static void DownloadFPGA_byte(unsigned char w)
Oops, something went wrong.

0 comments on commit d19929c

Please sign in to comment.