armsrc/thinfilm.c

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) 2019 iceman
   3 //
   4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
   5 // at your option, any later version. See the LICENSE.txt file for the text of
   6 // the license.
   7 //-----------------------------------------------------------------------------
   8 // Routines to support a mangeled ISO 14443 type A for Thinfilm tags by Kovio
   9 //-----------------------------------------------------------------------------
  10
  11 #include "thinfilm.h"
  12
  13 #include "proxmark3_arm.h"
  14 #include "cmd.h"
  15 #include "appmain.h"
  16 #include "BigBuf.h"
  17 #include "iso14443a.h"
  18 #include "fpgaloader.h"
  19 #include "ticks.h"
  20 #include "dbprint.h"
  21 #include "util.h"
  22
  23 /**
  24   * ref
  25   *   https://www.thinfilmnfc.com/wp-content/uploads/2017/09/Thinfilm-Kovio-NFC-Barcode-Protocol-Tag-Functional-Specification-v3.4-2017-05-26.pdf
  26   *   https://developer.android.com/reference/android/nfc/tech/NfcBarcode
  27   *
  28   */
  29
  30 void ReadThinFilm(void) {
  31
  32     clear_trace();
  33     set_tracing(true);
  34
  35     iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
  36
  37     uint8_t len = 0;
  38     uint8_t buf[36] = {0x00};
  39
  40     // power on and listen for answer.
  41     bool status = GetIso14443aAnswerFromTag_Thinfilm(buf, &len);
  42     reply_ng(CMD_HF_THINFILM_READ, status ? PM3_SUCCESS : PM3_ENODATA, buf, len);
  43
  44     hf_field_off();
  45     set_tracing(false);
  46 }
  47
  48 #define SEC_D 0xf0
  49 #define SEC_E 0x0f
  50 #define SEC_F 0x00
  51 static uint16_t FpgaSendQueueDelay;
  52
  53 static uint16_t ReadReaderField(void) {
  54 #if defined RDV4
  55     return AvgAdc(ADC_CHAN_HF_RDV40);
  56 #else
  57     return AvgAdc(ADC_CHAN_HF);
  58 #endif
  59 }
  60
  61 static void CodeThinfilmAsTag(const uint8_t *cmd, uint16_t len) {
  62
  63     tosend_reset();
  64
  65     tosend_t *ts = get_tosend();
  66
  67     for (uint16_t i = 0; i < len; i++) {
  68         uint8_t b = cmd[i];
  69         for (uint8_t j = 0; j < 8; j++) {
  70             ts->buf[++ts->max] = (b & 0x80) ? SEC_D : SEC_E;
  71             b <<= 1;
  72         }
  73     }
  74     ts->max++;
  75 }
  76
  77 static int EmSendCmdThinfilmRaw(uint8_t *resp, uint16_t respLen) {
  78     volatile uint8_t b;
  79     uint16_t i = 0;
  80     uint32_t ThisTransferTime;
  81     // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line)
  82     for (uint8_t j = 0; j < 5; j++) {    // allow timeout - better late than never
  83         while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
  84         if (AT91C_BASE_SSC->SSC_RHR) break;
  85     }
  86     while ((ThisTransferTime = GetCountSspClk()) & 0x00000007);
  87
  88
  89     // Clear TXRDY:
  90     AT91C_BASE_SSC->SSC_THR = SEC_F;
  91
  92     // send cycle
  93     for (; i < respLen;) {
  94         if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
  95             AT91C_BASE_SSC->SSC_THR = resp[i++];
  96             FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
  97         }
  98
  99         if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
 100             b = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
 101             (void)b;
 102         }
 103         if (BUTTON_PRESS()) break;
 104     }
 105
 106     // Ensure that the FPGA Delay Queue is empty
 107     uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
 108     for (i = 0; i <= fpga_queued_bits / 8 + 1;) {
 109         if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
 110             AT91C_BASE_SSC->SSC_THR = SEC_F;
 111             FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 112             i++;
 113         }
 114     }
 115
 116     return 0;
 117 }
 118
 119 void SimulateThinFilm(uint8_t *data, size_t len) {
 120     Dbprintf("Simulate %i-bit Thinfilm tag", len * 8);
 121     Dbhexdump(len, data, true);
 122     int16_t status = PM3_SUCCESS;
 123     CodeThinfilmAsTag(data, len);
 124
 125     FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 126
 127     // Set up the synchronous serial port
 128     FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);
 129
 130     // connect Demodulated Signal to ADC:
 131     SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 132
 133     FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
 134     SpinDelay(100);
 135
 136     uint16_t hf_baseline = ReadReaderField();
 137
 138     tosend_t *ts = get_tosend();
 139
 140     // Start the timer
 141     StartCountSspClk();
 142
 143     bool reader_detected = false;
 144     LED_A_ON();
 145     for (;;) {
 146         WDT_HIT();
 147         if (BUTTON_PRESS() || data_available()) {
 148             status = PM3_EOPABORTED;
 149             break;
 150         }
 151         uint16_t hf_av = ReadReaderField();
 152         if (hf_av < hf_baseline)
 153             hf_baseline = hf_av;
 154         if (hf_av > hf_baseline + 10) {
 155
 156             EmSendCmdThinfilmRaw(ts->buf, ts->max);
 157             if (!reader_detected) {
 158                 LED_B_ON();
 159                 //Dbprintf("Reader detected, start beaming data");
 160                 reader_detected = true;
 161             }
 162         } else {
 163             if (reader_detected) {
 164                 LED_B_OFF();
 165                 //Dbprintf("Reader gone, stop beaming data");
 166                 reader_detected = false;
 167             }
 168         }
 169     }
 170     LED_A_OFF();
 171     reply_ng(CMD_HF_THINFILM_SIMULATE, status, NULL, 0);
 172 }