search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
textual
[RRG-proxmark3.git] / client / src / comms.c
blob5101b019e960b5c5c2d4d1eaadaaa4cd17bca186
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2009 Michael Gernoth <michael at gernoth.net>
3 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // Code for communicating with the proxmark3 hardware.
10 //-----------------------------------------------------------------------------
11
12 #include "comms.h"
13
14 #include <inttypes.h>
15 #include <string.h>
16 #include <stdio.h>
17 #include <stdlib.h>
18
19 #include "uart/uart.h"
20 #include "ui.h"
21 #include "crc16.h"
22 #include "util.h" // g_pendingPrompt
23 #include "util_posix.h" // msclock
24 #include "util_darwin.h" // en/dis-ableNapp();
25
26 //#define COMMS_DEBUG
27 //#define COMMS_DEBUG_RAW
28
29 // Serial port that we are communicating with the PM3 on.
30 static serial_port sp = NULL;
31
32 communication_arg_t conn;
33 capabilities_t pm3_capabilities;
34
35 static pthread_t communication_thread;
36 static bool comm_thread_dead = false;
37
38 // Transmit buffer.
39 static PacketCommandOLD txBuffer;
40 static PacketCommandNGRaw txBufferNG;
41 static size_t txBufferNGLen;
42 static bool txBuffer_pending = false;
43 static pthread_mutex_t txBufferMutex = PTHREAD_MUTEX_INITIALIZER;
44 static pthread_cond_t txBufferSig = PTHREAD_COND_INITIALIZER;
45
46 // Used by PacketResponseReceived as a ring buffer for messages that are yet to be
47 // processed by a command handler (WaitForResponse{,Timeout})
48 static PacketResponseNG rxBuffer[CMD_BUFFER_SIZE];
49
50 // Points to the next empty position to write to
51 static int cmd_head = 0;
52
53 // Points to the position of the last unread command
54 static int cmd_tail = 0;
55
56 // to lock rxBuffer operations from different threads
57 static pthread_mutex_t rxBufferMutex = PTHREAD_MUTEX_INITIALIZER;
58
59 // Global start time for WaitForResponseTimeout & dl_it, so we can reset timeout when we get packets
60 // as sending lot of these packets can slow down things wuite a lot on slow links (e.g. hw status or lf read at 9600)
61 static uint64_t timeout_start_time;
62
63 static uint64_t last_packet_time;
64
65 static bool dl_it(uint8_t *dest, uint32_t bytes, PacketResponseNG *response, size_t ms_timeout, bool show_warning, uint32_t rec_cmd);
66
67 // Simple alias to track usages linked to the Bootloader, these commands must not be migrated.
68 // - commands sent to enter bootloader mode as we might have to talk to old firmwares
69 // - commands sent to the bootloader as it only supports OLD frames (which will always be the case for old BL)
70 void SendCommandBL(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len) {
71 SendCommandOLD(cmd, arg0, arg1, arg2, data, len);
72 }
73
74 void SendCommandOLD(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len) {
75 PacketCommandOLD c = {CMD_UNKNOWN, {0, 0, 0}, {{0}}};
76 c.cmd = cmd;
77 c.arg[0] = arg0;
78 c.arg[1] = arg1;
79 c.arg[2] = arg2;
80 if (len && data)
81 memcpy(&c.d, data, len);
82
83 #ifdef COMMS_DEBUG
84 PrintAndLogEx(NORMAL, "Sending %s", "OLD");
85 #endif
86 #ifdef COMMS_DEBUG_RAW
87 print_hex_break((uint8_t *)&c.cmd, sizeof(c.cmd), 32);
88 print_hex_break((uint8_t *)&c.arg, sizeof(c.arg), 32);
89 print_hex_break((uint8_t *)&c.d, sizeof(c.d), 32);
90 #endif
91
92 if (!session.pm3_present) {
93 PrintAndLogEx(WARNING, "Sending bytes to Proxmark3 failed." _YELLOW_("offline"));
94 return;
95 }
96
97 pthread_mutex_lock(&txBufferMutex);
98 /**
99 This causes hangups at times, when the pm3 unit is unresponsive or disconnected. The main console thread is alive,
100 but comm thread just spins here. Not good.../holiman
101 **/
102 while (txBuffer_pending) {
103 // wait for communication thread to complete sending a previous commmand
104 pthread_cond_wait(&txBufferSig, &txBufferMutex);
105 }
106
107 txBuffer = c;
108 txBuffer_pending = true;
109
110 // tell communication thread that a new command can be send
111 pthread_cond_signal(&txBufferSig);
112
113 pthread_mutex_unlock(&txBufferMutex);
114
115 //__atomic_test_and_set(&txcmd_pending, __ATOMIC_SEQ_CST);
116 }
117
118 static void SendCommandNG_internal(uint16_t cmd, uint8_t *data, size_t len, bool ng) {
119 #ifdef COMMS_DEBUG
120 PrintAndLogEx(INFO, "Sending %s", ng ? "NG" : "MIX");
121 #endif
122
123 if (!session.pm3_present) {
124 PrintAndLogEx(INFO, "Sending bytes to proxmark failed - offline");
125 return;
126 }
127 if (len > PM3_CMD_DATA_SIZE) {
128 PrintAndLogEx(WARNING, "Sending %zu bytes of payload is too much, abort", len);
129 return;
130 }
131
132 PacketCommandNGPostamble *tx_post = (PacketCommandNGPostamble *)((uint8_t *)&txBufferNG + sizeof(PacketCommandNGPreamble) + len);
133
134 pthread_mutex_lock(&txBufferMutex);
135 /**
136 This causes hangups at times, when the pm3 unit is unresponsive or disconnected. The main console thread is alive,
137 but comm thread just spins here. Not good.../holiman
138 **/
139 while (txBuffer_pending) {
140 // wait for communication thread to complete sending a previous commmand
141 pthread_cond_wait(&txBufferSig, &txBufferMutex);
142 }
143
144 txBufferNG.pre.magic = COMMANDNG_PREAMBLE_MAGIC;
145 txBufferNG.pre.ng = ng;
146 txBufferNG.pre.length = len;
147 txBufferNG.pre.cmd = cmd;
148 if (len > 0 && data)
149 memcpy(&txBufferNG.data, data, len);
150
151 if ((conn.send_via_fpc_usart && conn.send_with_crc_on_fpc) || ((!conn.send_via_fpc_usart) && conn.send_with_crc_on_usb)) {
152 uint8_t first, second;
153 compute_crc(CRC_14443_A, (uint8_t *)&txBufferNG, sizeof(PacketCommandNGPreamble) + len, &first, &second);
154 tx_post->crc = (first << 8) + second;
155 } else {
156 tx_post->crc = COMMANDNG_POSTAMBLE_MAGIC;
157 }
158
159 txBufferNGLen = sizeof(PacketCommandNGPreamble) + len + sizeof(PacketCommandNGPostamble);
160
161 #ifdef COMMS_DEBUG_RAW
162 print_hex_break((uint8_t *)&txBufferNG.pre, sizeof(PacketCommandNGPreamble), 32);
163 if (ng) {
164 print_hex_break((uint8_t *)&txBufferNG.data, len, 32);
165 } else {
166 print_hex_break((uint8_t *)&txBufferNG.data, 3 * sizeof(uint64_t), 32);
167 print_hex_break((uint8_t *)&txBufferNG.data + 3 * sizeof(uint64_t), len - 3 * sizeof(uint64_t), 32);
168 }
169 print_hex_break((uint8_t *)tx_post, sizeof(PacketCommandNGPostamble), 32);
170 #endif
171 txBuffer_pending = true;
172
173 // tell communication thread that a new command can be send
174 pthread_cond_signal(&txBufferSig);
175
176 pthread_mutex_unlock(&txBufferMutex);
177
178 //__atomic_test_and_set(&txcmd_pending, __ATOMIC_SEQ_CST);
179 }
180
181 void SendCommandNG(uint16_t cmd, uint8_t *data, size_t len) {
182 SendCommandNG_internal(cmd, data, len, true);
183 }
184
185 void SendCommandMIX(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len) {
186 uint64_t arg[3] = {arg0, arg1, arg2};
187 if (len > PM3_CMD_DATA_SIZE_MIX) {
188 PrintAndLogEx(WARNING, "Sending %zu bytes of payload is too much for MIX frames, abort", len);
189 return;
190 }
191 uint8_t cmddata[PM3_CMD_DATA_SIZE];
192 memcpy(cmddata, arg, sizeof(arg));
193 if (len && data)
194 memcpy(cmddata + sizeof(arg), data, len);
195 SendCommandNG_internal(cmd, cmddata, len + sizeof(arg), false);
196 }
197
198
199 /**
200 * @brief This method should be called when sending a new command to the pm3. In case any old
201 * responses from previous commands are stored in the buffer, a call to this method should clear them.
202 * A better method could have been to have explicit command-ACKS, so we can know which ACK goes to which
203 * operation. Right now we'll just have to live with this.
204 */
205 void clearCommandBuffer(void) {
206 //This is a very simple operation
207 pthread_mutex_lock(&rxBufferMutex);
208 cmd_tail = cmd_head;
209 pthread_mutex_unlock(&rxBufferMutex);
210 }
211 /**
212 * @brief storeCommand stores a USB command in a circular buffer
213 * @param UC
214 */
215 static void storeReply(PacketResponseNG *packet) {
216 pthread_mutex_lock(&rxBufferMutex);
217 if ((cmd_head + 1) % CMD_BUFFER_SIZE == cmd_tail) {
218 //If these two are equal, we're about to overwrite in the
219 // circular buffer.
220 PrintAndLogEx(FAILED, "WARNING: Command buffer about to overwrite command! This needs to be fixed!");
221 fflush(stdout);
222 }
223 //Store the command at the 'head' location
224 PacketResponseNG *destination = &rxBuffer[cmd_head];
225 memcpy(destination, packet, sizeof(PacketResponseNG));
226
227 //increment head and wrap
228 cmd_head = (cmd_head + 1) % CMD_BUFFER_SIZE;
229 pthread_mutex_unlock(&rxBufferMutex);
230 }
231 /**
232 * @brief getCommand gets a command from an internal circular buffer.
233 * @param response location to write command
234 * @return 1 if response was returned, 0 if nothing has been received
235 */
236 static int getReply(PacketResponseNG *packet) {
237 pthread_mutex_lock(&rxBufferMutex);
238 //If head == tail, there's nothing to read, or if we just got initialized
239 if (cmd_head == cmd_tail) {
240 pthread_mutex_unlock(&rxBufferMutex);
241 return 0;
242 }
243
244 //Pick out the next unread command
245 memcpy(packet, &rxBuffer[cmd_tail], sizeof(PacketResponseNG));
246
247 //Increment tail - this is a circular buffer, so modulo buffer size
248 cmd_tail = (cmd_tail + 1) % CMD_BUFFER_SIZE;
249
250 pthread_mutex_unlock(&rxBufferMutex);
251 return 1;
252 }
253
254 //-----------------------------------------------------------------------------
255 // Entry point into our code: called whenever we received a packet over USB
256 // that we weren't necessarily expecting, for example a debug print.
257 //-----------------------------------------------------------------------------
258 static void PacketResponseReceived(PacketResponseNG *packet) {
259
260 // we got a packet, reset WaitForResponseTimeout timeout
261 uint64_t prev_clk = __atomic_load_n(&last_packet_time, __ATOMIC_SEQ_CST);
262 uint64_t clk = msclock();
263 __atomic_store_n(&timeout_start_time, clk, __ATOMIC_SEQ_CST);
264 __atomic_store_n(&last_packet_time, clk, __ATOMIC_SEQ_CST);
265 (void) prev_clk;
266 // PrintAndLogEx(NORMAL, "[%07"PRIu64"] RECV %s magic %08x length %04x status %04x crc %04x cmd %04x",
267 // clk - prev_clk, packet->ng ? "NG" : "OLD", packet->magic, packet->length, packet->status, packet->crc, packet->cmd);
268
269 switch (packet->cmd) {
270 // First check if we are handling a debug message
271 case CMD_DEBUG_PRINT_STRING: {
272
273 char s[PM3_CMD_DATA_SIZE + 1];
274 memset(s, 0x00, sizeof(s));
275
276 size_t len;
277 uint16_t flag;
278 if (packet->ng) {
279 struct d {
280 uint16_t flag;
281 uint8_t buf[PM3_CMD_DATA_SIZE - sizeof(uint16_t)];
282 } PACKED;
283 struct d *data = (struct d *)&packet->data.asBytes;
284 len = packet->length - sizeof(data->flag);
285 flag = data->flag;
286 memcpy(s, data->buf, len);
287 } else {
288 len = MIN(packet->oldarg[0], PM3_CMD_DATA_SIZE);
289 flag = packet->oldarg[1];
290 memcpy(s, packet->data.asBytes, len);
291 }
292
293 if (flag & FLAG_LOG) {
294 if (g_pendingPrompt) {
295 PrintAndLogEx(NORMAL, "");
296 g_pendingPrompt = false;
297 }
298 //PrintAndLogEx(NORMAL, "[" _MAGENTA_("pm3") "] ["_BLUE_("#")"] " "%s", s);
299 PrintAndLogEx(NORMAL, "[" _BLUE_("#") "] %s", s);
300 } else {
301 if (flag & FLAG_INPLACE)
302 PrintAndLogEx(NORMAL, "\r" NOLF);
303
304 PrintAndLogEx(NORMAL, "%s" NOLF, s);
305
306 if (flag & FLAG_NEWLINE)
307 PrintAndLogEx(NORMAL, "");
308 }
309 break;
310 }
311 case CMD_DEBUG_PRINT_INTEGERS: {
312 if (packet->ng == false)
313 PrintAndLogEx(NORMAL, "[" _MAGENTA_("pm3") "] ["_BLUE_("#")"] " "%" PRIx64 ", %" PRIx64 ", %" PRIx64 "", packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]);
314 break;
315 }
316 // iceman: hw status - down the path on device, runs printusbspeed which starts sending a lot of
317 // CMD_DOWNLOAD_BIGBUF packages which is not dealt with. I wonder if simply ignoring them will
318 // work. lets try it.
319 default: {
320 storeReply(packet);
321 break;
322 }
323 }
324 }
325
326
327 // The communications thread.
328 // signals to main thread when a response is ready to process.
329 //
330 static void
331 #ifdef __has_attribute
332 #if __has_attribute(force_align_arg_pointer)
333 __attribute__((force_align_arg_pointer))
334 #endif
335 #endif
336 *uart_communication(void *targ) {
337 communication_arg_t *connection = (communication_arg_t *)targ;
338 uint32_t rxlen;
339 bool commfailed = false;
340 PacketResponseNG rx;
341 PacketResponseNGRaw rx_raw;
342
343 #if defined(__MACH__) && defined(__APPLE__)
344 disableAppNap("Proxmark3 polling UART");
345 #endif
346
347 // is this connection->run a cross thread call?
348 while (connection->run) {
349 rxlen = 0;
350 bool ACK_received = false;
351 bool error = false;
352 int res;
353
354 // Signal to main thread that communications seems off.
355 // main thread will kill and restart this thread.
356 if (commfailed) {
357 if (conn.last_command != CMD_HARDWARE_RESET) {
358 PrintAndLogEx(WARNING, "\nCommunicating with Proxmark3 device " _RED_("failed"));
359 }
360 __atomic_test_and_set(&comm_thread_dead, __ATOMIC_SEQ_CST);
361 break;
362 }
363
364 res = uart_receive(sp, (uint8_t *)&rx_raw.pre, sizeof(PacketResponseNGPreamble), &rxlen);
365 if ((res == PM3_SUCCESS) && (rxlen == sizeof(PacketResponseNGPreamble))) {
366 rx.magic = rx_raw.pre.magic;
367 uint16_t length = rx_raw.pre.length;
368 rx.ng = rx_raw.pre.ng;
369 rx.status = rx_raw.pre.status;
370 rx.cmd = rx_raw.pre.cmd;
371 if (rx.magic == RESPONSENG_PREAMBLE_MAGIC) { // New style NG reply
372 if (length > PM3_CMD_DATA_SIZE) {
373 PrintAndLogEx(WARNING, "Received packet frame with incompatible length: 0x%04x", length);
374 error = true;
375 }
376 if ((!error) && (length > 0)) { // Get the variable length payload
377
378 res = uart_receive(sp, (uint8_t *)&rx_raw.data, length, &rxlen);
379 if ((res != PM3_SUCCESS) || (rxlen != length)) {
380 PrintAndLogEx(WARNING, "Received packet frame with variable part too short? %d/%d", rxlen, length);
381 error = true;
382 } else {
383
384 if (rx.ng) { // Received a valid NG frame
385 memcpy(&rx.data, &rx_raw.data, length);
386 rx.length = length;
387 if ((rx.cmd == conn.last_command) && (rx.status == PM3_SUCCESS)) {
388 ACK_received = true;
389 }
390 } else {
391 uint64_t arg[3];
392 if (length < sizeof(arg)) {
393 PrintAndLogEx(WARNING, "Received MIX packet frame with incompatible length: 0x%04x", length);
394 error = true;
395 }
396 if (!error) { // Received a valid MIX frame
397 memcpy(arg, &rx_raw.data, sizeof(arg));
398 rx.oldarg[0] = arg[0];
399 rx.oldarg[1] = arg[1];
400 rx.oldarg[2] = arg[2];
401 memcpy(&rx.data, ((uint8_t *)&rx_raw.data) + sizeof(arg), length - sizeof(arg));
402 rx.length = length - sizeof(arg);
403 if (rx.cmd == CMD_ACK) {
404 ACK_received = true;
405 }
406 }
407 }
408 }
409 }
410 if (!error) { // Get the postamble
411 res = uart_receive(sp, (uint8_t *)&rx_raw.foopost, sizeof(PacketResponseNGPostamble), &rxlen);
412 if ((res != PM3_SUCCESS) || (rxlen != sizeof(PacketResponseNGPostamble))) {
413 PrintAndLogEx(WARNING, "Received packet frame without postamble");
414 error = true;
415 }
416 }
417 if (!error) { // Check CRC, accept MAGIC as placeholder
418 rx.crc = rx_raw.foopost.crc;
419 if (rx.crc != RESPONSENG_POSTAMBLE_MAGIC) {
420 uint8_t first, second;
421 compute_crc(CRC_14443_A, (uint8_t *)&rx_raw, sizeof(PacketResponseNGPreamble) + length, &first, &second);
422 if ((first << 8) + second != rx.crc) {
423 PrintAndLogEx(WARNING, "Received packet frame with invalid CRC %02X%02X <> %04X", first, second, rx.crc);
424 error = true;
425 }
426 }
427 }
428 if (!error) { // Received a valid OLD frame
429 #ifdef COMMS_DEBUG
430 PrintAndLogEx(NORMAL, "Receiving %s:", rx.ng ? "NG" : "MIX");
431 #endif
432 #ifdef COMMS_DEBUG_RAW
433 print_hex_break((uint8_t *)&rx_raw.pre, sizeof(PacketResponseNGPreamble), 32);
434 print_hex_break((uint8_t *)&rx_raw.data, rx_raw.pre.length, 32);
435 print_hex_break((uint8_t *)&rx_raw.foopost, sizeof(PacketResponseNGPostamble), 32);
436 #endif
437 PacketResponseReceived(&rx);
438 }
439 } else { // Old style reply
440 PacketResponseOLD rx_old;
441 memcpy(&rx_old, &rx_raw.pre, sizeof(PacketResponseNGPreamble));
442
443 res = uart_receive(sp, ((uint8_t *)&rx_old) + sizeof(PacketResponseNGPreamble), sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble), &rxlen);
444 if ((res != PM3_SUCCESS) || (rxlen != sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble))) {
445 PrintAndLogEx(WARNING, "Received packet OLD frame with payload too short? %d/%zu", rxlen, sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble));
446 error = true;
447 }
448 if (!error) {
449 #ifdef COMMS_DEBUG
450 PrintAndLogEx(NORMAL, "Receiving OLD:");
451 #endif
452 #ifdef COMMS_DEBUG_RAW
453 print_hex_break((uint8_t *)&rx_old.cmd, sizeof(rx_old.cmd), 32);
454 print_hex_break((uint8_t *)&rx_old.arg, sizeof(rx_old.arg), 32);
455 print_hex_break((uint8_t *)&rx_old.d, sizeof(rx_old.d), 32);
456 #endif
457 rx.ng = false;
458 rx.magic = 0;
459 rx.status = 0;
460 rx.crc = 0;
461 rx.cmd = rx_old.cmd;
462 rx.oldarg[0] = rx_old.arg[0];
463 rx.oldarg[1] = rx_old.arg[1];
464 rx.oldarg[2] = rx_old.arg[2];
465 rx.length = PM3_CMD_DATA_SIZE;
466 memcpy(&rx.data, &rx_old.d, rx.length);
467 PacketResponseReceived(&rx);
468 if (rx.cmd == CMD_ACK) {
469 ACK_received = true;
470 }
471 }
472 }
473 } else {
474 if (rxlen > 0) {
475 PrintAndLogEx(WARNING, "Received packet frame preamble too short: %d/%zu", rxlen, sizeof(PacketResponseNGPreamble));
476 error = true;
477 }
478 if (res == PM3_ENOTTY) {
479 commfailed = true;
480 }
481 }
482
483 // TODO if error, shall we resync ?
484
485 pthread_mutex_lock(&txBufferMutex);
486
487 if (connection->block_after_ACK) {
488 // if we just received an ACK, wait here until a new command is to be transmitted
489 // This is only working on OLD frames, and only used by flasher and flashmem
490 if (ACK_received) {
491 #ifdef COMMS_DEBUG
492 PrintAndLogEx(NORMAL, "Received ACK, fast TX mode: ignoring other RX till TX");
493 #endif
494 while (!txBuffer_pending) {
495 pthread_cond_wait(&txBufferSig, &txBufferMutex);
496 }
497 }
498 }
499
500 if (txBuffer_pending) {
501
502 if (txBufferNGLen) { // NG packet
503 res = uart_send(sp, (uint8_t *) &txBufferNG, txBufferNGLen);
504 if (res == PM3_EIO) {
505 commfailed = true;
506 }
507 conn.last_command = txBufferNG.pre.cmd;
508 txBufferNGLen = 0;
509 } else {
510 res = uart_send(sp, (uint8_t *) &txBuffer, sizeof(PacketCommandOLD));
511 if (res == PM3_EIO) {
512 commfailed = true;
513 }
514 conn.last_command = txBuffer.cmd;
515 }
516
517 txBuffer_pending = false;
518
519 // main thread doesn't know send failed...
520
521 // tell main thread that txBuffer is empty
522 pthread_cond_signal(&txBufferSig);
523 }
524
525 pthread_mutex_unlock(&txBufferMutex);
526 }
527
528 // when thread dies, we close the serial port.
529 uart_close(sp);
530 sp = NULL;
531
532 #if defined(__MACH__) && defined(__APPLE__)
533 enableAppNap();
534 #endif
535
536 pthread_exit(NULL);
537 return NULL;
538 }
539
540 bool IsCommunicationThreadDead(void) {
541 bool ret = __atomic_load_n(&comm_thread_dead, __ATOMIC_SEQ_CST);
542 return ret;
543 }
544
545 bool OpenProxmark(pm3_device **dev, char *port, bool wait_for_port, int timeout, bool flash_mode, uint32_t speed) {
546
547 if (!wait_for_port) {
548 PrintAndLogEx(INFO, "Using UART port " _YELLOW_("%s"), port);
549 sp = uart_open(port, speed);
550 } else {
551 PrintAndLogEx(SUCCESS, "Waiting for Proxmark3 to appear on " _YELLOW_("%s"), port);
552 fflush(stdout);
553 int openCount = 0;
554 PrintAndLogEx(INPLACE, "% 3i", timeout);
555 do {
556 sp = uart_open(port, speed);
557 msleep(500);
558 PrintAndLogEx(INPLACE, "% 3i", timeout - openCount - 1);
559
560 } while (++openCount < timeout && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
561 }
562
563 // check result of uart opening
564 if (sp == INVALID_SERIAL_PORT) {
565 PrintAndLogEx(WARNING, "\n" _RED_("ERROR:") " invalid serial port " _YELLOW_("%s"), port);
566 PrintAndLogEx(HINT, "Try the shell script " _YELLOW_("`./pm3 --list`") " to get a list of possible serial ports");
567 sp = NULL;
568 return false;
569 } else if (sp == CLAIMED_SERIAL_PORT) {
570 PrintAndLogEx(WARNING, "\n" _RED_("ERROR:") " serial port " _YELLOW_("%s") " is claimed by another process", port);
571 PrintAndLogEx(HINT, "Try the shell script " _YELLOW_("`./pm3 --list`") " to get a list of possible serial ports");
572
573 sp = NULL;
574 return false;
575 } else {
576 // start the communication thread
577 if (port != conn.serial_port_name) {
578 uint16_t len = MIN(strlen(port), FILE_PATH_SIZE - 1);
579 memset(conn.serial_port_name, 0, FILE_PATH_SIZE);
580 memcpy(conn.serial_port_name, port, len);
581 }
582 conn.run = true;
583 conn.block_after_ACK = flash_mode;
584 // Flags to tell where to add CRC on sent replies
585 conn.send_with_crc_on_usb = false;
586 conn.send_with_crc_on_fpc = true;
587 // "Session" flag, to tell via which interface next msgs should be sent: USB or FPC USART
588 conn.send_via_fpc_usart = false;
589
590 pthread_create(&communication_thread, NULL, &uart_communication, &conn);
591 __atomic_clear(&comm_thread_dead, __ATOMIC_SEQ_CST);
592 session.pm3_present = true; // TODO support for multiple devices
593
594 fflush(stdout);
595 if (*dev == NULL) {
596 *dev = calloc(sizeof(pm3_device), sizeof(uint8_t));
597 }
598 (*dev)->conn = &conn; // TODO conn shouldn't be global
599 return true;
600 }
601 }
602
603 // check if we can communicate with Pm3
604 int TestProxmark(pm3_device *dev) {
605
606 PacketResponseNG resp;
607 uint16_t len = 32;
608 uint8_t data[len];
609 for (uint16_t i = 0; i < len; i++)
610 data[i] = i & 0xFF;
611
612 __atomic_store_n(&last_packet_time, msclock(), __ATOMIC_SEQ_CST);
613 clearCommandBuffer();
614 SendCommandNG(CMD_PING, data, len);
615
616 uint32_t timeout;
617
618 #ifdef USART_SLOW_LINK
619 // 10s timeout for slow FPC, e.g. over BT
620 // as this is the very first command sent to the pm3
621 // that initiates the BT connection
622 timeout = 10000;
623 #else
624 timeout = 1000;
625 #endif
626
627 if (WaitForResponseTimeoutW(CMD_PING, &resp, timeout, false) == 0) {
628 return PM3_ETIMEOUT;
629 }
630
631 bool error = memcmp(data, resp.data.asBytes, len) != 0;
632 if (error) {
633 return PM3_EIO;
634 }
635
636 SendCommandNG(CMD_CAPABILITIES, NULL, 0);
637 if (WaitForResponseTimeoutW(CMD_CAPABILITIES, &resp, 1000, false) == 0) {
638 return PM3_ETIMEOUT;
639 }
640
641 if ((resp.length != sizeof(pm3_capabilities)) || (resp.data.asBytes[0] != CAPABILITIES_VERSION)) {
642 PrintAndLogEx(ERR, _RED_("Capabilities structure version sent by Proxmark3 is not the same as the one used by the client!"));
643 PrintAndLogEx(ERR, _RED_("Please flash the Proxmark with the same version as the client."));
644 return PM3_EDEVNOTSUPP;
645 }
646
647 memcpy(&pm3_capabilities, resp.data.asBytes, MIN(sizeof(capabilities_t), resp.length));
648 conn.send_via_fpc_usart = pm3_capabilities.via_fpc;
649 conn.uart_speed = pm3_capabilities.baudrate;
650
651 PrintAndLogEx(INFO, "Communicating with PM3 over %s%s%s",
652 conn.send_via_fpc_usart ? _YELLOW_("FPC UART") : _YELLOW_("USB-CDC"),
653 memcmp(conn.serial_port_name, "tcp:", 4) == 0 ? " over " _YELLOW_("TCP") : "",
654 memcmp(conn.serial_port_name, "bt:", 3) == 0 ? " over " _YELLOW_("BT") : "");
655
656 if (conn.send_via_fpc_usart) {
657 PrintAndLogEx(INFO, "PM3 UART serial baudrate: " _YELLOW_("%u") "\n", conn.uart_speed);
658 } else {
659 int res = uart_reconfigure_timeouts(UART_USB_CLIENT_RX_TIMEOUT_MS);
660 if (res != PM3_SUCCESS) {
661 return res;
662 }
663 }
664 return PM3_SUCCESS;
665 }
666
667 void CloseProxmark(pm3_device *dev) {
668 dev->conn->run = false;
669
670 #ifdef __BIONIC__
671 if (communication_thread != 0) {
672 pthread_join(communication_thread, NULL);
673 }
674 #else
675 pthread_join(communication_thread, NULL);
676 #endif
677
678 if (sp) {
679 uart_close(sp);
680 }
681
682 // Clean up our state
683 sp = NULL;
684 #ifdef __BIONIC__
685 if (communication_thread != 0) {
686 memset(&communication_thread, 0, sizeof(pthread_t));
687 }
688 #else
689 memset(&communication_thread, 0, sizeof(pthread_t));
690 #endif
691
692 session.pm3_present = false;
693 }
694
695 // Gives a rough estimate of the communication delay based on channel & baudrate
696 // Max communication delay is when sending largest frame and receiving largest frame
697 // Empirical measures on FTDI with physical cable:
698 // "hw pingng 512"
699 // usb -> 6..32ms
700 // 460800 -> 40..70ms
701 // 9600 -> 1100..1150ms
702 // ~ = 12000000 / USART_BAUD_RATE
703 // Let's take 2x (maybe we need more for BT link?)
704 static size_t communication_delay(void) {
705 if (conn.send_via_fpc_usart) // needed also for Windows USB USART??
706 return 2 * (12000000 / conn.uart_speed);
707 return 0;
708 }
709
710 /**
711 * @brief Waits for a certain response type. This method waits for a maximum of
712 * ms_timeout milliseconds for a specified response command.
713
714 * @param cmd command to wait for, or CMD_UNKNOWN to take any command.
715 * @param response struct to copy received command into.
716 * @param ms_timeout display message after 3 seconds
717 * @param show_warning display message after 3 seconds
718 * @return true if command was returned, otherwise false
719 */
720 bool WaitForResponseTimeoutW(uint32_t cmd, PacketResponseNG *response, size_t ms_timeout, bool show_warning) {
721
722 PacketResponseNG resp;
723
724 if (response == NULL)
725 response = &resp;
726
727 // Add delay depending on the communication channel & speed
728 if (ms_timeout != (size_t) - 1)
729 ms_timeout += communication_delay();
730
731 __atomic_store_n(&timeout_start_time, msclock(), __ATOMIC_SEQ_CST);
732
733 // Wait until the command is received
734 while (true) {
735
736 while (getReply(response)) {
737 if (cmd == CMD_UNKNOWN || response->cmd == cmd) {
738 return true;
739 }
740 if (response->cmd == CMD_WTX && response->length == sizeof(uint16_t)) {
741 uint16_t wtx = response->data.asDwords[0] & 0xFFFF;
742 PrintAndLogEx(DEBUG, "Got Waiting Time eXtension request %i ms", wtx);
743 if (ms_timeout != (size_t) - 1)
744 ms_timeout += wtx;
745 }
746 }
747
748 uint64_t tmp_clk = __atomic_load_n(&timeout_start_time, __ATOMIC_SEQ_CST);
749 if ((ms_timeout != (size_t) - 1) && (msclock() - tmp_clk > ms_timeout))
750 break;
751
752 if (msclock() - tmp_clk > 3000 && show_warning) {
753 // 3 seconds elapsed (but this doesn't mean the timeout was exceeded)
754 // PrintAndLogEx(INFO, "Waiting for a response from the Proxmark3...");
755 PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
756 show_warning = false;
757 }
758 // just to avoid CPU busy loop:
759 msleep(10);
760 }
761 return false;
762 }
763
764 bool WaitForResponseTimeout(uint32_t cmd, PacketResponseNG *response, size_t ms_timeout) {
765 return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
766 }
767
768 bool WaitForResponse(uint32_t cmd, PacketResponseNG *response) {
769 return WaitForResponseTimeoutW(cmd, response, -1, true);
770 }
771
772 /**
773 * Data transfer from Proxmark to client. This method times out after
774 * ms_timeout milliseconds.
775 * @brief GetFromDevice
776 * @param memtype Type of memory to download from proxmark
777 * @param dest Destination address for transfer
778 * @param bytes number of bytes to be transferred
779 * @param start_index offset into Proxmark3 BigBuf[]
780 * @param data used by SPIFFS to provide filename
781 * @param datalen used by SPIFFS to provide filename length
782 * @param response struct to copy last command (CMD_ACK) into
783 * @param ms_timeout timeout in milliseconds
784 * @param show_warning display message after 2 seconds
785 * @return true if command was returned, otherwise false
786 */
787 bool GetFromDevice(DeviceMemType_t memtype, uint8_t *dest, uint32_t bytes, uint32_t start_index, uint8_t *data, uint32_t datalen, PacketResponseNG *response, size_t ms_timeout, bool show_warning) {
788
789 if (dest == NULL) return false;
790 if (bytes == 0) return true;
791
792 PacketResponseNG resp;
793 if (response == NULL)
794 response = &resp;
795
796 // clear
797 clearCommandBuffer();
798
799 switch (memtype) {
800 case BIG_BUF: {
801 SendCommandMIX(CMD_DOWNLOAD_BIGBUF, start_index, bytes, 0, NULL, 0);
802 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_BIGBUF);
803 }
804 case BIG_BUF_EML: {
805 SendCommandMIX(CMD_DOWNLOAD_EML_BIGBUF, start_index, bytes, 0, NULL, 0);
806 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_EML_BIGBUF);
807 }
808 case SPIFFS: {
809 SendCommandMIX(CMD_SPIFFS_DOWNLOAD, start_index, bytes, 0, data, datalen);
810 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_SPIFFS_DOWNLOADED);
811 }
812 case FLASH_MEM: {
813 SendCommandMIX(CMD_FLASHMEM_DOWNLOAD, start_index, bytes, 0, NULL, 0);
814 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_FLASHMEM_DOWNLOADED);
815 }
816 case SIM_MEM: {
817 //SendCommandMIX(CMD_DOWNLOAD_SIM_MEM, start_index, bytes, 0, NULL, 0);
818 //return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_SIMMEM);
819 return false;
820 }
821 case FPGA_MEM: {
822 SendCommandMIX(CMD_FPGAMEM_DOWNLOAD, start_index, bytes, 0, NULL, 0);
823 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_FPGAMEM_DOWNLOADED);
824 }
825 }
826 return false;
827 }
828
829 static bool dl_it(uint8_t *dest, uint32_t bytes, PacketResponseNG *response, size_t ms_timeout, bool show_warning, uint32_t rec_cmd) {
830
831 uint32_t bytes_completed = 0;
832 __atomic_store_n(&timeout_start_time, msclock(), __ATOMIC_SEQ_CST);
833
834 // Add delay depending on the communication channel & speed
835 if (ms_timeout != (size_t) - 1)
836 ms_timeout += communication_delay();
837
838 while (true) {
839
840 if (getReply(response)) {
841
842 if (response->cmd == CMD_ACK)
843 return true;
844 // Spiffs download is converted to NG,
845 if (response->cmd == CMD_SPIFFS_DOWNLOAD)
846 return true;
847
848 // sample_buf is a array pointer, located in data.c
849 // arg0 = offset in transfer. Startindex of this chunk
850 // arg1 = length bytes to transfer
851 // arg2 = bigbuff tracelength (?)
852 if (response->cmd == rec_cmd) {
853
854 uint32_t offset = response->oldarg[0];
855 uint32_t copy_bytes = MIN(bytes - bytes_completed, response->oldarg[1]);
856 //uint32_t tracelen = response->oldarg[2];
857
858 // extended bounds check1. upper limit is PM3_CMD_DATA_SIZE
859 // shouldn't happen
860 copy_bytes = MIN(copy_bytes, PM3_CMD_DATA_SIZE);
861
862 // extended bounds check2.
863 if (offset + copy_bytes > bytes) {
864 PrintAndLogEx(FAILED, "ERROR: Out of bounds when downloading from device, offset %u | len %u | total len %u > buf_size %u", offset, copy_bytes, offset + copy_bytes, bytes);
865 break;
866 }
867
868 memcpy(dest + offset, response->data.asBytes, copy_bytes);
869 bytes_completed += copy_bytes;
870 } else if (response->cmd == CMD_WTX && response->length == sizeof(uint16_t)) {
871 uint16_t wtx = response->data.asDwords[0] & 0xFFFF;
872 PrintAndLogEx(DEBUG, "Got Waiting Time eXtension request %i ms", wtx);
873 if (ms_timeout != (size_t) - 1)
874 ms_timeout += wtx;
875 }
876 }
877
878 uint64_t tmp_clk = __atomic_load_n(&timeout_start_time, __ATOMIC_SEQ_CST);
879 if (msclock() - tmp_clk > ms_timeout) {
880 PrintAndLogEx(FAILED, "Timed out while trying to download data from device");
881 break;
882 }
883
884 if (msclock() - tmp_clk > 3000 && show_warning) {
885 // 3 seconds elapsed (but this doesn't mean the timeout was exceeded)
886 PrintAndLogEx(INFO, "Waiting for a response from the Proxmark3...");
887 PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
888 show_warning = false;
889 }
890 }
891 return false;
892 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware