armsrc/Standalone/hf_14asniff.c

   1 //-----------------------------------------------------------------------------
   2 // Copyright 2020 Michael Farrell <micolous+git@gmail.com>
   3 //
   4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
   5 // at your option, any later version. See the LICENSE.txt file for the text of
   6 // the license.
   7 //-----------------------------------------------------------------------------
   8 // main code for standalone HF/iso14a Sniff to flash
   9 //-----------------------------------------------------------------------------
  10
  11 /*
  12  * `hf_14asniff` passively sniffs ISO14a frames, and stores them in internal
  13  * flash. It requires RDV4 hardware (for flash and battery).
  14  *
  15  * This module is similar to hf_bog (which only logs ULC/NTAG/ULEV1 auth).
  16  *
  17  * On entering stand-alone mode, this module will start sniffing ISO14a frames.
  18  * This will be stored in the normal trace buffer (ie: in RAM -- will be lost
  19  * at power-off).
  20  *
  21  * Short-pressing the button again will stop sniffing, and at _this_ point
  22  * append trace data from RAM to a file in flash (hf_14asniff.trc) and unmount.
  23  *
  24  * Once the data is saved, standalone mode will exit.
  25  *
  26  * LEDs:
  27  * - LED1: sniffing
  28  * - LED2: sniffed tag command, turns off when finished sniffing reader command
  29  * - LED3: sniffed reader command, turns off when finished sniffing tag command
  30  * - LED4: unmounting/sync'ing flash (normally < 100ms)
  31  *
  32  * To retrieve trace data from flash:
  33  *
  34  * 1. mem spiffs dump -s hf_14asniff.trc -d trace.trc
  35  *    Copies trace data file from flash to your PC.
  36  *
  37  * 2. trace load trace.trc
  38  *    Loads trace data from a file into PC-side buffers.
  39  *
  40  * 3. For ISO14a: trace list -t 14a -1
  41  *    For MIFARE Classic: trace list -t mf -1
  42  *
  43  *    Lists trace data from buffer without requesting it from PM3.
  44  *
  45  * This module emits debug strings during normal operation -- so try it out in
  46  * the lab connected to PM3 client before taking it into the field.
  47  *
  48  * To delete the trace data from flash:
  49  *
  50  * Caveats / notes:
  51  * - Trace buffer will be cleared on starting stand-alone mode. Data in flash
  52  *   will remain unless explicitly deleted.
  53  * - This module will terminate if the trace buffer is full (and save data to
  54  *   flash).
  55  * - Like normal sniffing mode, timestamps overflow after 5 min 16 sec.
  56  *   However, the trace buffer is sequential, so will be in the correct order.
  57  */
  58
  59 #include "standalone.h" // standalone definitions
  60 #include "proxmark3_arm.h"
  61 #include "iso14443a.h"
  62 #include "util.h"
  63 #include "spiffs.h"
  64 #include "appmain.h"
  65 #include "dbprint.h"
  66 #include "ticks.h"
  67 #include "BigBuf.h"
  68
  69 #define HF_14ASNIFF_LOGFILE "hf_14asniff.trc"
  70
  71 static void DownloadTraceInstructions(void) {
  72     Dbprintf("");
  73     Dbprintf("To get the trace from flash and display it:");
  74     Dbprintf("1. mem spiffs dump -s "HF_14ASNIFF_LOGFILE" -d trace.trc");
  75     Dbprintf("2. trace load -f trace.trc");
  76     Dbprintf("3. trace list -t 14a -1");
  77 }
  78
  79 void ModInfo(void) {
  80     DbpString(" HF 14A SNIFF,  a ISO14443a sniffer with storing in flashmem");
  81     DownloadTraceInstructions();
  82 }
  83
  84 void RunMod(void) {
  85     StandAloneMode();
  86
  87     Dbprintf(_YELLOW_("HF 14A SNIFF started"));
  88     rdv40_spiffs_lazy_mount();
  89
  90     SniffIso14443a(0);
  91
  92     Dbprintf("Stopped sniffing");
  93     SpinDelay(200);
  94
  95     // Write stuff to spiffs logfile
  96     uint32_t trace_len = BigBuf_get_traceLen();
  97     if (trace_len > 0) {
  98         Dbprintf("[!] Trace length (bytes) = %u", trace_len);
  99
 100         uint8_t *trace_buffer = BigBuf_get_addr();
 101         if (!exists_in_spiffs(HF_14ASNIFF_LOGFILE)) {
 102             rdv40_spiffs_write(
 103                 HF_14ASNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE);
 104             Dbprintf("[!] Wrote trace to "HF_14ASNIFF_LOGFILE);
 105         } else {
 106             rdv40_spiffs_append(
 107                 HF_14ASNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE);
 108             Dbprintf("[!] Appended trace to "HF_14ASNIFF_LOGFILE);
 109         }
 110     } else {
 111         Dbprintf("[!] Trace buffer is empty, nothing to write!");
 112     }
 113
 114     LED_D_ON();
 115     rdv40_spiffs_lazy_unmount();
 116     LED_D_OFF();
 117
 118     SpinErr(LED_A, 200, 5);
 119     SpinDelay(100);
 120
 121     Dbprintf("-=[ exit ]=-");
 122     LEDsoff();
 123     DownloadTraceInstructions();
 124 }