armsrc/BigBuf.c

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   3 //
   4 // This program is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // This program is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // See LICENSE.txt for the text of the license.
  15 //-----------------------------------------------------------------------------
  16 // BigBuf and functions to allocate/free parts of it.
  17 //-----------------------------------------------------------------------------
  18 #include "BigBuf.h"
  19
  20 #include "string.h"
  21 #include "dbprint.h"
  22 #include "pm3_cmd.h"
  23 #include "util.h" // nbytes
  24
  25 #define BIGBUF_ALIGN_BYTES (4)
  26 #define BIGBUF_ALIGN_MASK  (0xFFFF + 1 - BIGBUF_ALIGN_BYTES)
  27
  28 extern uint32_t _stack_start[], __bss_end__[];
  29
  30 // BigBuf is the large multi-purpose buffer, typically used to hold A/D samples or traces.
  31 // Also used to hold various smaller buffers and the Mifare Emulator Memory.
  32 // We know that bss is aligned to 4 bytes.
  33 static uint8_t *const BigBuf = (uint8_t *)__bss_end__;
  34
  35 /* BigBuf memory layout:
  36 Pointer to highest available memory: s_bigbuf_hi
  37     high s_bigbuf_size
  38     reserved = BigBuf_malloc()  subtracts amount from s_bigbuf_hi,
  39     low  0x00
  40 */
  41
  42 static uint32_t s_bigbuf_size = 0;
  43
  44 // High memory mark
  45 static uint32_t s_bigbuf_hi = 0;
  46
  47 // pointer to the emulator memory.
  48 static uint8_t *emulator_memory = NULL;
  49
  50 //=============================================================================
  51 // The ToSend buffer.
  52 // A buffer where we can queue things up to be sent through the FPGA, for
  53 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
  54 // is the order in which they go out on the wire.
  55 //=============================================================================
  56 static tosend_t toSend = {
  57     .max = -1,
  58     .bit = 8,
  59     .buf = NULL
  60 };
  61 //=============================================================================
  62 // The dmaBuf 16bit buffer.
  63 // A buffer where we receive IQ samples sent from the FPGA, for demodulating
  64 //=============================================================================
  65 static dmabuf16_t dma_16 = {
  66     .size = DMA_BUFFER_SIZE,
  67     .buf = NULL
  68 };
  69 // dmaBuf 8bit buffer
  70 static dmabuf8_t dma_8 = {
  71     .size = DMA_BUFFER_SIZE,
  72     .buf = NULL
  73 };
  74
  75 // trace related variables
  76 static uint32_t trace_len = 0;
  77 static bool tracing = true;
  78
  79 // compute the available size for BigBuf
  80 void BigBuf_initialize(void) {
  81     s_bigbuf_size = (uint32_t)_stack_start - (uint32_t)__bss_end__;
  82     s_bigbuf_hi = s_bigbuf_size;
  83     trace_len = 0;
  84 }
  85
  86 // get the address of BigBuf
  87 uint8_t *BigBuf_get_addr(void) {
  88     return (uint8_t *)BigBuf;
  89 }
  90
  91 uint32_t BigBuf_get_size(void) {
  92     return s_bigbuf_size;
  93 }
  94
  95 // get the address of the emulator memory. Allocate part of Bigbuf for it, if not yet done
  96 uint8_t *BigBuf_get_EM_addr(void) {
  97     // not yet allocated
  98     if (emulator_memory == NULL) {
  99         emulator_memory = BigBuf_calloc(CARD_MEMORY_SIZE);
 100     }
 101     return emulator_memory;
 102 }
 103
 104 uint32_t BigBuf_get_hi(void) {
 105     return s_bigbuf_hi;
 106 }
 107
 108 /*
 109 uint32_t BigBuf_get_EM_size(void) {
 110     return CARD_MEMORY_SIZE;
 111 }
 112 */
 113
 114 // clear ALL of BigBuf
 115 void BigBuf_Clear(void) {
 116     BigBuf_Clear_ext(true);
 117 }
 118
 119 // clear ALL of BigBuf
 120 void BigBuf_Clear_ext(bool verbose) {
 121     memset(BigBuf, 0, s_bigbuf_size);
 122     clear_trace();
 123     if (verbose) {
 124         Dbprintf("Buffer cleared (%i bytes)", s_bigbuf_size);
 125     }
 126 }
 127
 128 void BigBuf_Clear_EM(void) {
 129     memset(BigBuf_get_EM_addr(), 0, CARD_MEMORY_SIZE);
 130 }
 131
 132 void BigBuf_Clear_keep_EM(void) {
 133     memset(BigBuf, 0, s_bigbuf_hi);
 134 }
 135
 136 // allocate a chunk of memory from BigBuf. We allocate high memory first. The unallocated memory
 137 // at the beginning of BigBuf is always for traces/samples
 138 uint8_t *BigBuf_malloc(uint16_t chunksize) {
 139     chunksize = (chunksize + BIGBUF_ALIGN_BYTES - 1) & BIGBUF_ALIGN_MASK; // round up to next multiple of 4
 140
 141     if (s_bigbuf_hi < chunksize) {
 142         return NULL; // no memory left
 143     }
 144
 145     s_bigbuf_hi -= chunksize;  // aligned to 4 Byte boundary
 146     return (uint8_t *)BigBuf + s_bigbuf_hi;
 147 }
 148
 149 // allocate a chunk of memory from BigBuf, and returns a pointer to it.
 150 // sets the memory to zero
 151 uint8_t *BigBuf_calloc(uint16_t chunksize) {
 152     uint8_t *mem = BigBuf_malloc(chunksize);
 153     if (mem != NULL) {
 154         memset(mem, 0x00, ((chunksize + BIGBUF_ALIGN_BYTES - 1) & BIGBUF_ALIGN_MASK)); // round up to next multiple of 4
 155     }
 156     return mem;
 157 }
 158
 159 // free ALL allocated chunks. The whole BigBuf is available for traces or samples again.
 160 void BigBuf_free(void) {
 161     s_bigbuf_hi = s_bigbuf_size;
 162     emulator_memory = NULL;
 163     // shouldn't this empty BigBuf also?
 164     toSend.buf = NULL;
 165     dma_16.buf = NULL;
 166     dma_8.buf = NULL;
 167 }
 168
 169 // free allocated chunks EXCEPT the emulator memory
 170 void BigBuf_free_keep_EM(void) {
 171     if (emulator_memory != NULL)
 172         s_bigbuf_hi = emulator_memory - (uint8_t *)BigBuf;
 173     else
 174         s_bigbuf_hi = s_bigbuf_size;
 175
 176     toSend.buf = NULL;
 177     dma_16.buf = NULL;
 178     dma_8.buf = NULL;
 179 }
 180
 181 void BigBuf_print_status(void) {
 182     DbpString(_CYAN_("Memory"));
 183     Dbprintf("  BigBuf_size............. %d", s_bigbuf_size);
 184     Dbprintf("  Available memory........ %d", s_bigbuf_hi);
 185     DbpString(_CYAN_("Tracing"));
 186     Dbprintf("  tracing ................ %d", tracing);
 187     Dbprintf("  traceLen ............... %d", trace_len);
 188
 189     if (g_dbglevel >= DBG_DEBUG) {
 190         DbpString(_CYAN_("Sending buffers"));
 191
 192         uint16_t d8 = 0;
 193         if (dma_8.buf)
 194             d8 = dma_8.buf - BigBuf_get_addr();
 195
 196         uint16_t d16 = 0;
 197         if (dma_16.buf)
 198             d16 = (uint8_t *)dma_16.buf - BigBuf_get_addr();
 199
 200         uint16_t ts = 0;
 201         if (toSend.buf)
 202             ts = toSend.buf - BigBuf_get_addr();
 203
 204         Dbprintf("  dma8 memory............. %u", d8);
 205         Dbprintf("  dma16 memory............ %u", d16);
 206         Dbprintf("  toSend memory........... %u", ts);
 207     }
 208 }
 209
 210 // return the maximum trace length (i.e. the unallocated size of BigBuf)
 211 uint16_t BigBuf_max_traceLen(void) {
 212     return s_bigbuf_hi & BIGBUF_ALIGN_MASK;
 213 }
 214
 215 void clear_trace(void) {
 216     trace_len = 0;
 217 }
 218
 219 void set_tracelen(uint32_t value) {
 220     trace_len = value;
 221 }
 222
 223 void set_tracing(bool enable) {
 224     tracing = enable;
 225 }
 226
 227 bool get_tracing(void) {
 228     return tracing;
 229 }
 230
 231 /**
 232  * Get the number of bytes traced
 233  * @return
 234  */
 235 uint32_t BigBuf_get_traceLen(void) {
 236     return trace_len;
 237 }
 238
 239 /**
 240   This is a function to store traces. All protocols can use this generic tracer-function.
 241   The traces produced by calling this function can be fetched on the client-side
 242   by 'hf list -t raw', alternatively 'hf list -t <proto>' for protocol-specific
 243   annotation of commands/responses.
 244 **/
 245 bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, const uint8_t *parity, bool reader2tag) {
 246     if (tracing == false) {
 247         return false;
 248     }
 249
 250     uint8_t *trace = BigBuf_get_addr();
 251     tracelog_hdr_t *hdr = (tracelog_hdr_t *)(trace + trace_len);
 252
 253     uint16_t num_paritybytes = (iLen - 1) / 8 + 1; // number of valid paritybytes in *parity
 254
 255     // Return when trace is full
 256     if (TRACELOG_HDR_LEN + iLen + num_paritybytes >= BigBuf_max_traceLen() - trace_len) {
 257         tracing = false;
 258         return false;
 259     }
 260
 261     uint32_t duration;
 262     if (timestamp_end > timestamp_start) {
 263         duration = timestamp_end - timestamp_start;
 264     } else {
 265         duration = (UINT32_MAX - timestamp_start) + timestamp_end;
 266     }
 267
 268     if (duration > 0xFFFF) {
 269         /*
 270         if (g_dbglevel >= DBG_DEBUG) {
 271             Dbprintf("Error in LogTrace: duration too long for 16 bits encoding: 0x%08x   start: 0x%08x end: 0x%08x", duration, timestamp_start, timestamp_end);
 272         }
 273         */
 274         duration = 0xFFFF;
 275     }
 276
 277     hdr->timestamp = timestamp_start;
 278     hdr->duration = duration & 0xFFFF;
 279     hdr->data_len = iLen;
 280     hdr->isResponse = !reader2tag;
 281     trace_len += TRACELOG_HDR_LEN;
 282
 283     // data bytes
 284     if (btBytes != NULL && iLen != 0) {
 285         memcpy(hdr->frame, btBytes, iLen);
 286         trace_len += iLen;
 287     }
 288
 289     // parity bytes
 290     if (num_paritybytes != 0) {
 291         if (parity != NULL) {
 292             memcpy(trace + trace_len, parity, num_paritybytes);
 293         } else {
 294             memset(trace + trace_len, 0x00, num_paritybytes);
 295         }
 296         trace_len += num_paritybytes;
 297     }
 298     return true;
 299 }
 300
 301 // specific LogTrace function for ISO15693: the duration needs to be scaled because otherwise it won't fit into a uint16_t
 302 bool LogTrace_ISO15693(const uint8_t *bytes, uint16_t len, uint32_t ts_start, uint32_t ts_end, const uint8_t *parity, bool reader2tag) {
 303     uint32_t duration = ts_end - ts_start;
 304     duration /= 32;
 305     ts_end = ts_start + duration;
 306     return LogTrace(bytes, len, ts_start, ts_end, parity, reader2tag);
 307 }
 308
 309 // specific LogTrace function for bitstreams: the partial byte size is stored in first parity byte. E.g. bitstream "1100 00100010" -> partial byte: 4 bits
 310 bool RAMFUNC LogTraceBits(const uint8_t *btBytes, uint16_t bitLen, uint32_t timestamp_start, uint32_t timestamp_end, bool reader2tag) {
 311
 312     if (bitLen == 0) {
 313         return false;
 314     }
 315
 316     uint8_t parity[(nbytes(bitLen) - 1) / 8 + 1];
 317     memset(parity, 0x00, sizeof(parity));
 318     // parity has amount of leftover bits.
 319     parity[0] = bitLen % 8;
 320     return LogTrace(btBytes, nbytes(bitLen), timestamp_start, timestamp_end, parity, reader2tag);
 321 }
 322
 323 // Emulator memory
 324 int emlSet(const uint8_t *data, uint32_t offset, uint32_t length) {
 325     uint8_t *mem = BigBuf_get_EM_addr();
 326     if (offset + length <= CARD_MEMORY_SIZE) {
 327         memcpy(mem + offset, data, length);
 328         return PM3_SUCCESS;
 329     }
 330
 331     Dbprintf("Error, trying to set memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE);
 332     return PM3_EOUTOFBOUND;
 333 }
 334
 335 int emlGet(uint8_t *out, uint32_t offset, uint32_t length) {
 336     uint8_t *mem = BigBuf_get_EM_addr();
 337     if (offset + length <= CARD_MEMORY_SIZE) {
 338         memcpy(out, mem + offset, length);
 339         return PM3_SUCCESS;
 340     }
 341
 342     Dbprintf("Error, trying to read memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE);
 343     return PM3_EOUTOFBOUND;
 344 }
 345
 346
 347 // get the address of the ToSend buffer. Allocate part of Bigbuf for it, if not yet done
 348 tosend_t *get_tosend(void) {
 349
 350     if (toSend.buf == NULL) {
 351         toSend.buf = BigBuf_malloc(TOSEND_BUFFER_SIZE);
 352     }
 353     return &toSend;
 354 }
 355
 356 void tosend_reset(void) {
 357     toSend.max = -1;
 358     toSend.bit = 8;
 359 }
 360
 361 void tosend_stuffbit(int b) {
 362
 363     if (toSend.max >= TOSEND_BUFFER_SIZE - 1) {
 364         Dbprintf(_RED_("toSend overflow"));
 365         return;
 366     }
 367
 368     if (toSend.bit >= 8) {
 369         toSend.max++;
 370         toSend.buf[toSend.max] = 0;
 371         toSend.bit = 0;
 372     }
 373
 374     if (b)
 375         toSend.buf[toSend.max] |= (1 << (7 - toSend.bit));
 376
 377     toSend.bit++;
 378
 379     if (toSend.max >= TOSEND_BUFFER_SIZE) {
 380         toSend.bit = 0;
 381     }
 382 }
 383
 384 dmabuf16_t *get_dma16(void) {
 385     if (dma_16.buf == NULL) {
 386         dma_16.buf = (uint16_t *)BigBuf_malloc(DMA_BUFFER_SIZE * sizeof(uint16_t));
 387     }
 388
 389     return &dma_16;
 390 }
 391
 392 dmabuf8_t *get_dma8(void) {
 393     if (dma_8.buf == NULL)
 394         dma_8.buf = BigBuf_malloc(DMA_BUFFER_SIZE);
 395
 396     return &dma_8;
 397 }