search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2616 from jmichelp/fix14b
[RRG-proxmark3.git] / armsrc / thinfilm.c
blob79063ba7f4488cf85eba4d1300fca93ca8dda74f
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // Routines to support a mangeled ISO 14443 type A for Thinfilm tags by Kovio
17 //-----------------------------------------------------------------------------
18
19 #include "thinfilm.h"
20
21 #include "proxmark3_arm.h"
22 #include "cmd.h"
23 #include "appmain.h"
24 #include "BigBuf.h"
25 #include "iso14443a.h"
26 #include "fpgaloader.h"
27 #include "ticks.h"
28 #include "dbprint.h"
29 #include "util.h"
30
31 /**
32 * ref
33 * https://www.thinfilmnfc.com/wp-content/uploads/2017/09/Thinfilm-Kovio-NFC-Barcode-Protocol-Tag-Functional-Specification-v3.4-2017-05-26.pdf
34 * https://developer.android.com/reference/android/nfc/tech/NfcBarcode
35 *
36 */
37
38 void ReadThinFilm(void) {
39
40 clear_trace();
41 set_tracing(true);
42
43 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
44
45 uint8_t len = 0;
46 uint8_t buf[36] = {0x00};
47
48 // power on and listen for answer.
49 bool status = GetIso14443aAnswerFromTag_Thinfilm(buf, sizeof(buf), &len);
50 reply_ng(CMD_HF_THINFILM_READ, status ? PM3_SUCCESS : PM3_ENODATA, buf, len);
51
52 hf_field_off();
53 set_tracing(false);
54 }
55
56 #define SEC_D 0xf0
57 #define SEC_E 0x0f
58 #define SEC_F 0x00
59 static uint16_t FpgaSendQueueDelay;
60
61 static uint16_t ReadReaderField(void) {
62 return AvgAdc(ADC_CHAN_HF);
63 }
64
65 static void CodeThinfilmAsTag(const uint8_t *cmd, uint16_t len) {
66
67 tosend_reset();
68
69 tosend_t *ts = get_tosend();
70
71 for (uint16_t i = 0; i < len; i++) {
72 uint8_t b = cmd[i];
73 for (uint8_t j = 0; j < 8; j++) {
74 ts->buf[++ts->max] = (b & 0x80) ? SEC_D : SEC_E;
75 b <<= 1;
76 }
77 }
78 ts->max++;
79 }
80
81 static int EmSendCmdThinfilmRaw(const uint8_t *resp, uint16_t respLen) {
82 volatile uint8_t b;
83 uint16_t i = 0;
84 uint32_t ThisTransferTime;
85 // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line)
86 for (uint8_t j = 0; j < 5; j++) { // allow timeout - better late than never
87 while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
88 if (AT91C_BASE_SSC->SSC_RHR) break;
89 }
90 while ((ThisTransferTime = GetCountSspClk()) & 0x00000007);
91
92
93 // Clear TXRDY:
94 AT91C_BASE_SSC->SSC_THR = SEC_F;
95
96 // send cycle
97 for (; i < respLen;) {
98 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
99 AT91C_BASE_SSC->SSC_THR = resp[i++];
100 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
101 }
102
103 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
104 b = (uint8_t)(AT91C_BASE_SSC->SSC_RHR);
105 (void)b;
106 }
107 if (BUTTON_PRESS()) break;
108 }
109
110 // Ensure that the FPGA Delay Queue is empty
111 uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
112 for (i = 0; i <= fpga_queued_bits / 8 + 1;) {
113 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
114 AT91C_BASE_SSC->SSC_THR = SEC_F;
115 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
116 i++;
117 }
118 }
119
120 return 0;
121 }
122
123 void SimulateThinFilm(uint8_t *data, size_t len) {
124
125 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
126
127 Dbprintf("Simulate " _YELLOW_("%i-bit Thinfilm") " tag", len * 8);
128 Dbhexdump(len, data, true);
129
130 // Set up the synchronous serial port
131 FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);
132
133 // connect Demodulated Signal to ADC:
134 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
135
136 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
137 SpinDelay(100);
138 // Start the timer
139 StartCountSspClk();
140
141 uint16_t hf_baseline = ReadReaderField();
142
143 int8_t status = PM3_SUCCESS;
144 CodeThinfilmAsTag(data, len);
145
146 tosend_t *ts = get_tosend();
147
148 bool reader_detected = false;
149 LED_A_ON();
150 for (;;) {
151
152 WDT_HIT();
153
154 if (BUTTON_PRESS() || data_available()) {
155 status = PM3_EOPABORTED;
156 break;
157 }
158
159 uint16_t hf_av = ReadReaderField();
160
161 if (hf_av < hf_baseline) {
162 hf_baseline = hf_av;
163 }
164
165 if (hf_av > hf_baseline + 10) {
166
167 EmSendCmdThinfilmRaw(ts->buf, ts->max);
168
169 if (reader_detected == false) {
170 LED_B_ON();
171 //Dbprintf("Reader detected, start beaming data");
172 reader_detected = true;
173 }
174 } else {
175 if (reader_detected) {
176 LED_B_OFF();
177 // Dbprintf("Reader gone, stop beaming data");
178 reader_detected = false;
179 }
180 }
181 }
182 LED_A_OFF();
183 reply_ng(CMD_HF_THINFILM_SIMULATE, status, NULL, 0);
184 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware