Hitag fixes (#887)

* don't display error message during 'lf search' when no Hitag tag is present * remove superfluous options in 'lf hitag read' * fix setting of default threshold when selecting FPGA_CMD_SET_EDGE_DETECT_THRESHOLD major mode * some refactoring
2025-03-12 04:35:36 -07:00 · 2019-11-25 08:38:23 +01:00 · 2019-11-25 08:38:23 +01:00 · 00848e096b
commit 00848e096b
parent e938f71011
7 changed files with 66 additions and 56 deletions
--- a/armsrc/fpgaloader.h
+++ b/armsrc/fpgaloader.h
@ -39,7 +39,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
 #define FPGA_CMD_SET_CONFREG                        (1<<12)
 // LF
 #define FPGA_CMD_SET_DIVISOR                        (2<<12)
-#define FPGA_CMD_SET_USER_BYTE1                     (3<<12)
+#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD          (3<<12)
+
 // HF
 #define FPGA_CMD_TRACE_ENABLE                       (2<<12)

@ -61,9 +62,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
 #define FPGA_LF_ADC_READER_FIELD                    (1<<0)

 // Options for LF_EDGE_DETECT
-#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD          FPGA_CMD_SET_USER_BYTE1
 #define FPGA_LF_EDGE_DETECT_READER_FIELD            (1<<0)
-#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE             (1<<1)
+#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE             (2<<0)

 // Options for the HF reader
 #define FPGA_HF_READER_MODE_RECEIVE_IQ              (0<<0)
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -943,12 +943,12 @@ int CmdLFfind(const char *Cmd)
 				PrintAndLog("\nValid EM4x05/EM4x69 Chip Found\nUse lf em 4x05readword/dump commands to read\n");
 				return 1;
 			}
-			ans=CmdLFHitagReader("26"); // 26 = RHT2F_UID_ONLY
-			if (ans==0) {
+            if (getHitagUid(NULL, true)) {
+				PrintAndLog("\nValid Hitag2 tag Found!");
 				return 1;
-			}
-			ans=CmdCOTAGRead("");
-			if (ans>0) {
+            }
+ 			ans = CmdCOTAGRead("");
+			if (ans > 0) {
 				PrintAndLog("\nValid COTAG ID Found!");
 				return 1;
 			}
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -70,7 +70,7 @@ static int CmdLFHitagList(const char *Cmd) {

 	for (;;) {

-		if(i > traceLen) { break; }
+		if(i >= traceLen) { break; }

 		bool isResponse;
 		int timestamp = *((uint32_t *)(got+i));
@ -208,7 +208,7 @@ static int CmdLFHitagSim(const char *Cmd) {
 }


-static bool getHitagUid(uint32_t *uid) {
+bool getHitagUid(uint32_t *uid, bool quiet) {
 	// ToDo: this is for Hitag2 only (??)
 	
 	UsbCommand c = {CMD_READER_HITAG, {RHT2F_UID_ONLY}};
@ -217,12 +217,12 @@ static bool getHitagUid(uint32_t *uid) {

 	UsbCommand resp;
 	if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
-		PrintAndLogEx(WARNING, "timeout while waiting for reply.");
+		if (!quiet) PrintAndLogEx(WARNING, "timeout while waiting for reply.");
 		return false;
 	}

 	if (resp.arg[0] == false) {
-		PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID");
+		if (!quiet) PrintAndLogEx(DEBUG, "DEBUG: Error - failed getting UID");
 		return false;
 	}

@ -246,7 +246,7 @@ static int CmdLFHitagInfo(const char *Cmd) {

 	// read UID
 	uint32_t uid = 0;
-	if (getHitagUid(&uid) == false)
+	if (getHitagUid(&uid, false) == false)
 		return 1;

 	PrintAndLogEx(SUCCESS, "UID: %08X", uid);
@ -271,32 +271,19 @@ int CmdLFHitagReader(const char *Cmd) {
 	hitag_function htf = param_get32ex(Cmd, 0, 0, 10);

 	switch (htf) {
-		case 01: { //RHTSF_CHALLENGE
+		case RHTSF_CHALLENGE: {
 			c = (UsbCommand){ CMD_READ_HITAG_S };
 			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
 			num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
 			c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage
 			c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode
 		} break;
-		case 02: { //RHTSF_KEY
+		case RHTSF_KEY: {
 			c = (UsbCommand){ CMD_READ_HITAG_S };
 			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
 			c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage
 			c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode
 		} break;
-		case 03: { //RHTSF_CHALLENGE BLOCK
-			c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
-			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
-			num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
-			c.arg[1] = param_get64ex(Cmd, 3, 0, 0); //firstpage
-			c.arg[2] = param_get64ex(Cmd, 4, 0, 0); //tag mode
-		} break;
-		case 04: { //RHTSF_KEY BLOCK
-			c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
-			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
-			c.arg[1] = param_get64ex(Cmd, 2, 0, 0); //firstpage
-			c.arg[2] = param_get64ex(Cmd, 3, 0, 0); //tag mode
-		} break;
 		case RHT2F_PASSWORD: {
 			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->pwd.password);
 		} break;
@ -322,8 +309,6 @@ int CmdLFHitagReader(const char *Cmd) {
 			PrintAndLog("  HitagS (0*):");
 			PrintAndLog("    01 <nr> <ar> (Challenge) <firstPage> <tagmode> read all pages from a Hitag S tag");
 			PrintAndLog("    02 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all pages from a Hitag S tag");
-			PrintAndLog("    03 <nr> <ar> (Challenge) <firstPage> <tagmode> read all blocks from a Hitag S tag");
-			PrintAndLog("    04 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all blocks from a Hitag S tag");
 			PrintAndLog("    Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)");
 			PrintAndLog("  Hitag1 (1*):");
 			PrintAndLog("    (not yet implemented)");
@ -356,11 +341,11 @@ int CmdLFHitagReader(const char *Cmd) {
 		return 1;
 	}

-	uint32_t id = bytes_to_num(resp.d.asBytes,4);
+	uint32_t id = bytes_to_num(resp.d.asBytes, 4);

-	if (htf == RHT2F_UID_ONLY){
-		PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
-	} else {
+	PrintAndLog("Valid Hitag2 tag found - UID: %08x", id);
+	if (htf != RHT2F_UID_ONLY) {
+        PrintAndLogEx(SUCCESS, "Dumping tag memory...");
 		char filename[256];
 		FILE* pf = NULL;

--- a/client/cmdlfhitag.h
+++ b/client/cmdlfhitag.h
@ -11,7 +11,11 @@
 #ifndef CMDLFHITAG_H__
 #define CMDLFHITAG_H__

+#include <stdint.h>
+#include <stdbool.h>
+
 extern int CmdLFHitag(const char *Cmd);
 extern int CmdLFHitagReader(const char *Cmd);
+extern bool getHitagUid(uint32_t *uid, bool quiet);

 #endif
--- a/fpga/fpga_lf.bit
+++ b/fpga/fpga_lf.bit
--- a/fpga/fpga_lf.v
+++ b/fpga/fpga_lf.v
@ -3,6 +3,26 @@
 // iZsh <izsh at fail0verflow.com>, June 2014
 //-----------------------------------------------------------------------------

+// Defining commands, modes and options. This must be aligned to the definitions in fpgaloader.h
+// Note: the definitions here are without shifts
+
+// Commands:
+`define FPGA_CMD_SET_CONFREG                        1
+`define FPGA_CMD_SET_DIVISOR                        2
+`define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD          3
+
+// Major modes:
+`define FPGA_MAJOR_MODE_LF_ADC                      0
+`define FPGA_MAJOR_MODE_LF_EDGE_DETECT              1
+`define FPGA_MAJOR_MODE_LF_PASSTHRU                 2
+
+// Options for LF_ADC
+`define FPGA_LF_ADC_READER_FIELD                    1
+
+// Options for LF_EDGE_DETECT
+`define FPGA_LF_EDGE_DETECT_READER_FIELD            1
+`define FPGA_LF_EDGE_DETECT_TOGGLE_MODE             2
+
 `include "lo_read.v"
 `include "lo_passthru.v"
 `include "lo_edge_detect.v"
@ -30,21 +50,23 @@ module fpga_lf(
 reg [15:0] shift_reg;
 reg [7:0] divisor;
 reg [8:0] conf_word;
-reg [7:0] user_byte1;
+reg [7:0] lf_ed_threshold;

 always @(posedge ncs)
 begin
 	case (shift_reg[15:12])
-		4'b0001:                                    // FPGA_CMD_SET_CONFREG
+		`FPGA_CMD_SET_CONFREG:
 			begin
 				conf_word <= shift_reg[8:0];
-				if (shift_reg[8:0] == 9'b000000001) 
-				begin                               // LF edge detect
-					user_byte1 <= 127;              // default threshold
+				if (shift_reg[8:6] == `FPGA_MAJOR_MODE_LF_EDGE_DETECT)
+				begin
+					lf_ed_threshold <= 127;                // default threshold
 				end
 			end
-		4'b0010: divisor <= shift_reg[7:0];			// FPGA_CMD_SET_DIVISOR
-		4'b0011: user_byte1 <= shift_reg[7:0];		// FPGA_CMD_SET_USER_BYTE1
+		`FPGA_CMD_SET_DIVISOR:
+			divisor <= shift_reg[7:0];
+		`FPGA_CMD_SET_EDGE_DETECT_THRESHOLD:
+			lf_ed_threshold <= shift_reg[7:0];
 	endcase
 end

@ -62,7 +84,6 @@ wire [2:0] major_mode = conf_word[8:6];
 // For the low-frequency configuration:
 wire lf_field = conf_word[0];
 wire lf_ed_toggle_mode = conf_word[1]; // for lo_edge_detect
-wire [7:0] lf_ed_threshold = user_byte1;

 //-----------------------------------------------------------------------------
 // And then we instantiate the modules corresponding to each of the FPGA's
@ -106,17 +127,17 @@ lo_edge_detect le(
 //   001 --  LF edge detect (generic)
 //   010 --  LF passthrough

-mux8 mux_ssp_clk		(major_mode, ssp_clk,   lr_ssp_clk,   le_ssp_clk,         1'b0,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_din		(major_mode, ssp_din,   lr_ssp_din,         1'b0,   lp_ssp_din,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_frame		(major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame,       1'b0,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_pwr_oe1		(major_mode, pwr_oe1,   lr_pwr_oe1,   le_pwr_oe1,   lp_pwr_oe1,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe2		(major_mode, pwr_oe2,   lr_pwr_oe2,   le_pwr_oe2,   lp_pwr_oe2,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_pwr_oe3		(major_mode, pwr_oe3,   lr_pwr_oe3,   le_pwr_oe3,   lp_pwr_oe3,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe4		(major_mode, pwr_oe4,   lr_pwr_oe4,   le_pwr_oe4,   lp_pwr_oe4,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_pwr_lo			(major_mode, pwr_lo,    lr_pwr_lo,    le_pwr_lo,    lp_pwr_lo,    1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_pwr_hi			(major_mode, pwr_hi,    lr_pwr_hi,    le_pwr_hi,    lp_pwr_hi,    1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_adc_clk		(major_mode, adc_clk,   lr_adc_clk,   le_adc_clk,   lp_adc_clk,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
-mux8 mux_dbg			(major_mode, dbg,       lr_dbg,       le_dbg,       lp_dbg,       1'b0, 1'b0, 1'b0, 1'b0, 1'b0); 
+mux8 mux_ssp_clk        (major_mode, ssp_clk,   lr_ssp_clk,   le_ssp_clk,   1'b0,         1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_din        (major_mode, ssp_din,   lr_ssp_din,   1'b0,         lp_ssp_din,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_frame      (major_mode, ssp_frame, lr_ssp_frame, le_ssp_frame, 1'b0,         1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe1        (major_mode, pwr_oe1,   lr_pwr_oe1,   le_pwr_oe1,   lp_pwr_oe1,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe2        (major_mode, pwr_oe2,   lr_pwr_oe2,   le_pwr_oe2,   lp_pwr_oe2,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe3        (major_mode, pwr_oe3,   lr_pwr_oe3,   le_pwr_oe3,   lp_pwr_oe3,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe4        (major_mode, pwr_oe4,   lr_pwr_oe4,   le_pwr_oe4,   lp_pwr_oe4,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_lo         (major_mode, pwr_lo,    lr_pwr_lo,    le_pwr_lo,    lp_pwr_lo,    1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_hi         (major_mode, pwr_hi,    lr_pwr_hi,    le_pwr_hi,    lp_pwr_hi,    1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_adc_clk        (major_mode, adc_clk,   lr_adc_clk,   le_adc_clk,   lp_adc_clk,   1'b0, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_dbg            (major_mode, dbg,       lr_dbg,       le_dbg,       lp_dbg,       1'b0, 1'b0, 1'b0, 1'b0, 1'b0);

 // In all modes, let the ADC's outputs be enabled.
 assign adc_noe = 1'b0;
--- a/fpga/min_max_tracker.v
+++ b/fpga/min_max_tracker.v
@ -25,7 +25,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
 	always @(posedge clk)
 	begin
 		case (state)
-		0:
+		0: // initialize
 			begin
 				if (cur_max_val >= ({1'b0, adc_d} + threshold))
 					state <= 2;
@ -36,7 +36,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
 				else if (adc_d <= cur_min_val)
 					cur_min_val <= adc_d;					
 			end
-		1:
+		1: // high phase
 			begin
 				if (cur_max_val <= adc_d)
 					cur_max_val <= adc_d;
@ -46,7 +46,7 @@ module min_max_tracker(input clk, input [7:0] adc_d, input [7:0] threshold,
 					max_val <= cur_max_val;
 				end
 			end
-		2:
+		2: // low phase
 			begin
 				if (adc_d <= cur_min_val)
 					cur_min_val <= adc_d;