add lf em 4x70 calc and self-tests

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Added `lf em 4x70 calc` - calculate `frn`/`grn` for a given `key` + `rnd`
 - Fixed `hf 15 dump` memory leaks (@jlitewski)
 - Changed `hf search` - topaz is detect before ISO14443a and commented out WIP ICT code path (@iceman1001)
 - Fixed `hf search` - where felica reader now doesnt timeout and give wrong response (@iceman1001)

armsrc/em4x70.c

@@ -30,43 +30,50 @@ static em4x70_tag_t tag = { 0 };
 // EM4170 requires a parity bit on commands, other variants do not.
 static bool command_parity = true;
 
-// Conversion from Ticks to RF periods
-// 1 us = 1.5 ticks
-// 1RF Period = 8us = 12 Ticks
-#define TICKS_PER_FC                        12
-
-// Chip timing from datasheet
-// Converted into Ticks for timing functions
-#define EM4X70_T_TAG_QUARTER_PERIOD          (8 * TICKS_PER_FC)
-#define EM4X70_T_TAG_HALF_PERIOD            (16 * TICKS_PER_FC)
-#define EM4X70_T_TAG_THREE_QUARTER_PERIOD   (24 * TICKS_PER_FC)
-#define EM4X70_T_TAG_FULL_PERIOD            (32 * TICKS_PER_FC) // 1 Bit Period
-#define EM4X70_T_TAG_TWA                   (128 * TICKS_PER_FC) // Write Access Time
-#define EM4X70_T_TAG_DIV                   (224 * TICKS_PER_FC) // Divergency Time
-#define EM4X70_T_TAG_AUTH                 (4224 * TICKS_PER_FC) // Authentication Time
-#define EM4X70_T_TAG_WEE                  (3072 * TICKS_PER_FC) // EEPROM write Time
-#define EM4X70_T_TAG_TWALB                 (672 * TICKS_PER_FC) // Write Access Time of Lock Bits
-#define EM4X70_T_TAG_BITMOD                  (4 * TICKS_PER_FC) // Initial time to stop modulation when sending 0
-#define EM4X70_T_TAG_TOLERANCE               (8 * TICKS_PER_FC) // Tolerance in RF periods for receive/LIW
-
-#define EM4X70_T_TAG_TIMEOUT                 (4 * EM4X70_T_TAG_FULL_PERIOD) // Timeout if we ever get a pulse longer than this
-#define EM4X70_T_WAITING_FOR_LIW             50 // Pulses to wait for listen window
-#define EM4X70_T_READ_HEADER_LEN             16 // Read header length (16 bit periods)
-
-#define EM4X70_COMMAND_RETRIES               5 // Attempts to send/read command
-#define EM4X70_MAX_RECEIVE_LENGTH           96 // Maximum bits to expect from any command
 
-/**
- * These IDs are from the EM4170 datasheet
- * Some versions of the chip require a
- * (even) parity bit, others do not
- */
-#define EM4X70_COMMAND_ID                   0x01
-#define EM4X70_COMMAND_UM1                  0x02
-#define EM4X70_COMMAND_AUTH                 0x03
-#define EM4X70_COMMAND_PIN                  0x04
-#define EM4X70_COMMAND_WRITE                0x05
-#define EM4X70_COMMAND_UM2                  0x07
+#if 1 // Calculation of ticks for timing functions
+    // Conversion from Ticks to RF periods
+    // 1 us = 1.5 ticks
+    // 1RF Period = 8us = 12 Ticks
+    #define TICKS_PER_FC                        12
+
+    // Chip timing from datasheet
+    // Converted into Ticks for timing functions
+    #define EM4X70_T_TAG_QUARTER_PERIOD          (8 * TICKS_PER_FC)
+    #define EM4X70_T_TAG_HALF_PERIOD            (16 * TICKS_PER_FC)
+    #define EM4X70_T_TAG_THREE_QUARTER_PERIOD   (24 * TICKS_PER_FC)
+    #define EM4X70_T_TAG_FULL_PERIOD            (32 * TICKS_PER_FC) // 1 Bit Period
+    #define EM4X70_T_TAG_TWA                   (128 * TICKS_PER_FC) // Write Access Time
+    #define EM4X70_T_TAG_DIV                   (224 * TICKS_PER_FC) // Divergency Time
+    #define EM4X70_T_TAG_AUTH                 (4224 * TICKS_PER_FC) // Authentication Time
+    #define EM4X70_T_TAG_WEE                  (3072 * TICKS_PER_FC) // EEPROM write Time
+    #define EM4X70_T_TAG_TWALB                 (672 * TICKS_PER_FC) // Write Access Time of Lock Bits
+    #define EM4X70_T_TAG_BITMOD                  (4 * TICKS_PER_FC) // Initial time to stop modulation when sending 0
+    #define EM4X70_T_TAG_TOLERANCE               (8 * TICKS_PER_FC) // Tolerance in RF periods for receive/LIW
+
+    #define EM4X70_T_TAG_TIMEOUT                 (4 * EM4X70_T_TAG_FULL_PERIOD) // Timeout if we ever get a pulse longer than this
+    #define EM4X70_T_WAITING_FOR_LIW             50 // Pulses to wait for listen window
+    #define EM4X70_T_READ_HEADER_LEN             16 // Read header length (16 bit periods)
+
+    #define EM4X70_COMMAND_RETRIES               5 // Attempts to send/read command
+    #define EM4X70_MAX_RECEIVE_LENGTH           96 // Maximum bits to expect from any command
+#endif // Calculation of ticks for timing functions
+
+#if 1 // EM4x70 Command IDs
+    /**
+     * These IDs are from the EM4170 datasheet.
+     * Some versions of the chip require a
+     * (even) parity bit, others do not.
+     * The command is thus stored only in the
+     * three least significant bits (mask 0x07).
+     */
+    #define EM4X70_COMMAND_ID                   0x01
+    #define EM4X70_COMMAND_UM1                  0x02
+    #define EM4X70_COMMAND_AUTH                 0x03
+    #define EM4X70_COMMAND_PIN                  0x04
+    #define EM4X70_COMMAND_WRITE                0x05
+    #define EM4X70_COMMAND_UM2                  0x07
+#endif // EM4x70 Command IDs
 
 // Constants used to determine high/low state of signal
 #define EM4X70_NOISE_THRESHOLD  13  // May depend on noise in environment
@@ -80,9 +87,9 @@ static bool command_parity = true;
 #define IS_TIMEOUT(timeout_ticks) (GetTicks() > timeout_ticks)
 #define TICKS_ELAPSED(start_ticks) (GetTicks() - start_ticks)
 
-static uint8_t bits2byte(const uint8_t *bits, int length);
-static void bits2bytes(const uint8_t *bits, int length, uint8_t *out);
-static int em4x70_receive(uint8_t *bits, size_t length);
+static uint8_t encoded_bit_array_to_byte(const uint8_t *bits, int count_of_bits);
+static void encoded_bit_array_to_bytes(const uint8_t *bits, int count_of_bits, uint8_t *out);
+static int em4x70_receive(uint8_t *bits, size_t maximum_bits_to_read);
 static bool find_listen_window(bool command);
 
 static void init_tag(void) {
@@ -207,9 +214,10 @@ static uint32_t get_pulse_length(edge_detection_t edge) {
     return 0;
 }
 
-static bool check_pulse_length(uint32_t pl, uint32_t length) {
-    // check if pulse length <pl> corresponds to given length <length>
-    return ((pl >= (length - EM4X70_T_TAG_TOLERANCE)) && (pl <= (length + EM4X70_T_TAG_TOLERANCE)));
+static bool check_pulse_length(uint32_t pulse_tick_length, uint32_t target_tick_length) {
+    // check if pulse tick length corresponds to target length (+/- tolerance)
+    return ((pulse_tick_length >= (target_tick_length - EM4X70_T_TAG_TOLERANCE)) &&
+            (pulse_tick_length <= (target_tick_length + EM4X70_T_TAG_TOLERANCE)));
 }
 
 static void em4x70_send_bit(bool bit) {
@@ -301,7 +309,7 @@ static bool check_ack(void) {
     // ACK  64 + 64
     // NAK 64 + 48
     if (check_pulse_length(get_pulse_length(FALLING_EDGE), 2 * EM4X70_T_TAG_FULL_PERIOD) &&
-            check_pulse_length(get_pulse_length(FALLING_EDGE), 2 * EM4X70_T_TAG_FULL_PERIOD)) {
+        check_pulse_length(get_pulse_length(FALLING_EDGE), 2 * EM4X70_T_TAG_FULL_PERIOD)) {
         // ACK
         return true;
     }
@@ -344,7 +352,11 @@ static int authenticate(const uint8_t *rnd, const uint8_t *frnd, uint8_t *respon
             if (g_dbglevel >= DBG_EXTENDED) Dbprintf("Auth failed");
             return PM3_ESOFT;
         }
-        bits2bytes(grnd, 24, response);
+        // although only received 20 bits
+        // ask for 24 bits converted because
+        // this utility function requires
+        // decoding in multiples of 8 bits
+        encoded_bit_array_to_bytes(grnd, 24, response);
         return PM3_SUCCESS;
     }
 
@@ -455,12 +467,12 @@ static int send_pin(const uint32_t pin) {
             WaitTicks(EM4X70_T_TAG_WEE);
             // <-- Receive header + ID
             uint8_t tag_id[EM4X70_MAX_RECEIVE_LENGTH];
-            int num  = em4x70_receive(tag_id, 32);
-            if (num < 32) {
+            int count_of_bits_received  = em4x70_receive(tag_id, 32);
+            if (count_of_bits_received < 32) {
                 Dbprintf("Invalid ID Received");
                 return PM3_ESOFT;
             }
-            bits2bytes(tag_id, num, &tag.data[4]);
+            encoded_bit_array_to_bytes(tag_id, count_of_bits_received, &tag.data[4]);
             return PM3_SUCCESS;
         }
     }
@@ -537,51 +549,53 @@ static bool find_listen_window(bool command) {
     return false;
 }
 
-static void bits2bytes(const uint8_t *bits, int length, uint8_t *out) {
+// *bits == array of bytes, each byte storing a single bit.    
+// *out  == array of bytes, storing converted bits --> bytes.  
+//
+// [in,  bcount(count_of_bits)  ] const uint8_t *bits
+// [out, bcount(count_of_bits/8)] uint8_t *out
+static void encoded_bit_array_to_bytes(const uint8_t *bits, int count_of_bits, uint8_t *out) {
 
-    if (length % 8 != 0) {
-        Dbprintf("Should have a multiple of 8 bits, was sent %d", length);
+    if (count_of_bits % 8 != 0) {
+        Dbprintf("Should have a multiple of 8 bits, was sent %d", count_of_bits);
     }
 
-    int num_bytes = length / 8; // We should have a multiple of 8 here
+    int num_bytes = count_of_bits / 8; // We should have a multiple of 8 here
 
     for (int i = 1; i <= num_bytes; i++) {
-        out[num_bytes - i] = bits2byte(bits, 8);
+        out[num_bytes - i] = encoded_bit_array_to_byte(bits, 8);
         bits += 8;
     }
 }
 
-static uint8_t bits2byte(const uint8_t *bits, int length) {
+static uint8_t encoded_bit_array_to_byte(const uint8_t *bits, int count_of_bits) {
 
-    // converts <length> separate bits into a single "byte"
+    // converts <count_of_bits> separate bits into a single "byte"
     uint8_t byte = 0;
-    for (int i = 0; i < length; i++) {
-
+    for (int i = 0; i < count_of_bits; i++) {
+        byte <<= 1;
         byte |= bits[i];
-
-        if (i != length - 1)
-            byte <<= 1;
     }
 
     return byte;
 }
 
-static bool send_command_and_read(uint8_t command, uint8_t *bytes, size_t length) {
+static bool send_command_and_read(uint8_t command, uint8_t *bytes, size_t expected_byte_count) {
 
     int retries = EM4X70_COMMAND_RETRIES;
     while (retries) {
         retries--;
 
         if (find_listen_window(true)) {
             uint8_t bits[EM4X70_MAX_RECEIVE_LENGTH] = {0};
-            size_t out_length_bits = length * 8;
+            size_t out_length_bits = expected_byte_count * 8;
             em4x70_send_nibble(command, command_parity);
             int len = em4x70_receive(bits, out_length_bits);
             if (len < out_length_bits) {
                 Dbprintf("Invalid data received length: %d, expected %d", len, out_length_bits);
                 return false;
             }
-            bits2bytes(bits, len, bytes);
+            encoded_bit_array_to_bytes(bits, len, bytes);
             return true;
         }
     }
@@ -629,7 +643,7 @@ static bool find_em4x70_tag(void) {
     return find_listen_window(false);
 }
 
-static int em4x70_receive(uint8_t *bits, size_t length) {
+static int em4x70_receive(uint8_t *bits, size_t maximum_bits_to_read) {
 
     uint32_t pl;
     int bit_pos = 0;
@@ -667,7 +681,7 @@ static int em4x70_receive(uint8_t *bits, size_t length) {
 
     // identify remaining bits based on pulse lengths
     // between listen windows only pulse lengths of 1, 1.5 and 2 are possible
-    while (bit_pos < length) {
+    while (bit_pos < maximum_bits_to_read) {
 
         pl = get_pulse_length(edge);
 
@@ -681,13 +695,13 @@ static int em4x70_receive(uint8_t *bits, size_t length) {
             // pulse length 1.5 -> 2 bits + flip edge detection
             if (edge == FALLING_EDGE) {
                 bits[bit_pos++] = 0;
-                if (bit_pos < length) {
+                if (bit_pos < maximum_bits_to_read) {
                     bits[bit_pos++] = 0;
                 }
                 edge = RISING_EDGE;
             } else {
                 bits[bit_pos++] = 1;
-                if (bit_pos < length) {
+                if (bit_pos < maximum_bits_to_read) {
                     bits[bit_pos++] = 1;
                 }
                 edge = FALLING_EDGE;
@@ -698,12 +712,12 @@ static int em4x70_receive(uint8_t *bits, size_t length) {
             // pulse length of 2 -> two bits
             if (edge == FALLING_EDGE) {
                 bits[bit_pos++] = 0;
-                if (bit_pos < length) {
+                if (bit_pos < maximum_bits_to_read) {
                     bits[bit_pos++] = 1;
                 }
             } else {
                 bits[bit_pos++] = 1;
-                if (bit_pos < length) {
+                if (bit_pos < maximum_bits_to_read) {
                     bits[bit_pos++] = 0;
                 }
             }