Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No 'hw ping' or 'hw break' stop support for iclass simulation #2180

Closed
00Waz opened this issue Nov 16, 2023 · 5 comments
Closed

No 'hw ping' or 'hw break' stop support for iclass simulation #2180

00Waz opened this issue Nov 16, 2023 · 5 comments

Comments

@00Waz
Copy link

00Waz commented Nov 16, 2023

The ability to perform 'hw ping' or 'hw break' commands in order to abort simulation of iclass cards is not supproted.
Last full release that i found that supports this is v4.9237, and the bug was introduced by v4.13441.
Emulation only stops by physical button press.

Example running latest fw.
hw ping failing to respond and stop emulation of mode 1 iclass.

[usb] pm3 --> hw ping
[=] Ping sent
[+] Ping response received
[usb] pm3 --> hf iclass sim -t 1
[=] Starting iCLASS simulation
[=] press `button` to cancel
[usb] pm3 --> hw ping
[=] Ping sent
[!] ⚠️  Ping response timeout

[#] button pressed
[usb] pm3 --> hw ping
[=] Ping sent
[+] Ping response received

example of mode 3 "full card simulation"

[usb] pm3 --> hw ping
[=] Ping sent
[+] Ping response received
[usb] pm3 --> hf iclass eload -f ~/test_file.bin
[+] loaded 152 bytes from binary file `~/test_file.bin`

[=] Uploading to emulator memory
[=] ..
[+] uploaded 152 bytes to emulator memory
[?] You are ready to simulate. See `hf iclass sim -h`
[=] Done!
[usb] pm3 --> hf iclass sim -t 3
[=] Starting iCLASS simulation
[=] press `button` to cancel
[?] Try `hf iclass esave -h` to save the emulator memory to file
[usb] pm3 --> hw ping
[=] Ping sent
[!] ⚠️  Ping response timeout

[#] button pressed
[usb] pm3 --> hw ping
[=] Ping sent
[+] Ping response received
@wh201906
Copy link
Contributor

I guess this is the reason:

In v4.9237 (commit 833bc4d), the doIClassSimulation() calls GetIClassCommandFromReader() in the loop, which checks if the button is pressed and if there is any data from the client.

proxmark3/armsrc/iclass.c

Line 1446 in 833bc4d

if (!GetIClassCommandFromReader(receivedCmd, &len, 0)) {

proxmark3/armsrc/iclass.c

Line 1018 in 833bc4d

if (BUTTON_PRESS() || data_available()) return false;

In v4.13441 (commit 55e1b67), the do_iclass_simulation() calls GetIso15693CommandFromReader() in the loop, which only checks if the button is pressed. (I guess doIClassSimulation() is renamed into do_iclass_simulation())

proxmark3/armsrc/iclass.c

Line 516 in 55e1b67

len = GetIso15693CommandFromReader(receivedCmd, MAX_FRAME_SIZE, &reader_eof_time);

proxmark3/armsrc/iso15693.c

Line 1165 in 55e1b67

if (BUTTON_PRESS()) {

@iceman1001
Copy link
Collaborator

Simulation is a very time critical piece of code. The check for data available distrupted it.
There are some improvement checks in @wh201906 enhanced udp code, not sure if its possible to squeese it down to fit here

@wh201906
Copy link
Contributor

I think the data_available_fast() added in PR #2173 can be used for this. It only checks few of the registers.

@iceman1001
Copy link
Collaborator

yeah, however , simulation fiddling means testing against real readers. and iclass means testing against a bunch of different models, since they are all a bit different in their time sensitivity

@wh201906
Copy link
Contributor

Indeed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iceman1001 @wh201906 @00Waz