Resolved conflicts from upstream feature additions (IDTECK PR #407,
LF_T55XX_WRITE PR #413, ISO14443-4 T=CL emulation, HF14A scan-keep,
etc.) by keeping both sides where independent.
Command ID note for reviewer:
- Maintainer's IDTECK shift commit (1e78976) stated "Jablotron retains
the original slots 3016 and 3017", but upstream had already taken
3016 for DATA_CMD_LF_T55XX_WRITE. Only 3017 was actually free.
- Resolution: JABLOTRON_WRITE_TO_T55XX kept at 3017 (honors intent).
JABLOTRON_SCAN moved 3016 -> 3019 (next free slot).
- 5xxx range: JABLOTRON_SET/GET_EMU_ID = 5010/5011 unchanged
(IDTECK shifted to 5012/5013 as planned).
Python files parse cleanly. No duplicate command IDs in data_cmd.h
(3xxx and 5xxx ranges checked).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Jablotron uses differential biphase (inverted) at RF/64, 64-bit frames:
bits 0-15: 0xFFFF preamble
bits 16-55: 40-bit data (5 bytes), bit 16 must be 0
bits 56-63: 8-bit checksum = (sum of data bytes) XOR 0x3A
Firmware:
- rfid/nfctag/lf/protocols/jablotron.c - encoder/decoder codec
- rfid/nfctag/lf/utils/diphase.c - inverted-biphase state machine
(shared util, reusable by other diphase protocols)
- rfid/reader/lf/lf_jablotron_data.c - GPIO-interval reader path
- app_cmd.c: JABLOTRON_SCAN, JABLOTRON_WRITE_TO_T55XX,
JABLOTRON_SET_EMU_ID, JABLOTRON_GET_EMU_ID
- tag_base_type.h: TAG_TYPE_JABLOTRON enum
- t55xx.h: T5577_JABLOTRON_CONFIG (DIPHASE modulation, RF/64)
- lf_tag_em.c: load callback, factory-default data, save callback
Python CLI (software/script/):
- lf jablotron read - scan a real tag
- lf jablotron write --id - clone onto T55xx
- lf jablotron econfig -s N --id - set emulator ID on a slot
- hw slot list shows Jablotron ID and decimal card number
Python test (software/script/tests/test_jablotron_modulator.py):
Pure-Python round-trip validator that reimplements the modulator and
diphase decoder, expands PWM entries to an edge stream, and confirms
the decoded data matches the input. Regression guard for both the
firmware's double-frame encoding and the single-frame variant.
Notable PWM design choices:
- Constant-level diphase encoding uses the same PAC pattern:
CC=0 for LOW, CC=counter_top+1 for HIGH. counter_top=31 gives
exactly 32 carrier cycles per half-bit at NRF_PWM_CLK_125kHz.
- The 64-bit frame is encoded twice in the 256-entry PWM buffer with
the internal level variable persisting between the two passes.
This is required for clean PWM looping: a single 64-bit diphase
frame with an odd number of zero bits ends at a level opposite the
starting level, leaving no transition at the loop boundary where
the reader expects one. Encoding twice guarantees a continuous
diphase stream regardless of the data's zero-count parity.
Reference: Proxmark3 cmdlfjablotron.c
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace Python 3.10+ type hint syntax (`int | None`) with `Union[int, None]`.
- Add explicit `byteorder='big'` argument to all `int.from_bytes()` calls.
* Implement MF1_ENC_NESTED_ACQUIRE in firmware
* Implement MF1_ENC_NESTED_ACQUIRE in software + fix code formatter
* Remove xz and pthreads from sources, use CMake FetchContent
* Update changelog
* lzma.h
* Update CMakeLists.txt
* Update CMakeLists.txt
* Probably fix workflow taking wrong commit for building
* Fix CMake building tools into bin/Debug on Windows
* Added cmd for fetching all slots nicks (without 16 commands)
* Fix type and use temp directory instead cwd (https://github.com/RfidResearchGroup/ChameleonUltra/pull/261)
* Fix endian for mfu_read_emu_counter_data and mfu_write_emu_counter_data
* Fix --key interpreted as list
* hardnested test fixed, increased timeout on mf1_hard_nested_acquire to fix cmd exec timeout on clone
* hardnested recovery(cli command not yet ready), based in noproto/HardnestedRecovery
* removed compiled binary
* Hardnested cli ready
* removed some unnecesary files
* removed unnecesary cached files
* cmake now builds hardnested too
* removed license.md
* added liblzma source(should fix checks not passing)
* i missed a line
* trimmed xz sources
* cmake now links local liblzma.a
* third try(warning solved)
* cmake now builds and links correcctly liblzma.a
* xz-5.8.1 vfolder renamed to xz
* fixed paths
* runner test
* removed wrong placed check
* disable landlock under windows
* missing files
* missing files
* windows strtok fix
* corrected lzma path under windows
* fix
* set release config for liblzma
* corrected path
* trailing_zeros
* msclock
* msclock integer issue
* msclock missing header
* fallback if not using msvc
* deleted include by accident
* revert clock change
* change custom target for custom command
* windows fmemopen implementation
* wrong path
* wrong name
* use fmemopen only when not using msvc
* use fmemopen.h when building on windows, non msvc
* re-add static link
* wrong filename
* pthread handling for mingw(proxspace)
* cleanup