mirror of
https://github.com/D4C1-Labs/Flipper-ARF.git
synced 2026-03-30 13:15:38 +00:00
Compare commits
9 Commits
dev-1c9d1f
...
dev-0aef01
| Author | SHA1 | Date | |
|---|---|---|---|
|
0aef017c15 | ||
|
|
cea3bc3b6a | ||
|
|
f3d08573a1 | ||
|
|
9e52a6eb6b | ||
|
|
faf669b457 | ||
|
|
e445b28d73 | ||
|
|
19e2eaa554 | ||
|
|
2571ad7f22 | ||
|
|
22a0870559 |
@@ -49,7 +49,7 @@ This project may incorporate, adapt, or build upon **other open-source projects*
|
||||
| PSA (Peugeot/Citroën/DS) | PSA GROUP | 433 MHz | AM/FM | Yes | Yes | Yes |
|
||||
| Ford | Ford V0 | 315/433 MHz | AM | Yes | Yes | Yes |
|
||||
| Fiat | Fiat SpA | 433 MHz | AM | Yes | Yes | Yes |
|
||||
| Fiat | Fiat Marelli | 433 MHz | AM | No | Yes | No |
|
||||
| Fiat | Fiat Marelli/Delphi | 433 MHz | AM | No | Yes | No |
|
||||
| Subaru | Subaru | 433 MHz | AM | Yes | Yes | No |
|
||||
| Mazda | Siemens (5WK49365D) | 315/433 MHz | FM | Yes | Yes | Yes |
|
||||
| Kia/Hyundai | Kia V0 | 433 MHz | FM | Yes | Yes | Yes |
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 6.6 KiB After Width: | Height: | Size: 1.0 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 6.6 KiB After Width: | Height: | Size: 1.0 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 6.3 KiB After Width: | Height: | Size: 1.2 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 511 B After Width: | Height: | Size: 1.4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 518 B After Width: | Height: | Size: 968 B |
Binary file not shown.
|
Before Width: | Height: | Size: 483 B After Width: | Height: | Size: 1.2 KiB |
@@ -1,252 +0,0 @@
|
||||
#include "aes_common.h"
|
||||
|
||||
static const uint8_t aes_sbox[256] = {
|
||||
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab,
|
||||
0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4,
|
||||
0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71,
|
||||
0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
|
||||
0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6,
|
||||
0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb,
|
||||
0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45,
|
||||
0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
|
||||
0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44,
|
||||
0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a,
|
||||
0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49,
|
||||
0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
|
||||
0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25,
|
||||
0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e,
|
||||
0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1,
|
||||
0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
|
||||
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb,
|
||||
0x16};
|
||||
|
||||
static const uint8_t aes_sbox_inv[256] = {
|
||||
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7,
|
||||
0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde,
|
||||
0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42,
|
||||
0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
|
||||
0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c,
|
||||
0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15,
|
||||
0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7,
|
||||
0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
|
||||
0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc,
|
||||
0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad,
|
||||
0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d,
|
||||
0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
|
||||
0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, 0x1f, 0xdd, 0xa8,
|
||||
0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51,
|
||||
0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0,
|
||||
0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
|
||||
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c,
|
||||
0x7d};
|
||||
|
||||
static const uint8_t aes_rcon[10] = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36};
|
||||
|
||||
static uint8_t gf_mul2(uint8_t x) {
|
||||
return ((x >> 7) * 0x1b) ^ (x << 1);
|
||||
}
|
||||
|
||||
static void aes_subbytes(uint8_t* state) {
|
||||
for(uint8_t row = 0; row < 4; row++) {
|
||||
for(uint8_t col = 0; col < 4; col++) {
|
||||
state[row + col * 4] = aes_sbox[state[row + col * 4]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_subbytes_inv(uint8_t* state) {
|
||||
for(uint8_t row = 0; row < 4; row++) {
|
||||
for(uint8_t col = 0; col < 4; col++) {
|
||||
state[row + col * 4] = aes_sbox_inv[state[row + col * 4]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_shiftrows(uint8_t* state) {
|
||||
uint8_t temp;
|
||||
|
||||
temp = state[1];
|
||||
state[1] = state[5];
|
||||
state[5] = state[9];
|
||||
state[9] = state[13];
|
||||
state[13] = temp;
|
||||
|
||||
temp = state[2];
|
||||
state[2] = state[10];
|
||||
state[10] = temp;
|
||||
temp = state[6];
|
||||
state[6] = state[14];
|
||||
state[14] = temp;
|
||||
|
||||
temp = state[15];
|
||||
state[15] = state[11];
|
||||
state[11] = state[7];
|
||||
state[7] = state[3];
|
||||
state[3] = temp;
|
||||
}
|
||||
|
||||
static void aes_shiftrows_inv(uint8_t* state) {
|
||||
uint8_t temp;
|
||||
|
||||
temp = state[13];
|
||||
state[13] = state[9];
|
||||
state[9] = state[5];
|
||||
state[5] = state[1];
|
||||
state[1] = temp;
|
||||
|
||||
temp = state[2];
|
||||
state[2] = state[10];
|
||||
state[10] = temp;
|
||||
temp = state[6];
|
||||
state[6] = state[14];
|
||||
state[14] = temp;
|
||||
|
||||
temp = state[3];
|
||||
state[3] = state[7];
|
||||
state[7] = state[11];
|
||||
state[11] = state[15];
|
||||
state[15] = temp;
|
||||
}
|
||||
|
||||
static void aes_mixcolumns(uint8_t* state) {
|
||||
uint8_t a, b, c, d;
|
||||
for(uint8_t i = 0; i < 4; i++) {
|
||||
a = state[i * 4];
|
||||
b = state[i * 4 + 1];
|
||||
c = state[i * 4 + 2];
|
||||
d = state[i * 4 + 3];
|
||||
|
||||
uint8_t a2 = gf_mul2(a);
|
||||
uint8_t b2 = gf_mul2(b);
|
||||
uint8_t c2 = gf_mul2(c);
|
||||
uint8_t d2 = gf_mul2(d);
|
||||
|
||||
state[i * 4] = a2 ^ b2 ^ b ^ c ^ d;
|
||||
state[i * 4 + 1] = a ^ b2 ^ c2 ^ c ^ d;
|
||||
state[i * 4 + 2] = a ^ b ^ c2 ^ d2 ^ d;
|
||||
state[i * 4 + 3] = a2 ^ a ^ b ^ c ^ d2;
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_mixcolumns_inv(uint8_t* state) {
|
||||
uint8_t a, b, c, d;
|
||||
for(uint8_t i = 0; i < 4; i++) {
|
||||
a = state[i * 4];
|
||||
b = state[i * 4 + 1];
|
||||
c = state[i * 4 + 2];
|
||||
d = state[i * 4 + 3];
|
||||
|
||||
uint8_t a2 = gf_mul2(a);
|
||||
uint8_t a4 = gf_mul2(a2);
|
||||
uint8_t a8 = gf_mul2(a4);
|
||||
uint8_t b2 = gf_mul2(b);
|
||||
uint8_t b4 = gf_mul2(b2);
|
||||
uint8_t b8 = gf_mul2(b4);
|
||||
uint8_t c2 = gf_mul2(c);
|
||||
uint8_t c4 = gf_mul2(c2);
|
||||
uint8_t c8 = gf_mul2(c4);
|
||||
uint8_t d2 = gf_mul2(d);
|
||||
uint8_t d4 = gf_mul2(d2);
|
||||
uint8_t d8 = gf_mul2(d4);
|
||||
|
||||
state[i * 4] = (a8 ^ a4 ^ a2) ^ (b8 ^ b2 ^ b) ^ (c8 ^ c4 ^ c) ^ (d8 ^ d);
|
||||
state[i * 4 + 1] = (a8 ^ a) ^ (b8 ^ b4 ^ b2) ^ (c8 ^ c2 ^ c) ^ (d8 ^ d4 ^ d);
|
||||
state[i * 4 + 2] = (a8 ^ a4 ^ a) ^ (b8 ^ b) ^ (c8 ^ c4 ^ c2) ^ (d8 ^ d2 ^ d);
|
||||
state[i * 4 + 3] = (a8 ^ a2 ^ a) ^ (b8 ^ b4 ^ b) ^ (c8 ^ c) ^ (d8 ^ d4 ^ d2);
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_addroundkey(uint8_t* state, const uint8_t* round_key) {
|
||||
for(uint8_t col = 0; col < 4; col++) {
|
||||
state[col * 4] ^= round_key[col * 4];
|
||||
state[col * 4 + 1] ^= round_key[col * 4 + 1];
|
||||
state[col * 4 + 2] ^= round_key[col * 4 + 2];
|
||||
state[col * 4 + 3] ^= round_key[col * 4 + 3];
|
||||
}
|
||||
}
|
||||
|
||||
void aes_key_expansion(const uint8_t* key, uint8_t* round_keys) {
|
||||
for(uint8_t i = 0; i < 16; i++) {
|
||||
round_keys[i] = key[i];
|
||||
}
|
||||
|
||||
for(uint8_t i = 4; i < 44; i++) {
|
||||
uint8_t prev_word_idx = (i - 1) * 4;
|
||||
uint8_t b0 = round_keys[prev_word_idx];
|
||||
uint8_t b1 = round_keys[prev_word_idx + 1];
|
||||
uint8_t b2 = round_keys[prev_word_idx + 2];
|
||||
uint8_t b3 = round_keys[prev_word_idx + 3];
|
||||
|
||||
if((i % 4) == 0) {
|
||||
uint8_t new_b0 = aes_sbox[b1] ^ aes_rcon[(i / 4) - 1];
|
||||
uint8_t new_b1 = aes_sbox[b2];
|
||||
uint8_t new_b2 = aes_sbox[b3];
|
||||
uint8_t new_b3 = aes_sbox[b0];
|
||||
b0 = new_b0;
|
||||
b1 = new_b1;
|
||||
b2 = new_b2;
|
||||
b3 = new_b3;
|
||||
}
|
||||
|
||||
uint8_t back_word_idx = (i - 4) * 4;
|
||||
b0 ^= round_keys[back_word_idx];
|
||||
b1 ^= round_keys[back_word_idx + 1];
|
||||
b2 ^= round_keys[back_word_idx + 2];
|
||||
b3 ^= round_keys[back_word_idx + 3];
|
||||
|
||||
uint8_t curr_word_idx = i * 4;
|
||||
round_keys[curr_word_idx] = b0;
|
||||
round_keys[curr_word_idx + 1] = b1;
|
||||
round_keys[curr_word_idx + 2] = b2;
|
||||
round_keys[curr_word_idx + 3] = b3;
|
||||
}
|
||||
}
|
||||
|
||||
void aes128_encrypt(const uint8_t* expanded_key, uint8_t* data) {
|
||||
uint8_t state[16];
|
||||
memcpy(state, data, 16);
|
||||
|
||||
aes_addroundkey(state, &expanded_key[0]);
|
||||
|
||||
for(uint8_t round = 1; round < 10; round++) {
|
||||
aes_subbytes(state);
|
||||
aes_shiftrows(state);
|
||||
aes_mixcolumns(state);
|
||||
aes_addroundkey(state, &expanded_key[round * 16]);
|
||||
}
|
||||
|
||||
aes_subbytes(state);
|
||||
aes_shiftrows(state);
|
||||
aes_addroundkey(state, &expanded_key[160]);
|
||||
|
||||
memcpy(data, state, 16);
|
||||
}
|
||||
|
||||
void aes128_decrypt(const uint8_t* expanded_key, uint8_t* data) {
|
||||
uint8_t state[16];
|
||||
memcpy(state, data, 16);
|
||||
|
||||
aes_addroundkey(state, &expanded_key[160]);
|
||||
|
||||
for(uint8_t round = 9; round > 0; round--) {
|
||||
aes_shiftrows_inv(state);
|
||||
aes_subbytes_inv(state);
|
||||
aes_addroundkey(state, &expanded_key[round * 16]);
|
||||
aes_mixcolumns_inv(state);
|
||||
}
|
||||
|
||||
aes_shiftrows_inv(state);
|
||||
aes_subbytes_inv(state);
|
||||
aes_addroundkey(state, &expanded_key[0]);
|
||||
|
||||
memcpy(data, state, 16);
|
||||
}
|
||||
|
||||
void reverse_bits_in_bytes(uint8_t* data, uint8_t len) {
|
||||
for(uint8_t i = 0; i < len; i++) {
|
||||
uint8_t byte = data[i];
|
||||
uint8_t step1 = ((byte & 0x55) << 1) | ((byte >> 1) & 0x55);
|
||||
uint8_t step2 = ((step1 & 0x33) << 2) | ((step1 >> 2) & 0x33);
|
||||
data[i] = ((step2 & 0x0F) << 4) | (step2 >> 4);
|
||||
}
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
#include "base.h"
|
||||
|
||||
#include <furi.h>
|
||||
|
||||
void reverse_bits_in_bytes(uint8_t* data, uint8_t len);
|
||||
void aes128_decrypt(const uint8_t* expanded_key, uint8_t* data);
|
||||
void aes128_encrypt(const uint8_t* expanded_key, uint8_t* data);
|
||||
void aes_key_expansion(const uint8_t* key, uint8_t* round_keys);
|
||||
@@ -7,7 +7,7 @@
|
||||
#include "core/log.h"
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include "aes_common.h"
|
||||
#include <furi_hal_crypto.h>
|
||||
|
||||
#include "../blocks/custom_btn_i.h"
|
||||
|
||||
@@ -152,6 +152,15 @@ static void get_subghz_protocol_beninca_arc_aes_key(SubGhzKeystore* keystore, ui
|
||||
}
|
||||
}
|
||||
|
||||
static void reverse_bits_in_bytes(uint8_t* data, uint8_t len) {
|
||||
for(uint8_t i = 0; i < len; i++) {
|
||||
uint8_t byte = data[i];
|
||||
uint8_t step1 = ((byte & 0x55) << 1) | ((byte >> 1) & 0x55);
|
||||
uint8_t step2 = ((step1 & 0x33) << 2) | ((step1 >> 2) & 0x33);
|
||||
data[i] = ((step2 & 0x0F) << 4) | (step2 >> 4);
|
||||
}
|
||||
}
|
||||
|
||||
static uint64_t
|
||||
subghz_protocol_beninca_arc_decrypt(SubGhzBlockGeneric* generic, SubGhzKeystore* keystore) {
|
||||
// Beninca ARC Decoder
|
||||
@@ -170,10 +179,9 @@ static uint64_t
|
||||
uint8_t aes_key[16];
|
||||
get_subghz_protocol_beninca_arc_aes_key(keystore, aes_key);
|
||||
|
||||
uint8_t expanded_key[176];
|
||||
aes_key_expansion(aes_key, expanded_key);
|
||||
|
||||
aes128_decrypt(expanded_key, encrypted_data);
|
||||
uint8_t decrypted[16];
|
||||
furi_hal_crypto_aes128_ecb_decrypt(aes_key, encrypted_data, decrypted);
|
||||
memcpy(encrypted_data, decrypted, 16);
|
||||
|
||||
// Serial number of remote
|
||||
generic->serial = ((uint32_t)encrypted_data[0] << 24) | ((uint32_t)encrypted_data[1] << 16) |
|
||||
@@ -235,10 +243,9 @@ static void subghz_protocol_beninca_arc_encrypt(
|
||||
uint8_t aes_key[16];
|
||||
get_subghz_protocol_beninca_arc_aes_key(keystore, aes_key);
|
||||
|
||||
uint8_t expanded_key[176];
|
||||
aes_key_expansion(aes_key, expanded_key);
|
||||
|
||||
aes128_encrypt(expanded_key, plaintext);
|
||||
uint8_t encrypted[16];
|
||||
furi_hal_crypto_aes128_ecb_encrypt(aes_key, plaintext, encrypted);
|
||||
memcpy(plaintext, encrypted, 16);
|
||||
|
||||
reverse_bits_in_bytes(plaintext, 16);
|
||||
|
||||
|
||||
@@ -1,30 +1,45 @@
|
||||
#include "fiat_marelli.h"
|
||||
#include <inttypes.h>
|
||||
|
||||
#include "../blocks/const.h"
|
||||
#include "../blocks/decoder.h"
|
||||
#include "../blocks/encoder.h"
|
||||
#include "../blocks/generic.h"
|
||||
#include "../blocks/math.h"
|
||||
#include "../blocks/custom_btn_i.h"
|
||||
#include <lib/toolbox/manchester_decoder.h>
|
||||
#include <lib/toolbox/manchester_encoder.h>
|
||||
#include <furi_hal_subghz.h>
|
||||
|
||||
#define TAG "FiatMarelli"
|
||||
|
||||
// Suspected Magneti Marelli BSI keyfob protocol
|
||||
// Found on: Fiat Panda (and possibly other Fiat/Lancia/Alfa ~2003-2012)
|
||||
// Magneti Marelli BSI keyfob protocol (PCF7946)
|
||||
// Found on: Fiat Panda, Grande Punto (and possibly other Fiat/Lancia/Alfa ~2003-2012)
|
||||
//
|
||||
// RF: 433.92 MHz, Manchester encoding
|
||||
// te_short ~260us, te_long ~520us
|
||||
// Preamble: ~191 short-short pairs (alternating 260us HIGH/LOW)
|
||||
// Gap: ~3126us LOW
|
||||
// Sync: ~2065us HIGH
|
||||
// Data: 88 Manchester bits (often decoded as 104 with 16-bit 0xFFFF preamble residue)
|
||||
// Retransmissions: 7-10 per press
|
||||
// Two timing variants with identical frame structure:
|
||||
// Type A (e.g. Panda): te_short ~260us, te_long ~520us
|
||||
// Type B (e.g. Grande Punto): te_short ~100us, te_long ~200us
|
||||
// TE is auto-detected from preamble pulse averaging.
|
||||
//
|
||||
// Frame layout (after stripping 16-bit 0xFFFF preamble):
|
||||
// Bytes 0-3: Fixed ID / Serial (32 bits)
|
||||
// Byte 4: Button (upper nibble) | Type (lower nibble)
|
||||
// Buttons: 0x7=Lock, 0xB=Unlock, 0xD=Trunk
|
||||
// Bytes 5-10: Rolling/encrypted code (48 bits)
|
||||
#define FIAT_MARELLI_PREAMBLE_MIN 200 // Min preamble pulses (100 pairs)
|
||||
#define FIAT_MARELLI_GAP_MIN 2500 // Gap detection threshold (us)
|
||||
#define FIAT_MARELLI_SYNC_MIN 1500 // Sync pulse minimum (us)
|
||||
#define FIAT_MARELLI_SYNC_MAX 2600 // Sync pulse maximum (us)
|
||||
#define FIAT_MARELLI_MAX_DATA_BITS 104 // Max data bits to collect (13 bytes)
|
||||
// Frame layout (103-104 bits = 13 bytes):
|
||||
// Bytes 0-1: 0xFFFF/0xFFFC preamble residue
|
||||
// Bytes 2-5: Serial (32 bits)
|
||||
// Byte 6: [Button:4 | Epoch:4]
|
||||
// Byte 7: [Counter:5 | Scramble:2 | Fixed:1]
|
||||
// Bytes 8-12: Encrypted payload (40 bits)
|
||||
|
||||
#define FIAT_MARELLI_PREAMBLE_PULSE_MIN 50
|
||||
#define FIAT_MARELLI_PREAMBLE_PULSE_MAX 350
|
||||
#define FIAT_MARELLI_PREAMBLE_MIN 80
|
||||
#define FIAT_MARELLI_MAX_DATA_BITS 104
|
||||
#define FIAT_MARELLI_MIN_DATA_BITS 80
|
||||
#define FIAT_MARELLI_GAP_TE_MULT 4
|
||||
#define FIAT_MARELLI_SYNC_TE_MIN_MULT 4
|
||||
#define FIAT_MARELLI_SYNC_TE_MAX_MULT 12
|
||||
#define FIAT_MARELLI_RETX_GAP_MIN 5000
|
||||
#define FIAT_MARELLI_RETX_SYNC_MIN 400
|
||||
#define FIAT_MARELLI_RETX_SYNC_MAX 2800
|
||||
#define FIAT_MARELLI_TE_TYPE_AB_BOUNDARY 180
|
||||
|
||||
static const SubGhzBlockConst subghz_protocol_fiat_marelli_const = {
|
||||
.te_short = 260,
|
||||
@@ -40,16 +55,23 @@ struct SubGhzProtocolDecoderFiatMarelli {
|
||||
ManchesterState manchester_state;
|
||||
uint8_t decoder_state;
|
||||
uint16_t preamble_count;
|
||||
uint8_t raw_data[13]; // Up to 104 bits (13 bytes)
|
||||
uint8_t raw_data[13];
|
||||
uint8_t bit_count;
|
||||
uint32_t extra_data; // Bits beyond first 64, right-aligned
|
||||
uint32_t extra_data;
|
||||
uint32_t te_last;
|
||||
uint32_t te_sum;
|
||||
uint16_t te_count;
|
||||
uint32_t te_detected;
|
||||
};
|
||||
|
||||
struct SubGhzProtocolEncoderFiatMarelli {
|
||||
SubGhzProtocolEncoderBase base;
|
||||
SubGhzProtocolBlockEncoder encoder;
|
||||
SubGhzBlockGeneric generic;
|
||||
uint8_t raw_data[13];
|
||||
uint32_t extra_data;
|
||||
uint8_t bit_count;
|
||||
uint32_t te_detected;
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
@@ -57,12 +79,9 @@ typedef enum {
|
||||
FiatMarelliDecoderStepPreamble = 1,
|
||||
FiatMarelliDecoderStepSync = 2,
|
||||
FiatMarelliDecoderStepData = 3,
|
||||
FiatMarelliDecoderStepRetxSync = 4,
|
||||
} FiatMarelliDecoderStep;
|
||||
|
||||
// ============================================================================
|
||||
// PROTOCOL INTERFACE DEFINITIONS
|
||||
// ============================================================================
|
||||
|
||||
const SubGhzProtocolDecoder subghz_protocol_fiat_marelli_decoder = {
|
||||
.alloc = subghz_protocol_decoder_fiat_marelli_alloc,
|
||||
.free = subghz_protocol_decoder_fiat_marelli_free,
|
||||
@@ -86,21 +105,29 @@ const SubGhzProtocol subghz_protocol_fiat_marelli = {
|
||||
.name = FIAT_MARELLI_PROTOCOL_NAME,
|
||||
.type = SubGhzProtocolTypeDynamic,
|
||||
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_FM | SubGhzProtocolFlag_Decodable |
|
||||
SubGhzProtocolFlag_Load | SubGhzProtocolFlag_Save,
|
||||
SubGhzProtocolFlag_Load | SubGhzProtocolFlag_Save | SubGhzProtocolFlag_Send,
|
||||
.decoder = &subghz_protocol_fiat_marelli_decoder,
|
||||
.encoder = &subghz_protocol_fiat_marelli_encoder,
|
||||
};
|
||||
|
||||
// ============================================================================
|
||||
// ENCODER STUBS (decode-only protocol)
|
||||
// Encoder
|
||||
// ============================================================================
|
||||
|
||||
#define FIAT_MARELLI_ENCODER_UPLOAD_MAX 1500
|
||||
#define FIAT_MARELLI_ENCODER_REPEAT 3
|
||||
#define FIAT_MARELLI_PREAMBLE_PAIRS 100
|
||||
|
||||
void* subghz_protocol_encoder_fiat_marelli_alloc(SubGhzEnvironment* environment) {
|
||||
UNUSED(environment);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = calloc(1, sizeof(SubGhzProtocolEncoderFiatMarelli));
|
||||
furi_check(instance);
|
||||
instance->base.protocol = &subghz_protocol_fiat_marelli;
|
||||
instance->generic.protocol_name = instance->base.protocol->name;
|
||||
instance->encoder.repeat = FIAT_MARELLI_ENCODER_REPEAT;
|
||||
instance->encoder.size_upload = FIAT_MARELLI_ENCODER_UPLOAD_MAX;
|
||||
instance->encoder.upload = malloc(FIAT_MARELLI_ENCODER_UPLOAD_MAX * sizeof(LevelDuration));
|
||||
furi_check(instance->encoder.upload);
|
||||
instance->encoder.is_running = false;
|
||||
return instance;
|
||||
}
|
||||
@@ -108,42 +135,95 @@ void* subghz_protocol_encoder_fiat_marelli_alloc(SubGhzEnvironment* environment)
|
||||
void subghz_protocol_encoder_fiat_marelli_free(void* context) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = context;
|
||||
free(instance->encoder.upload);
|
||||
free(instance);
|
||||
}
|
||||
|
||||
SubGhzProtocolStatus
|
||||
subghz_protocol_encoder_fiat_marelli_deserialize(void* context, FlipperFormat* flipper_format) {
|
||||
UNUSED(context);
|
||||
UNUSED(flipper_format);
|
||||
return SubGhzProtocolStatusError;
|
||||
// Manchester encoding from decoder FSM:
|
||||
// From Mid1: bit 1 = LOW_TE + HIGH_TE, bit 0 = LOW_2TE
|
||||
// From Mid0: bit 0 = HIGH_TE + LOW_TE, bit 1 = HIGH_2TE
|
||||
static bool fiat_marelli_encoder_get_upload(SubGhzProtocolEncoderFiatMarelli* instance) {
|
||||
uint32_t te = instance->te_detected;
|
||||
if(te == 0) te = subghz_protocol_fiat_marelli_const.te_short;
|
||||
|
||||
uint32_t te_short = te;
|
||||
uint32_t te_long = te * 2;
|
||||
uint32_t gap_duration = te * 12;
|
||||
uint32_t sync_duration = te * 8;
|
||||
|
||||
size_t index = 0;
|
||||
size_t max_upload = FIAT_MARELLI_ENCODER_UPLOAD_MAX;
|
||||
uint8_t data_bits = instance->bit_count;
|
||||
if(data_bits == 0) data_bits = instance->generic.data_count_bit;
|
||||
if(data_bits < FIAT_MARELLI_MIN_DATA_BITS || data_bits > FIAT_MARELLI_MAX_DATA_BITS) {
|
||||
return false;
|
||||
}
|
||||
|
||||
for(uint8_t i = 0; i < FIAT_MARELLI_PREAMBLE_PAIRS && (index + 1) < max_upload; i++) {
|
||||
instance->encoder.upload[index++] = level_duration_make(true, te_short);
|
||||
if(i < FIAT_MARELLI_PREAMBLE_PAIRS - 1) {
|
||||
instance->encoder.upload[index++] = level_duration_make(false, te_short);
|
||||
}
|
||||
}
|
||||
|
||||
if(index < max_upload) {
|
||||
instance->encoder.upload[index++] = level_duration_make(false, te_short + gap_duration);
|
||||
}
|
||||
|
||||
if(index < max_upload) {
|
||||
instance->encoder.upload[index++] = level_duration_make(true, sync_duration);
|
||||
}
|
||||
|
||||
bool in_mid1 = true;
|
||||
|
||||
for(uint8_t bit_i = 0; bit_i < data_bits && (index + 1) < max_upload; bit_i++) {
|
||||
uint8_t byte_idx = bit_i / 8;
|
||||
uint8_t bit_pos = 7 - (bit_i % 8);
|
||||
bool data_bit = (instance->raw_data[byte_idx] >> bit_pos) & 1;
|
||||
|
||||
if(in_mid1) {
|
||||
if(data_bit) {
|
||||
instance->encoder.upload[index++] = level_duration_make(false, te_short);
|
||||
instance->encoder.upload[index++] = level_duration_make(true, te_short);
|
||||
} else {
|
||||
instance->encoder.upload[index++] = level_duration_make(false, te_long);
|
||||
in_mid1 = false;
|
||||
}
|
||||
} else {
|
||||
if(data_bit) {
|
||||
instance->encoder.upload[index++] = level_duration_make(true, te_long);
|
||||
in_mid1 = true;
|
||||
} else {
|
||||
instance->encoder.upload[index++] = level_duration_make(true, te_short);
|
||||
instance->encoder.upload[index++] = level_duration_make(false, te_short);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(in_mid1) {
|
||||
if(index < max_upload) {
|
||||
instance->encoder.upload[index++] =
|
||||
level_duration_make(false, te_short + gap_duration * 3);
|
||||
}
|
||||
} else {
|
||||
if(index > 0) {
|
||||
instance->encoder.upload[index - 1] =
|
||||
level_duration_make(false, te_short + gap_duration * 3);
|
||||
}
|
||||
}
|
||||
|
||||
instance->encoder.size_upload = index;
|
||||
return index > 0;
|
||||
}
|
||||
|
||||
void subghz_protocol_encoder_fiat_marelli_stop(void* context) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = context;
|
||||
instance->encoder.is_running = false;
|
||||
}
|
||||
|
||||
LevelDuration subghz_protocol_encoder_fiat_marelli_yield(void* context) {
|
||||
UNUSED(context);
|
||||
return level_duration_reset();
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
// DECODER IMPLEMENTATION
|
||||
// ============================================================================
|
||||
|
||||
// Helper: rebuild raw_data[] from generic.data + extra_data
|
||||
static void fiat_marelli_rebuild_raw_data(SubGhzProtocolDecoderFiatMarelli* instance) {
|
||||
static void fiat_marelli_encoder_rebuild_raw_data(SubGhzProtocolEncoderFiatMarelli* instance) {
|
||||
memset(instance->raw_data, 0, sizeof(instance->raw_data));
|
||||
|
||||
// First 64 bits from generic.data
|
||||
uint64_t key = instance->generic.data;
|
||||
for(int i = 0; i < 8; i++) {
|
||||
instance->raw_data[i] = (uint8_t)(key >> (56 - i * 8));
|
||||
}
|
||||
|
||||
// Remaining bits from extra_data (right-aligned)
|
||||
uint8_t extra_bits =
|
||||
instance->generic.data_count_bit > 64 ? (instance->generic.data_count_bit - 64) : 0;
|
||||
for(uint8_t i = 0; i < extra_bits && i < 32; i++) {
|
||||
@@ -157,6 +237,117 @@ static void fiat_marelli_rebuild_raw_data(SubGhzProtocolDecoderFiatMarelli* inst
|
||||
instance->bit_count = instance->generic.data_count_bit;
|
||||
}
|
||||
|
||||
SubGhzProtocolStatus
|
||||
subghz_protocol_encoder_fiat_marelli_deserialize(void* context, FlipperFormat* flipper_format) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = context;
|
||||
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
|
||||
|
||||
do {
|
||||
ret = subghz_block_generic_deserialize(&instance->generic, flipper_format);
|
||||
if(ret != SubGhzProtocolStatusOk) break;
|
||||
|
||||
uint32_t extra = 0;
|
||||
if(flipper_format_read_uint32(flipper_format, "Extra", &extra, 1)) {
|
||||
instance->extra_data = extra;
|
||||
}
|
||||
|
||||
uint32_t te = 0;
|
||||
if(flipper_format_read_uint32(flipper_format, "TE", &te, 1)) {
|
||||
instance->te_detected = te;
|
||||
}
|
||||
|
||||
fiat_marelli_encoder_rebuild_raw_data(instance);
|
||||
|
||||
if(!fiat_marelli_encoder_get_upload(instance)) {
|
||||
ret = SubGhzProtocolStatusErrorEncoderGetUpload;
|
||||
break;
|
||||
}
|
||||
|
||||
instance->encoder.repeat = FIAT_MARELLI_ENCODER_REPEAT;
|
||||
instance->encoder.front = 0;
|
||||
instance->encoder.is_running = true;
|
||||
|
||||
} while(false);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void subghz_protocol_encoder_fiat_marelli_stop(void* context) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = context;
|
||||
instance->encoder.is_running = false;
|
||||
}
|
||||
|
||||
LevelDuration subghz_protocol_encoder_fiat_marelli_yield(void* context) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolEncoderFiatMarelli* instance = context;
|
||||
|
||||
if(instance->encoder.repeat == 0 || !instance->encoder.is_running) {
|
||||
instance->encoder.is_running = false;
|
||||
return level_duration_reset();
|
||||
}
|
||||
|
||||
LevelDuration ret = instance->encoder.upload[instance->encoder.front];
|
||||
|
||||
if(++instance->encoder.front == instance->encoder.size_upload) {
|
||||
if(!subghz_block_generic_global.endless_tx) {
|
||||
instance->encoder.repeat--;
|
||||
}
|
||||
instance->encoder.front = 0;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
// Decoder
|
||||
// ============================================================================
|
||||
|
||||
static void fiat_marelli_rebuild_raw_data(SubGhzProtocolDecoderFiatMarelli* instance) {
|
||||
memset(instance->raw_data, 0, sizeof(instance->raw_data));
|
||||
|
||||
uint64_t key = instance->generic.data;
|
||||
for(int i = 0; i < 8; i++) {
|
||||
instance->raw_data[i] = (uint8_t)(key >> (56 - i * 8));
|
||||
}
|
||||
|
||||
uint8_t extra_bits =
|
||||
instance->generic.data_count_bit > 64 ? (instance->generic.data_count_bit - 64) : 0;
|
||||
for(uint8_t i = 0; i < extra_bits && i < 32; i++) {
|
||||
uint8_t byte_idx = 8 + (i / 8);
|
||||
uint8_t bit_pos = 7 - (i % 8);
|
||||
if(instance->extra_data & (1UL << (extra_bits - 1 - i))) {
|
||||
instance->raw_data[byte_idx] |= (1 << bit_pos);
|
||||
}
|
||||
}
|
||||
|
||||
instance->bit_count = instance->generic.data_count_bit;
|
||||
|
||||
if(instance->bit_count >= 56) {
|
||||
instance->generic.serial =
|
||||
((uint32_t)instance->raw_data[2] << 24) |
|
||||
((uint32_t)instance->raw_data[3] << 16) |
|
||||
((uint32_t)instance->raw_data[4] << 8) |
|
||||
((uint32_t)instance->raw_data[5]);
|
||||
instance->generic.btn = (instance->raw_data[6] >> 4) & 0xF;
|
||||
instance->generic.cnt = (instance->raw_data[7] >> 3) & 0x1F;
|
||||
}
|
||||
}
|
||||
|
||||
static void fiat_marelli_prepare_data(SubGhzProtocolDecoderFiatMarelli* instance) {
|
||||
instance->bit_count = 0;
|
||||
instance->extra_data = 0;
|
||||
instance->generic.data = 0;
|
||||
memset(instance->raw_data, 0, sizeof(instance->raw_data));
|
||||
manchester_advance(
|
||||
instance->manchester_state,
|
||||
ManchesterEventReset,
|
||||
&instance->manchester_state,
|
||||
NULL);
|
||||
instance->decoder_state = FiatMarelliDecoderStepData;
|
||||
}
|
||||
|
||||
void* subghz_protocol_decoder_fiat_marelli_alloc(SubGhzEnvironment* environment) {
|
||||
UNUSED(environment);
|
||||
SubGhzProtocolDecoderFiatMarelli* instance =
|
||||
@@ -181,6 +372,9 @@ void subghz_protocol_decoder_fiat_marelli_reset(void* context) {
|
||||
instance->bit_count = 0;
|
||||
instance->extra_data = 0;
|
||||
instance->te_last = 0;
|
||||
instance->te_sum = 0;
|
||||
instance->te_count = 0;
|
||||
instance->te_detected = 0;
|
||||
instance->generic.data = 0;
|
||||
memset(instance->raw_data, 0, sizeof(instance->raw_data));
|
||||
instance->manchester_state = ManchesterStateMid1;
|
||||
@@ -189,35 +383,51 @@ void subghz_protocol_decoder_fiat_marelli_reset(void* context) {
|
||||
void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32_t duration) {
|
||||
furi_check(context);
|
||||
SubGhzProtocolDecoderFiatMarelli* instance = context;
|
||||
uint32_t te_short = (uint32_t)subghz_protocol_fiat_marelli_const.te_short;
|
||||
uint32_t te_long = (uint32_t)subghz_protocol_fiat_marelli_const.te_long;
|
||||
uint32_t te_delta = (uint32_t)subghz_protocol_fiat_marelli_const.te_delta;
|
||||
|
||||
uint32_t te_short = instance->te_detected ? instance->te_detected
|
||||
: (uint32_t)subghz_protocol_fiat_marelli_const.te_short;
|
||||
uint32_t te_long = te_short * 2;
|
||||
uint32_t te_delta = te_short / 2;
|
||||
if(te_delta < 30) te_delta = 30;
|
||||
uint32_t diff;
|
||||
|
||||
switch(instance->decoder_state) {
|
||||
case FiatMarelliDecoderStepReset:
|
||||
// Wait for first short HIGH pulse to start preamble
|
||||
if(!level) return;
|
||||
diff = (duration > te_short) ? (duration - te_short) : (te_short - duration);
|
||||
if(diff < te_delta) {
|
||||
instance->decoder_state = FiatMarelliDecoderStepPreamble;
|
||||
instance->preamble_count = 1;
|
||||
instance->te_last = duration;
|
||||
if(level) {
|
||||
if(duration >= FIAT_MARELLI_PREAMBLE_PULSE_MIN &&
|
||||
duration <= FIAT_MARELLI_PREAMBLE_PULSE_MAX) {
|
||||
instance->decoder_state = FiatMarelliDecoderStepPreamble;
|
||||
instance->preamble_count = 1;
|
||||
instance->te_sum = duration;
|
||||
instance->te_count = 1;
|
||||
instance->te_last = duration;
|
||||
}
|
||||
} else {
|
||||
if(duration > FIAT_MARELLI_RETX_GAP_MIN) {
|
||||
instance->decoder_state = FiatMarelliDecoderStepRetxSync;
|
||||
instance->te_last = duration;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case FiatMarelliDecoderStepPreamble:
|
||||
diff = (duration > te_short) ? (duration - te_short) : (te_short - duration);
|
||||
|
||||
if(diff < te_delta) {
|
||||
// Short pulse (HIGH or LOW) preamble continues
|
||||
if(duration >= FIAT_MARELLI_PREAMBLE_PULSE_MIN &&
|
||||
duration <= FIAT_MARELLI_PREAMBLE_PULSE_MAX) {
|
||||
instance->preamble_count++;
|
||||
instance->te_sum += duration;
|
||||
instance->te_count++;
|
||||
instance->te_last = duration;
|
||||
} else if(!level && duration > FIAT_MARELLI_GAP_MIN) {
|
||||
// Long LOW potential gap after preamble
|
||||
if(instance->preamble_count >= FIAT_MARELLI_PREAMBLE_MIN) {
|
||||
instance->decoder_state = FiatMarelliDecoderStepSync;
|
||||
instance->te_last = duration;
|
||||
} else if(!level) {
|
||||
if(instance->preamble_count >= FIAT_MARELLI_PREAMBLE_MIN && instance->te_count > 0) {
|
||||
instance->te_detected = instance->te_sum / instance->te_count;
|
||||
uint32_t gap_threshold = instance->te_detected * FIAT_MARELLI_GAP_TE_MULT;
|
||||
|
||||
if(duration > gap_threshold) {
|
||||
instance->decoder_state = FiatMarelliDecoderStepSync;
|
||||
instance->te_last = duration;
|
||||
} else {
|
||||
instance->decoder_state = FiatMarelliDecoderStepReset;
|
||||
}
|
||||
} else {
|
||||
instance->decoder_state = FiatMarelliDecoderStepReset;
|
||||
}
|
||||
@@ -226,20 +436,28 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
|
||||
}
|
||||
break;
|
||||
|
||||
case FiatMarelliDecoderStepSync:
|
||||
// Expect sync HIGH pulse ~2065us after the gap
|
||||
if(level && duration >= FIAT_MARELLI_SYNC_MIN && duration <= FIAT_MARELLI_SYNC_MAX) {
|
||||
// Sync detected prepare for Manchester data
|
||||
instance->bit_count = 0;
|
||||
instance->extra_data = 0;
|
||||
instance->generic.data = 0;
|
||||
memset(instance->raw_data, 0, sizeof(instance->raw_data));
|
||||
manchester_advance(
|
||||
instance->manchester_state,
|
||||
ManchesterEventReset,
|
||||
&instance->manchester_state,
|
||||
NULL);
|
||||
instance->decoder_state = FiatMarelliDecoderStepData;
|
||||
case FiatMarelliDecoderStepSync: {
|
||||
uint32_t sync_min = instance->te_detected * FIAT_MARELLI_SYNC_TE_MIN_MULT;
|
||||
uint32_t sync_max = instance->te_detected * FIAT_MARELLI_SYNC_TE_MAX_MULT;
|
||||
|
||||
if(level && duration >= sync_min && duration <= sync_max) {
|
||||
fiat_marelli_prepare_data(instance);
|
||||
instance->te_last = duration;
|
||||
} else {
|
||||
instance->decoder_state = FiatMarelliDecoderStepReset;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
case FiatMarelliDecoderStepRetxSync:
|
||||
if(level && duration >= FIAT_MARELLI_RETX_SYNC_MIN &&
|
||||
duration <= FIAT_MARELLI_RETX_SYNC_MAX) {
|
||||
if(!instance->te_detected) {
|
||||
instance->te_detected = duration / 8;
|
||||
if(instance->te_detected < 70) instance->te_detected = 100;
|
||||
if(instance->te_detected > 350) instance->te_detected = 260;
|
||||
}
|
||||
fiat_marelli_prepare_data(instance);
|
||||
instance->te_last = duration;
|
||||
} else {
|
||||
instance->decoder_state = FiatMarelliDecoderStepReset;
|
||||
@@ -250,7 +468,6 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
|
||||
ManchesterEvent event = ManchesterEventReset;
|
||||
bool frame_complete = false;
|
||||
|
||||
// Classify duration as short or long Manchester edge
|
||||
diff = (duration > te_short) ? (duration - te_short) : (te_short - duration);
|
||||
if(diff < te_delta) {
|
||||
event = level ? ManchesterEventShortLow : ManchesterEventShortHigh;
|
||||
@@ -291,7 +508,7 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if(instance->bit_count >= subghz_protocol_fiat_marelli_const.min_count_bit_for_found) {
|
||||
if(instance->bit_count >= FIAT_MARELLI_MIN_DATA_BITS) {
|
||||
frame_complete = true;
|
||||
} else {
|
||||
instance->decoder_state = FiatMarelliDecoderStepReset;
|
||||
@@ -301,36 +518,13 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
|
||||
if(frame_complete) {
|
||||
instance->generic.data_count_bit = instance->bit_count;
|
||||
|
||||
// Frame layout: bytes 0-1 are 0xFFFF preamble residue
|
||||
// Bytes 2-5: Fixed ID (serial)
|
||||
// Byte 6: Button (upper nibble) | subtype (lower nibble)
|
||||
// Bytes 7-12: Rolling/encrypted code (48 bits)
|
||||
instance->generic.serial =
|
||||
((uint32_t)instance->raw_data[2] << 24) |
|
||||
((uint32_t)instance->raw_data[3] << 16) |
|
||||
((uint32_t)instance->raw_data[4] << 8) |
|
||||
((uint32_t)instance->raw_data[5]);
|
||||
instance->generic.btn = (instance->raw_data[6] >> 4) & 0xF;
|
||||
instance->generic.cnt =
|
||||
((uint32_t)instance->raw_data[7] << 16) |
|
||||
((uint32_t)instance->raw_data[8] << 8) |
|
||||
((uint32_t)instance->raw_data[9]);
|
||||
|
||||
FURI_LOG_I(
|
||||
TAG,
|
||||
"Decoded %d bits: %02X %02X %02X %02X %02X %02X %02X %02X %02X %02X %02X",
|
||||
instance->bit_count,
|
||||
instance->raw_data[0],
|
||||
instance->raw_data[1],
|
||||
instance->raw_data[2],
|
||||
instance->raw_data[3],
|
||||
instance->raw_data[4],
|
||||
instance->raw_data[5],
|
||||
instance->raw_data[6],
|
||||
instance->raw_data[7],
|
||||
instance->raw_data[8],
|
||||
instance->raw_data[9],
|
||||
instance->raw_data[10]);
|
||||
instance->generic.cnt = (instance->raw_data[7] >> 3) & 0x1F;
|
||||
|
||||
if(instance->base.callback) {
|
||||
instance->base.callback(&instance->base, instance->base.context);
|
||||
@@ -342,6 +536,7 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
|
||||
instance->te_last = duration;
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -367,14 +562,15 @@ SubGhzProtocolStatus subghz_protocol_decoder_fiat_marelli_serialize(
|
||||
subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
|
||||
|
||||
if(ret == SubGhzProtocolStatusOk) {
|
||||
// Save extra data (bits 64+ right-aligned in uint32_t)
|
||||
flipper_format_write_uint32(flipper_format, "Extra", &instance->extra_data, 1);
|
||||
|
||||
// Save total bit count explicitly (generic serialize also saves it, but Extra needs context)
|
||||
uint32_t extra_bits = instance->generic.data_count_bit > 64
|
||||
? (instance->generic.data_count_bit - 64)
|
||||
: 0;
|
||||
flipper_format_write_uint32(flipper_format, "Extra_bits", &extra_bits, 1);
|
||||
|
||||
uint32_t te = instance->te_detected;
|
||||
flipper_format_write_uint32(flipper_format, "TE", &te, 1);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -395,6 +591,11 @@ SubGhzProtocolStatus subghz_protocol_decoder_fiat_marelli_deserialize(
|
||||
instance->extra_data = extra;
|
||||
}
|
||||
|
||||
uint32_t te = 0;
|
||||
if(flipper_format_read_uint32(flipper_format, "TE", &te, 1)) {
|
||||
instance->te_detected = te;
|
||||
}
|
||||
|
||||
fiat_marelli_rebuild_raw_data(instance);
|
||||
}
|
||||
|
||||
@@ -418,29 +619,35 @@ void subghz_protocol_decoder_fiat_marelli_get_string(void* context, FuriString*
|
||||
furi_check(context);
|
||||
SubGhzProtocolDecoderFiatMarelli* instance = context;
|
||||
|
||||
uint8_t total_bytes = (instance->bit_count + 7) / 8;
|
||||
if(total_bytes > 13) total_bytes = 13;
|
||||
uint8_t epoch = instance->raw_data[6] & 0xF;
|
||||
uint8_t counter = (instance->raw_data[7] >> 3) & 0x1F;
|
||||
const char* variant = (instance->te_detected &&
|
||||
instance->te_detected < FIAT_MARELLI_TE_TYPE_AB_BOUNDARY)
|
||||
? "B"
|
||||
: "A";
|
||||
uint8_t scramble = (instance->raw_data[7] >> 1) & 0x3;
|
||||
uint8_t fixed = instance->raw_data[7] & 0x1;
|
||||
|
||||
furi_string_cat_printf(
|
||||
output,
|
||||
"%s %dbit\r\n"
|
||||
"Sn:%08lX Btn:%s(0x%X)\r\n"
|
||||
"Roll:%02X%02X%02X%02X%02X%02X\r\n"
|
||||
"Data:",
|
||||
"Enc:%02X%02X%02X%02X%02X Scr:%02X\r\n"
|
||||
"Raw:%02X%02X Fixed:%X\r\n"
|
||||
"Sn:%08X Cnt:%02X\r\n"
|
||||
"Btn:%02X:[%s] Ep:%02X\r\n"
|
||||
"Tp:%s\r\n",
|
||||
instance->generic.protocol_name,
|
||||
instance->bit_count,
|
||||
instance->generic.serial,
|
||||
(int)instance->bit_count,
|
||||
instance->raw_data[8], instance->raw_data[9],
|
||||
instance->raw_data[10], instance->raw_data[11],
|
||||
instance->raw_data[12],
|
||||
(unsigned)scramble,
|
||||
instance->raw_data[6], instance->raw_data[7],
|
||||
(unsigned)fixed,
|
||||
(unsigned int)instance->generic.serial,
|
||||
(unsigned)counter,
|
||||
(unsigned)instance->generic.btn,
|
||||
fiat_marelli_button_name(instance->generic.btn),
|
||||
instance->generic.btn,
|
||||
instance->raw_data[7],
|
||||
instance->raw_data[8],
|
||||
instance->raw_data[9],
|
||||
(total_bytes > 10) ? instance->raw_data[10] : 0,
|
||||
(total_bytes > 11) ? instance->raw_data[11] : 0,
|
||||
(total_bytes > 12) ? instance->raw_data[12] : 0);
|
||||
|
||||
for(uint8_t i = 0; i < total_bytes; i++) {
|
||||
furi_string_cat_printf(output, "%02X", instance->raw_data[i]);
|
||||
}
|
||||
furi_string_cat_printf(output, "\r\n");
|
||||
(unsigned)epoch,
|
||||
variant);
|
||||
}
|
||||
|
||||
@@ -1,14 +1,6 @@
|
||||
#pragma once
|
||||
|
||||
#include <furi.h>
|
||||
#include <lib/subghz/protocols/base.h>
|
||||
#include <lib/subghz/types.h>
|
||||
#include <lib/subghz/blocks/const.h>
|
||||
#include <lib/subghz/blocks/decoder.h>
|
||||
#include <lib/subghz/blocks/encoder.h>
|
||||
#include <lib/subghz/blocks/generic.h>
|
||||
#include <lib/subghz/blocks/math.h>
|
||||
#include <lib/toolbox/manchester_decoder.h>
|
||||
#include "base.h"
|
||||
#include <flipper_format/flipper_format.h>
|
||||
|
||||
#define FIAT_MARELLI_PROTOCOL_NAME "Fiat Marelli"
|
||||
@@ -31,7 +23,6 @@ SubGhzProtocolStatus
|
||||
subghz_protocol_decoder_fiat_marelli_deserialize(void* context, FlipperFormat* flipper_format);
|
||||
void subghz_protocol_decoder_fiat_marelli_get_string(void* context, FuriString* output);
|
||||
|
||||
// Encoder stubs
|
||||
void* subghz_protocol_encoder_fiat_marelli_alloc(SubGhzEnvironment* environment);
|
||||
void subghz_protocol_encoder_fiat_marelli_free(void* context);
|
||||
SubGhzProtocolStatus
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
#include "../blocks/custom_btn_i.h"
|
||||
#include <lib/toolbox/manchester_decoder.h>
|
||||
#include <flipper_format/flipper_format.h>
|
||||
#include <furi_hal_crypto.h>
|
||||
|
||||
#define TAG "SubGhzProtocolKiaV6"
|
||||
|
||||
@@ -43,29 +44,6 @@ static const uint8_t aes_sbox[256] = {
|
||||
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
|
||||
};
|
||||
|
||||
static const uint8_t aes_sbox_inv[256] = {
|
||||
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
|
||||
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
|
||||
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
|
||||
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
|
||||
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
|
||||
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
|
||||
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
|
||||
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
|
||||
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
|
||||
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
|
||||
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
|
||||
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
|
||||
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
|
||||
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
|
||||
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
|
||||
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
|
||||
};
|
||||
|
||||
static const uint8_t aes_rcon[10] = {
|
||||
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
|
||||
};
|
||||
|
||||
struct SubGhzProtocolDecoderKiaV6 {
|
||||
SubGhzProtocolDecoderBase base;
|
||||
SubGhzBlockDecoder decoder;
|
||||
@@ -159,181 +137,6 @@ static uint8_t kia_v6_custom_to_btn(uint8_t custom) {
|
||||
}
|
||||
}
|
||||
|
||||
static uint8_t gf_mul2(uint8_t x) {
|
||||
return ((x >> 7) * 0x1b) ^ (x << 1);
|
||||
}
|
||||
|
||||
static void aes_subbytes_inv(uint8_t* state) {
|
||||
for (int row = 0; row < 4; row++) {
|
||||
for (int col = 0; col < 4; col++) {
|
||||
state[row + col * 4] = aes_sbox_inv[state[row + col * 4]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_shiftrows_inv(uint8_t* state) {
|
||||
uint8_t temp;
|
||||
temp = state[13];
|
||||
state[13] = state[9];
|
||||
state[9] = state[5];
|
||||
state[5] = state[1];
|
||||
state[1] = temp;
|
||||
|
||||
temp = state[2];
|
||||
state[2] = state[10];
|
||||
state[10] = temp;
|
||||
temp = state[6];
|
||||
state[6] = state[14];
|
||||
state[14] = temp;
|
||||
|
||||
temp = state[3];
|
||||
state[3] = state[7];
|
||||
state[7] = state[11];
|
||||
state[11] = state[15];
|
||||
state[15] = temp;
|
||||
}
|
||||
|
||||
static void aes_mixcolumns_inv(uint8_t* state) {
|
||||
uint8_t a, b, c, d;
|
||||
for(int i = 0; i < 4; i++) {
|
||||
a = state[i*4];
|
||||
b = state[i*4+1];
|
||||
c = state[i*4+2];
|
||||
d = state[i*4+3];
|
||||
|
||||
uint8_t a2 = gf_mul2(a);
|
||||
uint8_t a4 = gf_mul2(a2);
|
||||
uint8_t a8 = gf_mul2(a4);
|
||||
uint8_t b2 = gf_mul2(b);
|
||||
uint8_t b4 = gf_mul2(b2);
|
||||
uint8_t b8 = gf_mul2(b4);
|
||||
uint8_t c2 = gf_mul2(c);
|
||||
uint8_t c4 = gf_mul2(c2);
|
||||
uint8_t c8 = gf_mul2(c4);
|
||||
uint8_t d2 = gf_mul2(d);
|
||||
uint8_t d4 = gf_mul2(d2);
|
||||
uint8_t d8 = gf_mul2(d4);
|
||||
|
||||
state[i*4] = (a8^a4^a2) ^ (b8^b2^b) ^ (c8^c4^c) ^ (d8^d);
|
||||
state[i*4+1] = (a8^a) ^ (b8^b4^b2) ^ (c8^c2^c) ^ (d8^d4^d);
|
||||
state[i*4+2] = (a8^a4^a) ^ (b8^b) ^ (c8^c4^c2) ^ (d8^d2^d);
|
||||
state[i*4+3] = (a8^a2^a) ^ (b8^b4^b) ^ (c8^c) ^ (d8^d4^d2);
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_addroundkey(uint8_t* state, const uint8_t* round_key) {
|
||||
for (int col = 0; col < 4; col++) {
|
||||
state[col * 4] ^= round_key[col * 4];
|
||||
state[col * 4 + 1] ^= round_key[col * 4 + 1];
|
||||
state[col * 4 + 2] ^= round_key[col * 4 + 2];
|
||||
state[col * 4 + 3] ^= round_key[col * 4 + 3];
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_subbytes(uint8_t* state) {
|
||||
for (int row = 0; row < 4; row++) {
|
||||
for (int col = 0; col < 4; col++) {
|
||||
state[row + col * 4] = aes_sbox[state[row + col * 4]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_shiftrows(uint8_t* state) {
|
||||
uint8_t temp;
|
||||
temp = state[1];
|
||||
state[1] = state[5];
|
||||
state[5] = state[9];
|
||||
state[9] = state[13];
|
||||
state[13] = temp;
|
||||
temp = state[2];
|
||||
state[2] = state[10];
|
||||
state[10] = temp;
|
||||
temp = state[6];
|
||||
state[6] = state[14];
|
||||
state[14] = temp;
|
||||
temp = state[3];
|
||||
state[3] = state[15];
|
||||
state[15] = state[11];
|
||||
state[11] = state[7];
|
||||
state[7] = temp;
|
||||
}
|
||||
|
||||
static void aes_mixcolumns(uint8_t* state) {
|
||||
uint8_t a, b, c, d;
|
||||
for (int i = 0; i < 4; i++) {
|
||||
a = state[i * 4];
|
||||
b = state[i * 4 + 1];
|
||||
c = state[i * 4 + 2];
|
||||
d = state[i * 4 + 3];
|
||||
state[i * 4] = gf_mul2(a) ^ gf_mul2(b) ^ b ^ c ^ d;
|
||||
state[i * 4 + 1] = a ^ gf_mul2(b) ^ gf_mul2(c) ^ c ^ d;
|
||||
state[i * 4 + 2] = a ^ b ^ gf_mul2(c) ^ gf_mul2(d) ^ d;
|
||||
state[i * 4 + 3] = gf_mul2(a) ^ a ^ b ^ c ^ gf_mul2(d);
|
||||
}
|
||||
}
|
||||
|
||||
static void aes_key_expansion(const uint8_t* key, uint8_t* round_keys) {
|
||||
for (int i = 0; i < 16; i++) {
|
||||
round_keys[i] = key[i];
|
||||
}
|
||||
for (int i = 4; i < 44; i++) {
|
||||
int prev_word_idx = (i - 1) * 4;
|
||||
uint8_t b0 = round_keys[prev_word_idx];
|
||||
uint8_t b1 = round_keys[prev_word_idx + 1];
|
||||
uint8_t b2 = round_keys[prev_word_idx + 2];
|
||||
uint8_t b3 = round_keys[prev_word_idx + 3];
|
||||
if ((i % 4) == 0) {
|
||||
uint8_t new_b0 = aes_sbox[b1] ^ aes_rcon[(i / 4) - 1];
|
||||
uint8_t new_b1 = aes_sbox[b2];
|
||||
uint8_t new_b2 = aes_sbox[b3];
|
||||
uint8_t new_b3 = aes_sbox[b0];
|
||||
b0 = new_b0; b1 = new_b1; b2 = new_b2; b3 = new_b3;
|
||||
}
|
||||
int back_word_idx = (i - 4) * 4;
|
||||
b0 ^= round_keys[back_word_idx];
|
||||
b1 ^= round_keys[back_word_idx + 1];
|
||||
b2 ^= round_keys[back_word_idx + 2];
|
||||
b3 ^= round_keys[back_word_idx + 3];
|
||||
int curr_word_idx = i * 4;
|
||||
round_keys[curr_word_idx] = b0;
|
||||
round_keys[curr_word_idx + 1] = b1;
|
||||
round_keys[curr_word_idx + 2] = b2;
|
||||
round_keys[curr_word_idx + 3] = b3;
|
||||
}
|
||||
}
|
||||
|
||||
static void aes128_decrypt(const uint8_t* expanded_key, uint8_t* data) {
|
||||
uint8_t state[16];
|
||||
memcpy(state, data, 16);
|
||||
aes_addroundkey(state, &expanded_key[160]);
|
||||
for (int round = 9; round > 0; round--) {
|
||||
aes_shiftrows_inv(state);
|
||||
aes_subbytes_inv(state);
|
||||
aes_addroundkey(state, &expanded_key[round*16]);
|
||||
aes_mixcolumns_inv(state);
|
||||
}
|
||||
aes_shiftrows_inv(state);
|
||||
aes_subbytes_inv(state);
|
||||
aes_addroundkey(state, &expanded_key[0]);
|
||||
memcpy(data, state, 16);
|
||||
}
|
||||
|
||||
static void aes128_encrypt(const uint8_t* expanded_key, uint8_t* data) {
|
||||
uint8_t state[16];
|
||||
memcpy(state, data, 16);
|
||||
aes_addroundkey(state, &expanded_key[0]);
|
||||
for (int round = 1; round < 10; round++) {
|
||||
aes_subbytes(state);
|
||||
aes_shiftrows(state);
|
||||
aes_mixcolumns(state);
|
||||
aes_addroundkey(state, &expanded_key[round * 16]);
|
||||
}
|
||||
aes_subbytes(state);
|
||||
aes_shiftrows(state);
|
||||
aes_addroundkey(state, &expanded_key[160]);
|
||||
memcpy(data, state, 16);
|
||||
}
|
||||
|
||||
static void get_kia_v6_aes_key(uint8_t* aes_key) {
|
||||
uint64_t keystore_a = 0x37CE21F8C9F862A8ULL ^ 0x5448455049524154ULL;
|
||||
uint32_t keystore_a_hi = (keystore_a >> 32) & 0xFFFFFFFF;
|
||||
@@ -381,9 +184,9 @@ static bool kia_v6_decrypt(SubGhzProtocolDecoderKiaV6* instance) {
|
||||
|
||||
uint8_t aes_key[16];
|
||||
get_kia_v6_aes_key(aes_key);
|
||||
uint8_t expanded_key[176];
|
||||
aes_key_expansion(aes_key, expanded_key);
|
||||
aes128_decrypt(expanded_key, encrypted_data);
|
||||
uint8_t decrypted_buf[16];
|
||||
furi_hal_crypto_aes128_ecb_decrypt(aes_key, encrypted_data, decrypted_buf);
|
||||
memcpy(encrypted_data, decrypted_buf, 16);
|
||||
|
||||
uint8_t *decrypted = encrypted_data;
|
||||
uint8_t calculated_crc = kia_v6_crc8(decrypted, 15, 0xFF, 0x07);
|
||||
@@ -444,9 +247,9 @@ static void kia_v6_encrypt_payload(
|
||||
|
||||
uint8_t aes_key[16];
|
||||
get_kia_v6_aes_key(aes_key);
|
||||
uint8_t expanded_key[176];
|
||||
aes_key_expansion(aes_key, expanded_key);
|
||||
aes128_encrypt(expanded_key, plain);
|
||||
uint8_t encrypted[16];
|
||||
furi_hal_crypto_aes128_ecb_encrypt(aes_key, plain, encrypted);
|
||||
memcpy(plain, encrypted, 16);
|
||||
|
||||
uint8_t fx_hi = 0x20 | (fx_field >> 4);
|
||||
uint8_t fx_lo = fx_field & 0x0F;
|
||||
|
||||
@@ -1248,6 +1248,8 @@ Function,+,furi_hal_crypto_enclave_load_key,_Bool,"uint8_t, const uint8_t*"
|
||||
Function,+,furi_hal_crypto_enclave_store_key,_Bool,"FuriHalCryptoKey*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_enclave_unload_key,_Bool,uint8_t
|
||||
Function,+,furi_hal_crypto_enclave_verify,_Bool,"uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_aes128_ecb_decrypt,_Bool,"const uint8_t*, const uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_aes128_ecb_encrypt,_Bool,"const uint8_t*, const uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_encrypt,_Bool,"const uint8_t*, uint8_t*, size_t"
|
||||
Function,+,furi_hal_crypto_gcm,_Bool,"const uint8_t*, const uint8_t*, const uint8_t*, size_t, const uint8_t*, uint8_t*, size_t, uint8_t*, _Bool"
|
||||
Function,+,furi_hal_crypto_gcm_decrypt_and_verify,FuriHalCryptoGCMState,"const uint8_t*, const uint8_t*, const uint8_t*, size_t, const uint8_t*, uint8_t*, size_t, const uint8_t*"
|
||||
|
||||
|
@@ -1454,6 +1454,8 @@ Function,+,furi_hal_crypto_enclave_load_key,_Bool,"uint8_t, const uint8_t*"
|
||||
Function,+,furi_hal_crypto_enclave_store_key,_Bool,"FuriHalCryptoKey*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_enclave_unload_key,_Bool,uint8_t
|
||||
Function,+,furi_hal_crypto_enclave_verify,_Bool,"uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_aes128_ecb_decrypt,_Bool,"const uint8_t*, const uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_aes128_ecb_encrypt,_Bool,"const uint8_t*, const uint8_t*, uint8_t*"
|
||||
Function,+,furi_hal_crypto_encrypt,_Bool,"const uint8_t*, uint8_t*, size_t"
|
||||
Function,+,furi_hal_crypto_gcm,_Bool,"const uint8_t*, const uint8_t*, const uint8_t*, size_t, const uint8_t*, uint8_t*, size_t, uint8_t*, _Bool"
|
||||
Function,+,furi_hal_crypto_gcm_decrypt_and_verify,FuriHalCryptoGCMState,"const uint8_t*, const uint8_t*, const uint8_t*, size_t, const uint8_t*, uint8_t*, size_t, const uint8_t*"
|
||||
|
||||
|
@@ -21,9 +21,11 @@
|
||||
#define CRYPTO_MODE_DECRYPT (AES_CR_MODE_1)
|
||||
#define CRYPTO_MODE_DECRYPT_INIT (AES_CR_MODE_0 | AES_CR_MODE_1)
|
||||
|
||||
#define CRYPTO_DATATYPE_32B 0U
|
||||
#define CRYPTO_KEYSIZE_256B (AES_CR_KEYSIZE)
|
||||
#define CRYPTO_AES_CBC (AES_CR_CHMOD_0)
|
||||
#define CRYPTO_DATATYPE_32B 0U
|
||||
#define CRYPTO_DATATYPE_8B (AES_CR_DATATYPE_1)
|
||||
#define CRYPTO_KEYSIZE_256B (AES_CR_KEYSIZE)
|
||||
#define CRYPTO_AES_ECB 0U
|
||||
#define CRYPTO_AES_CBC (AES_CR_CHMOD_0)
|
||||
|
||||
#define CRYPTO_AES_CTR (AES_CR_CHMOD_1)
|
||||
#define CRYPTO_CTR_IV_LEN (12U)
|
||||
@@ -748,3 +750,72 @@ FuriHalCryptoGCMState furi_hal_crypto_gcm_decrypt_and_verify(
|
||||
|
||||
return FuriHalCryptoGCMStateOk;
|
||||
}
|
||||
|
||||
static void crypto_key_init_ecb128(const uint8_t* key) {
|
||||
CLEAR_BIT(AES1->CR, AES_CR_EN);
|
||||
MODIFY_REG(
|
||||
AES1->CR,
|
||||
AES_CR_DATATYPE | AES_CR_KEYSIZE | AES_CR_CHMOD,
|
||||
CRYPTO_DATATYPE_8B | CRYPTO_AES_ECB);
|
||||
|
||||
AES1->KEYR3 = ((uint32_t*)key)[0];
|
||||
AES1->KEYR2 = ((uint32_t*)key)[1];
|
||||
AES1->KEYR1 = ((uint32_t*)key)[2];
|
||||
AES1->KEYR0 = ((uint32_t*)key)[3];
|
||||
}
|
||||
|
||||
bool furi_hal_crypto_aes128_ecb_encrypt(
|
||||
const uint8_t* key,
|
||||
const uint8_t* input,
|
||||
uint8_t* output) {
|
||||
furi_check(furi_hal_crypto_mutex);
|
||||
furi_check(furi_mutex_acquire(furi_hal_crypto_mutex, FuriWaitForever) == FuriStatusOk);
|
||||
|
||||
furi_hal_bus_enable(FuriHalBusAES1);
|
||||
crypto_key_init_ecb128(key);
|
||||
|
||||
MODIFY_REG(AES1->CR, AES_CR_MODE, CRYPTO_MODE_ENCRYPT);
|
||||
SET_BIT(AES1->CR, AES_CR_EN);
|
||||
|
||||
bool state = crypto_process_block((uint32_t*)input, (uint32_t*)output, 4);
|
||||
|
||||
CLEAR_BIT(AES1->CR, AES_CR_EN);
|
||||
furi_hal_bus_disable(FuriHalBusAES1);
|
||||
furi_check(furi_mutex_release(furi_hal_crypto_mutex) == FuriStatusOk);
|
||||
|
||||
return state;
|
||||
}
|
||||
|
||||
bool furi_hal_crypto_aes128_ecb_decrypt(
|
||||
const uint8_t* key,
|
||||
const uint8_t* input,
|
||||
uint8_t* output) {
|
||||
furi_check(furi_hal_crypto_mutex);
|
||||
furi_check(furi_mutex_acquire(furi_hal_crypto_mutex, FuriWaitForever) == FuriStatusOk);
|
||||
|
||||
furi_hal_bus_enable(FuriHalBusAES1);
|
||||
crypto_key_init_ecb128(key);
|
||||
|
||||
MODIFY_REG(AES1->CR, AES_CR_MODE, CRYPTO_MODE_DECRYPT_INIT);
|
||||
SET_BIT(AES1->CR, AES_CR_EN);
|
||||
|
||||
if(!furi_hal_crypto_wait_flag(AES_SR_CCF)) {
|
||||
CLEAR_BIT(AES1->CR, AES_CR_EN);
|
||||
furi_hal_bus_disable(FuriHalBusAES1);
|
||||
furi_check(furi_mutex_release(furi_hal_crypto_mutex) == FuriStatusOk);
|
||||
return false;
|
||||
}
|
||||
|
||||
SET_BIT(AES1->CR, AES_CR_CCFC);
|
||||
|
||||
MODIFY_REG(AES1->CR, AES_CR_MODE, CRYPTO_MODE_DECRYPT);
|
||||
SET_BIT(AES1->CR, AES_CR_EN);
|
||||
|
||||
bool state = crypto_process_block((uint32_t*)input, (uint32_t*)output, 4);
|
||||
|
||||
CLEAR_BIT(AES1->CR, AES_CR_EN);
|
||||
furi_hal_bus_disable(FuriHalBusAES1);
|
||||
furi_check(furi_mutex_release(furi_hal_crypto_mutex) == FuriStatusOk);
|
||||
|
||||
return state;
|
||||
}
|
||||
|
||||
@@ -290,6 +290,32 @@ FuriHalCryptoGCMState furi_hal_crypto_gcm_decrypt_and_verify(
|
||||
size_t length,
|
||||
const uint8_t* tag);
|
||||
|
||||
/** Encrypt a single 16-byte block using AES-128-ECB
|
||||
*
|
||||
* @param[in] key pointer to 16 bytes key data
|
||||
* @param[in] input pointer to 16 bytes input data
|
||||
* @param[out] output pointer to 16 bytes output data
|
||||
*
|
||||
* @return true on success
|
||||
*/
|
||||
bool furi_hal_crypto_aes128_ecb_encrypt(
|
||||
const uint8_t* key,
|
||||
const uint8_t* input,
|
||||
uint8_t* output);
|
||||
|
||||
/** Decrypt a single 16-byte block using AES-128-ECB
|
||||
*
|
||||
* @param[in] key pointer to 16 bytes key data
|
||||
* @param[in] input pointer to 16 bytes input data
|
||||
* @param[out] output pointer to 16 bytes output data
|
||||
*
|
||||
* @return true on success
|
||||
*/
|
||||
bool furi_hal_crypto_aes128_ecb_decrypt(
|
||||
const uint8_t* key,
|
||||
const uint8_t* input,
|
||||
uint8_t* output);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user