STM32F103+RTT从零开始(三)—— S50门禁卡复制
近期因为各种原因,重新租了个房子住,小区外面有门禁系统,楼下也有个门禁系统。房东只给了一套门禁卡,而我家人也需要门禁卡,所以我就去小区物业那里补卡,结果小区物业那里只能补小区的门禁卡,楼下的门禁卡需要在另外个地方补。物业工作人员给说了下地方,我找了下没找到,又想起了我一年前买了个RFID模块和十几个空白门禁卡,还没开封。又正好时值国庆,空闲时间比较多,不如自己来复制吧。
基础知识
一两个月前,我写了两篇STM32F103+RTT的入门博客。那两篇是非常基础的,到这里直接就是复制门禁卡,看起来好像不是循序渐进。不过也是没法子,毕竟现在从事的工作和这些完全不沾边,工作又忙,所以没太多时间来一步一步学习并且写博客,只能玩到哪是哪了。
先看了下门禁卡的分类和一些基础资料,了解到我新租住的房子所在的小区用的门禁卡是S50类型的。它具有16个 扇区,每个扇区具有四个Block,分别为0、1、2、3,每个Block可以存储16字节的数据。其中每个扇区的Block3存储的为6字节A密码+4字节控制位+6字节B密码。另外第一扇区的Block0存储的为卡号以及厂商的基本信息。卡就是下面的这个鬼样子:
一般来说,第一扇区的Block0下内容是不能更改的,我原以为小区门禁卡是通过其他扇区的数据来做验证的,后面写好了读数据的代码,发现从门禁卡中从数据块中读取的数据都是0,只有密码区、控制区及ID下第一扇区的Block0中有数据。所以我们的那个小区中的门禁卡应该是通过卡的第一扇区的Block0中的信息来验证的。也就是说我们要做的是复制整个卡,包括第一扇区的Block0。
要复制第一扇区的Block0,普通的IC卡就不行了,我之前买的卡就是普通的IC卡,鼓捣了很久,一直以为是程序写的有问题,后来才发现是卡不行。没办法,只能重新买卡了。
选卡也要选择合适的卡,查了下资料,能够修改第一扇区Block0的兼容S50类型的卡,有UID卡(可以使用后门指令无限制重复修改第一扇区Block0,会响应后门指令)、CUID卡(可以使用后门指令无限制重复修改第一扇区的Block0,不会响应后门指令)、FUID卡(使用普通指令,只能修改一次第一扇区的Block0)等。根据上面的说明,可以知道,UID卡可以无限制修改,但是由于会响应后门指令,所以如果门禁系统有检测后门指令并且禁用,那就不能用了。CUID不响应后门指令,但是由于可以用后面指令修改,门禁系统如果先去修改一下,确认不能修改,再进行门禁验证,那么CUID的卡就也不能用了。FUID显然是最保险的,但是从价格来说,FUID(2.2元) > CUID(1.3元) > UID(0.78元)。
所以我先试了下房东给的门禁卡,发现它是可以被修改的,而且也会响应后门指令,那么考虑性价比,当然是买UID卡了。10块钱13个还包邮,加上8块钱不到的一个RFID-RC522,一共18块钱(PS : 物业那里20块钱一个门禁卡,真坑)。
门禁卡复制实现
上面提到修改门禁卡第一扇区Block0是需要使用后门指令的,直接按照普通的写数据的方式进行修改,是无法修改的。既然主要目的是复制门禁卡,懒得重复去造轮子了。我之前买的RFID-RC522模块,使用的是SPI的通信模式,淘宝上搜索,应该很多都是这样的,如下图所示:
对,买的就是这样没焊脚的,然后我又买了个电烙铁套装。。。
然后上位机还是使用之前的那个STM32F103C8T6。
RC522驱动程序
然后再网上找了下STM32F103下RC522的驱动程序,并增加利用后门指令写第一扇区block0的代码如下:
驱动头文件rc522.h
#ifndef __RC522_H
#define __RC522_H
#define MF522_RST_PIN GPIO_Pin_0
#define MF522_RST_PORT GPIOB
#define MF522_RST_CLK RCC_APB2Periph_GPIOB
#define MF522_MISO_PIN GPIO_Pin_6
#define MF522_MISO_PORT GPIOA
#define MF522_MISO_CLK RCC_APB2Periph_GPIOA
#define MF522_MOSI_PIN GPIO_Pin_7
#define MF522_MOSI_PORT GPIOA
#define MF522_MOSI_CLK RCC_APB2Periph_GPIOA
#define MF522_SCK_PIN GPIO_Pin_5
#define MF522_SCK_PORT GPIOA
#define MF522_SCK_CLK RCC_APB2Periph_GPIOA
#define MF522_NSS_PIN GPIO_Pin_4
#define MF522_NSS_PORT GPIOA
#define MF522_NSS_CLK RCC_APB2Periph_GPIOA
#define RST_H GPIO_SetBits(MF522_RST_PORT, MF522_RST_PIN)
#define RST_L GPIO_ResetBits(MF522_RST_PORT, MF522_RST_PIN)
#define MOSI_H GPIO_SetBits(MF522_MOSI_PORT, MF522_MOSI_PIN)
#define MOSI_L GPIO_ResetBits(MF522_MOSI_PORT, MF522_MOSI_PIN)
#define SCK_H GPIO_SetBits(MF522_SCK_PORT, MF522_SCK_PIN)
#define SCK_L GPIO_ResetBits(MF522_SCK_PORT, MF522_SCK_PIN)
#define NSS_H GPIO_SetBits(MF522_NSS_PORT, MF522_NSS_PIN)
#define NSS_L GPIO_ResetBits(MF522_NSS_PORT, MF522_NSS_PIN)
#define READ_MISO GPIO_ReadInputDataBit(MF522_MISO_PORT, MF522_MISO_PIN)
// ????
void PcdInit(void);
char PcdReset(void);
void PcdAntennaOn(void);
void PcdAntennaOff(void);
char PcdRequest(unsigned char req_code,unsigned char *pTagType);
char PcdAnticoll(unsigned char *pSnr);
char PcdSelect(unsigned char *pSnr);
char PcdAuthState(unsigned char auth_mode,unsigned char addr,unsigned char *pKey,unsigned char *pSnr);
char PcdRead(unsigned char addr,unsigned char *pData);
char PcdWrite(unsigned char addr,unsigned char *pData);
char PcdValue(unsigned char dd_mode,unsigned char addr,unsigned char *pValue);
char PcdBakValue(unsigned char sourceaddr, unsigned char goaladdr);
char PcdHalt(void);
char PcdComMF522(unsigned char Command,
unsigned char *pInData,
unsigned char InLenByte,
unsigned char *pOutData,
unsigned int *pOutLenBit);
void CalulateCRC(unsigned char *pIndata,unsigned char len,unsigned char *pOutData);
void WriteRawRC(unsigned char Address,unsigned char value);
unsigned char ReadRawRC(unsigned char Address);
void SetBitMask(unsigned char reg,unsigned char mask);
void ClearBitMask(unsigned char reg,unsigned char mask);
char M500PcdConfigISOType(unsigned char type);
void delay_10ms(unsigned int _10ms);
void WaitCardOff(void);
char PcdSpicelWrite(unsigned char *pData);
#define PCD_IDLE 0x00
#define PCD_AUTHENT 0x0E
#define PCD_RECEIVE 0x08
#define PCD_TRANSMIT 0x04
#define PCD_TRANSCEIVE 0x0C
#define PCD_RESETPHASE 0x0F
#define PCD_CALCCRC 0x03
#define PICC_REQIDL 0x26
#define PICC_REQALL 0x52
#define PICC_ANTICOLL1 0x93
#define PICC_ANTICOLL2 0x95
#define PICC_AUTHENT1A 0x60
#define PICC_AUTHENT1B 0x61
#define PICC_READ 0x30
#define PICC_WRITE 0xA0
#define PICC_DECREMENT 0xC0
#define PICC_INCREMENT 0xC1
#define PICC_RESTORE 0xC2
#define PICC_TRANSFER 0xB0
#define PICC_HALT 0x50
#define PCD_SPECIAL_COPY 0x43
#define DEF_FIFO_LENGTH 64
#define RFU00 0x00
#define CommandReg 0x01
#define ComIEnReg 0x02
#define DivlEnReg 0x03
#define ComIrqReg 0x04
#define DivIrqReg 0x05
#define ErrorReg 0x06
#define Status1Reg 0x07
#define Status2Reg 0x08
#define FIFODataReg 0x09
#define FIFOLevelReg 0x0A
#define WaterLevelReg 0x0B
#define ControlReg 0x0C
#define BitFramingReg 0x0D
#define CollReg 0x0E
#define RFU0F 0x0F
// PAGE 1
#define RFU10 0x10
#define ModeReg 0x11
#define TxModeReg 0x12
#define RxModeReg 0x13
#define TxControlReg 0x14
#define TxAutoReg 0x15
#define TxSelReg 0x16
#define RxSelReg 0x17
#define RxThresholdReg 0x18
#define DemodReg 0x19
#define RFU1A 0x1A
#define RFU1B 0x1B
#define MifareReg 0x1C
#define RFU1D 0x1D
#define RFU1E 0x1E
#define SerialSpeedReg 0x1F
// PAGE 2
#define RFU20 0x20
#define CRCResultRegM 0x21
#define CRCResultRegL 0x22
#define RFU23 0x23
#define ModWidthReg 0x24
#define RFU25 0x25
#define RFCfgReg 0x26
#define GsNReg 0x27
#define CWGsCfgReg 0x28
#define ModGsCfgReg 0x29
#define TModeReg 0x2A
#define TPrescalerReg 0x2B
#define TReloadRegH 0x2C
#define TReloadRegL 0x2D
#define TCounterValueRegH 0x2E
#define TCounterValueRegL 0x2F
// PAGE 3
#define RFU30 0x30
#define TestSel1Reg 0x31
#define TestSel2Reg 0x32
#define TestPinEnReg 0x33
#define TestPinValueReg 0x34
#define TestBusReg 0x35
#define AutoTestReg 0x36
#define VersionReg 0x37
#define AnalogTestReg 0x38
#define TestDAC1Reg 0x39
#define TestDAC2Reg 0x3A
#define TestADCReg 0x3B
#define RFU3C 0x3C
#define RFU3D 0x3D
#define RFU3E 0x3E
#define RFU3F 0x3F
#define REQ_ALL 0x52
#define KEYA 0x60
#define KEYB 0x61
#define MI_OK (char)0
#define MI_NOTAGERR (char)(-1)
#define MI_ERR (char)(-2)
#endif
驱动实现rc522.c
#include "rc522.h"
#include "stm32f10x_gpio.h"
#define MAXRLEN 18
void PcdInit()
{
GPIO_InitTypeDef GPIO_InitStructure;
/* Enable the GPIO Clock */
RCC_APB2PeriphClockCmd(MF522_RST_CLK, ENABLE);
/* Configure the GPIO pin */
GPIO_InitStructure.GPIO_Pin = MF522_RST_PIN;
GPIO_InitStructure.GPIO_Mode = GPIO_Mode_Out_PP;
GPIO_InitStructure.GPIO_Speed = GPIO_Speed_2MHz;
GPIO_Init(MF522_RST_PORT, &GPIO_InitStructure);
/* Enable the GPIO Clock */
RCC_APB2PeriphClockCmd(MF522_MISO_CLK, ENABLE);
/* Configure the GPIO pin */
GPIO_InitStructure.GPIO_Pin = MF522_MISO_PIN;
GPIO_InitStructure.GPIO_Mode = GPIO_Mode_IN_FLOATING;
GPIO_InitStructure.GPIO_Speed = GPIO_Speed_2MHz;
GPIO_Init(MF522_MISO_PORT, &GPIO_InitStructure);
/* Enable the GPIO Clock */
RCC_APB2PeriphClockCmd(MF522_MOSI_CLK, ENABLE);
/* Configure the GPIO pin */
GPIO_InitStructure.GPIO_Pin = MF522_MOSI_PIN;
GPIO_InitStructure.GPIO_Mode = GPIO_Mode_Out_PP;
GPIO_InitStructure.GPIO_Speed = GPIO_Speed_2MHz;
GPIO_Init(MF522_MOSI_PORT, &GPIO_InitStructure);
/* Enable the GPIO Clock */
RCC_APB2PeriphClockCmd(MF522_SCK_CLK, ENABLE);
/* Configure the GPIO pin */
GPIO_InitStructure.GPIO_Pin = MF522_SCK_PIN;
GPIO_InitStructure.GPIO_Mode = GPIO_Mode_Out_PP;
GPIO_InitStructure.GPIO_Speed = GPIO_Speed_2MHz;
GPIO_Init(MF522_SCK_PORT, &GPIO_InitStructure);
/* Enable the GPIO Clock */
RCC_APB2PeriphClockCmd(MF522_NSS_CLK, ENABLE);
/* Configure the GPIO pin */
GPIO_InitStructure.GPIO_Pin = MF522_NSS_PIN;
GPIO_InitStructure.GPIO_Mode = GPIO_Mode_Out_PP;
GPIO_InitStructure.GPIO_Speed = GPIO_Speed_2MHz;
GPIO_Init(MF522_NSS_PORT, &GPIO_InitStructure);
}
char PcdRequest(unsigned char req_code,unsigned char *pTagType)
{
char status;
unsigned int unLen;
unsigned char ucComMF522Buf[MAXRLEN];
ClearBitMask(Status2Reg,0x08);
WriteRawRC(BitFramingReg,0x07);
SetBitMask(TxControlReg,0x03);
ucComMF522Buf[0] = req_code;
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,1,ucComMF522Buf,&unLen);
// if(status == MI_OK )
// { LED_GREEN =0 ;}
// else {LED_GREEN =1 ;}
if ((status == MI_OK) && (unLen == 0x10))
{
*pTagType = ucComMF522Buf[0];
*(pTagType+1) = ucComMF522Buf[1];
}
else
{ status = MI_ERR; }
return status;
}
char PcdAnticoll(unsigned char *pSnr)
{
char status;
unsigned char i,snr_check=0;
unsigned int unLen;
unsigned char ucComMF522Buf[MAXRLEN];
ClearBitMask(Status2Reg,0x08);
WriteRawRC(BitFramingReg,0x00);
ClearBitMask(CollReg,0x80);
ucComMF522Buf[0] = PICC_ANTICOLL1;
ucComMF522Buf[1] = 0x20;
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,2,ucComMF522Buf,&unLen);
if (status == MI_OK)
{
for (i=0; i<4; i++)
{
*(pSnr+i) = ucComMF522Buf[i];
snr_check ^= ucComMF522Buf[i];
}
if (snr_check != ucComMF522Buf[i])
{ status = MI_ERR; }
}
SetBitMask(CollReg,0x80);
return status;
}
char PcdSelect(unsigned char *pSnr)
{
char status;
unsigned char i;
unsigned int unLen;
unsigned char ucComMF522Buf[MAXRLEN];
ucComMF522Buf[0] = PICC_ANTICOLL1;
ucComMF522Buf[1] = 0x70;
ucComMF522Buf[6] = 0;
for (i=0; i<4; i++)
{
ucComMF522Buf[i+2] = *(pSnr+i);
ucComMF522Buf[6] ^= *(pSnr+i);
}
CalulateCRC(ucComMF522Buf,7,&ucComMF522Buf[7]);
ClearBitMask(Status2Reg,0x08);
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,9,ucComMF522Buf,&unLen);
if ((status == MI_OK) && (unLen == 0x18))
{ status = MI_OK; }
else
{ status = MI_ERR; }
return status;
}
char PcdAuthState(unsigned char auth_mode,unsigned char addr,unsigned char *pKey,unsigned char *pSnr)
{
char status;
unsigned int unLen;
unsigned char i,ucComMF522Buf[MAXRLEN];
ucComMF522Buf[0] = auth_mode;
ucComMF522Buf[1] = addr;
for (i=0; i<6; i++)
{ ucComMF522Buf[i+2] = *(pKey+i); }
for (i=0; i<6; i++)
{ ucComMF522Buf[i+8] = *(pSnr+i); }
// memcpy(&ucComMF522Buf[2], pKey, 6);
// memcpy(&ucComMF522Buf[8], pSnr, 4);
status = PcdComMF522(PCD_AUTHENT,ucComMF522Buf,12,ucComMF522Buf,&unLen);
if ((status != MI_OK) || (!(ReadRawRC(Status2Reg) & 0x08)))
{ status = MI_ERR; }
return status;
}
char PcdRead(unsigned char addr,unsigned char *pData)
{
char status;
unsigned int unLen;
unsigned char i,ucComMF522Buf[MAXRLEN];
ucComMF522Buf[0] = PICC_READ;
ucComMF522Buf[1] = addr;
CalulateCRC(ucComMF522Buf,2,&ucComMF522Buf[2]);
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,4,ucComMF522Buf,&unLen);
if ((status == MI_OK) && (unLen == 0x90))
// { memcpy(pData, ucComMF522Buf, 16); }
{
for (i=0; i<16; i++)
{ *(pData+i) = ucComMF522Buf[i]; }
}
else
{ status = MI_ERR; }
return status;
}
char PcdWrite(unsigned char addr,unsigned char *pData)
{
char status;
unsigned int unLen;
unsigned char i,ucComMF522Buf[MAXRLEN];
ucComMF522Buf[0] = PICC_WRITE;
ucComMF522Buf[1] = addr;
CalulateCRC(ucComMF522Buf,2,&ucComMF522Buf[2]);
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,4,ucComMF522Buf,&unLen);
if ((status != MI_OK) || (unLen != 4) || ((ucComMF522Buf[0] & 0x0F) != 0x0A))
{ status = MI_ERR; }
if (status == MI_OK)
{
//memcpy(ucComMF522Buf, pData, 16);
for (i=0; i<16; i++)
{ ucComMF522Buf[i] = *(pData+i); }
CalulateCRC(ucComMF522Buf,16,&ucComMF522Buf[16]);
status = PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,18,ucComMF522Buf,&unLen);
if ((status != MI_OK) || (unLen != 4) || ((ucComMF522Buf[0] & 0x0F) != 0x0A))
{ status = MI_ERR; }
}
return status;
}
//这个是写第一扇区Block0的代码
char PcdSpicelWrite(unsigned char *pData)
{
char status;
unsigned int unLen;
unsigned char i,ucComMF522Buf[MAXRLEN];
//需要使用以下步骤开启后门
PcdHalt();
WriteRawRC(BitFramingReg, 0x07);
//WriteRawRC(CommandReg, 0x40);
ucComMF522Buf[0] = 0x40;
PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,1,ucComMF522Buf,&unLen);
WriteRawRC(BitFramingReg, 0x00);
ucComMF522Buf[0] = 0x43;
PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,1,ucComMF522Buf,&unLen);
return PcdWrite(0, pData);
}
char PcdHalt(void)
{
unsigned int unLen;
unsigned char ucComMF522Buf[MAXRLEN];
ucComMF522Buf[0] = PICC_HALT;
ucComMF522Buf[1] = 0;
CalulateCRC(ucComMF522Buf,2,&ucComMF522Buf[2]);
PcdComMF522(PCD_TRANSCEIVE,ucComMF522Buf,4,ucComMF522Buf,&unLen);
return MI_OK;
}
//?MF522??CRC16??
void CalulateCRC(unsigned char *pIndata,unsigned char len,unsigned char *pOutData)
{
unsigned char i,n;
ClearBitMask(DivIrqReg,0x04);
WriteRawRC(CommandReg,PCD_IDLE);
SetBitMask(FIFOLevelReg,0x80);
for (i=0; i<len; i++)
{ WriteRawRC(FIFODataReg, *(pIndata+i)); }
WriteRawRC(CommandReg, PCD_CALCCRC);
i = 0xFF;
do
{
n = ReadRawRC(DivIrqReg);
i--;
}
while ((i!=0) && !(n&0x04));
pOutData[0] = ReadRawRC(CRCResultRegL);
pOutData[1] = ReadRawRC(CRCResultRegM);
}
char PcdReset(void)
{
RST_H;
delay_10ms(1);
RST_L;
delay_10ms(1);
RST_H;
delay_10ms(10);
if(ReadRawRC(0x02) == 0x80)
{
}
WriteRawRC(CommandReg,PCD_RESETPHASE);
WriteRawRC(ModeReg,0x3D);
WriteRawRC(TReloadRegL,30);
WriteRawRC(TReloadRegH,0);
WriteRawRC(TModeReg,0x8D);
WriteRawRC(TPrescalerReg,0x3E);
WriteRawRC(TxAutoReg,0x40);
return MI_OK;
}
char M500PcdConfigISOType(unsigned char type)
{
if (type == 'A')
{
ClearBitMask(Status2Reg,0x08);
WriteRawRC(ModeReg,0x3D);//3F
WriteRawRC(RxSelReg,0x86);//84
WriteRawRC(RFCfgReg,0x7F); //4F
WriteRawRC(TReloadRegL,30);//tmoLength);// TReloadVal = 'h6a =tmoLength(dec)
WriteRawRC(TReloadRegH,0);
WriteRawRC(TModeReg,0x8D);
WriteRawRC(TPrescalerReg,0x3E);
delay_10ms(1);
PcdAntennaOn();
}
else{ return (char)-1; }
return MI_OK;
}
unsigned char ReadRawRC(unsigned char Address)
{
unsigned char i, ucAddr;
unsigned char ucResult=0;
NSS_L;
ucAddr = ((Address<<1)&0x7E)|0x80;
for(i=8;i>0;i--)
{
SCK_L;
if(ucAddr&0x80)
MOSI_H;
else
MOSI_L;
SCK_H;
ucAddr <<= 1;
}
for(i=8;i>0;i--)
{
SCK_L;
ucResult <<= 1;
SCK_H;
if(READ_MISO == 1)
ucResult |= 1;
}
NSS_H;
SCK_H;
return ucResult;
}
void WriteRawRC(unsigned char Address, unsigned char value)
{
unsigned char i, ucAddr;
SCK_L;
NSS_L;
ucAddr = ((Address<<1)&0x7E);
for(i=8;i>0;i--)
{
if(ucAddr&0x80)
MOSI_H;
else
MOSI_L;
SCK_H;
ucAddr <<= 1;
SCK_L;
}
for(i=8;i>0;i--)
{
if(value&0x80)
MOSI_H;
else
MOSI_L;
SCK_H;
value <<= 1;
SCK_L;
}
NSS_H;
SCK_H;
}
void SetBitMask(unsigned char reg,unsigned char mask)
{
char tmp = 0x0;
tmp = ReadRawRC(reg);
WriteRawRC(reg,tmp | mask); // set bit mask
}
void ClearBitMask(unsigned char reg,unsigned char mask)
{
char tmp = 0x0;
tmp = ReadRawRC(reg);
WriteRawRC(reg, tmp & ~mask); // clear bit mask
}
char PcdComMF522(unsigned char Command,
unsigned char *pInData,
unsigned char InLenByte,
unsigned char *pOutData,
unsigned int *pOutLenBit)
{
char status = MI_ERR;
unsigned char irqEn = 0x00;
unsigned char waitFor = 0x00;
unsigned char lastBits;
unsigned char n;
unsigned int i;
switch (Command)
{
case PCD_AUTHENT:
irqEn = 0x12;
waitFor = 0x10;
break;
case PCD_TRANSCEIVE:
case PCD_SPECIAL_COPY:
irqEn = 0x77;
waitFor = 0x30;
break;
default:
break;
}
WriteRawRC(ComIEnReg,irqEn|0x80);
ClearBitMask(ComIrqReg,0x80);
WriteRawRC(CommandReg,PCD_IDLE);
SetBitMask(FIFOLevelReg,0x80);
for (i=0; i<InLenByte; i++)
{ WriteRawRC(FIFODataReg, pInData[i]); }
WriteRawRC(CommandReg, Command);
if (Command == PCD_TRANSCEIVE)
{ SetBitMask(BitFramingReg,0x80); }
i = 2000;
do
{
n = ReadRawRC(ComIrqReg);
i--;
}
while ((i!=0) && !(n&0x01) && !(n&waitFor));
ClearBitMask(BitFramingReg,0x80);
if (i!=0)
{
if(!(ReadRawRC(ErrorReg)&0x1B))
{
status = MI_OK;
if (n & irqEn & 0x01)
{ status = MI_NOTAGERR; }
if (Command == PCD_TRANSCEIVE)
{
n = ReadRawRC(FIFOLevelReg);
lastBits = ReadRawRC(ControlReg) & 0x07;
if (lastBits)
{ *pOutLenBit = (n-1)*8 + lastBits; }
else
{ *pOutLenBit = n*8; }
if (n == 0)
{ n = 1; }
if (n > MAXRLEN)
{ n = MAXRLEN; }
for (i=0; i<n; i++)
{ pOutData[i] = ReadRawRC(FIFODataReg); }
}
}
else
{ status = MI_ERR; }
}
SetBitMask(ControlReg,0x80); // stop timer now
WriteRawRC(CommandReg,PCD_IDLE);
return status;
}
void PcdAntennaOn()
{
unsigned char i;
i = ReadRawRC(TxControlReg);
if (!(i & 0x03))
{
SetBitMask(TxControlReg, 0x03);
}
}
void PcdAntennaOff()
{
ClearBitMask(TxControlReg, 0x03);
}
void WaitCardOff(void)
{
char status;
unsigned char TagType[2];
while(1)
{
status = PcdRequest(REQ_ALL, TagType);
if(status)
{
status = PcdRequest(REQ_ALL, TagType);
if(status)
{
status = PcdRequest(REQ_ALL, TagType);
if(status)
{
return;
}
}
}
delay_10ms(10);
}
}
void delay_10ms(unsigned int _10ms)
{
unsigned int i, j;
for(i=0; i<_10ms; i++)
{
for(j=0; j<60000; j++);
}
}
后门代码实现依据来源于这篇博客,RC522驱动代码来源于这篇博客,在此表示感谢。
主要控制逻辑
按照之前点亮LED的经验,我们使用RTthread来进行进行门禁卡的检测和复制。主要代码如下:
复制代码被注释了,我们先使用检测并读取的代码,读取出原卡的内容,然后把读取内容记录下来,复制到新卡上去。正确的做法应该是使用完整逻辑来实现这个流程,这里为了方便,直接手动记录,然后修改代码重新编译来进行卡的复制,有兴趣有需要的朋友可在此基础上自行补充完成。
#include 工程源码
工程源码挂载在CSDN下载频道,攒点下载分备用。欢迎转载,转载博客请注明出处湖广午王的博客。