Merge branch 'main' into feat/lf-psk-indala

# Conflicts:
#	firmware/application/Makefile
#	firmware/application/src/app_cmd.c
#	firmware/application/src/rfid/nfctag/lf/lf_tag_em.c
#	firmware/application/src/rfid/nfctag/lf/lf_tag_em.h
#	firmware/application/src/rfid/nfctag/lf/protocols/t55xx.h
#	firmware/application/src/rfid/nfctag/tag_base_type.h
#	firmware/application/src/rfid/nfctag/tag_emulation.c
#	firmware/application/src/rfid/reader/lf/lf_reader_main.h

Author: kevihiiin

CHANGELOG.md

@@ -3,8 +3,10 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Added PAC/Stanley LF protocol support: read, emulate and T55xx clone (@kevihiiin, @danieltwagner)
  - Fix firmware application USB serial number (@taichunmin)
  - Added ioProx LF protocol support (read, emulate and T55xx clone)
+ - Added `hf mfu nfcimport` to import Flipper Zero `.nfc` files into MFU/NTAG emulator slots, with `--amiibo` flag for automatic PWD/PACK derivation (@fmuk)
  - Added commands to dump and clone Mifare tags
  - Fix bad missing tools warning (@suut)
  - Fix for FAST_READ command for nfc - mf0 tags

firmware/application/Makefile

@@ -37,6 +37,7 @@ SRC_FILES += \
   $(PROJ_DIR)/rfid/nfctag/lf/utils/pskdemod.c \
   $(PROJ_DIR)/rfid/nfctag/lf/protocols/em410x.c \
   $(PROJ_DIR)/rfid/nfctag/lf/protocols/hidprox.c \
+  $(PROJ_DIR)/rfid/nfctag/lf/protocols/pac.c \
   $(PROJ_DIR)/rfid/nfctag/lf/protocols/indala.c \
   $(PROJ_DIR)/rfid/nfctag/lf/protocols/ioprox.c \
   $(PROJ_DIR)/rfid/nfctag/lf/protocols/viking.c \
@@ -350,6 +351,7 @@ ifeq	(${CURRENT_DEVICE_TYPE}, ${CHAMELEON_ULTRA})
     $(PROJ_DIR)/rfid/reader/lf/lf_reader_main.c \
     $(PROJ_DIR)/rfid/reader/lf/lf_t55xx_data.c \
     $(PROJ_DIR)/rfid/reader/lf/lf_hidprox_data.c \
+    $(PROJ_DIR)/rfid/reader/lf/lf_pac_data.c \
     $(PROJ_DIR)/rfid/reader/lf/lf_ioprox_data.c \
     $(PROJ_DIR)/rfid/reader/lf/lf_viking_data.c \
     $(PROJ_DIR)/rfid/reader/lf/lf_psk_reader.c \

firmware/application/src/app_cmd.c

@@ -809,6 +809,15 @@ static data_frame_tx_t *cmd_processor_viking_scan(uint16_t cmd, uint16_t status,
     return data_frame_make(cmd, STATUS_LF_TAG_OK, sizeof(card_buffer), card_buffer);
 }
 
+static data_frame_tx_t *cmd_processor_pac_scan(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
+    uint8_t card_id[8] = {0x00};
+    status = scan_pac(card_id);
+    if (status != STATUS_LF_TAG_OK) {
+        return data_frame_make(cmd, status, 0, NULL);
+    }
+    return data_frame_make(cmd, STATUS_LF_TAG_OK, sizeof(card_id), card_id);
+}
+
 static data_frame_tx_t *cmd_processor_viking_write_to_t55xx(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
     typedef struct {
         uint8_t id[4];
@@ -824,6 +833,20 @@ static data_frame_tx_t *cmd_processor_viking_write_to_t55xx(uint16_t cmd, uint16
     return data_frame_make(cmd, status, 0, NULL);
 }
 
+static data_frame_tx_t *cmd_processor_pac_write_to_t55xx(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
+    typedef struct {
+        uint8_t id[LF_PAC_TAG_ID_SIZE];
+        uint8_t new_key[4];
+        uint8_t old_keys[4];
+    } PACKED payload_t;
+    payload_t *payload = (payload_t *)data;
+    if (length < sizeof(payload_t) || (length - offsetof(payload_t, old_keys)) % sizeof(payload->old_keys) != 0) {
+        return data_frame_make(cmd, STATUS_PAR_ERR, 0, NULL);
+    }
+    status = write_pac_to_t55xx(payload->id, payload->new_key, payload->old_keys, (length - offsetof(payload_t, old_keys)) / sizeof(payload->old_keys));
+    return data_frame_make(cmd, status, 0, NULL);
+}
+
 static data_frame_tx_t *cmd_processor_indala_scan(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
     uint8_t card_buffer[LF_INDALA_TAG_ID_SIZE] = {0x00};
     status = scan_indala(card_buffer);
@@ -1102,6 +1125,26 @@ static data_frame_tx_t *cmd_processor_viking_get_emu_id(uint16_t cmd, uint16_t s
     return data_frame_make(cmd, STATUS_SUCCESS, LF_VIKING_TAG_ID_SIZE, buffer->buffer);
 }
 
+static data_frame_tx_t *cmd_processor_pac_set_emu_id(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
+    if (length != LF_PAC_TAG_ID_SIZE) {
+        return data_frame_make(cmd, STATUS_PAR_ERR, 0, NULL);
+    }
+    tag_data_buffer_t *buffer = get_buffer_by_tag_type(TAG_TYPE_PAC);
+    memcpy(buffer->buffer, data, LF_PAC_TAG_ID_SIZE);
+    tag_emulation_load_by_buffer(TAG_TYPE_PAC, false);
+    return data_frame_make(cmd, STATUS_SUCCESS, 0, NULL);
+}
+
+static data_frame_tx_t *cmd_processor_pac_get_emu_id(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
+    tag_slot_specific_type_t tag_types;
+    tag_emulation_get_specific_types_by_slot(tag_emulation_get_slot(), &tag_types);
+    if (tag_types.tag_lf != TAG_TYPE_PAC) {
+        return data_frame_make(cmd, STATUS_PAR_ERR, 0, data);
+    }
+    tag_data_buffer_t *buffer = get_buffer_by_tag_type(TAG_TYPE_PAC);
+    return data_frame_make(cmd, STATUS_SUCCESS, LF_PAC_TAG_ID_SIZE, buffer->buffer);
+}
+
 static data_frame_tx_t *cmd_processor_indala_set_emu_id(uint16_t cmd, uint16_t status, uint16_t length, uint8_t *data) {
     if (length != LF_INDALA_TAG_ID_SIZE) {
         return data_frame_make(cmd, STATUS_PAR_ERR, 0, NULL);
@@ -1965,6 +2008,8 @@ static cmd_data_map_t m_data_cmd_map[] = {
     {    DATA_CMD_VIKING_WRITE_TO_T55XX,        before_reader_run,           cmd_processor_viking_write_to_t55xx,         NULL                   },
     {    DATA_CMD_IOPROX_SCAN,                  before_reader_run,           cmd_processor_ioprox_scan,                   NULL                   },
     {    DATA_CMD_IOPROX_WRITE_TO_T55XX,        before_reader_run,           cmd_processor_ioprox_write_to_t55xx,         NULL                   },
+    {    DATA_CMD_PAC_SCAN,                     before_reader_run,           cmd_processor_pac_scan,                      NULL                   },
+    {    DATA_CMD_PAC_WRITE_TO_T55XX,           before_reader_run,           cmd_processor_pac_write_to_t55xx,            NULL                   },
     {    DATA_CMD_INDALA_SCAN,                  before_reader_run,           cmd_processor_indala_scan,                   NULL                   },
     {    DATA_CMD_INDALA_WRITE_TO_T55XX,        before_reader_run,           cmd_processor_indala_write_to_t55xx,         NULL                   },
     {    DATA_CMD_ADC_GENERIC_READ,             before_reader_run,           cmd_processor_generic_read,                  NULL                   },
@@ -2032,6 +2077,8 @@ static cmd_data_map_t m_data_cmd_map[] = {
     {    DATA_CMD_IOPROX_GET_EMU_ID,              NULL,                      cmd_processor_ioprox_get_emu_id,             NULL                   },  
     {    DATA_CMD_VIKING_SET_EMU_ID,              NULL,                      cmd_processor_viking_set_emu_id,             NULL                   },
     {    DATA_CMD_VIKING_GET_EMU_ID,              NULL,                      cmd_processor_viking_get_emu_id,             NULL                   },
+    {    DATA_CMD_PAC_SET_EMU_ID,                 NULL,                      cmd_processor_pac_set_emu_id,                NULL                   },
+    {    DATA_CMD_PAC_GET_EMU_ID,                 NULL,                      cmd_processor_pac_get_emu_id,                NULL                   },
     {    DATA_CMD_INDALA_SET_EMU_ID,              NULL,                      cmd_processor_indala_set_emu_id,             NULL                   },
     {    DATA_CMD_INDALA_GET_EMU_ID,              NULL,                      cmd_processor_indala_get_emu_id,             NULL                   },
 };

firmware/application/src/data_cmd.h

@@ -94,6 +94,8 @@
 #define DATA_CMD_EM410X_ELECTRA_WRITE_TO_T55XX  (3006)
 #define DATA_CMD_HIDPROX_SCAN                   (3002)
 #define DATA_CMD_HIDPROX_WRITE_TO_T55XX         (3003)
+#define DATA_CMD_PAC_SCAN                       (3014)
+#define DATA_CMD_PAC_WRITE_TO_T55XX             (3015)
 #define DATA_CMD_VIKING_SCAN                    (3004)
 #define DATA_CMD_VIKING_WRITE_TO_T55XX          (3005)
 #define DATA_CMD_ADC_GENERIC_READ               (3009)
@@ -173,6 +175,8 @@
 #define DATA_CMD_HIDPROX_GET_EMU_ID             (5003)
 #define DATA_CMD_VIKING_SET_EMU_ID              (5004)
 #define DATA_CMD_VIKING_GET_EMU_ID              (5005)
+#define DATA_CMD_PAC_SET_EMU_ID                 (5006)
+#define DATA_CMD_PAC_GET_EMU_ID                 (5007)
 #define DATA_CMD_IOPROX_SET_EMU_ID              (5008)
 #define DATA_CMD_IOPROX_GET_EMU_ID              (5009)
 #define DATA_CMD_INDALA_SET_EMU_ID              (5026)

firmware/application/src/rfid/nfctag/lf/lf_tag_em.c

@@ -7,14 +7,16 @@
 #include "fds_util.h"
 #include "nrf_gpio.h"
 #include "nrfx_gpiote.h"
+#include "nrf_soc.h"
 #include "nrfx_lpcomp.h"
 #include "nrfx_ppi.h"
 #include "nrfx_pwm.h"
 #include "nrfx_timer.h"
 #include "protocols/em410x.h"
 #include "protocols/hidprox.h"
-#include "protocols/indala.h"
 #include "protocols/ioprox.h"
+#include "protocols/pac.h"
+#include "protocols/indala.h"
 #include "protocols/viking.h"
 #include "syssleep.h"
 #include "tag_emulation.h"
@@ -361,6 +363,23 @@ static void psk_build_pattern(const nrf_pwm_sequence_t *seq) {
 }
 
 static void lf_sense_enable(void) {
+    // PWM bit timing divides HFCLK by a fixed ratio. On HFINT (64 MHz RC,
+    // ±1.5% at 25°C after factory trim, wider over temperature) this gives a
+    // chip-to-chip spread that NRZ readers — which see cumulative error across
+    // runs of same-polarity bits with no intra-run resync — reject even when
+    // Manchester/FSK readers don't. Holding HFXO brings the PWM clock to
+    // ±40 ppm. We can't lock to the reader's carrier (tag-mode antenna taps
+    // on this board are envelope-only), so this is as good as it gets.
+    //
+    // Paired release in lf_sense_disable(). SD reference-counts HFXO requests,
+    // so this coexists with BLE. Both functions run from thread context
+    // (tag_mode_enter/tag_emulation_sense_end) where SVCs are safe.
+    sd_clock_hfclk_request();
+    uint32_t hfclk_running = 0;
+    while (!hfclk_running) {
+        sd_clock_hfclk_is_running(&hfclk_running);
+    }
+
     lpcomp_init();
     if (is_psk_tag_type(m_tag_type)) {
         psk_timer_init();
@@ -381,6 +400,7 @@ static void lf_sense_disable(void) {
     nrfx_lpcomp_uninit();
     m_pwm_seq = NULL;
     m_is_lf_emulating = false;
+    sd_clock_hfclk_release();
 }
 
 static enum {
@@ -464,6 +484,15 @@ int lf_tag_data_loadcb(tag_specific_type_t type, tag_data_buffer_t *buffer) {
         return LF_VIKING_TAG_ID_SIZE;
     }
 
+    if (type == TAG_TYPE_PAC && buffer->length >= LF_PAC_TAG_ID_SIZE) {
+        m_tag_type = type;
+        void *codec = pac.alloc();
+        m_pwm_seq = pac.modulator(codec, buffer->buffer);
+        pac.free(codec);
+        NRF_LOG_INFO("load lf pac data finish.");
+        return LF_PAC_TAG_ID_SIZE;
+    }
+
     // PSK protocols: build PWM sequence then convert to timer pattern
     if (type == TAG_TYPE_INDALA && buffer->length >= LF_INDALA_TAG_ID_SIZE) {
         m_tag_type = type;
@@ -474,6 +503,7 @@ int lf_tag_data_loadcb(tag_specific_type_t type, tag_data_buffer_t *buffer) {
         NRF_LOG_INFO("load lf indala data finish.");
         return LF_INDALA_TAG_ID_SIZE;
     }
+
     NRF_LOG_ERROR("no valid data exists in buffer for tag type: %d.", type);
     return 0;
 }
@@ -528,15 +558,6 @@ int lf_tag_viking_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffe
     return m_tag_type == TAG_TYPE_VIKING ? LF_VIKING_TAG_ID_SIZE : 0;
 }
 
-/** @brief Id card deposit card number before callback
- * @param type      Refined tag type
- * @param buffer    Data buffer
- * @return The length of the data that needs to be saved is that it does not save when 0
- */
-int lf_tag_indala_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer) {
-    return m_tag_type == TAG_TYPE_INDALA ? LF_INDALA_TAG_ID_SIZE : 0;
-}
-
 bool lf_tag_data_factory(uint8_t slot, tag_specific_type_t tag_type, uint8_t *tag_id, uint16_t length) {
     // write data to flash
     tag_sense_type_t sense_type = get_sense_type_from_tag_type(tag_type);
@@ -606,6 +627,20 @@ bool lf_tag_viking_data_factory(uint8_t slot, tag_specific_type_t tag_type) {
     return lf_tag_data_factory(slot, tag_type, tag_id, sizeof(tag_id));
 }
 
+int lf_tag_pac_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer) {
+    return m_tag_type == TAG_TYPE_PAC ? LF_PAC_TAG_ID_SIZE : 0;
+}
+
+bool lf_tag_pac_data_factory(uint8_t slot, tag_specific_type_t tag_type) {
+    // default id: 8 ASCII bytes
+    uint8_t tag_id[8] = {'C', 'A', 'R', 'D', '0', '0', '0', '1'};
+    return lf_tag_data_factory(slot, tag_type, tag_id, sizeof(tag_id));
+}
+
+int lf_tag_indala_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer) {
+    return m_tag_type == TAG_TYPE_INDALA ? LF_INDALA_TAG_ID_SIZE : 0;
+}
+
 /** @brief Id card deposit card number before callback
  * @param slot      Card slot number
  * @param tag_type  Refined tag type

firmware/application/src/rfid/nfctag/lf/lf_tag_em.h

@@ -10,6 +10,7 @@
 #define LF_IOPROX_TAG_ID_SIZE 16
 #define LF_HIDPROX_TAG_ID_SIZE 13
 #define LF_VIKING_TAG_ID_SIZE 4
+#define LF_PAC_TAG_ID_SIZE 8
 #define LF_INDALA_TAG_ID_SIZE 8
 
 void lf_tag_125khz_sense_switch(bool enable);
@@ -22,6 +23,8 @@ int lf_tag_ioprox_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffe
 bool lf_tag_ioprox_data_factory(uint8_t slot, tag_specific_type_t tag_type);
 int lf_tag_viking_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer);
 bool lf_tag_viking_data_factory(uint8_t slot, tag_specific_type_t tag_type);
+int lf_tag_pac_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer);
+bool lf_tag_pac_data_factory(uint8_t slot, tag_specific_type_t tag_type);
 int lf_tag_indala_data_savecb(tag_specific_type_t type, tag_data_buffer_t *buffer);
 bool lf_tag_indala_data_factory(uint8_t slot, tag_specific_type_t tag_type);
 bool is_lf_field_exists(void);