process bits before emulating them, implement them with bitwise operations + remove magic pattern

arha · arha · commit 81ae28b53d11 · 2023-01-28T06:00:07.000+02:00
diff --git a/README.md b/README.md
@@ -47,11 +47,11 @@ Attempting to exploit flipper hardware to some extent
 
 - [X] Preprocess all MSR data into bitwise arrays, including manchester encoding. 
 - [ ] Feed bits from timers
-- [ ] Sync to the lfrfid timer and experiment representing a field flip with a few cycles of a high frequency carrier. Perhaps mag readerfrontends will lowpass such signals, and keep only the low frequency component, in an attempt to drown out nearby noise
-- [ ] Can the CC1101 radio be used in any way? Driving it from GD0 can be done in 50us, or about 10khz. Probably more with sync/packet mode
+- [ ] Sync to the lfrfid timer and experiment representing a field flip with a few cycles of a high frequency carrier, like the 125khz lfrfid one. Perhaps mag readers' frontends will lowpass such signals, and keep only the low frequency component, in an attempt to drown out nearby noise?
+- [ ] Can the CC1101 radio be used in any way? Driving it from GD0 can achieve 50us, or about 10khz. Probably more with sync/packet mode
 - [ ] Can the 5V pin act as a coil driver? I've read reports it can drive 0.4A, other reports it can drive 2A. It boils down to bq25896 being fast enough. Ref: bq25896_enable_otg, which will probably need bypassing kernel libs and calling furi_hal_i2c_tx/furi_hal_i2c_tx whatever calls from Cube libs.
 - [ ] Investigate transparent mode on 3916
-- [ ] Can the piezo be used at its resonant frequency? I've seen LF signals being emulated with nothing but headphones at a subharmonic; and the wheel brake on some carts seems to also work with audiofreq signals (or the RF emission from driving a speaker)
+- [ ] Can the piezo be used at its resonant frequency? I've seen LF signals being emulated with [nothing but headphones](https://github.com/smre/DCF77/blob/master/DCF77.py#L124) running a subharmonic; the wheel brake on some carts seems to react to audiofreq signals (or the RF emission from driving a speaker)
 
 ----
 ## Credits
diff --git a/helpers/mag_helpers.c b/helpers/mag_helpers.c
@@ -248,11 +248,11 @@ void mag_spoof_bitwise(Mag* mag) {
     }
 
 
-    uint8_t bits_t1_raw[64] = {0x55};              // 68 chars max track 1 + 1 char crc * 7 approx =~ 483 bits
-    uint8_t bits_t1_manchester[128] = {0x55};      // twice the above
+    uint8_t bits_t1_raw[64] = {0x00};              // 68 chars max track 1 + 1 char crc * 7 approx =~ 483 bits
+    uint8_t bits_t1_manchester[128] = {0x00};      // twice the above
     uint16_t bits_t1_count = msr_encode(data1, (uint8_t*) bits_t1_manchester, (uint8_t*) bits_t1_raw, BITS_TRACK1, OFFSET_TRACK1);
-    uint8_t bits_t2_raw[64] = {0x55};              // 68 chars max track 1 + 1 char crc * 7 approx =~ 483 bits
-    uint8_t bits_t2_manchester[128] = {0x55};      // twice the above
+    uint8_t bits_t2_raw[64] = {0x00};              // 68 chars max track 1 + 1 char crc * 7 approx =~ 483 bits
+    uint8_t bits_t2_manchester[128] = {0x00};      // twice the above
     uint16_t bits_t2_count = msr_encode(data2, (uint8_t*) bits_t2_manchester, (uint8_t*) bits_t2_raw, BITS_TRACK2, OFFSET_TRACK2);
 
     if(furi_log_get_level() >= FuriLogLevelDebug) {
