Cons-n-Stuff/aic_pico
1
0
Fork 0
mirror of https://github.com/whowechina/aic_pico.git synced 2025-01-19 11:18:39 +01:00
Code Releases Activity

Bandai Namco reader support

Browse Source
This commit is contained in:
whowechina 2024-04-24 19:13:51 +08:00
parent 2ec04f309d
commit 4a2e975580
5 changed files with 773 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Production/Firmware/aic_pico.uf2
View File

Binary file not shown.

16
README.md
View File

@ -1,5 +1,5 @@
# AIC Pico and AIC Key # AIC Pico and AIC Key
**Amusement IC Card Reader, AIME & Cardio Emulator** **AIME Reader & Bandai Namco Reader & Cardio Emulator**
[点这里可以切换到中文版](README_CN.md) [点这里可以切换到中文版](README_CN.md)
@ -14,7 +14,7 @@
* AIC Key PN5180 * AIC Key PN5180
* AIC Pico Lib (see notes 1 below) * AIC Pico Lib (see notes 1 below)
* Easy to make. * Easy to make.
* Sega AIME I/O and Spicetools CardIO emulation. * Sega AIME I/O, Bandai Namco I/O and Spicetools CardIO emulation.
* Command line for configurations. * Command line for configurations.
* Supported card: * Supported card:
* FeliCa (Amusement IC) * FeliCa (Amusement IC)
@ -31,7 +31,14 @@
## Thanks ## Thanks
Thanks to many respectful guys/companies who made their tools or materials free or open source (KiCad, OnShape, InkScape, Fritzing, Raspberry things), ChatGPT and GitHub Copilot helped a lot as well. Thanks to many respectful guys/companies who made their tools or materials free or open source (KiCad, OnShape, InkScape, Fritzing, Raspberry things), ChatGPT and GitHub Copilot helped a lot as well.
And thanks to community developers and projects that helped me a lot: CrazyRedMachine (https://github.com/CrazyRedMachine) for the Spicetools Card IO part, Sucareto's AIME Reader (https://github.com/Sucareto/Arduino-Aime-Reader) for the AIME protocol part, Bottersnike (https://gitea.tendokyu.moe/Bottersnike) for his sharing of AIME and FeliCa knowledge, .NET nanoFramework (https://github.com/nanoframework) for the PN5180 part. And thanks to community developers and projects that helped me a lot:
* CrazyRedMachine (https://github.com/CrazyRedMachine) for the Spicetools Card IO part;
* Sucareto's AIME Reader (https://github.com/Sucareto/Arduino-Aime-Reader) for the AIME protocol part;
* Bottersnike (https://gitea.tendokyu.moe/Bottersnike, https://sega.bsnk.me/) for AIME and FeliCa knowledge;
* .NET nanoFramework (https://github.com/nanoframework) for the PN5180 part;
* Gyt4 (https://github.com/gyt4/) for Bandai Namco card reader I/O
* Bananatools (https://gitea.tendokyu.moe/Hay1tsme/bananatools) for Bandai Namco card reader I/O
* chujohiroto (https://github.com/chujohiroto/Raspberry-RCS620S/blob/master/rcs620s.py), as indirect reference for the Bandai Namco card reader I/O
## Warning ## Warning
This project: This project:
@ -215,6 +222,9 @@ To support many different NFC cards and tags, card IDs are transformed following
* MIFARE (4-byte UID) => 0xE0 + 0x04 + UID + first 2 bytes of the UID * MIFARE (4-byte UID) => 0xE0 + 0x04 + UID + first 2 bytes of the UID
* MIFARE (7-byte UID) => 0xE0 + UID * MIFARE (7-byte UID) => 0xE0 + UID
* FeliCa => Original IDm * FeliCa => Original IDm
### Bandai Namco
* MIFARE (4-byte UID) => UID
* FeliCa => Original IDm
## 3D Model Source File (Onshape) ## 3D Model Source File (Onshape)
https://cad.onshape.com/documents/ca5497f91b2962105335e822/w/7b88022e98c02c60ad0c44a7/e/c3476efd13c08f807f3773fe?configuration=List_6ARRO0azcgmmHg%3D__&renderMode=1&rightPanel=configPanel&uiState=6558cabf9b380560ca5b554e https://cad.onshape.com/documents/ca5497f91b2962105335e822/w/7b88022e98c02c60ad0c44a7/e/c3476efd13c08f807f3773fe?configuration=List_6ARRO0azcgmmHg%3D__&renderMode=1&rightPanel=configPanel&uiState=6558cabf9b380560ca5b554e

16
README_CN.md
View File

@ -1,5 +1,5 @@
# AIC Pico 和 AIC Key # AIC Pico 和 AIC Key
**AIC 卡读取器AIME & Cardio 模拟器** **AIME 读卡器 & Bandai Namco 读卡器 & Cardio 模拟器**
[Click here for the English version of this guide.](README.md) [Click here for the English version of this guide.](README.md)
@ -17,7 +17,7 @@
* AIC Key PN5180 * AIC Key PN5180
* AIC Pico Lib (参见下面的注释 1) * AIC Pico Lib (参见下面的注释 1)
* 易于制作。 * 易于制作。
* Sega AIME I/O 和 Spicetools CardIO 模拟。 * Sega AIME I/O, Bandai Namco I/O 和 Spicetools CardIO 模拟。
* 用于参数配置的命令行。 * 用于参数配置的命令行。
* 支持的卡: * 支持的卡:
* FeliCa (Amusement IC) * FeliCa (Amusement IC)
@ -34,7 +34,14 @@
## 感谢 ## 感谢
感谢许多尊敬的爱好者和公司将他们的工具或材料免费或开源KiCad, OnShape, InkScape, Fritzing, Raspberry thingsChatGPT 和 GitHub Copilot 也提供了很大的帮助。 感谢许多尊敬的爱好者和公司将他们的工具或材料免费或开源KiCad, OnShape, InkScape, Fritzing, Raspberry thingsChatGPT 和 GitHub Copilot 也提供了很大的帮助。
同时感谢对我有很大帮助的社区开发者和项目CrazyRedMachine (https://github.com/CrazyRedMachine) 提供了 Spicetools Card IO 部分Sucareto 的 AIME Reader (https://github.com/Sucareto/Arduino-Aime-Reader) 提供了 AIME 协议部分Bottersnike (https://gitea.tendokyu.moe/Bottersnike) 提供了 AIME 和 FeliCa 相关的知识帮助, .NET nanoFramework (https://github.com/nanoframework) 提供了 PN5180 部分。 同时感谢对我有很大帮助的社区开发者和项目:
* CrazyRedMachine (https://github.com/CrazyRedMachine) 提供了 Spicetools Card IO 部分;
* Sucareto 的 AIME Reader (https://github.com/Sucareto/Arduino-Aime-Reader) 提供了 AIME 协议部分;
* Bottersnike (https://gitea.tendokyu.moe/Bottersnike, https://sega.bsnk.me/) 提供了 AIME 和 FeliCa 相关的知识;
* .NET nanoFramework (https://github.com/nanoframework) 提供了 PN5180 部分;
* Gyt4 (https://github.com/gyt4/) 提供了 Bandai Namco 读卡器相关信息;
* Bananatools (https://gitea.tendokyu.moe/Hay1tsme/bananatools) 提供了 Bandai Namco 读卡器交互信息;
* chujohiroto (https://github.com/chujohiroto/Raspberry-RCS620S/blob/master/rcs620s.py) RCS620 用作间接参考;
## 友情警告 ## 友情警告
这个项目: 这个项目:
@ -218,6 +225,9 @@ AIC Key 是 AIC Pico 的一个变种 - 集成了一个小键盘。比 "AIC Pico"
* MIFARE (4-byte UID) => 0xE0 + 0x04 + UID + UID 的前 2 个字节 * MIFARE (4-byte UID) => 0xE0 + 0x04 + UID + UID 的前 2 个字节
* MIFARE (7-byte UID) => 0xE0 + UID * MIFARE (7-byte UID) => 0xE0 + UID
* FeliCa => 原始 IDm * FeliCa => 原始 IDm
### Bandai Namco
* MIFARE (4-byte UID) => UID
* FeliCa => 原始 IDm
## 3D 模型源文件 (Onshape) ## 3D 模型源文件 (Onshape)
https://cad.onshape.com/documents/ca5497f91b2962105335e822/w/7b88022e98c02c60ad0c44a7/e/c3476efd13c08f807f3773fe?configuration=List_6ARRO0azcgmmHg%3D__&renderMode=1&rightPanel=configPanel&uiState=6558cabf9b380560ca5b554e https://cad.onshape.com/documents/ca5497f91b2962105335e822/w/7b88022e98c02c60ad0c44a7/e/c3476efd13c08f807f3773fe?configuration=List_6ARRO0azcgmmHg%3D__&renderMode=1&rightPanel=configPanel&uiState=6558cabf9b380560ca5b554e

297
firmware/src/lib/bana.c
View File

@ -5,11 +5,12 @@
* Use NFC Module to read BANA * Use NFC Module to read BANA
*/ */
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include <stdbool.h>
#include <stdlib.h> #include <string.h>
#include "bsp/board.h"
#include "hardware/gpio.h" #include "hardware/gpio.h"
#include "hardware/i2c.h" #include "hardware/i2c.h"
@ -55,9 +56,27 @@ typedef union __attribute__((packed)) {
uint8_t cmd; uint8_t cmd;
uint8_t data[0]; uint8_t data[0];
}; };
uint8_t raw[48]; uint8_t raw[128];
} message_t; } message_t;
typedef struct __attribute__((packed)) {
uint8_t card_present;
uint8_t num;
uint8_t atqa[2];
union {
struct {
uint8_t sak;
uint8_t unk;
uint8_t uid[4];
} mifare;
struct {
uint8_t idm[8];
uint8_t pmm[8];
uint8_t system_code[2];
} felica;
};
} card_report_t;
static message_t request, response; static message_t request, response;
struct { struct {
@ -96,39 +115,287 @@ static void send_response()
int total_len = 7 + response.hdr.len; int total_len = 7 + response.hdr.len;
bana_puts((const char *)response.raw, total_len); bana_puts((const char *)response.raw, total_len);
DEBUG("\n\033[33mResp: %2d %2x >>", response.hdr.len, response.cmd); DEBUG("\n\033[33mResp %2d:%02x >>", response.hdr.len - 2, response.cmd);
for (int i = 0; i < total_len; i++) { for (int i = 0; i < response.hdr.len - 2; i++) {
DEBUG(" %02x", response.raw[i]); DEBUG(" %02x", response.data[i]);
} }
DEBUG("\033[0m"); DEBUG("\033[0m");
} }
static void send_simple_response(uint8_t code) static void send_response_data(const void *data, int len)
{ {
response.hdr.len = 2; response.hdr.len = 2 + len;
response.dir = 0xd5; response.dir = 0xd5;
response.cmd = code; response.cmd = request.cmd + 1;
if (len) {
memcpy(response.data, data, len);
}
send_response(); send_response();
} }
static void send_simple_response()
{
send_response_data(NULL, 0);
}
static void send_ack() static void send_ack()
{ {
bana_puts("\x00\x00\xff\x00\xff\x00", 6); bana_puts("\x00\x00\xff\x00\xff\x00", 6);
} }
static void cmd_gpio()
{
if (request.data[0] == 0x08) {
} else if (request.data[0] == 0x01) {
} else {
}
send_simple_response(0x0e);
}
static void cmd_rf_field()
{
if (memcmp(request.data, "\x01\x00", 2) == 0) {
nfc_rf_field(false);
} else {
nfc_rf_field(true);
}
send_simple_response(request.cmd);
}
static void handle_mifare(const uint8_t uid[4])
{
card_report_t card;
card.card_present = 1;
card.num = 1;
card.atqa[0] = 0x00;
card.atqa[1] = 0x04;
card.mifare.sak = 0x08;
card.mifare.unk = 0x04;
memcpy(card.mifare.uid, uid, 4);
send_response_data(&card, 10);
}
static void handle_felica(const uint8_t idm[8], const uint8_t pmm[8],
const uint8_t system_code[2])
{
card_report_t card;
card.card_present = 1;
card.num = 1;
card.atqa[0] = 0x14;
card.atqa[1] = 0x01;
memcpy(card.felica.idm, idm, 8);
memcpy(card.felica.pmm, pmm, 8);
memcpy(card.felica.system_code, system_code, 2);
send_response_data(&card, sizeof(card));
}
static void handle_no_card()
{
send_response_data("\x00\x00\x00", 3);
}
static void cmd_poll_card()
{
send_ack();
nfc_card_t card = nfc_detect_card_ex(true, true, false);
if (debug) {
display_card(&card);
}
switch (card.card_type) {
case NFC_CARD_MIFARE:
handle_mifare(card.uid);
break;
case NFC_CARD_FELICA:
handle_felica(card.uid, card.pmm, card.syscode);
break;
default:
handle_no_card();
break;
}
}
static void cmd_mifare_auth(uint8_t key_id)
{
typedef struct __attribute__((packed)) {
uint8_t unk;
uint8_t cmd;
uint8_t block;
uint8_t key[6];
uint8_t uid[4];
} auth_t;
auth_t *auth = (auth_t *)request.data;
if (nfc_mifare_auth(auth->uid, auth->block, key_id, auth->key)) {
send_response_data("\x00", 1);
} else {
send_response_data("\x01", 1);
}
}
static void cmd_mifare_read()
{
typedef struct __attribute__((packed)) {
uint8_t unk;
uint8_t cmd;
uint8_t block;
} read_t;
read_t *read = (read_t *)request.data;
struct __attribute__((packed)) {
uint8_t status;
uint8_t data[16];
} resp;
if (nfc_mifare_read(read->block, resp.data)) {
resp.status = 0;
send_response_data(&resp, sizeof(resp));
} else {
send_response_data("\x14", 1);
}
}
static void cmd_mifare()
{
switch (request.data[1]) {
case 0x60:
cmd_mifare_auth(0);
break;
case 0x61:
cmd_mifare_auth(1);
break;
case 0x30:
cmd_mifare_read();
break;
default:
DEBUG("\nUnknown mifare cmd: %02x\n", request.data[0]);
send_ack();
break;
}
}
/* https://github.com/chujohiroto/Raspberry-RCS620S/blob/master/rcs620s.py */
static void cmd_felica_read(void *read_req)
{
typedef struct __attribute__((packed)) {
uint8_t idm[8];
uint8_t service_num;
uint8_t service[2];
uint8_t block_num;
uint8_t block[0][2];
} read_t;
read_t *read = (read_t *)(request.data + 4);
struct __attribute__((packed)) {
uint8_t status;
uint8_t len;
uint8_t cmd;
uint8_t idm[8];
uint8_t service[2];
uint8_t block_num;
uint8_t block[4][16];
} resp;
send_ack();
int block_num = read->block_num;
DEBUG("\nFelica read: ");
block_num = (block_num > 4) ? 4: block_num;
resp.status = 0;
resp.len = 2 + 8 + 2 + 1 + block_num * 16;
memset(resp.service, 0, 2);
resp.block_num = block_num;
resp.cmd = 0x07;
memcpy(resp.idm, read->idm, 8);
for (int i = 0; i < block_num; i++) {
uint16_t service = read->service[0] | (read->service[1] << 8);
uint16_t block = (read->block[i][0] << 8) | read->block[i][1];
DEBUG("[%04x %04x]", service, block);
if (!nfc_felica_read(service, block, resp.block[i])) {
DEBUG(":ERR");
}
}
send_response_data(&resp, 3 + 8 + 2 + 1 + block_num * 16);
}
static void cmd_felica()
{
typedef struct __attribute__((packed)) {
uint16_t timeout;
uint8_t len;
uint8_t cmd;
uint8_t data[0];
} felica_t;
felica_t *felica = (felica_t *)request.data;
if ((felica->cmd == 0x06) && (felica->len = request.hdr.len - 2)) {
cmd_felica_read(felica->data);
} else {
DEBUG("\nBad felica cmd: %02x %d", felica->cmd, felica->len);
}
}
static uint32_t led_color = 0; static uint32_t led_color = 0;
static void handle_frame() static void handle_frame()
{ {
DEBUG("\nBana >>"); DEBUG("\n\033[32mBana %d:%02x >>", request.hdr.len - 2, request.cmd);
for (int i = 0; i < request.hdr.len - 2; i++) {
for (int i = 3; i < request.hdr.len; i++) {
DEBUG(" %02x", request.data[i]); DEBUG(" %02x", request.data[i]);
} }
DEBUG("\033[0m");
if (request.hdr.len != 0) { switch (request.cmd) {
send_ack(); case 0x18:
send_simple_response(request.cmd + 1); case 0x12:
send_simple_response(request.cmd);
break;
case 0x0e:
cmd_gpio();
break;
case 0x08:
nfc_rf_field(false);
send_response_data("\0", 1);
break;
case 0x06:
if (request.data[1] == 0x1c) {
send_response_data("\xff\x3f\x0e\xf1\xff\x3f\x0e\xf1", 8);
} else {
send_response_data("\xdc\xf4\x3f\x11\x4d\x85\x61\xf1\x26\x6a\x87", 11);
}
break;
case 0x32:
cmd_rf_field();
break;
case 0x0c:
send_response_data("\x00\x06\x00", 3);
break;
case 0x4a:
cmd_poll_card();
break;
case 0x40:
cmd_mifare();
break;
case 0x44:
send_response_data("\x01\x00", 2);
break;
case 0xa0:
cmd_felica();
break;
case 0x52:
send_response_data("\x01\x00", 2);
break;
case 0x54:
send_response_data("\x00", 1);
break;
default:
printf("\nUnknown cmd: %02x\n", request.cmd);
send_ack();
break;
} }
} }

28
firmware/src/lib/records.txt Normal file
View File

@ -0,0 +1,28 @@
KONAMI:
IDM: 01 2e 48 b1 35 03 61 3c
PMM: 00 f1 00 00 00 01 43 00
SYS: 88 b4
8082: 01 2e 48 b1 35 03 61 3c 00 68 05 73 02 01 01 00
07 01 2e 48 b1 35 03 61 3c 01 b2
8082: 01 2e 48 b1 35 03 61 3c 00 68 05 73 02 01 01 00
8086: 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8091: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8000: ce d6 6f 8f 43 d7 25 ad 9f a7 d9 6c 44 b5 1f 3d
AIME:
IDM: 01 2e 55 22 6d 99 c4 80
PMM: 00 f1 00 00 00 01 43 00
SYS: 88 b4
8082: 01 2e 55 22 6d 99 c4 80 00 78 00 00 00 00 00 00
8086: 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8091: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8000: b2 51 89 1c 93 4e 65 19 03 84 b6 86 b4 14 a2 ea
e8 03 12 06 [01 2e 48 b1 35 03 61 3c] 01 0b 00 02 | 80 82 80 00
timeout len 17 + 1 idm
00 2d 07 01 2e 48 b1 35 03 61 3c | 00 00 02 |01 2e 48 b1 35 03 61 3c | 00 68 05 73 | 02 01 01 00 | ce d6 6f 8f | 43 d7 25 ad | 9f a7 d9 6c | 44 b5 1f 3d |
00 2D 07 [01 2***8 74 6C] 00 00 02 [01 2E 55 14 E***0 00 00] [2B DE C1 *** BB CA 1D] 8C