diff --git a/armsrc/LCD.c b/armsrc/LCD.c index 8e44f7de4..d8d6308de 100644 --- a/armsrc/LCD.c +++ b/armsrc/LCD.c @@ -1,123 +1,123 @@ -#include -#include "apps.h" -#include "LCD.h" - -void LCDSend(unsigned int data) -{ - // 9th bit set for data, clear for command - while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete - // For clarity's sake we pass data with 9th bit clear and commands with 9th - // bit set since they're implemented as defines, se we need to invert bit - AT91C_BASE_SPI->SPI_TDR = data^0x100; // Send the data/command -} - -void LCDSetXY(unsigned char x, unsigned char y) -{ - LCDSend(PPASET); // page start/end ram - LCDSend(y); // Start Page to display to - LCDSend(131); // End Page to display to - - LCDSend(PCASET); // column start/end ram - LCDSend(x); // Start Column to display to - LCDSend(131); // End Column to display to -} - -void LCDSetPixel(unsigned char x, unsigned char y, unsigned char color) -{ - LCDSetXY(x,y); // Set position - LCDSend(PRAMWR); // Now write the pixel to the display - LCDSend(color); // Write the data in the specified Color -} - -void LCDFill (unsigned char xs,unsigned char ys,unsigned char width,unsigned char height, unsigned char color) -{ - unsigned char i,j; - - for (i=0;i < height;i++) // Number of horizontal lines - { - LCDSetXY(xs,ys+i); // Goto start of fill area (Top Left) - LCDSend(PRAMWR); // Write to display - - for (j=0;j < width;j++) // pixels per line - LCDSend(color); - } -} - -void LCDString (char *lcd_string, const char *font_style,unsigned char x, unsigned char y, unsigned char fcolor, unsigned char bcolor) -{ - unsigned int i; - unsigned char mask=0, px, py, xme, yme, offset; - const char *data; - - data = font_style; // point to the start of the font table - - xme = *data; // get font x width - data++; - yme = *data; // get font y length - data++; - offset = *data; // get data bytes per font - - do - { - // point to data in table to be loaded - data = (font_style + offset) + (offset * (int)(*lcd_string - 32)); - - for (i=0;i < yme;i++) { - mask |=0x80; - - for (px=x; px < (x + xme); px++) { - py= y + i; - - if (*data & mask) LCDSetPixel (px,py,fcolor); - else LCDSetPixel (px,py,bcolor); - - mask>>=1; - } - data++; - } - x+=xme; - - lcd_string++; // next character in string - - } while(*lcd_string !='\0'); // keep spitting chars out until end of string -} - -void LCDReset(void) -{ - LED_A_ON(); - SetupSpi(SPI_LCD_MODE); - LOW(GPIO_LRST); - SpinDelay(100); - - HIGH(GPIO_LRST); - SpinDelay(100); - LED_A_OFF(); -} - -void LCDInit(void) -{ - int i; - - LCDReset(); - - LCDSend(PSWRESET); // software reset - SpinDelay(100); - LCDSend(PSLEEPOUT); // exit sleep mode - LCDSend(PBSTRON); // booster on - LCDSend(PDISPON); // display on - LCDSend(PNORON); // normal on - LCDSend(PMADCTL); // rotate display 180 deg - LCDSend(0xC0); - - LCDSend(PCOLMOD); // color mode - LCDSend(0x02); // 8bpp color mode - - LCDSend(PSETCON); // set contrast - LCDSend(0xDC); - - // clear display - LCDSetXY(0,0); - LCDSend(PRAMWR); // Write to display - i=LCD_XRES*LCD_YRES; - while(i--) LCDSend(WHITE); -} +#include +#include "apps.h" +#include "LCD.h" + +void LCDSend(unsigned int data) +{ + // 9th bit set for data, clear for command + while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete + // For clarity's sake we pass data with 9th bit clear and commands with 9th + // bit set since they're implemented as defines, se we need to invert bit + AT91C_BASE_SPI->SPI_TDR = data^0x100; // Send the data/command +} + +void LCDSetXY(unsigned char x, unsigned char y) +{ + LCDSend(PPASET); // page start/end ram + LCDSend(y); // Start Page to display to + LCDSend(131); // End Page to display to + + LCDSend(PCASET); // column start/end ram + LCDSend(x); // Start Column to display to + LCDSend(131); // End Column to display to +} + +void LCDSetPixel(unsigned char x, unsigned char y, unsigned char color) +{ + LCDSetXY(x,y); // Set position + LCDSend(PRAMWR); // Now write the pixel to the display + LCDSend(color); // Write the data in the specified Color +} + +void LCDFill (unsigned char xs,unsigned char ys,unsigned char width,unsigned char height, unsigned char color) +{ + unsigned char i,j; + + for (i=0;i < height;i++) // Number of horizontal lines + { + LCDSetXY(xs,ys+i); // Goto start of fill area (Top Left) + LCDSend(PRAMWR); // Write to display + + for (j=0;j < width;j++) // pixels per line + LCDSend(color); + } +} + +void LCDString (char *lcd_string, const char *font_style,unsigned char x, unsigned char y, unsigned char fcolor, unsigned char bcolor) +{ + unsigned int i; + unsigned char mask=0, px, py, xme, yme, offset; + const char *data; + + data = font_style; // point to the start of the font table + + xme = *data; // get font x width + data++; + yme = *data; // get font y length + data++; + offset = *data; // get data bytes per font + + do + { + // point to data in table to be loaded + data = (font_style + offset) + (offset * (int)(*lcd_string - 32)); + + for (i=0;i < yme;i++) { + mask |=0x80; + + for (px=x; px < (x + xme); px++) { + py= y + i; + + if (*data & mask) LCDSetPixel (px,py,fcolor); + else LCDSetPixel (px,py,bcolor); + + mask>>=1; + } + data++; + } + x+=xme; + + lcd_string++; // next character in string + + } while(*lcd_string !='\0'); // keep spitting chars out until end of string +} + +void LCDReset(void) +{ + LED_A_ON(); + SetupSpi(SPI_LCD_MODE); + LOW(GPIO_LRST); + SpinDelay(100); + + HIGH(GPIO_LRST); + SpinDelay(100); + LED_A_OFF(); +} + +void LCDInit(void) +{ + int i; + + LCDReset(); + + LCDSend(PSWRESET); // software reset + SpinDelay(100); + LCDSend(PSLEEPOUT); // exit sleep mode + LCDSend(PBSTRON); // booster on + LCDSend(PDISPON); // display on + LCDSend(PNORON); // normal on + LCDSend(PMADCTL); // rotate display 180 deg + LCDSend(0xC0); + + LCDSend(PCOLMOD); // color mode + LCDSend(0x02); // 8bpp color mode + + LCDSend(PSETCON); // set contrast + LCDSend(0xDC); + + // clear display + LCDSetXY(0,0); + LCDSend(PRAMWR); // Write to display + i=LCD_XRES*LCD_YRES; + while(i--) LCDSend(WHITE); +} diff --git a/armsrc/LCD.h b/armsrc/LCD.h index 17b334d19..ccc943178 100644 --- a/armsrc/LCD.h +++ b/armsrc/LCD.h @@ -1,117 +1,117 @@ -#ifndef __LCD -#define __LCD - -// The resolution of the LCD -#define LCD_XRES 132 -#define LCD_YRES 132 - -// 8bpp Color Mode - Some basic colors defined for ease of use -// remember 8bpp color = 3xRed, 3xGreen & 2xBlue bits -// organised as RRRGGGBB - -#define BLACK 0x00 -#define BLUE 0x03 -#define GREEN 0x1C -#define CYAN 0x1F -#define RED 0xE0 -#define MAGENTA 0xE3 -#define YELLOW 0xFC -#define WHITE 0xFF - -// EPSON LCD command set -#define ECASET 0x115 -#define EPWRCTR 0x120 -#define ENOP 0x125 -#define ERAMWR 0x15C -#define ERAMRD 0x15D -#define EPASET 0x175 -#define EEPSRRD1 0x17C -#define EEPSRRD2 0x17D -#define EVOLCTR 0x181 -#define ETMPGRD 0x182 -#define ESLPOUT 0x194 -#define ESLPIN 0x195 -#define EDISNOR 0x1A6 -#define EDISINV 0x1A7 -#define EPTLIN 0x1A8 -#define EPTLOUT 0x1A9 -#define EASCSET 0x1AA -#define ESCSTART 0x1AB -#define EDISOFF 0x1AE -#define EDISON 0x1AF -#define ECOMSCN 0x1BB -#define EDATCTL 0x1BC -#define EDISCTL 0x1CA -#define EEPCOUT 0x1CC -#define EEPCTIN 0x1CD -#define ERGBSET8 0x1CE -#define EOSCON 0x1D1 -#define EOSCOFF 0x1D2 -#define EVOLUP 0x1D6 -#define EVOLDOWN 0x1D7 -#define ERMWIN 0x1E0 -#define ERMWOUT 0x1EE -#define EEPMWR 0x1FC -#define EEPMRD 0x1FD - -// PHILIPS LCD command set -#define PNOP 0x100 -#define PSWRESET 0x101 -#define PBSTROFF 0x102 -#define PBSTRON 0x103 -#define PRDDIDIF 0x104 -#define PRDDST 0x109 -#define PSLEEPIN 0x110 -#define PSLEEPOUT 0x111 -#define PPTLON 0x112 -#define PNORON 0x113 -#define PINVOFF 0x120 -#define PINVON 0x121 -#define PDALO 0x122 -#define PDAL 0x123 -#define PSETCON 0x125 -#define PDISPOFF 0x128 -#define PDISPON 0x129 -#define PCASET 0x12A -#define PPASET 0x12B -#define PRAMWR 0x12C -#define PRGBSET 0x12D -#define PPTLAR 0x130 -#define PVSCRDEF 0x133 -#define PTEOFF 0x134 -#define PTEON 0x135 -#define PMADCTL 0x136 -#define PSEP 0x137 -#define PIDMOFF 0x138 -#define PIDMON 0x139 -#define PCOLMOD 0x13A -#define PSETVOP 0x1B0 -#define PBRS 0x1B4 -#define PTRS 0x1B6 -#define PFINV 0x1B9 -#define PDOR 0x1BA -#define PTCDFE 0x1BD -#define PTCVOPE 0x1BF -#define PEC 0x1C0 -#define PSETMUL 0x1C2 -#define PTCVOPAB 0x1C3 -#define PTCVOPCD 0x1C4 -#define PTCDF 0x1C5 -#define PDF8C 0x1C6 -#define PSETBS 0x1C7 -#define PRDTEMP 0x1C8 -#define PNLI 0x1C9 -#define PRDID1 0x1DA -#define PRDID2 0x1DB -#define PRDID3 0x1DC -#define PSFD 0x1EF -#define PECM 0x1F0 - -void LCDSend(unsigned int data); -void LCDInit(void); -void LCDReset(void); -void LCDSetXY(unsigned char x, unsigned char y); -void LCDSetPixel(unsigned char x, unsigned char y, unsigned char color); -void LCDString (char *lcd_string, const char *font_style,unsigned char x, unsigned char y, unsigned char fcolor, unsigned char bcolor); -void LCDFill (unsigned char xs,unsigned char ys,unsigned char width,unsigned char height, unsigned char color); -#endif +#ifndef __LCD +#define __LCD + +// The resolution of the LCD +#define LCD_XRES 132 +#define LCD_YRES 132 + +// 8bpp Color Mode - Some basic colors defined for ease of use +// remember 8bpp color = 3xRed, 3xGreen & 2xBlue bits +// organised as RRRGGGBB + +#define BLACK 0x00 +#define BLUE 0x03 +#define GREEN 0x1C +#define CYAN 0x1F +#define RED 0xE0 +#define MAGENTA 0xE3 +#define YELLOW 0xFC +#define WHITE 0xFF + +// EPSON LCD command set +#define ECASET 0x115 +#define EPWRCTR 0x120 +#define ENOP 0x125 +#define ERAMWR 0x15C +#define ERAMRD 0x15D +#define EPASET 0x175 +#define EEPSRRD1 0x17C +#define EEPSRRD2 0x17D +#define EVOLCTR 0x181 +#define ETMPGRD 0x182 +#define ESLPOUT 0x194 +#define ESLPIN 0x195 +#define EDISNOR 0x1A6 +#define EDISINV 0x1A7 +#define EPTLIN 0x1A8 +#define EPTLOUT 0x1A9 +#define EASCSET 0x1AA +#define ESCSTART 0x1AB +#define EDISOFF 0x1AE +#define EDISON 0x1AF +#define ECOMSCN 0x1BB +#define EDATCTL 0x1BC +#define EDISCTL 0x1CA +#define EEPCOUT 0x1CC +#define EEPCTIN 0x1CD +#define ERGBSET8 0x1CE +#define EOSCON 0x1D1 +#define EOSCOFF 0x1D2 +#define EVOLUP 0x1D6 +#define EVOLDOWN 0x1D7 +#define ERMWIN 0x1E0 +#define ERMWOUT 0x1EE +#define EEPMWR 0x1FC +#define EEPMRD 0x1FD + +// PHILIPS LCD command set +#define PNOP 0x100 +#define PSWRESET 0x101 +#define PBSTROFF 0x102 +#define PBSTRON 0x103 +#define PRDDIDIF 0x104 +#define PRDDST 0x109 +#define PSLEEPIN 0x110 +#define PSLEEPOUT 0x111 +#define PPTLON 0x112 +#define PNORON 0x113 +#define PINVOFF 0x120 +#define PINVON 0x121 +#define PDALO 0x122 +#define PDAL 0x123 +#define PSETCON 0x125 +#define PDISPOFF 0x128 +#define PDISPON 0x129 +#define PCASET 0x12A +#define PPASET 0x12B +#define PRAMWR 0x12C +#define PRGBSET 0x12D +#define PPTLAR 0x130 +#define PVSCRDEF 0x133 +#define PTEOFF 0x134 +#define PTEON 0x135 +#define PMADCTL 0x136 +#define PSEP 0x137 +#define PIDMOFF 0x138 +#define PIDMON 0x139 +#define PCOLMOD 0x13A +#define PSETVOP 0x1B0 +#define PBRS 0x1B4 +#define PTRS 0x1B6 +#define PFINV 0x1B9 +#define PDOR 0x1BA +#define PTCDFE 0x1BD +#define PTCVOPE 0x1BF +#define PEC 0x1C0 +#define PSETMUL 0x1C2 +#define PTCVOPAB 0x1C3 +#define PTCVOPCD 0x1C4 +#define PTCDF 0x1C5 +#define PDF8C 0x1C6 +#define PSETBS 0x1C7 +#define PRDTEMP 0x1C8 +#define PNLI 0x1C9 +#define PRDID1 0x1DA +#define PRDID2 0x1DB +#define PRDID3 0x1DC +#define PSFD 0x1EF +#define PECM 0x1F0 + +void LCDSend(unsigned int data); +void LCDInit(void); +void LCDReset(void); +void LCDSetXY(unsigned char x, unsigned char y); +void LCDSetPixel(unsigned char x, unsigned char y, unsigned char color); +void LCDString (char *lcd_string, const char *font_style,unsigned char x, unsigned char y, unsigned char fcolor, unsigned char bcolor); +void LCDFill (unsigned char xs,unsigned char ys,unsigned char width,unsigned char height, unsigned char color); +#endif diff --git a/armsrc/Makefile b/armsrc/Makefile index 2614b9e97..0aa4ea6b7 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -1,70 +1,70 @@ -# Makefile for armsrc, see ../common/Makefile.common for common settings - -APP_INCLUDES = apps.h - -#remove one of the following defines and comment out the relevant line -#in the next section to remove that particular feature from compilation -APP_CFLAGS = -O6 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -#-DWITH_LCD - -#SRC_LCD = fonts.c LCD.c -SRC_LF = lfops.c hitag2.c -SRC_ISO15693 = iso15693.c -SRC_ISO14443a = iso14443a.c -SRC_ISO14443b = iso14443.c - -THUMBSRC = start.c \ - $(SRC_LCD) \ - $(SRC_ISO15693) \ - $(SRC_LF) \ - appmain.c printf.c \ - util.c \ - usb.c - -# These are to be compiled in ARM mode -ARMSRC = fpgaloader.c \ - legicrf.c \ - iso14443crc.c \ - crc16.c \ - $(SRC_ISO14443a) \ - $(SRC_ISO14443b) \ - legic_prng.c \ - crc.c - -# stdint.h provided locally until GCC 4.5 becomes C99 compliant -APP_CFLAGS += -I. - -# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC -include ../common/Makefile.common - -all: $(OBJDIR)/osimage.s19 $(OBJDIR)/fpgaimage.s19 - -$(OBJDIR)/fpga.o: fpga.bit - $(OBJCOPY) -O elf32-littlearm -I binary -B arm --redefine-sym _binary____fpga_fpga_bit_start=_binary_fpga_bit_start --redefine-sym _binary____fpga_fpga_bit_end=_binary_fpga_bit_end --prefix-sections=fpga_bit $^ $@ - -$(OBJDIR)/fullimage.elf: $(VERSIONOBJ) $(OBJDIR)/fpga.o $(THUMBOBJ) $(ARMOBJ) $(LIBGCC) - $(LD) -g -Tldscript -Map=$(patsubst %.elf,%.map,$@) -o $@ $^ - -$(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf - $(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@ - -$(OBJDIR)/osimage.elf: $(OBJDIR)/fullimage.elf - $(OBJCOPY) -F elf32-littlearm --remove-section .fpgaimage $^ $@ - -clean: - $(DELETE) $(OBJDIR)$(PATHSEP)*.o - $(DELETE) $(OBJDIR)$(PATHSEP)*.elf - $(DELETE) $(OBJDIR)$(PATHSEP)*.s19 - $(DELETE) $(OBJDIR)$(PATHSEP)*.map - $(DELETE) $(OBJDIR)$(PATHSEP)*.d - $(DELETE) version.c - -.PHONY: all clean help -help: - @echo Multi-OS Makefile, you are running on $(DETECTED_OS) - @echo Possible targets: - @echo + all - Make both: - @echo + $(OBJDIR)/osimage.s19 - The OS image - @echo + $(OBJDIR)/fpgaimage.s19 - The FPGA image - @echo + clean - Clean $(OBJDIR) - +# Makefile for armsrc, see ../common/Makefile.common for common settings + +APP_INCLUDES = apps.h + +#remove one of the following defines and comment out the relevant line +#in the next section to remove that particular feature from compilation +APP_CFLAGS = -O6 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b +#-DWITH_LCD + +#SRC_LCD = fonts.c LCD.c +SRC_LF = lfops.c hitag2.c +SRC_ISO15693 = iso15693.c +SRC_ISO14443a = iso14443a.c +SRC_ISO14443b = iso14443.c + +THUMBSRC = start.c \ + $(SRC_LCD) \ + $(SRC_ISO15693) \ + $(SRC_LF) \ + appmain.c printf.c \ + util.c \ + usb.c + +# These are to be compiled in ARM mode +ARMSRC = fpgaloader.c \ + legicrf.c \ + iso14443crc.c \ + crc16.c \ + $(SRC_ISO14443a) \ + $(SRC_ISO14443b) \ + legic_prng.c \ + crc.c + +# stdint.h provided locally until GCC 4.5 becomes C99 compliant +APP_CFLAGS += -I. + +# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC +include ../common/Makefile.common + +all: $(OBJDIR)/osimage.s19 $(OBJDIR)/fpgaimage.s19 + +$(OBJDIR)/fpga.o: fpga.bit + $(OBJCOPY) -O elf32-littlearm -I binary -B arm --redefine-sym _binary____fpga_fpga_bit_start=_binary_fpga_bit_start --redefine-sym _binary____fpga_fpga_bit_end=_binary_fpga_bit_end --prefix-sections=fpga_bit $^ $@ + +$(OBJDIR)/fullimage.elf: $(VERSIONOBJ) $(OBJDIR)/fpga.o $(THUMBOBJ) $(ARMOBJ) $(LIBGCC) + $(LD) -g -Tldscript -Map=$(patsubst %.elf,%.map,$@) -o $@ $^ + +$(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf + $(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@ + +$(OBJDIR)/osimage.elf: $(OBJDIR)/fullimage.elf + $(OBJCOPY) -F elf32-littlearm --remove-section .fpgaimage $^ $@ + +clean: + $(DELETE) $(OBJDIR)$(PATHSEP)*.o + $(DELETE) $(OBJDIR)$(PATHSEP)*.elf + $(DELETE) $(OBJDIR)$(PATHSEP)*.s19 + $(DELETE) $(OBJDIR)$(PATHSEP)*.map + $(DELETE) $(OBJDIR)$(PATHSEP)*.d + $(DELETE) version.c + +.PHONY: all clean help +help: + @echo Multi-OS Makefile, you are running on $(DETECTED_OS) + @echo Possible targets: + @echo + all - Make both: + @echo + $(OBJDIR)/osimage.s19 - The OS image + @echo + $(OBJDIR)/fpgaimage.s19 - The FPGA image + @echo + clean - Clean $(OBJDIR) + diff --git a/armsrc/appmain.c b/armsrc/appmain.c index b517fa6cd..e5415010e 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1,883 +1,883 @@ -//----------------------------------------------------------------------------- -// The main application code. This is the first thing called after start.c -// executes. -// Jonathan Westhues, Mar 2006 -// Edits by Gerhard de Koning Gans, Sep 2007 (##) -//----------------------------------------------------------------------------- - -#include -#include "apps.h" -#include "legicrf.h" -#ifdef WITH_LCD -#include "fonts.h" -#include "LCD.h" -#endif - -#define va_list __builtin_va_list -#define va_start __builtin_va_start -#define va_arg __builtin_va_arg -#define va_end __builtin_va_end -int kvsprintf(char const *fmt, void *arg, int radix, va_list ap); - - -#define abs(x) ( ((x)<0) ? -(x) : (x) ) - -//============================================================================= -// A buffer where we can queue things up to be sent through the FPGA, for -// any purpose (fake tag, as reader, whatever). We go MSB first, since that -// is the order in which they go out on the wire. -//============================================================================= - -BYTE ToSend[512]; -int ToSendMax; -static int ToSendBit; -struct common_area common_area __attribute__((section(".commonarea"))); - -void BufferClear(void) -{ - memset(BigBuf,0,sizeof(BigBuf)); - Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf)); -} - -void ToSendReset(void) -{ - ToSendMax = -1; - ToSendBit = 8; -} - -void ToSendStuffBit(int b) -{ - if(ToSendBit >= 8) { - ToSendMax++; - ToSend[ToSendMax] = 0; - ToSendBit = 0; - } - - if(b) { - ToSend[ToSendMax] |= (1 << (7 - ToSendBit)); - } - - ToSendBit++; - - if(ToSendBit >= sizeof(ToSend)) { - ToSendBit = 0; - DbpString("ToSendStuffBit overflowed!"); - } -} - -//============================================================================= -// Debug print functions, to go out over USB, to the usual PC-side client. -//============================================================================= - -void DbpString(char *str) -{ - /* this holds up stuff unless we're connected to usb */ - if (!UsbConnected()) - return; - - UsbCommand c; - c.cmd = CMD_DEBUG_PRINT_STRING; - c.arg[0] = strlen(str); - if(c.arg[0] > sizeof(c.d.asBytes)) { - c.arg[0] = sizeof(c.d.asBytes); - } - memcpy(c.d.asBytes, str, c.arg[0]); - - UsbSendPacket((BYTE *)&c, sizeof(c)); - // TODO fix USB so stupid things like this aren't req'd - SpinDelay(50); -} - -#if 0 -void DbpIntegers(int x1, int x2, int x3) -{ - /* this holds up stuff unless we're connected to usb */ - if (!UsbConnected()) - return; - - UsbCommand c; - c.cmd = CMD_DEBUG_PRINT_INTEGERS; - c.arg[0] = x1; - c.arg[1] = x2; - c.arg[2] = x3; - - UsbSendPacket((BYTE *)&c, sizeof(c)); - // XXX - SpinDelay(50); -} -#endif - -void Dbprintf(const char *fmt, ...) { -// should probably limit size here; oh well, let's just use a big buffer - char output_string[128]; - va_list ap; - - va_start(ap, fmt); - kvsprintf(fmt, output_string, 10, ap); - va_end(ap); - - DbpString(output_string); -} - -//----------------------------------------------------------------------------- -// Read an ADC channel and block till it completes, then return the result -// in ADC units (0 to 1023). Also a routine to average 32 samples and -// return that. -//----------------------------------------------------------------------------- -static int ReadAdc(int ch) -{ - DWORD d; - - AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; - AT91C_BASE_ADC->ADC_MR = - ADC_MODE_PRESCALE(32) | - ADC_MODE_STARTUP_TIME(16) | - ADC_MODE_SAMPLE_HOLD_TIME(8); - AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch); - - AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; - while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) - ; - d = AT91C_BASE_ADC->ADC_CDR[ch]; - - return d; -} - -static int AvgAdc(int ch) -{ - int i; - int a = 0; - - for(i = 0; i < 32; i++) { - a += ReadAdc(ch); - } - - return (a + 15) >> 5; -} - -void MeasureAntennaTuning(void) -{ - BYTE *dest = (BYTE *)BigBuf; - int i, ptr = 0, adcval = 0, peak = 0, peakv = 0, peakf = 0;; - int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV - - UsbCommand c; - - DbpString("Measuring antenna characteristics, please wait."); - memset(BigBuf,0,sizeof(BigBuf)); - -/* - * Sweeps the useful LF range of the proxmark from - * 46.8kHz (divisor=255) to 600kHz (divisor=19) and - * read the voltage in the antenna, the result left - * in the buffer is a graph which should clearly show - * the resonating frequency of your LF antenna - * ( hopefully around 95 if it is tuned to 125kHz!) - */ - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - for (i=255; i>19; i--) { - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i); - SpinDelay(20); - // Vref = 3.3V, and a 10000:240 voltage divider on the input - // can measure voltages up to 137500 mV - adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10); - if (i==95) vLf125 = adcval; // voltage at 125Khz - if (i==89) vLf134 = adcval; // voltage at 134Khz - - dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes - if(dest[i] > peak) { - peakv = adcval; - peak = dest[i]; - peakf = i; - ptr = i; - } - } - - // Let the FPGA drive the high-frequency antenna around 13.56 MHz. - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - SpinDelay(20); - // Vref = 3300mV, and an 10:1 voltage divider on the input - // can measure voltages up to 33000 mV - vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; - - c.cmd = CMD_MEASURED_ANTENNA_TUNING; - c.arg[0] = (vLf125 << 0) | (vLf134 << 16); - c.arg[1] = vHf; - c.arg[2] = peakf | (peakv << 16); - UsbSendPacket((BYTE *)&c, sizeof(c)); -} - -void MeasureAntennaTuningHf(void) -{ - int vHf = 0; // in mV - - DbpString("Measuring HF antenna, press button to exit"); - - for (;;) { - // Let the FPGA drive the high-frequency antenna around 13.56 MHz. - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - SpinDelay(20); - // Vref = 3300mV, and an 10:1 voltage divider on the input - // can measure voltages up to 33000 mV - vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; - - Dbprintf("%d mV",vHf); - if (BUTTON_PRESS()) break; - } - DbpString("cancelled"); -} - - -void SimulateTagHfListen(void) -{ - BYTE *dest = (BYTE *)BigBuf; - int n = sizeof(BigBuf); - BYTE v = 0; - int i; - int p = 0; - - // We're using this mode just so that I can test it out; the simulated - // tag mode would work just as well and be simpler. - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP); - - // We need to listen to the high-frequency, peak-detected path. - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - FpgaSetupSsc(); - - i = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0xff; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - BYTE r = (BYTE)AT91C_BASE_SSC->SSC_RHR; - - v <<= 1; - if(r & 1) { - v |= 1; - } - p++; - - if(p >= 8) { - dest[i] = v; - v = 0; - p = 0; - i++; - - if(i >= n) { - break; - } - } - } - } - DbpString("simulate tag (now type bitsamples)"); -} - -void ReadMem(int addr) -{ - const BYTE *data = ((BYTE *)addr); - - Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x", - addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]); -} - -/* osimage version information is linked in */ -extern struct version_information version_information; -/* bootrom version information is pointed to from _bootphase1_version_pointer */ -extern char *_bootphase1_version_pointer, _flash_start, _flash_end; -void SendVersion(void) -{ - char temp[48]; /* Limited data payload in USB packets */ - DbpString("Prox/RFID mark3 RFID instrument"); - - /* Try to find the bootrom version information. Expect to find a pointer at - * symbol _bootphase1_version_pointer, perform slight sanity checks on the - * pointer, then use it. - */ - char *bootrom_version = *(char**)&_bootphase1_version_pointer; - if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) { - DbpString("bootrom version information appears invalid"); - } else { - FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version); - DbpString(temp); - } - - FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information); - DbpString(temp); - - FpgaGatherVersion(temp, sizeof(temp)); - DbpString(temp); -} - -#ifdef WITH_LF -// samy's sniff and repeat routine -void SamyRun() -{ - DbpString("Stand-alone mode! No PC necessary."); - - // 3 possible options? no just 2 for now -#define OPTS 2 - - int high[OPTS], low[OPTS]; - - // Oooh pretty -- notify user we're in elite samy mode now - LED(LED_RED, 200); - LED(LED_ORANGE, 200); - LED(LED_GREEN, 200); - LED(LED_ORANGE, 200); - LED(LED_RED, 200); - LED(LED_ORANGE, 200); - LED(LED_GREEN, 200); - LED(LED_ORANGE, 200); - LED(LED_RED, 200); - - int selected = 0; - int playing = 0; - - // Turn on selected LED - LED(selected + 1, 0); - - for (;;) - { - UsbPoll(FALSE); - WDT_HIT(); - - // Was our button held down or pressed? - int button_pressed = BUTTON_HELD(1000); - SpinDelay(300); - - // Button was held for a second, begin recording - if (button_pressed > 0) - { - LEDsoff(); - LED(selected + 1, 0); - LED(LED_RED2, 0); - - // record - DbpString("Starting recording"); - - // wait for button to be released - while(BUTTON_PRESS()) - WDT_HIT(); - - /* need this delay to prevent catching some weird data */ - SpinDelay(500); - - CmdHIDdemodFSK(1, &high[selected], &low[selected], 0); - Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]); - - LEDsoff(); - LED(selected + 1, 0); - // Finished recording - - // If we were previously playing, set playing off - // so next button push begins playing what we recorded - playing = 0; - } - - // Change where to record (or begin playing) - else if (button_pressed) - { - // Next option if we were previously playing - if (playing) - selected = (selected + 1) % OPTS; - playing = !playing; - - LEDsoff(); - LED(selected + 1, 0); - - // Begin transmitting - if (playing) - { - LED(LED_GREEN, 0); - DbpString("Playing"); - // wait for button to be released - while(BUTTON_PRESS()) - WDT_HIT(); - Dbprintf("%x %x %x", selected, high[selected], low[selected]); - CmdHIDsimTAG(high[selected], low[selected], 0); - DbpString("Done playing"); - if (BUTTON_HELD(1000) > 0) - { - DbpString("Exiting"); - LEDsoff(); - return; - } - - /* We pressed a button so ignore it here with a delay */ - SpinDelay(300); - - // when done, we're done playing, move to next option - selected = (selected + 1) % OPTS; - playing = !playing; - LEDsoff(); - LED(selected + 1, 0); - } - else - while(BUTTON_PRESS()) - WDT_HIT(); - } - } -} -#endif - -/* -OBJECTIVE -Listen and detect an external reader. Determine the best location -for the antenna. - -INSTRUCTIONS: -Inside the ListenReaderField() function, there is two mode. -By default, when you call the function, you will enter mode 1. -If you press the PM3 button one time, you will enter mode 2. -If you press the PM3 button a second time, you will exit the function. - -DESCRIPTION OF MODE 1: -This mode just listens for an external reader field and lights up green -for HF and/or red for LF. This is the original mode of the detectreader -function. - -DESCRIPTION OF MODE 2: -This mode will visually represent, using the LEDs, the actual strength of the -current compared to the maximum current detected. Basically, once you know -what kind of external reader is present, it will help you spot the best location to place -your antenna. You will probably not get some good results if there is a LF and a HF reader -at the same place! :-) - -LIGHT SCHEME USED: -*/ -static const char LIGHT_SCHEME[] = { - 0x0, /* ---- | No field detected */ - 0x1, /* X--- | 14% of maximum current detected */ - 0x2, /* -X-- | 29% of maximum current detected */ - 0x4, /* --X- | 43% of maximum current detected */ - 0x8, /* ---X | 57% of maximum current detected */ - 0xC, /* --XX | 71% of maximum current detected */ - 0xE, /* -XXX | 86% of maximum current detected */ - 0xF, /* XXXX | 100% of maximum current detected */ -}; -static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]); - -void ListenReaderField(int limit) -{ - int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max; - int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max; - int mode=1, display_val, display_max, i; - -#define LF_ONLY 1 -#define HF_ONLY 2 - - LEDsoff(); - - lf_av=lf_max=ReadAdc(ADC_CHAN_LF); - - if(limit != HF_ONLY) { - Dbprintf("LF 125/134 Baseline: %d", lf_av); - lf_baseline = lf_av; - } - - hf_av=hf_max=ReadAdc(ADC_CHAN_HF); - - if (limit != LF_ONLY) { - Dbprintf("HF 13.56 Baseline: %d", hf_av); - hf_baseline = hf_av; - } - - for(;;) { - if (BUTTON_PRESS()) { - SpinDelay(500); - switch (mode) { - case 1: - mode=2; - DbpString("Signal Strength Mode"); - break; - case 2: - default: - DbpString("Stopped"); - LEDsoff(); - return; - break; - } - } - WDT_HIT(); - - if (limit != HF_ONLY) { - if(mode==1) { - if (abs(lf_av - lf_baseline) > 10) LED_D_ON(); - else LED_D_OFF(); - } - - ++lf_count; - lf_av_new= ReadAdc(ADC_CHAN_LF); - // see if there's a significant change - if(abs(lf_av - lf_av_new) > 10) { - Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count); - lf_av = lf_av_new; - if (lf_av > lf_max) - lf_max = lf_av; - lf_count= 0; - } - } - - if (limit != LF_ONLY) { - if (mode == 1){ - if (abs(hf_av - hf_baseline) > 10) LED_B_ON(); - else LED_B_OFF(); - } - - ++hf_count; - hf_av_new= ReadAdc(ADC_CHAN_HF); - // see if there's a significant change - if(abs(hf_av - hf_av_new) > 10) { - Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count); - hf_av = hf_av_new; - if (hf_av > hf_max) - hf_max = hf_av; - hf_count= 0; - } - } - - if(mode == 2) { - if (limit == LF_ONLY) { - display_val = lf_av; - display_max = lf_max; - } else if (limit == HF_ONLY) { - display_val = hf_av; - display_max = hf_max; - } else { /* Pick one at random */ - if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) { - display_val = hf_av; - display_max = hf_max; - } else { - display_val = lf_av; - display_max = lf_max; - } - } - for (i=0; i= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) { - if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF(); - if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF(); - if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF(); - if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF(); - break; - } - } - } - } -} - -void UsbPacketReceived(BYTE *packet, int len) -{ - UsbCommand *c = (UsbCommand *)packet; - UsbCommand ack; - ack.cmd = CMD_ACK; - - switch(c->cmd) { -#ifdef WITH_LF - case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: - AcquireRawAdcSamples125k(c->arg[0]); - UsbSendPacket((BYTE*)&ack, sizeof(ack)); - break; -#endif - -#ifdef WITH_LF - case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: - ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); - break; -#endif - -#ifdef WITH_ISO15693 - case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693: - AcquireRawAdcSamplesIso15693(); - break; -#endif - - case CMD_BUFF_CLEAR: - BufferClear(); - break; - -#ifdef WITH_ISO15693 - case CMD_READER_ISO_15693: - ReaderIso15693(c->arg[0]); - break; -#endif - - case CMD_READER_LEGIC_RF: - LegicRfReader(c->arg[0], c->arg[1]); +//----------------------------------------------------------------------------- +// The main application code. This is the first thing called after start.c +// executes. +// Jonathan Westhues, Mar 2006 +// Edits by Gerhard de Koning Gans, Sep 2007 (##) +//----------------------------------------------------------------------------- + +#include +#include "apps.h" +#include "legicrf.h" +#ifdef WITH_LCD +#include "fonts.h" +#include "LCD.h" +#endif + +#define va_list __builtin_va_list +#define va_start __builtin_va_start +#define va_arg __builtin_va_arg +#define va_end __builtin_va_end +int kvsprintf(char const *fmt, void *arg, int radix, va_list ap); + + +#define abs(x) ( ((x)<0) ? -(x) : (x) ) + +//============================================================================= +// A buffer where we can queue things up to be sent through the FPGA, for +// any purpose (fake tag, as reader, whatever). We go MSB first, since that +// is the order in which they go out on the wire. +//============================================================================= + +BYTE ToSend[512]; +int ToSendMax; +static int ToSendBit; +struct common_area common_area __attribute__((section(".commonarea"))); + +void BufferClear(void) +{ + memset(BigBuf,0,sizeof(BigBuf)); + Dbprintf("Buffer cleared (%i bytes)",sizeof(BigBuf)); +} + +void ToSendReset(void) +{ + ToSendMax = -1; + ToSendBit = 8; +} + +void ToSendStuffBit(int b) +{ + if(ToSendBit >= 8) { + ToSendMax++; + ToSend[ToSendMax] = 0; + ToSendBit = 0; + } + + if(b) { + ToSend[ToSendMax] |= (1 << (7 - ToSendBit)); + } + + ToSendBit++; + + if(ToSendBit >= sizeof(ToSend)) { + ToSendBit = 0; + DbpString("ToSendStuffBit overflowed!"); + } +} + +//============================================================================= +// Debug print functions, to go out over USB, to the usual PC-side client. +//============================================================================= + +void DbpString(char *str) +{ + /* this holds up stuff unless we're connected to usb */ + if (!UsbConnected()) + return; + + UsbCommand c; + c.cmd = CMD_DEBUG_PRINT_STRING; + c.arg[0] = strlen(str); + if(c.arg[0] > sizeof(c.d.asBytes)) { + c.arg[0] = sizeof(c.d.asBytes); + } + memcpy(c.d.asBytes, str, c.arg[0]); + + UsbSendPacket((BYTE *)&c, sizeof(c)); + // TODO fix USB so stupid things like this aren't req'd + SpinDelay(50); +} + +#if 0 +void DbpIntegers(int x1, int x2, int x3) +{ + /* this holds up stuff unless we're connected to usb */ + if (!UsbConnected()) + return; + + UsbCommand c; + c.cmd = CMD_DEBUG_PRINT_INTEGERS; + c.arg[0] = x1; + c.arg[1] = x2; + c.arg[2] = x3; + + UsbSendPacket((BYTE *)&c, sizeof(c)); + // XXX + SpinDelay(50); +} +#endif + +void Dbprintf(const char *fmt, ...) { +// should probably limit size here; oh well, let's just use a big buffer + char output_string[128]; + va_list ap; + + va_start(ap, fmt); + kvsprintf(fmt, output_string, 10, ap); + va_end(ap); + + DbpString(output_string); +} + +//----------------------------------------------------------------------------- +// Read an ADC channel and block till it completes, then return the result +// in ADC units (0 to 1023). Also a routine to average 32 samples and +// return that. +//----------------------------------------------------------------------------- +static int ReadAdc(int ch) +{ + DWORD d; + + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST; + AT91C_BASE_ADC->ADC_MR = + ADC_MODE_PRESCALE(32) | + ADC_MODE_STARTUP_TIME(16) | + ADC_MODE_SAMPLE_HOLD_TIME(8); + AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ch); + + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; + while(!(AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ch))) + ; + d = AT91C_BASE_ADC->ADC_CDR[ch]; + + return d; +} + +static int AvgAdc(int ch) +{ + int i; + int a = 0; + + for(i = 0; i < 32; i++) { + a += ReadAdc(ch); + } + + return (a + 15) >> 5; +} + +void MeasureAntennaTuning(void) +{ + BYTE *dest = (BYTE *)BigBuf; + int i, ptr = 0, adcval = 0, peak = 0, peakv = 0, peakf = 0;; + int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV + + UsbCommand c; + + DbpString("Measuring antenna characteristics, please wait."); + memset(BigBuf,0,sizeof(BigBuf)); + +/* + * Sweeps the useful LF range of the proxmark from + * 46.8kHz (divisor=255) to 600kHz (divisor=19) and + * read the voltage in the antenna, the result left + * in the buffer is a graph which should clearly show + * the resonating frequency of your LF antenna + * ( hopefully around 95 if it is tuned to 125kHz!) + */ + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + for (i=255; i>19; i--) { + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i); + SpinDelay(20); + // Vref = 3.3V, and a 10000:240 voltage divider on the input + // can measure voltages up to 137500 mV + adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10); + if (i==95) vLf125 = adcval; // voltage at 125Khz + if (i==89) vLf134 = adcval; // voltage at 134Khz + + dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes + if(dest[i] > peak) { + peakv = adcval; + peak = dest[i]; + peakf = i; + ptr = i; + } + } + + // Let the FPGA drive the high-frequency antenna around 13.56 MHz. + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + SpinDelay(20); + // Vref = 3300mV, and an 10:1 voltage divider on the input + // can measure voltages up to 33000 mV + vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; + + c.cmd = CMD_MEASURED_ANTENNA_TUNING; + c.arg[0] = (vLf125 << 0) | (vLf134 << 16); + c.arg[1] = vHf; + c.arg[2] = peakf | (peakv << 16); + UsbSendPacket((BYTE *)&c, sizeof(c)); +} + +void MeasureAntennaTuningHf(void) +{ + int vHf = 0; // in mV + + DbpString("Measuring HF antenna, press button to exit"); + + for (;;) { + // Let the FPGA drive the high-frequency antenna around 13.56 MHz. + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + SpinDelay(20); + // Vref = 3300mV, and an 10:1 voltage divider on the input + // can measure voltages up to 33000 mV + vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; + + Dbprintf("%d mV",vHf); + if (BUTTON_PRESS()) break; + } + DbpString("cancelled"); +} + + +void SimulateTagHfListen(void) +{ + BYTE *dest = (BYTE *)BigBuf; + int n = sizeof(BigBuf); + BYTE v = 0; + int i; + int p = 0; + + // We're using this mode just so that I can test it out; the simulated + // tag mode would work just as well and be simpler. + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP); + + // We need to listen to the high-frequency, peak-detected path. + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + FpgaSetupSsc(); + + i = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0xff; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + BYTE r = (BYTE)AT91C_BASE_SSC->SSC_RHR; + + v <<= 1; + if(r & 1) { + v |= 1; + } + p++; + + if(p >= 8) { + dest[i] = v; + v = 0; + p = 0; + i++; + + if(i >= n) { + break; + } + } + } + } + DbpString("simulate tag (now type bitsamples)"); +} + +void ReadMem(int addr) +{ + const BYTE *data = ((BYTE *)addr); + + Dbprintf("%x: %02x %02x %02x %02x %02x %02x %02x %02x", + addr, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7]); +} + +/* osimage version information is linked in */ +extern struct version_information version_information; +/* bootrom version information is pointed to from _bootphase1_version_pointer */ +extern char *_bootphase1_version_pointer, _flash_start, _flash_end; +void SendVersion(void) +{ + char temp[48]; /* Limited data payload in USB packets */ + DbpString("Prox/RFID mark3 RFID instrument"); + + /* Try to find the bootrom version information. Expect to find a pointer at + * symbol _bootphase1_version_pointer, perform slight sanity checks on the + * pointer, then use it. + */ + char *bootrom_version = *(char**)&_bootphase1_version_pointer; + if( bootrom_version < &_flash_start || bootrom_version >= &_flash_end ) { + DbpString("bootrom version information appears invalid"); + } else { + FormatVersionInformation(temp, sizeof(temp), "bootrom: ", bootrom_version); + DbpString(temp); + } + + FormatVersionInformation(temp, sizeof(temp), "os: ", &version_information); + DbpString(temp); + + FpgaGatherVersion(temp, sizeof(temp)); + DbpString(temp); +} + +#ifdef WITH_LF +// samy's sniff and repeat routine +void SamyRun() +{ + DbpString("Stand-alone mode! No PC necessary."); + + // 3 possible options? no just 2 for now +#define OPTS 2 + + int high[OPTS], low[OPTS]; + + // Oooh pretty -- notify user we're in elite samy mode now + LED(LED_RED, 200); + LED(LED_ORANGE, 200); + LED(LED_GREEN, 200); + LED(LED_ORANGE, 200); + LED(LED_RED, 200); + LED(LED_ORANGE, 200); + LED(LED_GREEN, 200); + LED(LED_ORANGE, 200); + LED(LED_RED, 200); + + int selected = 0; + int playing = 0; + + // Turn on selected LED + LED(selected + 1, 0); + + for (;;) + { + UsbPoll(FALSE); + WDT_HIT(); + + // Was our button held down or pressed? + int button_pressed = BUTTON_HELD(1000); + SpinDelay(300); + + // Button was held for a second, begin recording + if (button_pressed > 0) + { + LEDsoff(); + LED(selected + 1, 0); + LED(LED_RED2, 0); + + // record + DbpString("Starting recording"); + + // wait for button to be released + while(BUTTON_PRESS()) + WDT_HIT(); + + /* need this delay to prevent catching some weird data */ + SpinDelay(500); + + CmdHIDdemodFSK(1, &high[selected], &low[selected], 0); + Dbprintf("Recorded %x %x %x", selected, high[selected], low[selected]); + + LEDsoff(); + LED(selected + 1, 0); + // Finished recording + + // If we were previously playing, set playing off + // so next button push begins playing what we recorded + playing = 0; + } + + // Change where to record (or begin playing) + else if (button_pressed) + { + // Next option if we were previously playing + if (playing) + selected = (selected + 1) % OPTS; + playing = !playing; + + LEDsoff(); + LED(selected + 1, 0); + + // Begin transmitting + if (playing) + { + LED(LED_GREEN, 0); + DbpString("Playing"); + // wait for button to be released + while(BUTTON_PRESS()) + WDT_HIT(); + Dbprintf("%x %x %x", selected, high[selected], low[selected]); + CmdHIDsimTAG(high[selected], low[selected], 0); + DbpString("Done playing"); + if (BUTTON_HELD(1000) > 0) + { + DbpString("Exiting"); + LEDsoff(); + return; + } + + /* We pressed a button so ignore it here with a delay */ + SpinDelay(300); + + // when done, we're done playing, move to next option + selected = (selected + 1) % OPTS; + playing = !playing; + LEDsoff(); + LED(selected + 1, 0); + } + else + while(BUTTON_PRESS()) + WDT_HIT(); + } + } +} +#endif + +/* +OBJECTIVE +Listen and detect an external reader. Determine the best location +for the antenna. + +INSTRUCTIONS: +Inside the ListenReaderField() function, there is two mode. +By default, when you call the function, you will enter mode 1. +If you press the PM3 button one time, you will enter mode 2. +If you press the PM3 button a second time, you will exit the function. + +DESCRIPTION OF MODE 1: +This mode just listens for an external reader field and lights up green +for HF and/or red for LF. This is the original mode of the detectreader +function. + +DESCRIPTION OF MODE 2: +This mode will visually represent, using the LEDs, the actual strength of the +current compared to the maximum current detected. Basically, once you know +what kind of external reader is present, it will help you spot the best location to place +your antenna. You will probably not get some good results if there is a LF and a HF reader +at the same place! :-) + +LIGHT SCHEME USED: +*/ +static const char LIGHT_SCHEME[] = { + 0x0, /* ---- | No field detected */ + 0x1, /* X--- | 14% of maximum current detected */ + 0x2, /* -X-- | 29% of maximum current detected */ + 0x4, /* --X- | 43% of maximum current detected */ + 0x8, /* ---X | 57% of maximum current detected */ + 0xC, /* --XX | 71% of maximum current detected */ + 0xE, /* -XXX | 86% of maximum current detected */ + 0xF, /* XXXX | 100% of maximum current detected */ +}; +static const int LIGHT_LEN = sizeof(LIGHT_SCHEME)/sizeof(LIGHT_SCHEME[0]); + +void ListenReaderField(int limit) +{ + int lf_av, lf_av_new, lf_baseline= 0, lf_count= 0, lf_max; + int hf_av, hf_av_new, hf_baseline= 0, hf_count= 0, hf_max; + int mode=1, display_val, display_max, i; + +#define LF_ONLY 1 +#define HF_ONLY 2 + + LEDsoff(); + + lf_av=lf_max=ReadAdc(ADC_CHAN_LF); + + if(limit != HF_ONLY) { + Dbprintf("LF 125/134 Baseline: %d", lf_av); + lf_baseline = lf_av; + } + + hf_av=hf_max=ReadAdc(ADC_CHAN_HF); + + if (limit != LF_ONLY) { + Dbprintf("HF 13.56 Baseline: %d", hf_av); + hf_baseline = hf_av; + } + + for(;;) { + if (BUTTON_PRESS()) { + SpinDelay(500); + switch (mode) { + case 1: + mode=2; + DbpString("Signal Strength Mode"); + break; + case 2: + default: + DbpString("Stopped"); + LEDsoff(); + return; + break; + } + } + WDT_HIT(); + + if (limit != HF_ONLY) { + if(mode==1) { + if (abs(lf_av - lf_baseline) > 10) LED_D_ON(); + else LED_D_OFF(); + } + + ++lf_count; + lf_av_new= ReadAdc(ADC_CHAN_LF); + // see if there's a significant change + if(abs(lf_av - lf_av_new) > 10) { + Dbprintf("LF 125/134 Field Change: %x %x %x", lf_av, lf_av_new, lf_count); + lf_av = lf_av_new; + if (lf_av > lf_max) + lf_max = lf_av; + lf_count= 0; + } + } + + if (limit != LF_ONLY) { + if (mode == 1){ + if (abs(hf_av - hf_baseline) > 10) LED_B_ON(); + else LED_B_OFF(); + } + + ++hf_count; + hf_av_new= ReadAdc(ADC_CHAN_HF); + // see if there's a significant change + if(abs(hf_av - hf_av_new) > 10) { + Dbprintf("HF 13.56 Field Change: %x %x %x", hf_av, hf_av_new, hf_count); + hf_av = hf_av_new; + if (hf_av > hf_max) + hf_max = hf_av; + hf_count= 0; + } + } + + if(mode == 2) { + if (limit == LF_ONLY) { + display_val = lf_av; + display_max = lf_max; + } else if (limit == HF_ONLY) { + display_val = hf_av; + display_max = hf_max; + } else { /* Pick one at random */ + if( (hf_max - hf_baseline) > (lf_max - lf_baseline) ) { + display_val = hf_av; + display_max = hf_max; + } else { + display_val = lf_av; + display_max = lf_max; + } + } + for (i=0; i= ((display_max/LIGHT_LEN)*i) && display_val <= ((display_max/LIGHT_LEN)*(i+1))) { + if (LIGHT_SCHEME[i] & 0x1) LED_C_ON(); else LED_C_OFF(); + if (LIGHT_SCHEME[i] & 0x2) LED_A_ON(); else LED_A_OFF(); + if (LIGHT_SCHEME[i] & 0x4) LED_B_ON(); else LED_B_OFF(); + if (LIGHT_SCHEME[i] & 0x8) LED_D_ON(); else LED_D_OFF(); + break; + } + } + } + } +} + +void UsbPacketReceived(BYTE *packet, int len) +{ + UsbCommand *c = (UsbCommand *)packet; + UsbCommand ack; + ack.cmd = CMD_ACK; + + switch(c->cmd) { +#ifdef WITH_LF + case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K: + AcquireRawAdcSamples125k(c->arg[0]); + UsbSendPacket((BYTE*)&ack, sizeof(ack)); break; - -#ifdef WITH_ISO15693 - case CMD_SIMTAG_ISO_15693: - SimTagIso15693(c->arg[0]); - break; -#endif - -#ifdef WITH_ISO14443b - case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443: - AcquireRawAdcSamplesIso14443(c->arg[0]); - break; -#endif - -#ifdef WITH_ISO14443b - case CMD_READ_SRI512_TAG: - ReadSRI512Iso14443(c->arg[0]); - break; - case CMD_READ_SRIX4K_TAG: - ReadSRIX4KIso14443(c->arg[0]); - break; -#endif - -#ifdef WITH_ISO14443a - case CMD_READER_ISO_14443a: - ReaderIso14443a(c->arg[0]); - break; -#endif - -#ifdef WITH_ISO14443a - case CMD_READER_MIFARE: - ReaderMifare(c->arg[0]); - break; -#endif - -#ifdef WITH_ISO14443b - case CMD_SNOOP_ISO_14443: - SnoopIso14443(); - break; -#endif - -#ifdef WITH_ISO14443a - case CMD_SNOOP_ISO_14443a: - SnoopIso14443a(); - break; -#endif - - case CMD_SIMULATE_TAG_HF_LISTEN: - SimulateTagHfListen(); - break; - -#ifdef WITH_ISO14443b - case CMD_SIMULATE_TAG_ISO_14443: - SimulateIso14443Tag(); - break; -#endif - -#ifdef WITH_ISO14443a - case CMD_SIMULATE_TAG_ISO_14443a: - SimulateIso14443aTag(c->arg[0], c->arg[1]); // ## Simulate iso14443a tag - pass tag type & UID - break; -#endif - - case CMD_MEASURE_ANTENNA_TUNING: - MeasureAntennaTuning(); - break; - - case CMD_MEASURE_ANTENNA_TUNING_HF: - MeasureAntennaTuningHf(); - break; - - case CMD_LISTEN_READER_FIELD: - ListenReaderField(c->arg[0]); - break; - -#ifdef WITH_LF - case CMD_HID_DEMOD_FSK: - CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag - break; -#endif - -#ifdef WITH_LF - case CMD_HID_SIM_TAG: - CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID - break; -#endif - - case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - LED_D_OFF(); // LED D indicates field ON or OFF - break; - -#ifdef WITH_LF - case CMD_READ_TI_TYPE: - ReadTItag(); - break; -#endif - -#ifdef WITH_LF - case CMD_WRITE_TI_TYPE: - WriteTItag(c->arg[0],c->arg[1],c->arg[2]); - break; -#endif - - case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: { - UsbCommand n; - if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) { - n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K; - } else { - n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE; - } - n.arg[0] = c->arg[0]; - memcpy(n.d.asDwords, BigBuf+c->arg[0], 12*sizeof(DWORD)); - UsbSendPacket((BYTE *)&n, sizeof(n)); - break; - } - - case CMD_DOWNLOADED_SIM_SAMPLES_125K: { - BYTE *b = (BYTE *)BigBuf; - memcpy(b+c->arg[0], c->d.asBytes, 48); - //Dbprintf("copied 48 bytes to %i",b+c->arg[0]); - UsbSendPacket((BYTE*)&ack, sizeof(ack)); - break; - } - -#ifdef WITH_LF - case CMD_SIMULATE_TAG_125K: - LED_A_ON(); - SimulateTagLowFrequency(c->arg[0], c->arg[1], 1); - LED_A_OFF(); - break; -#endif - - case CMD_READ_MEM: - ReadMem(c->arg[0]); - break; - - case CMD_SET_LF_DIVISOR: - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]); - break; - - case CMD_SET_ADC_MUX: - switch(c->arg[0]) { - case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break; - case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break; - case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break; - case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break; - } - break; - - case CMD_VERSION: - SendVersion(); - break; - -#ifdef WITH_LF - case CMD_LF_SIMULATE_BIDIR: - SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]); - break; -#endif - -#ifdef WITH_LCD - case CMD_LCD_RESET: - LCDReset(); - break; - case CMD_LCD: - LCDSend(c->arg[0]); - break; -#endif - case CMD_SETUP_WRITE: - case CMD_FINISH_WRITE: - case CMD_HARDWARE_RESET: - USB_D_PLUS_PULLUP_OFF(); - SpinDelay(1000); - SpinDelay(1000); - AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; - for(;;) { - // We're going to reset, and the bootrom will take control. - } - break; - - case CMD_START_FLASH: - if(common_area.flags.bootrom_present) { - common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE; - } - USB_D_PLUS_PULLUP_OFF(); - AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; - for(;;); - break; - - case CMD_DEVICE_INFO: { - UsbCommand c; - c.cmd = CMD_DEVICE_INFO; - c.arg[0] = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS; - if(common_area.flags.bootrom_present) c.arg[0] |= DEVICE_INFO_FLAG_BOOTROM_PRESENT; - UsbSendPacket((BYTE*)&c, sizeof(c)); - } - break; - default: - Dbprintf("%s: 0x%04x","unknown command:",c->cmd); - break; - } -} - -void __attribute__((noreturn)) AppMain(void) -{ - SpinDelay(100); - - if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { - /* Initialize common area */ - memset(&common_area, 0, sizeof(common_area)); - common_area.magic = COMMON_AREA_MAGIC; - common_area.version = 1; - } - common_area.flags.osimage_present = 1; - - LED_D_OFF(); - LED_C_OFF(); - LED_B_OFF(); - LED_A_OFF(); - - UsbStart(); - - // The FPGA gets its clock from us from PCK0 output, so set that up. - AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0; - AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0; - AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0; - // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz - AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK | - AT91C_PMC_PRES_CLK_4; - AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0; - - // Reset SPI - AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST; - // Reset SSC - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - - // Load the FPGA image, which we have stored in our flash. - FpgaDownloadAndGo(); - -#ifdef WITH_LCD - - LCDInit(); - - // test text on different colored backgrounds - LCDString(" The quick brown fox ", (char *)&FONT6x8,1,1+8*0,WHITE ,BLACK ); - LCDString(" jumped over the ", (char *)&FONT6x8,1,1+8*1,BLACK ,WHITE ); - LCDString(" lazy dog. ", (char *)&FONT6x8,1,1+8*2,YELLOW ,RED ); - LCDString(" AaBbCcDdEeFfGgHhIiJj ", (char *)&FONT6x8,1,1+8*3,RED ,GREEN ); - LCDString(" KkLlMmNnOoPpQqRrSsTt ", (char *)&FONT6x8,1,1+8*4,MAGENTA,BLUE ); - LCDString("UuVvWwXxYyZz0123456789", (char *)&FONT6x8,1,1+8*5,BLUE ,YELLOW); - LCDString("`-=[]_;',./~!@#$%^&*()", (char *)&FONT6x8,1,1+8*6,BLACK ,CYAN ); - LCDString(" _+{}|:\\\"<>? ",(char *)&FONT6x8,1,1+8*7,BLUE ,MAGENTA); - - // color bands - LCDFill(0, 1+8* 8, 132, 8, BLACK); - LCDFill(0, 1+8* 9, 132, 8, WHITE); - LCDFill(0, 1+8*10, 132, 8, RED); - LCDFill(0, 1+8*11, 132, 8, GREEN); - LCDFill(0, 1+8*12, 132, 8, BLUE); - LCDFill(0, 1+8*13, 132, 8, YELLOW); - LCDFill(0, 1+8*14, 132, 8, CYAN); - LCDFill(0, 1+8*15, 132, 8, MAGENTA); - -#endif - - for(;;) { - UsbPoll(FALSE); - WDT_HIT(); - -#ifdef WITH_LF - if (BUTTON_HELD(1000) > 0) - SamyRun(); -#endif - } -} +#endif + +#ifdef WITH_LF + case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K: + ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes); + break; +#endif + +#ifdef WITH_ISO15693 + case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693: + AcquireRawAdcSamplesIso15693(); + break; +#endif + + case CMD_BUFF_CLEAR: + BufferClear(); + break; + +#ifdef WITH_ISO15693 + case CMD_READER_ISO_15693: + ReaderIso15693(c->arg[0]); + break; +#endif + + case CMD_READER_LEGIC_RF: + LegicRfReader(c->arg[0], c->arg[1]); + break; + +#ifdef WITH_ISO15693 + case CMD_SIMTAG_ISO_15693: + SimTagIso15693(c->arg[0]); + break; +#endif + +#ifdef WITH_ISO14443b + case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443: + AcquireRawAdcSamplesIso14443(c->arg[0]); + break; +#endif + +#ifdef WITH_ISO14443b + case CMD_READ_SRI512_TAG: + ReadSRI512Iso14443(c->arg[0]); + break; + case CMD_READ_SRIX4K_TAG: + ReadSRIX4KIso14443(c->arg[0]); + break; +#endif + +#ifdef WITH_ISO14443a + case CMD_READER_ISO_14443a: + ReaderIso14443a(c->arg[0]); + break; +#endif + +#ifdef WITH_ISO14443a + case CMD_READER_MIFARE: + ReaderMifare(c->arg[0]); + break; +#endif + +#ifdef WITH_ISO14443b + case CMD_SNOOP_ISO_14443: + SnoopIso14443(); + break; +#endif + +#ifdef WITH_ISO14443a + case CMD_SNOOP_ISO_14443a: + SnoopIso14443a(); + break; +#endif + + case CMD_SIMULATE_TAG_HF_LISTEN: + SimulateTagHfListen(); + break; + +#ifdef WITH_ISO14443b + case CMD_SIMULATE_TAG_ISO_14443: + SimulateIso14443Tag(); + break; +#endif + +#ifdef WITH_ISO14443a + case CMD_SIMULATE_TAG_ISO_14443a: + SimulateIso14443aTag(c->arg[0], c->arg[1]); // ## Simulate iso14443a tag - pass tag type & UID + break; +#endif + + case CMD_MEASURE_ANTENNA_TUNING: + MeasureAntennaTuning(); + break; + + case CMD_MEASURE_ANTENNA_TUNING_HF: + MeasureAntennaTuningHf(); + break; + + case CMD_LISTEN_READER_FIELD: + ListenReaderField(c->arg[0]); + break; + +#ifdef WITH_LF + case CMD_HID_DEMOD_FSK: + CmdHIDdemodFSK(0, 0, 0, 1); // Demodulate HID tag + break; +#endif + +#ifdef WITH_LF + case CMD_HID_SIM_TAG: + CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID + break; +#endif + + case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + LED_D_OFF(); // LED D indicates field ON or OFF + break; + +#ifdef WITH_LF + case CMD_READ_TI_TYPE: + ReadTItag(); + break; +#endif + +#ifdef WITH_LF + case CMD_WRITE_TI_TYPE: + WriteTItag(c->arg[0],c->arg[1],c->arg[2]); + break; +#endif + + case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: { + UsbCommand n; + if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) { + n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K; + } else { + n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE; + } + n.arg[0] = c->arg[0]; + memcpy(n.d.asDwords, BigBuf+c->arg[0], 12*sizeof(DWORD)); + UsbSendPacket((BYTE *)&n, sizeof(n)); + break; + } + + case CMD_DOWNLOADED_SIM_SAMPLES_125K: { + BYTE *b = (BYTE *)BigBuf; + memcpy(b+c->arg[0], c->d.asBytes, 48); + //Dbprintf("copied 48 bytes to %i",b+c->arg[0]); + UsbSendPacket((BYTE*)&ack, sizeof(ack)); + break; + } + +#ifdef WITH_LF + case CMD_SIMULATE_TAG_125K: + LED_A_ON(); + SimulateTagLowFrequency(c->arg[0], c->arg[1], 1); + LED_A_OFF(); + break; +#endif + + case CMD_READ_MEM: + ReadMem(c->arg[0]); + break; + + case CMD_SET_LF_DIVISOR: + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]); + break; + + case CMD_SET_ADC_MUX: + switch(c->arg[0]) { + case 0: SetAdcMuxFor(GPIO_MUXSEL_LOPKD); break; + case 1: SetAdcMuxFor(GPIO_MUXSEL_LORAW); break; + case 2: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); break; + case 3: SetAdcMuxFor(GPIO_MUXSEL_HIRAW); break; + } + break; + + case CMD_VERSION: + SendVersion(); + break; + +#ifdef WITH_LF + case CMD_LF_SIMULATE_BIDIR: + SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]); + break; +#endif + +#ifdef WITH_LCD + case CMD_LCD_RESET: + LCDReset(); + break; + case CMD_LCD: + LCDSend(c->arg[0]); + break; +#endif + case CMD_SETUP_WRITE: + case CMD_FINISH_WRITE: + case CMD_HARDWARE_RESET: + USB_D_PLUS_PULLUP_OFF(); + SpinDelay(1000); + SpinDelay(1000); + AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; + for(;;) { + // We're going to reset, and the bootrom will take control. + } + break; + + case CMD_START_FLASH: + if(common_area.flags.bootrom_present) { + common_area.command = COMMON_AREA_COMMAND_ENTER_FLASH_MODE; + } + USB_D_PLUS_PULLUP_OFF(); + AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; + for(;;); + break; + + case CMD_DEVICE_INFO: { + UsbCommand c; + c.cmd = CMD_DEVICE_INFO; + c.arg[0] = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS; + if(common_area.flags.bootrom_present) c.arg[0] |= DEVICE_INFO_FLAG_BOOTROM_PRESENT; + UsbSendPacket((BYTE*)&c, sizeof(c)); + } + break; + default: + Dbprintf("%s: 0x%04x","unknown command:",c->cmd); + break; + } +} + +void __attribute__((noreturn)) AppMain(void) +{ + SpinDelay(100); + + if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { + /* Initialize common area */ + memset(&common_area, 0, sizeof(common_area)); + common_area.magic = COMMON_AREA_MAGIC; + common_area.version = 1; + } + common_area.flags.osimage_present = 1; + + LED_D_OFF(); + LED_C_OFF(); + LED_B_OFF(); + LED_A_OFF(); + + UsbStart(); + + // The FPGA gets its clock from us from PCK0 output, so set that up. + AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0; + AT91C_BASE_PIOA->PIO_PDR = GPIO_PCK0; + AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0; + // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz + AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK | + AT91C_PMC_PRES_CLK_4; + AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0; + + // Reset SPI + AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SWRST; + // Reset SSC + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + + // Load the FPGA image, which we have stored in our flash. + FpgaDownloadAndGo(); + +#ifdef WITH_LCD + + LCDInit(); + + // test text on different colored backgrounds + LCDString(" The quick brown fox ", (char *)&FONT6x8,1,1+8*0,WHITE ,BLACK ); + LCDString(" jumped over the ", (char *)&FONT6x8,1,1+8*1,BLACK ,WHITE ); + LCDString(" lazy dog. ", (char *)&FONT6x8,1,1+8*2,YELLOW ,RED ); + LCDString(" AaBbCcDdEeFfGgHhIiJj ", (char *)&FONT6x8,1,1+8*3,RED ,GREEN ); + LCDString(" KkLlMmNnOoPpQqRrSsTt ", (char *)&FONT6x8,1,1+8*4,MAGENTA,BLUE ); + LCDString("UuVvWwXxYyZz0123456789", (char *)&FONT6x8,1,1+8*5,BLUE ,YELLOW); + LCDString("`-=[]_;',./~!@#$%^&*()", (char *)&FONT6x8,1,1+8*6,BLACK ,CYAN ); + LCDString(" _+{}|:\\\"<>? ",(char *)&FONT6x8,1,1+8*7,BLUE ,MAGENTA); + + // color bands + LCDFill(0, 1+8* 8, 132, 8, BLACK); + LCDFill(0, 1+8* 9, 132, 8, WHITE); + LCDFill(0, 1+8*10, 132, 8, RED); + LCDFill(0, 1+8*11, 132, 8, GREEN); + LCDFill(0, 1+8*12, 132, 8, BLUE); + LCDFill(0, 1+8*13, 132, 8, YELLOW); + LCDFill(0, 1+8*14, 132, 8, CYAN); + LCDFill(0, 1+8*15, 132, 8, MAGENTA); + +#endif + + for(;;) { + UsbPoll(FALSE); + WDT_HIT(); + +#ifdef WITH_LF + if (BUTTON_HELD(1000) > 0) + SamyRun(); +#endif + } +} diff --git a/armsrc/apps.h b/armsrc/apps.h index 71c25d1a5..938028e73 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -1,131 +1,131 @@ -//----------------------------------------------------------------------------- -// Definitions internal to the app source. -// Jonathan Westhues, Aug 2005 -// Added ISO14443-A support by Gerhard de Koning Gans, April 2008 -//----------------------------------------------------------------------------- - -#ifndef __APPS_H -#define __APPS_H - -#include "stdint.h" -#include "stddef.h" -typedef unsigned char byte_t; - -// The large multi-purpose buffer, typically used to hold A/D samples, -// maybe processed in some way. -DWORD BigBuf[8000]; - -/// appmain.h -void ReadMem(int addr); -void __attribute__((noreturn)) AppMain(void); -void SamyRun(void); -//void DbpIntegers(int a, int b, int c); -void DbpString(char *str); -void Dbprintf(const char *fmt, ...); - -void ToSendStuffBit(int b); -void ToSendReset(void); -void ListenReaderField(int limit); -void AcquireRawAdcSamples125k(BOOL at134khz); -void DoAcquisition125k(void); -extern int ToSendMax; -extern BYTE ToSend[]; -extern DWORD BigBuf[]; - -/// fpga.h -void FpgaSendCommand(WORD cmd, WORD v); -void FpgaWriteConfWord(BYTE v); -void FpgaDownloadAndGo(void); -void FpgaGatherVersion(char *dst, int len); -void FpgaSetupSsc(void); -void SetupSpi(int mode); -void FpgaSetupSscDma(BYTE *buf, int len); -void SetAdcMuxFor(DWORD whichGpio); - -// Definitions for the FPGA commands. -#define FPGA_CMD_SET_CONFREG (1<<12) -#define FPGA_CMD_SET_DIVISOR (2<<12) -// Definitions for the FPGA configuration word. -#define FPGA_MAJOR_MODE_LF_READER (0<<5) -#define FPGA_MAJOR_MODE_LF_SIMULATOR (1<<5) -#define FPGA_MAJOR_MODE_HF_READER_TX (2<<5) -#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (3<<5) -#define FPGA_MAJOR_MODE_HF_SIMULATOR (4<<5) -#define FPGA_MAJOR_MODE_HF_ISO14443A (5<<5) -#define FPGA_MAJOR_MODE_LF_PASSTHRU (6<<5) -#define FPGA_MAJOR_MODE_OFF (7<<5) -// Options for the HF reader, tx to tag -#define FPGA_HF_READER_TX_SHALLOW_MOD (1<<0) -// Options for the HF reader, correlating against rx from tag -#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0) -#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) -#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2) -// Options for the HF simulated tag, how to modulate -#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) -#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) -#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) -// Options for ISO14443A -#define FPGA_HF_ISO14443A_SNIFFER (0<<0) -#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0) -#define FPGA_HF_ISO14443A_TAGSIM_MOD (2<<0) -#define FPGA_HF_ISO14443A_READER_LISTEN (3<<0) -#define FPGA_HF_ISO14443A_READER_MOD (4<<0) - -/// lfops.h -void AcquireRawAdcSamples125k(BOOL at134khz); -void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command); -void ReadTItag(void); -void WriteTItag(DWORD idhi, DWORD idlo, WORD crc); -void AcquireTiType(void); -void AcquireRawBitsTI(void); -void SimulateTagLowFrequency(int period, int gap, int ledcontrol); -void CmdHIDsimTAG(int hi, int lo, int ledcontrol); -void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); -void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); - -/// iso14443.h -void SimulateIso14443Tag(void); -void AcquireRawAdcSamplesIso14443(DWORD parameter); -void ReadSRI512Iso14443(DWORD parameter); -void ReadSRIX4KIso14443(DWORD parameter); -void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast); -void SnoopIso14443(void); - -/// iso14443a.h -void SnoopIso14443a(void); -void SimulateIso14443aTag(int tagType, int TagUid); // ## simulate iso14443a tag -void ReaderIso14443a(DWORD parameter); -void ReaderMifare(DWORD parameter); - -/// iso15693.h -void AcquireRawAdcSamplesIso15693(void); -void ReaderIso15693(DWORD parameter); // Simulate an ISO15693 reader - greg -void SimTagIso15693(DWORD parameter); // simulate an ISO15693 tag - greg - -/// util.h -#define LED_RED 1 -#define LED_ORANGE 2 -#define LED_GREEN 4 -#define LED_RED2 8 -#define BUTTON_HOLD 1 -#define BUTTON_NO_CLICK 0 -#define BUTTON_SINGLE_CLICK -1 -#define BUTTON_DOUBLE_CLICK -2 -#define BUTTON_ERROR -99 -int strlen(char *str); -void *memcpy(void *dest, const void *src, int len); -void *memset(void *dest, int c, int len); -int memcmp(const void *av, const void *bv, int len); -char *strncat(char *dest, const char *src, unsigned int n); -void num_to_bytes(uint64_t n, size_t len, byte_t* dest); -uint64_t bytes_to_num(byte_t* src, size_t len); - -void SpinDelay(int ms); -void SpinDelayUs(int us); -void LED(int led, int ms); -void LEDsoff(); -int BUTTON_CLICKED(int ms); -int BUTTON_HELD(int ms); -void FormatVersionInformation(char *dst, int len, const char *prefix, void *version_information); - -#endif +//----------------------------------------------------------------------------- +// Definitions internal to the app source. +// Jonathan Westhues, Aug 2005 +// Added ISO14443-A support by Gerhard de Koning Gans, April 2008 +//----------------------------------------------------------------------------- + +#ifndef __APPS_H +#define __APPS_H + +#include "stdint.h" +#include "stddef.h" +typedef unsigned char byte_t; + +// The large multi-purpose buffer, typically used to hold A/D samples, +// maybe processed in some way. +DWORD BigBuf[8000]; + +/// appmain.h +void ReadMem(int addr); +void __attribute__((noreturn)) AppMain(void); +void SamyRun(void); +//void DbpIntegers(int a, int b, int c); +void DbpString(char *str); +void Dbprintf(const char *fmt, ...); + +void ToSendStuffBit(int b); +void ToSendReset(void); +void ListenReaderField(int limit); +void AcquireRawAdcSamples125k(BOOL at134khz); +void DoAcquisition125k(void); +extern int ToSendMax; +extern BYTE ToSend[]; +extern DWORD BigBuf[]; + +/// fpga.h +void FpgaSendCommand(WORD cmd, WORD v); +void FpgaWriteConfWord(BYTE v); +void FpgaDownloadAndGo(void); +void FpgaGatherVersion(char *dst, int len); +void FpgaSetupSsc(void); +void SetupSpi(int mode); +void FpgaSetupSscDma(BYTE *buf, int len); +void SetAdcMuxFor(DWORD whichGpio); + +// Definitions for the FPGA commands. +#define FPGA_CMD_SET_CONFREG (1<<12) +#define FPGA_CMD_SET_DIVISOR (2<<12) +// Definitions for the FPGA configuration word. +#define FPGA_MAJOR_MODE_LF_READER (0<<5) +#define FPGA_MAJOR_MODE_LF_SIMULATOR (1<<5) +#define FPGA_MAJOR_MODE_HF_READER_TX (2<<5) +#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (3<<5) +#define FPGA_MAJOR_MODE_HF_SIMULATOR (4<<5) +#define FPGA_MAJOR_MODE_HF_ISO14443A (5<<5) +#define FPGA_MAJOR_MODE_LF_PASSTHRU (6<<5) +#define FPGA_MAJOR_MODE_OFF (7<<5) +// Options for the HF reader, tx to tag +#define FPGA_HF_READER_TX_SHALLOW_MOD (1<<0) +// Options for the HF reader, correlating against rx from tag +#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0) +#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) +#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2) +// Options for the HF simulated tag, how to modulate +#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) +#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) +#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) +// Options for ISO14443A +#define FPGA_HF_ISO14443A_SNIFFER (0<<0) +#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0) +#define FPGA_HF_ISO14443A_TAGSIM_MOD (2<<0) +#define FPGA_HF_ISO14443A_READER_LISTEN (3<<0) +#define FPGA_HF_ISO14443A_READER_MOD (4<<0) + +/// lfops.h +void AcquireRawAdcSamples125k(BOOL at134khz); +void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command); +void ReadTItag(void); +void WriteTItag(DWORD idhi, DWORD idlo, WORD crc); +void AcquireTiType(void); +void AcquireRawBitsTI(void); +void SimulateTagLowFrequency(int period, int gap, int ledcontrol); +void CmdHIDsimTAG(int hi, int lo, int ledcontrol); +void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); +void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); + +/// iso14443.h +void SimulateIso14443Tag(void); +void AcquireRawAdcSamplesIso14443(DWORD parameter); +void ReadSRI512Iso14443(DWORD parameter); +void ReadSRIX4KIso14443(DWORD parameter); +void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast); +void SnoopIso14443(void); + +/// iso14443a.h +void SnoopIso14443a(void); +void SimulateIso14443aTag(int tagType, int TagUid); // ## simulate iso14443a tag +void ReaderIso14443a(DWORD parameter); +void ReaderMifare(DWORD parameter); + +/// iso15693.h +void AcquireRawAdcSamplesIso15693(void); +void ReaderIso15693(DWORD parameter); // Simulate an ISO15693 reader - greg +void SimTagIso15693(DWORD parameter); // simulate an ISO15693 tag - greg + +/// util.h +#define LED_RED 1 +#define LED_ORANGE 2 +#define LED_GREEN 4 +#define LED_RED2 8 +#define BUTTON_HOLD 1 +#define BUTTON_NO_CLICK 0 +#define BUTTON_SINGLE_CLICK -1 +#define BUTTON_DOUBLE_CLICK -2 +#define BUTTON_ERROR -99 +int strlen(char *str); +void *memcpy(void *dest, const void *src, int len); +void *memset(void *dest, int c, int len); +int memcmp(const void *av, const void *bv, int len); +char *strncat(char *dest, const char *src, unsigned int n); +void num_to_bytes(uint64_t n, size_t len, byte_t* dest); +uint64_t bytes_to_num(byte_t* src, size_t len); + +void SpinDelay(int ms); +void SpinDelayUs(int us); +void LED(int led, int ms); +void LEDsoff(); +int BUTTON_CLICKED(int ms); +int BUTTON_HELD(int ms); +void FormatVersionInformation(char *dst, int len, const char *prefix, void *version_information); + +#endif diff --git a/armsrc/fonts.c b/armsrc/fonts.c index 81e99ce5b..78c2654da 100644 --- a/armsrc/fonts.c +++ b/armsrc/fonts.c @@ -1,300 +1,300 @@ -const char FONT6x8[97][8] = { - {0x06,0x08,0x08,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space - {0x20,0x20,0x20,0x20,0x20,0x00,0x20,0x00}, // ! - {0x50,0x50,0x50,0x00,0x00,0x00,0x00,0x00}, // " - {0x50,0x50,0xF8,0x50,0xF8,0x50,0x50,0x00}, // # - {0x20,0x78,0xA0,0x70,0x28,0xF0,0x20,0x00}, // $ - {0xC0,0xC8,0x10,0x20,0x40,0x98,0x18,0x00}, // % - {0x40,0xA0,0xA0,0x40,0xA8,0x90,0x68,0x00}, // & - {0x30,0x30,0x20,0x40,0x00,0x00,0x00,0x00}, // ' - {0x10,0x20,0x40,0x40,0x40,0x20,0x10,0x00}, // ( - {0x40,0x20,0x10,0x10,0x10,0x20,0x40,0x00}, // ) - {0x00,0x20,0xA8,0x70,0x70,0xA8,0x20,0x00}, // * - {0x00,0x20,0x20,0xF8,0x20,0x20,0x00,0x00}, // + - {0x00,0x00,0x00,0x00,0x30,0x30,0x20,0x40}, // , - {0x00,0x00,0x00,0xF8,0x00,0x00,0x00,0x00}, // - - {0x00,0x00,0x00,0x00,0x00,0x30,0x30,0x00}, // . - {0x00,0x08,0x10,0x20,0x40,0x80,0x00,0x00}, // / - {0x70,0x88,0x88,0xA8,0x88,0x88,0x70,0x00}, // 0 - {0x20,0x60,0x20,0x20,0x20,0x20,0x70,0x00}, // 1 - {0x70,0x88,0x08,0x70,0x80,0x80,0xF8,0x00}, // 2 - {0xF8,0x08,0x10,0x30,0x08,0x88,0x70,0x00}, // 3 - {0x10,0x30,0x50,0x90,0xF8,0x10,0x10,0x00}, // 4 - {0xF8,0x80,0xF0,0x08,0x08,0x88,0x70,0x00}, // 5 - {0x38,0x40,0x80,0xF0,0x88,0x88,0x70,0x00}, // 6 - {0xF8,0x08,0x08,0x10,0x20,0x40,0x80,0x00}, // 7 - {0x70,0x88,0x88,0x70,0x88,0x88,0x70,0x00}, // 8 - {0x70,0x88,0x88,0x78,0x08,0x10,0xE0,0x00}, // 9 - {0x00,0x00,0x20,0x00,0x20,0x00,0x00,0x00}, // : - {0x00,0x00,0x20,0x00,0x20,0x20,0x40,0x00}, // ; - {0x08,0x10,0x20,0x40,0x20,0x10,0x08,0x00}, // < - {0x00,0x00,0xF8,0x00,0xF8,0x00,0x00,0x00}, // = - {0x40,0x20,0x10,0x08,0x10,0x20,0x40,0x00}, // > - {0x70,0x88,0x08,0x30,0x20,0x00,0x20,0x00}, // ? - {0x70,0x88,0xA8,0xB8,0xB0,0x80,0x78,0x00}, // @ - {0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00}, // A - {0xF0,0x88,0x88,0xF0,0x88,0x88,0xF0,0x00}, // B - {0x70,0x88,0x80,0x80,0x80,0x88,0x70,0x00}, // C - {0xF0,0x88,0x88,0x88,0x88,0x88,0xF0,0x00}, // D - {0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00}, // E - {0xF8,0x80,0x80,0xF0,0x80,0x80,0x80,0x00}, // F - {0x78,0x88,0x80,0x80,0x98,0x88,0x78,0x00}, // G - {0x88,0x88,0x88,0xF8,0x88,0x88,0x88,0x00}, // H - {0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00}, // I - {0x38,0x10,0x10,0x10,0x10,0x90,0x60,0x00}, // J - {0x88,0x90,0xA0,0xC0,0xA0,0x90,0x88,0x00}, // K - {0x80,0x80,0x80,0x80,0x80,0x80,0xF8,0x00}, // L - {0x88,0xD8,0xA8,0xA8,0xA8,0x88,0x88,0x00}, // M - {0x88,0x88,0xC8,0xA8,0x98,0x88,0x88,0x00}, // N - {0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00}, // O - {0xF0,0x88,0x88,0xF0,0x80,0x80,0x80,0x00}, // P - {0x70,0x88,0x88,0x88,0xA8,0x90,0x68,0x00}, // Q - {0xF0,0x88,0x88,0xF0,0xA0,0x90,0x88,0x00}, // R - {0x70,0x88,0x80,0x70,0x08,0x88,0x70,0x00}, // S - {0xF8,0xA8,0x20,0x20,0x20,0x20,0x20,0x00}, // T - {0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00}, // U - {0x88,0x88,0x88,0x88,0x88,0x50,0x20,0x00}, // V - {0x88,0x88,0x88,0xA8,0xA8,0xA8,0x50,0x00}, // W - {0x88,0x88,0x50,0x20,0x50,0x88,0x88,0x00}, // X - {0x88,0x88,0x50,0x20,0x20,0x20,0x20,0x00}, // Y - {0xF8,0x08,0x10,0x70,0x40,0x80,0xF8,0x00}, // Z - {0x78,0x40,0x40,0x40,0x40,0x40,0x78,0x00}, // [ - {0x00,0x80,0x40,0x20,0x10,0x08,0x00,0x00}, // backslash - {0x78,0x08,0x08,0x08,0x08,0x08,0x78,0x00}, // ] - {0x20,0x50,0x88,0x00,0x00,0x00,0x00,0x00}, // ^ - {0x00,0x00,0x00,0x00,0x00,0x00,0xF8,0x00}, // _ - {0x60,0x60,0x20,0x10,0x00,0x00,0x00,0x00}, // ` - {0x00,0x00,0x60,0x10,0x70,0x90,0x78,0x00}, // a - {0x80,0x80,0xB0,0xC8,0x88,0xC8,0xB0,0x00}, // b - {0x00,0x00,0x70,0x88,0x80,0x88,0x70,0x00}, // c - {0x08,0x08,0x68,0x98,0x88,0x98,0x68,0x00}, // d - {0x00,0x00,0x70,0x88,0xF8,0x80,0x70,0x00}, // e - {0x10,0x28,0x20,0x70,0x20,0x20,0x20,0x00}, // f - {0x00,0x00,0x70,0x98,0x98,0x68,0x08,0x70}, // g - {0x80,0x80,0xB0,0xC8,0x88,0x88,0x88,0x00}, // h - {0x20,0x00,0x60,0x20,0x20,0x20,0x70,0x00}, // i - {0x10,0x00,0x10,0x10,0x10,0x90,0x60,0x00}, // j - {0x80,0x80,0x90,0xA0,0xC0,0xA0,0x90,0x00}, // k - {0x60,0x20,0x20,0x20,0x20,0x20,0x70,0x00}, // l - {0x00,0x00,0xD0,0xA8,0xA8,0xA8,0xA8,0x00}, // m - {0x00,0x00,0xB0,0xC8,0x88,0x88,0x88,0x00}, // n - {0x00,0x00,0x70,0x88,0x88,0x88,0x70,0x00}, // o - {0x00,0x00,0xB0,0xC8,0xC8,0xB0,0x80,0x80}, // p - {0x00,0x00,0x68,0x98,0x98,0x68,0x08,0x08}, // q - {0x00,0x00,0xB0,0xC8,0x80,0x80,0x80,0x00}, // r - {0x00,0x00,0x78,0x80,0x70,0x08,0xF0,0x00}, // s - {0x20,0x20,0xF8,0x20,0x20,0x28,0x10,0x00}, // t - {0x00,0x00,0x88,0x88,0x88,0x98,0x68,0x00}, // u - {0x00,0x00,0x88,0x88,0x88,0x50,0x20,0x00}, // v - {0x00,0x00,0x88,0x88,0xA8,0xA8,0x50,0x00}, // w - {0x00,0x00,0x88,0x50,0x20,0x50,0x88,0x00}, // x - {0x00,0x00,0x88,0x88,0x78,0x08,0x88,0x70}, // y - {0x00,0x00,0xF8,0x10,0x20,0x40,0xF8,0x00}, // z - {0x10,0x20,0x20,0x40,0x20,0x20,0x10,0x00}, // { - {0x20,0x20,0x20,0x00,0x20,0x20,0x20,0x00}, // | - {0x40,0x20,0x20,0x10,0x20,0x20,0x40,0x00}, // } - {0x40,0xA8,0x10,0x00,0x00,0x00,0x00,0x00}, // ~ - {0x70,0xD8,0xD8,0x70,0x00,0x00,0x00,0x00} // DEL -}; -/* -const char FONT8x8F[97][8] = { - {0x08,0x08,0x08,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space - {0x30,0x78,0x78,0x30,0x30,0x00,0x30,0x00}, // ! - {0x6C,0x6C,0x6C,0x00,0x00,0x00,0x00,0x00}, // " - {0x6C,0x6C,0xFE,0x6C,0xFE,0x6C,0x6C,0x00}, // # - {0x18,0x3E,0x60,0x3C,0x06,0x7C,0x18,0x00}, // $ - {0x00,0x63,0x66,0x0C,0x18,0x33,0x63,0x00}, // % - {0x1C,0x36,0x1C,0x3B,0x6E,0x66,0x3B,0x00}, // & - {0x30,0x30,0x60,0x00,0x00,0x00,0x00,0x00}, // ' - {0x0C,0x18,0x30,0x30,0x30,0x18,0x0C,0x00}, // ( - {0x30,0x18,0x0C,0x0C,0x0C,0x18,0x30,0x00}, // ) - {0x00,0x66,0x3C,0xFF,0x3C,0x66,0x00,0x00}, // * - {0x00,0x30,0x30,0xFC,0x30,0x30,0x00,0x00}, // + - {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x30}, // , - {0x00,0x00,0x00,0x7E,0x00,0x00,0x00,0x00}, // - - {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00}, // . - {0x03,0x06,0x0C,0x18,0x30,0x60,0x40,0x00}, // / - {0x3E,0x63,0x63,0x6B,0x63,0x63,0x3E,0x00}, // 0 - {0x18,0x38,0x58,0x18,0x18,0x18,0x7E,0x00}, // 1 - {0x3C,0x66,0x06,0x1C,0x30,0x66,0x7E,0x00}, // 2 - {0x3C,0x66,0x06,0x1C,0x06,0x66,0x3C,0x00}, // 3 - {0x0E,0x1E,0x36,0x66,0x7F,0x06,0x0F,0x00}, // 4 - {0x7E,0x60,0x7C,0x06,0x06,0x66,0x3C,0x00}, // 5 - {0x1C,0x30,0x60,0x7C,0x66,0x66,0x3C,0x00}, // 6 - {0x7E,0x66,0x06,0x0C,0x18,0x18,0x18,0x00}, // 7 - {0x3C,0x66,0x66,0x3C,0x66,0x66,0x3C,0x00}, // 8 - {0x3C,0x66,0x66,0x3E,0x06,0x0C,0x38,0x00}, // 9 - {0x00,0x18,0x18,0x00,0x00,0x18,0x18,0x00}, // : - {0x00,0x18,0x18,0x00,0x00,0x18,0x18,0x30}, // ; - {0x0C,0x18,0x30,0x60,0x30,0x18,0x0C,0x00}, // < - {0x00,0x00,0x7E,0x00,0x00,0x7E,0x00,0x00}, // = - {0x30,0x18,0x0C,0x06,0x0C,0x18,0x30,0x00}, // > - {0x3C,0x66,0x06,0x0C,0x18,0x00,0x18,0x00}, // ? - {0x3E,0x63,0x6F,0x69,0x6F,0x60,0x3E,0x00}, // @ - {0x18,0x3C,0x66,0x66,0x7E,0x66,0x66,0x00}, // A - {0x7E,0x33,0x33,0x3E,0x33,0x33,0x7E,0x00}, // B - {0x1E,0x33,0x60,0x60,0x60,0x33,0x1E,0x00}, // C - {0x7C,0x36,0x33,0x33,0x33,0x36,0x7C,0x00}, // D - {0x7F,0x31,0x34,0x3C,0x34,0x31,0x7F,0x00}, // E - {0x7F,0x31,0x34,0x3C,0x34,0x30,0x78,0x00}, // F - {0x1E,0x33,0x60,0x60,0x67,0x33,0x1F,0x00}, // G - {0x66,0x66,0x66,0x7E,0x66,0x66,0x66,0x00}, // H - {0x3C,0x18,0x18,0x18,0x18,0x18,0x3C,0x00}, // I - {0x0F,0x06,0x06,0x06,0x66,0x66,0x3C,0x00}, // J - {0x73,0x33,0x36,0x3C,0x36,0x33,0x73,0x00}, // K - {0x78,0x30,0x30,0x30,0x31,0x33,0x7F,0x00}, // L - {0x63,0x77,0x7F,0x7F,0x6B,0x63,0x63,0x00}, // M - {0x63,0x73,0x7B,0x6F,0x67,0x63,0x63,0x00}, // N - {0x3E,0x63,0x63,0x63,0x63,0x63,0x3E,0x00}, // O - {0x7E,0x33,0x33,0x3E,0x30,0x30,0x78,0x00}, // P - {0x3C,0x66,0x66,0x66,0x6E,0x3C,0x0E,0x00}, // Q - {0x7E,0x33,0x33,0x3E,0x36,0x33,0x73,0x00}, // R - {0x3C,0x66,0x30,0x18,0x0C,0x66,0x3C,0x00}, // S - {0x7E,0x5A,0x18,0x18,0x18,0x18,0x3C,0x00}, // T - {0x66,0x66,0x66,0x66,0x66,0x66,0x7E,0x00}, // U - {0x66,0x66,0x66,0x66,0x66,0x3C,0x18,0x00}, // V - {0x63,0x63,0x63,0x6B,0x7F,0x77,0x63,0x00}, // W - {0x63,0x63,0x36,0x1C,0x1C,0x36,0x63,0x00}, // X - {0x66,0x66,0x66,0x3C,0x18,0x18,0x3C,0x00}, // Y - {0x7F,0x63,0x46,0x0C,0x19,0x33,0x7F,0x00}, // Z - {0x3C,0x30,0x30,0x30,0x30,0x30,0x3C,0x00}, // [ - {0x60,0x30,0x18,0x0C,0x06,0x03,0x01,0x00}, // backslash - {0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3C,0x00}, // ] - {0x08,0x1C,0x36,0x63,0x00,0x00,0x00,0x00}, // ^ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF}, // _ - {0x18,0x18,0x0C,0x00,0x00,0x00,0x00,0x00}, // ` - {0x00,0x00,0x3C,0x06,0x3E,0x66,0x3B,0x00}, // a - {0x70,0x30,0x3E,0x33,0x33,0x33,0x6E,0x00}, // b - {0x00,0x00,0x3C,0x66,0x60,0x66,0x3C,0x00}, // c - {0x0E,0x06,0x3E,0x66,0x66,0x66,0x3B,0x00}, // d - {0x00,0x00,0x3C,0x66,0x7E,0x60,0x3C,0x00}, // e - {0x1C,0x36,0x30,0x78,0x30,0x30,0x78,0x00}, // f - {0x00,0x00,0x3B,0x66,0x66,0x3E,0x06,0x7C}, // g - {0x70,0x30,0x36,0x3B,0x33,0x33,0x73,0x00}, // h - {0x18,0x00,0x38,0x18,0x18,0x18,0x3C,0x00}, // i - {0x06,0x00,0x06,0x06,0x06,0x66,0x66,0x3C}, // j - {0x70,0x30,0x33,0x36,0x3C,0x36,0x73,0x00}, // k - {0x38,0x18,0x18,0x18,0x18,0x18,0x3C,0x00}, // l - {0x00,0x00,0x66,0x7F,0x7F,0x6B,0x63,0x00}, // m - {0x00,0x00,0x7C,0x66,0x66,0x66,0x66,0x00}, // n - {0x00,0x00,0x3C,0x66,0x66,0x66,0x3C,0x00}, // o - {0x00,0x00,0x6E,0x33,0x33,0x3E,0x30,0x78}, // p - {0x00,0x00,0x3B,0x66,0x66,0x3E,0x06,0x0F}, // q - {0x00,0x00,0x6E,0x3B,0x33,0x30,0x78,0x00}, // r - {0x00,0x00,0x3E,0x60,0x3C,0x06,0x7C,0x00}, // s - {0x08,0x18,0x3E,0x18,0x18,0x1A,0x0C,0x00}, // t - {0x00,0x00,0x66,0x66,0x66,0x66,0x3B,0x00}, // u - {0x00,0x00,0x66,0x66,0x66,0x3C,0x18,0x00}, // v - {0x00,0x00,0x63,0x6B,0x7F,0x7F,0x36,0x00}, // w - {0x00,0x00,0x63,0x36,0x1C,0x36,0x63,0x00}, // x - {0x00,0x00,0x66,0x66,0x66,0x3E,0x06,0x7C}, // y - {0x00,0x00,0x7E,0x4C,0x18,0x32,0x7E,0x00}, // z - {0x0E,0x18,0x18,0x70,0x18,0x18,0x0E,0x00}, // { - {0x0C,0x0C,0x0C,0x00,0x0C,0x0C,0x0C,0x00}, // | - {0x70,0x18,0x18,0x0E,0x18,0x18,0x70,0x00}, // } - {0x3B,0x6E,0x00,0x00,0x00,0x00,0x00,0x00}, // ~ - {0x1C,0x36,0x36,0x1C,0x00,0x00,0x00,0x00} // DEL -}; - -const char FONT8x16[97][16] = { - {0x08,0x10,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space - {0x00,0x00,0x18,0x3C,0x3C,0x3C,0x18,0x18,0x18,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // ! - {0x00,0x63,0x63,0x63,0x22,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // " - {0x00,0x00,0x00,0x36,0x36,0x7F,0x36,0x36,0x36,0x7F,0x36,0x36,0x00,0x00,0x00,0x00}, // # - {0x0C,0x0C,0x3E,0x63,0x61,0x60,0x3E,0x03,0x03,0x43,0x63,0x3E,0x0C,0x0C,0x00,0x00}, // $ - {0x00,0x00,0x00,0x00,0x00,0x61,0x63,0x06,0x0C,0x18,0x33,0x63,0x00,0x00,0x00,0x00}, // % - {0x00,0x00,0x00,0x1C,0x36,0x36,0x1C,0x3B,0x6E,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // & - {0x00,0x30,0x30,0x30,0x60,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ' - {0x00,0x00,0x0C,0x18,0x18,0x30,0x30,0x30,0x30,0x18,0x18,0x0C,0x00,0x00,0x00,0x00}, // ( - {0x00,0x00,0x18,0x0C,0x0C,0x06,0x06,0x06,0x06,0x0C,0x0C,0x18,0x00,0x00,0x00,0x00}, // ) - {0x00,0x00,0x00,0x00,0x42,0x66,0x3C,0xFF,0x3C,0x66,0x42,0x00,0x00,0x00,0x00,0x00}, // * - {0x00,0x00,0x00,0x00,0x18,0x18,0x18,0xFF,0x18,0x18,0x18,0x00,0x00,0x00,0x00,0x00}, // + - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x18,0x30,0x00,0x00}, // , - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // - - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // . - {0x00,0x00,0x01,0x03,0x07,0x0E,0x1C,0x38,0x70,0xE0,0xC0,0x80,0x00,0x00,0x00,0x00}, // / - {0x00,0x00,0x3E,0x63,0x63,0x63,0x6B,0x6B,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 0 - {0x00,0x00,0x0C,0x1C,0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3F,0x00,0x00,0x00,0x00}, // 1 - {0x00,0x00,0x3E,0x63,0x03,0x06,0x0C,0x18,0x30,0x61,0x63,0x7F,0x00,0x00,0x00,0x00}, // 2 - {0x00,0x00,0x3E,0x63,0x03,0x03,0x1E,0x03,0x03,0x03,0x63,0x3E,0x00,0x00,0x00,0x00}, // 3 - {0x00,0x00,0x06,0x0E,0x1E,0x36,0x66,0x66,0x7F,0x06,0x06,0x0F,0x00,0x00,0x00,0x00}, // 4 - {0x00,0x00,0x7F,0x60,0x60,0x60,0x7E,0x03,0x03,0x63,0x73,0x3E,0x00,0x00,0x00,0x00}, // 5 - {0x00,0x00,0x1C,0x30,0x60,0x60,0x7E,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 6 - {0x00,0x00,0x7F,0x63,0x03,0x06,0x06,0x0C,0x0C,0x18,0x18,0x18,0x00,0x00,0x00,0x00}, // 7 - {0x00,0x00,0x3E,0x63,0x63,0x63,0x3E,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 8 - {0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x3F,0x03,0x03,0x06,0x3C,0x00,0x00,0x00,0x00}, // 9 - {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // : - {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x18,0x18,0x18,0x30,0x00,0x00}, // ; - {0x00,0x00,0x00,0x06,0x0C,0x18,0x30,0x60,0x30,0x18,0x0C,0x06,0x00,0x00,0x00,0x00}, // < - {0x00,0x00,0x00,0x00,0x00,0x00,0x7E,0x00,0x00,0x7E,0x00,0x00,0x00,0x00,0x00,0x00}, // = - {0x00,0x00,0x00,0x60,0x30,0x18,0x0C,0x06,0x0C,0x18,0x30,0x60,0x00,0x00,0x00,0x00}, // > - {0x00,0x00,0x3E,0x63,0x63,0x06,0x0C,0x0C,0x0C,0x00,0x0C,0x0C,0x00,0x00,0x00,0x00}, // ? - {0x00,0x00,0x3E,0x63,0x63,0x6F,0x6B,0x6B,0x6E,0x60,0x60,0x3E,0x00,0x00,0x00,0x00}, // @ - {0x00,0x00,0x08,0x1C,0x36,0x63,0x63,0x63,0x7F,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // A - {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x33,0x33,0x33,0x33,0x7E,0x00,0x00,0x00,0x00}, // B - {0x00,0x00,0x1E,0x33,0x61,0x60,0x60,0x60,0x60,0x61,0x33,0x1E,0x00,0x00,0x00,0x00}, // C - {0x00,0x00,0x7C,0x36,0x33,0x33,0x33,0x33,0x33,0x33,0x36,0x7C,0x00,0x00,0x00,0x00}, // D - {0x00,0x00,0x7F,0x33,0x31,0x34,0x3C,0x34,0x30,0x31,0x33,0x7F,0x00,0x00,0x00,0x00}, // E - {0x00,0x00,0x7F,0x33,0x31,0x34,0x3C,0x34,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // F - {0x00,0x00,0x1E,0x33,0x61,0x60,0x60,0x6F,0x63,0x63,0x37,0x1D,0x00,0x00,0x00,0x00}, // G - {0x00,0x00,0x63,0x63,0x63,0x63,0x7F,0x63,0x63,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // H - {0x00,0x00,0x3C,0x18,0x18,0x18,0x18,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // I - {0x00,0x00,0x0F,0x06,0x06,0x06,0x06,0x06,0x06,0x66,0x66,0x3C,0x00,0x00,0x00,0x00}, // J - {0x00,0x00,0x73,0x33,0x36,0x36,0x3C,0x36,0x36,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // K - {0x00,0x00,0x78,0x30,0x30,0x30,0x30,0x30,0x30,0x31,0x33,0x7F,0x00,0x00,0x00,0x00}, // L - {0x00,0x00,0x63,0x77,0x7F,0x6B,0x63,0x63,0x63,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // M - {0x00,0x00,0x63,0x63,0x73,0x7B,0x7F,0x6F,0x67,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // N - {0x00,0x00,0x1C,0x36,0x63,0x63,0x63,0x63,0x63,0x63,0x36,0x1C,0x00,0x00,0x00,0x00}, // O - {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x30,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // P - {0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x63,0x63,0x6B,0x6F,0x3E,0x06,0x07,0x00,0x00}, // Q - {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x36,0x36,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // R - {0x00,0x00,0x3E,0x63,0x63,0x30,0x1C,0x06,0x03,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // S - {0x00,0x00,0xFF,0xDB,0x99,0x18,0x18,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // T - {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // U - {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x36,0x1C,0x08,0x00,0x00,0x00,0x00}, // V - {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x6B,0x6B,0x7F,0x36,0x36,0x00,0x00,0x00,0x00}, // W - {0x00,0x00,0xC3,0xC3,0x66,0x3C,0x18,0x18,0x3C,0x66,0xC3,0xC3,0x00,0x00,0x00,0x00}, // X - {0x00,0x00,0xC3,0xC3,0xC3,0x66,0x3C,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // Y - {0x00,0x00,0x7F,0x63,0x43,0x06,0x0C,0x18,0x30,0x61,0x63,0x7F,0x00,0x00,0x00,0x00}, // Z - {0x00,0x00,0x3C,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x3C,0x00,0x00,0x00,0x00}, // [ - {0x00,0x00,0x80,0xC0,0xE0,0x70,0x38,0x1C,0x0E,0x07,0x03,0x01,0x00,0x00,0x00,0x00}, // backslash - {0x00,0x00,0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3C,0x00,0x00,0x00,0x00}, // ] - {0x08,0x1C,0x36,0x63,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ^ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0x00,0x00,0x00}, // _ - {0x18,0x18,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ` - {0x00,0x00,0x00,0x00,0x00,0x3C,0x46,0x06,0x3E,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // a - {0x00,0x00,0x70,0x30,0x30,0x3C,0x36,0x33,0x33,0x33,0x33,0x6E,0x00,0x00,0x00,0x00}, // b - {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x60,0x60,0x60,0x63,0x3E,0x00,0x00,0x00,0x00}, // c - {0x00,0x00,0x0E,0x06,0x06,0x1E,0x36,0x66,0x66,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // d - {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x63,0x7E,0x60,0x63,0x3E,0x00,0x00,0x00,0x00}, // e - {0x00,0x00,0x1C,0x36,0x32,0x30,0x7C,0x30,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // f - {0x00,0x00,0x00,0x00,0x00,0x3B,0x66,0x66,0x66,0x66,0x3E,0x06,0x66,0x3C,0x00,0x00}, // g - {0x00,0x00,0x70,0x30,0x30,0x36,0x3B,0x33,0x33,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // h - {0x00,0x00,0x0C,0x0C,0x00,0x1C,0x0C,0x0C,0x0C,0x0C,0x0C,0x1E,0x00,0x00,0x00,0x00}, // i - {0x00,0x00,0x06,0x06,0x00,0x0E,0x06,0x06,0x06,0x06,0x06,0x66,0x66,0x3C,0x00,0x00}, // j - {0x00,0x00,0x70,0x30,0x30,0x33,0x33,0x36,0x3C,0x36,0x33,0x73,0x00,0x00,0x00,0x00}, // k - {0x00,0x00,0x1C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x1E,0x00,0x00,0x00,0x00}, // l - {0x00,0x00,0x00,0x00,0x00,0x6E,0x7F,0x6B,0x6B,0x6B,0x6B,0x6B,0x00,0x00,0x00,0x00}, // m - {0x00,0x00,0x00,0x00,0x00,0x6E,0x33,0x33,0x33,0x33,0x33,0x33,0x00,0x00,0x00,0x00}, // n - {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // o - {0x00,0x00,0x00,0x00,0x00,0x6E,0x33,0x33,0x33,0x33,0x3E,0x30,0x30,0x78,0x00,0x00}, // p - {0x00,0x00,0x00,0x00,0x00,0x3B,0x66,0x66,0x66,0x66,0x3E,0x06,0x06,0x0F,0x00,0x00}, // q - {0x00,0x00,0x00,0x00,0x00,0x6E,0x3B,0x33,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // r - {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x38,0x0E,0x03,0x63,0x3E,0x00,0x00,0x00,0x00}, // s - {0x00,0x00,0x08,0x18,0x18,0x7E,0x18,0x18,0x18,0x18,0x1B,0x0E,0x00,0x00,0x00,0x00}, // t - {0x00,0x00,0x00,0x00,0x00,0x66,0x66,0x66,0x66,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // u - {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x36,0x36,0x1C,0x1C,0x08,0x00,0x00,0x00,0x00}, // v - {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x63,0x6B,0x6B,0x7F,0x36,0x00,0x00,0x00,0x00}, // w - {0x00,0x00,0x00,0x00,0x00,0x63,0x36,0x1C,0x1C,0x1C,0x36,0x63,0x00,0x00,0x00,0x00}, // x - {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x3F,0x03,0x06,0x3C,0x00,0x00}, // y - {0x00,0x00,0x00,0x00,0x00,0x7F,0x66,0x0C,0x18,0x30,0x63,0x7F,0x00,0x00,0x00,0x00}, // z - {0x00,0x00,0x0E,0x18,0x18,0x18,0x70,0x18,0x18,0x18,0x18,0x0E,0x00,0x00,0x00,0x00}, // { - {0x00,0x00,0x18,0x18,0x18,0x18,0x18,0x00,0x18,0x18,0x18,0x18,0x18,0x00,0x00,0x00}, // | - {0x00,0x00,0x70,0x18,0x18,0x18,0x0E,0x18,0x18,0x18,0x18,0x70,0x00,0x00,0x00,0x00}, // } - {0x00,0x00,0x3B,0x6E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ~ - {0x00,0x70,0xD8,0xD8,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} // DEL -}; -*/ +const char FONT6x8[97][8] = { + {0x06,0x08,0x08,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space + {0x20,0x20,0x20,0x20,0x20,0x00,0x20,0x00}, // ! + {0x50,0x50,0x50,0x00,0x00,0x00,0x00,0x00}, // " + {0x50,0x50,0xF8,0x50,0xF8,0x50,0x50,0x00}, // # + {0x20,0x78,0xA0,0x70,0x28,0xF0,0x20,0x00}, // $ + {0xC0,0xC8,0x10,0x20,0x40,0x98,0x18,0x00}, // % + {0x40,0xA0,0xA0,0x40,0xA8,0x90,0x68,0x00}, // & + {0x30,0x30,0x20,0x40,0x00,0x00,0x00,0x00}, // ' + {0x10,0x20,0x40,0x40,0x40,0x20,0x10,0x00}, // ( + {0x40,0x20,0x10,0x10,0x10,0x20,0x40,0x00}, // ) + {0x00,0x20,0xA8,0x70,0x70,0xA8,0x20,0x00}, // * + {0x00,0x20,0x20,0xF8,0x20,0x20,0x00,0x00}, // + + {0x00,0x00,0x00,0x00,0x30,0x30,0x20,0x40}, // , + {0x00,0x00,0x00,0xF8,0x00,0x00,0x00,0x00}, // - + {0x00,0x00,0x00,0x00,0x00,0x30,0x30,0x00}, // . + {0x00,0x08,0x10,0x20,0x40,0x80,0x00,0x00}, // / + {0x70,0x88,0x88,0xA8,0x88,0x88,0x70,0x00}, // 0 + {0x20,0x60,0x20,0x20,0x20,0x20,0x70,0x00}, // 1 + {0x70,0x88,0x08,0x70,0x80,0x80,0xF8,0x00}, // 2 + {0xF8,0x08,0x10,0x30,0x08,0x88,0x70,0x00}, // 3 + {0x10,0x30,0x50,0x90,0xF8,0x10,0x10,0x00}, // 4 + {0xF8,0x80,0xF0,0x08,0x08,0x88,0x70,0x00}, // 5 + {0x38,0x40,0x80,0xF0,0x88,0x88,0x70,0x00}, // 6 + {0xF8,0x08,0x08,0x10,0x20,0x40,0x80,0x00}, // 7 + {0x70,0x88,0x88,0x70,0x88,0x88,0x70,0x00}, // 8 + {0x70,0x88,0x88,0x78,0x08,0x10,0xE0,0x00}, // 9 + {0x00,0x00,0x20,0x00,0x20,0x00,0x00,0x00}, // : + {0x00,0x00,0x20,0x00,0x20,0x20,0x40,0x00}, // ; + {0x08,0x10,0x20,0x40,0x20,0x10,0x08,0x00}, // < + {0x00,0x00,0xF8,0x00,0xF8,0x00,0x00,0x00}, // = + {0x40,0x20,0x10,0x08,0x10,0x20,0x40,0x00}, // > + {0x70,0x88,0x08,0x30,0x20,0x00,0x20,0x00}, // ? + {0x70,0x88,0xA8,0xB8,0xB0,0x80,0x78,0x00}, // @ + {0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00}, // A + {0xF0,0x88,0x88,0xF0,0x88,0x88,0xF0,0x00}, // B + {0x70,0x88,0x80,0x80,0x80,0x88,0x70,0x00}, // C + {0xF0,0x88,0x88,0x88,0x88,0x88,0xF0,0x00}, // D + {0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00}, // E + {0xF8,0x80,0x80,0xF0,0x80,0x80,0x80,0x00}, // F + {0x78,0x88,0x80,0x80,0x98,0x88,0x78,0x00}, // G + {0x88,0x88,0x88,0xF8,0x88,0x88,0x88,0x00}, // H + {0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00}, // I + {0x38,0x10,0x10,0x10,0x10,0x90,0x60,0x00}, // J + {0x88,0x90,0xA0,0xC0,0xA0,0x90,0x88,0x00}, // K + {0x80,0x80,0x80,0x80,0x80,0x80,0xF8,0x00}, // L + {0x88,0xD8,0xA8,0xA8,0xA8,0x88,0x88,0x00}, // M + {0x88,0x88,0xC8,0xA8,0x98,0x88,0x88,0x00}, // N + {0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00}, // O + {0xF0,0x88,0x88,0xF0,0x80,0x80,0x80,0x00}, // P + {0x70,0x88,0x88,0x88,0xA8,0x90,0x68,0x00}, // Q + {0xF0,0x88,0x88,0xF0,0xA0,0x90,0x88,0x00}, // R + {0x70,0x88,0x80,0x70,0x08,0x88,0x70,0x00}, // S + {0xF8,0xA8,0x20,0x20,0x20,0x20,0x20,0x00}, // T + {0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00}, // U + {0x88,0x88,0x88,0x88,0x88,0x50,0x20,0x00}, // V + {0x88,0x88,0x88,0xA8,0xA8,0xA8,0x50,0x00}, // W + {0x88,0x88,0x50,0x20,0x50,0x88,0x88,0x00}, // X + {0x88,0x88,0x50,0x20,0x20,0x20,0x20,0x00}, // Y + {0xF8,0x08,0x10,0x70,0x40,0x80,0xF8,0x00}, // Z + {0x78,0x40,0x40,0x40,0x40,0x40,0x78,0x00}, // [ + {0x00,0x80,0x40,0x20,0x10,0x08,0x00,0x00}, // backslash + {0x78,0x08,0x08,0x08,0x08,0x08,0x78,0x00}, // ] + {0x20,0x50,0x88,0x00,0x00,0x00,0x00,0x00}, // ^ + {0x00,0x00,0x00,0x00,0x00,0x00,0xF8,0x00}, // _ + {0x60,0x60,0x20,0x10,0x00,0x00,0x00,0x00}, // ` + {0x00,0x00,0x60,0x10,0x70,0x90,0x78,0x00}, // a + {0x80,0x80,0xB0,0xC8,0x88,0xC8,0xB0,0x00}, // b + {0x00,0x00,0x70,0x88,0x80,0x88,0x70,0x00}, // c + {0x08,0x08,0x68,0x98,0x88,0x98,0x68,0x00}, // d + {0x00,0x00,0x70,0x88,0xF8,0x80,0x70,0x00}, // e + {0x10,0x28,0x20,0x70,0x20,0x20,0x20,0x00}, // f + {0x00,0x00,0x70,0x98,0x98,0x68,0x08,0x70}, // g + {0x80,0x80,0xB0,0xC8,0x88,0x88,0x88,0x00}, // h + {0x20,0x00,0x60,0x20,0x20,0x20,0x70,0x00}, // i + {0x10,0x00,0x10,0x10,0x10,0x90,0x60,0x00}, // j + {0x80,0x80,0x90,0xA0,0xC0,0xA0,0x90,0x00}, // k + {0x60,0x20,0x20,0x20,0x20,0x20,0x70,0x00}, // l + {0x00,0x00,0xD0,0xA8,0xA8,0xA8,0xA8,0x00}, // m + {0x00,0x00,0xB0,0xC8,0x88,0x88,0x88,0x00}, // n + {0x00,0x00,0x70,0x88,0x88,0x88,0x70,0x00}, // o + {0x00,0x00,0xB0,0xC8,0xC8,0xB0,0x80,0x80}, // p + {0x00,0x00,0x68,0x98,0x98,0x68,0x08,0x08}, // q + {0x00,0x00,0xB0,0xC8,0x80,0x80,0x80,0x00}, // r + {0x00,0x00,0x78,0x80,0x70,0x08,0xF0,0x00}, // s + {0x20,0x20,0xF8,0x20,0x20,0x28,0x10,0x00}, // t + {0x00,0x00,0x88,0x88,0x88,0x98,0x68,0x00}, // u + {0x00,0x00,0x88,0x88,0x88,0x50,0x20,0x00}, // v + {0x00,0x00,0x88,0x88,0xA8,0xA8,0x50,0x00}, // w + {0x00,0x00,0x88,0x50,0x20,0x50,0x88,0x00}, // x + {0x00,0x00,0x88,0x88,0x78,0x08,0x88,0x70}, // y + {0x00,0x00,0xF8,0x10,0x20,0x40,0xF8,0x00}, // z + {0x10,0x20,0x20,0x40,0x20,0x20,0x10,0x00}, // { + {0x20,0x20,0x20,0x00,0x20,0x20,0x20,0x00}, // | + {0x40,0x20,0x20,0x10,0x20,0x20,0x40,0x00}, // } + {0x40,0xA8,0x10,0x00,0x00,0x00,0x00,0x00}, // ~ + {0x70,0xD8,0xD8,0x70,0x00,0x00,0x00,0x00} // DEL +}; +/* +const char FONT8x8F[97][8] = { + {0x08,0x08,0x08,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space + {0x30,0x78,0x78,0x30,0x30,0x00,0x30,0x00}, // ! + {0x6C,0x6C,0x6C,0x00,0x00,0x00,0x00,0x00}, // " + {0x6C,0x6C,0xFE,0x6C,0xFE,0x6C,0x6C,0x00}, // # + {0x18,0x3E,0x60,0x3C,0x06,0x7C,0x18,0x00}, // $ + {0x00,0x63,0x66,0x0C,0x18,0x33,0x63,0x00}, // % + {0x1C,0x36,0x1C,0x3B,0x6E,0x66,0x3B,0x00}, // & + {0x30,0x30,0x60,0x00,0x00,0x00,0x00,0x00}, // ' + {0x0C,0x18,0x30,0x30,0x30,0x18,0x0C,0x00}, // ( + {0x30,0x18,0x0C,0x0C,0x0C,0x18,0x30,0x00}, // ) + {0x00,0x66,0x3C,0xFF,0x3C,0x66,0x00,0x00}, // * + {0x00,0x30,0x30,0xFC,0x30,0x30,0x00,0x00}, // + + {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x30}, // , + {0x00,0x00,0x00,0x7E,0x00,0x00,0x00,0x00}, // - + {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00}, // . + {0x03,0x06,0x0C,0x18,0x30,0x60,0x40,0x00}, // / + {0x3E,0x63,0x63,0x6B,0x63,0x63,0x3E,0x00}, // 0 + {0x18,0x38,0x58,0x18,0x18,0x18,0x7E,0x00}, // 1 + {0x3C,0x66,0x06,0x1C,0x30,0x66,0x7E,0x00}, // 2 + {0x3C,0x66,0x06,0x1C,0x06,0x66,0x3C,0x00}, // 3 + {0x0E,0x1E,0x36,0x66,0x7F,0x06,0x0F,0x00}, // 4 + {0x7E,0x60,0x7C,0x06,0x06,0x66,0x3C,0x00}, // 5 + {0x1C,0x30,0x60,0x7C,0x66,0x66,0x3C,0x00}, // 6 + {0x7E,0x66,0x06,0x0C,0x18,0x18,0x18,0x00}, // 7 + {0x3C,0x66,0x66,0x3C,0x66,0x66,0x3C,0x00}, // 8 + {0x3C,0x66,0x66,0x3E,0x06,0x0C,0x38,0x00}, // 9 + {0x00,0x18,0x18,0x00,0x00,0x18,0x18,0x00}, // : + {0x00,0x18,0x18,0x00,0x00,0x18,0x18,0x30}, // ; + {0x0C,0x18,0x30,0x60,0x30,0x18,0x0C,0x00}, // < + {0x00,0x00,0x7E,0x00,0x00,0x7E,0x00,0x00}, // = + {0x30,0x18,0x0C,0x06,0x0C,0x18,0x30,0x00}, // > + {0x3C,0x66,0x06,0x0C,0x18,0x00,0x18,0x00}, // ? + {0x3E,0x63,0x6F,0x69,0x6F,0x60,0x3E,0x00}, // @ + {0x18,0x3C,0x66,0x66,0x7E,0x66,0x66,0x00}, // A + {0x7E,0x33,0x33,0x3E,0x33,0x33,0x7E,0x00}, // B + {0x1E,0x33,0x60,0x60,0x60,0x33,0x1E,0x00}, // C + {0x7C,0x36,0x33,0x33,0x33,0x36,0x7C,0x00}, // D + {0x7F,0x31,0x34,0x3C,0x34,0x31,0x7F,0x00}, // E + {0x7F,0x31,0x34,0x3C,0x34,0x30,0x78,0x00}, // F + {0x1E,0x33,0x60,0x60,0x67,0x33,0x1F,0x00}, // G + {0x66,0x66,0x66,0x7E,0x66,0x66,0x66,0x00}, // H + {0x3C,0x18,0x18,0x18,0x18,0x18,0x3C,0x00}, // I + {0x0F,0x06,0x06,0x06,0x66,0x66,0x3C,0x00}, // J + {0x73,0x33,0x36,0x3C,0x36,0x33,0x73,0x00}, // K + {0x78,0x30,0x30,0x30,0x31,0x33,0x7F,0x00}, // L + {0x63,0x77,0x7F,0x7F,0x6B,0x63,0x63,0x00}, // M + {0x63,0x73,0x7B,0x6F,0x67,0x63,0x63,0x00}, // N + {0x3E,0x63,0x63,0x63,0x63,0x63,0x3E,0x00}, // O + {0x7E,0x33,0x33,0x3E,0x30,0x30,0x78,0x00}, // P + {0x3C,0x66,0x66,0x66,0x6E,0x3C,0x0E,0x00}, // Q + {0x7E,0x33,0x33,0x3E,0x36,0x33,0x73,0x00}, // R + {0x3C,0x66,0x30,0x18,0x0C,0x66,0x3C,0x00}, // S + {0x7E,0x5A,0x18,0x18,0x18,0x18,0x3C,0x00}, // T + {0x66,0x66,0x66,0x66,0x66,0x66,0x7E,0x00}, // U + {0x66,0x66,0x66,0x66,0x66,0x3C,0x18,0x00}, // V + {0x63,0x63,0x63,0x6B,0x7F,0x77,0x63,0x00}, // W + {0x63,0x63,0x36,0x1C,0x1C,0x36,0x63,0x00}, // X + {0x66,0x66,0x66,0x3C,0x18,0x18,0x3C,0x00}, // Y + {0x7F,0x63,0x46,0x0C,0x19,0x33,0x7F,0x00}, // Z + {0x3C,0x30,0x30,0x30,0x30,0x30,0x3C,0x00}, // [ + {0x60,0x30,0x18,0x0C,0x06,0x03,0x01,0x00}, // backslash + {0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3C,0x00}, // ] + {0x08,0x1C,0x36,0x63,0x00,0x00,0x00,0x00}, // ^ + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF}, // _ + {0x18,0x18,0x0C,0x00,0x00,0x00,0x00,0x00}, // ` + {0x00,0x00,0x3C,0x06,0x3E,0x66,0x3B,0x00}, // a + {0x70,0x30,0x3E,0x33,0x33,0x33,0x6E,0x00}, // b + {0x00,0x00,0x3C,0x66,0x60,0x66,0x3C,0x00}, // c + {0x0E,0x06,0x3E,0x66,0x66,0x66,0x3B,0x00}, // d + {0x00,0x00,0x3C,0x66,0x7E,0x60,0x3C,0x00}, // e + {0x1C,0x36,0x30,0x78,0x30,0x30,0x78,0x00}, // f + {0x00,0x00,0x3B,0x66,0x66,0x3E,0x06,0x7C}, // g + {0x70,0x30,0x36,0x3B,0x33,0x33,0x73,0x00}, // h + {0x18,0x00,0x38,0x18,0x18,0x18,0x3C,0x00}, // i + {0x06,0x00,0x06,0x06,0x06,0x66,0x66,0x3C}, // j + {0x70,0x30,0x33,0x36,0x3C,0x36,0x73,0x00}, // k + {0x38,0x18,0x18,0x18,0x18,0x18,0x3C,0x00}, // l + {0x00,0x00,0x66,0x7F,0x7F,0x6B,0x63,0x00}, // m + {0x00,0x00,0x7C,0x66,0x66,0x66,0x66,0x00}, // n + {0x00,0x00,0x3C,0x66,0x66,0x66,0x3C,0x00}, // o + {0x00,0x00,0x6E,0x33,0x33,0x3E,0x30,0x78}, // p + {0x00,0x00,0x3B,0x66,0x66,0x3E,0x06,0x0F}, // q + {0x00,0x00,0x6E,0x3B,0x33,0x30,0x78,0x00}, // r + {0x00,0x00,0x3E,0x60,0x3C,0x06,0x7C,0x00}, // s + {0x08,0x18,0x3E,0x18,0x18,0x1A,0x0C,0x00}, // t + {0x00,0x00,0x66,0x66,0x66,0x66,0x3B,0x00}, // u + {0x00,0x00,0x66,0x66,0x66,0x3C,0x18,0x00}, // v + {0x00,0x00,0x63,0x6B,0x7F,0x7F,0x36,0x00}, // w + {0x00,0x00,0x63,0x36,0x1C,0x36,0x63,0x00}, // x + {0x00,0x00,0x66,0x66,0x66,0x3E,0x06,0x7C}, // y + {0x00,0x00,0x7E,0x4C,0x18,0x32,0x7E,0x00}, // z + {0x0E,0x18,0x18,0x70,0x18,0x18,0x0E,0x00}, // { + {0x0C,0x0C,0x0C,0x00,0x0C,0x0C,0x0C,0x00}, // | + {0x70,0x18,0x18,0x0E,0x18,0x18,0x70,0x00}, // } + {0x3B,0x6E,0x00,0x00,0x00,0x00,0x00,0x00}, // ~ + {0x1C,0x36,0x36,0x1C,0x00,0x00,0x00,0x00} // DEL +}; + +const char FONT8x16[97][16] = { + {0x08,0x10,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // columns, rows, bytes per char + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // space + {0x00,0x00,0x18,0x3C,0x3C,0x3C,0x18,0x18,0x18,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // ! + {0x00,0x63,0x63,0x63,0x22,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // " + {0x00,0x00,0x00,0x36,0x36,0x7F,0x36,0x36,0x36,0x7F,0x36,0x36,0x00,0x00,0x00,0x00}, // # + {0x0C,0x0C,0x3E,0x63,0x61,0x60,0x3E,0x03,0x03,0x43,0x63,0x3E,0x0C,0x0C,0x00,0x00}, // $ + {0x00,0x00,0x00,0x00,0x00,0x61,0x63,0x06,0x0C,0x18,0x33,0x63,0x00,0x00,0x00,0x00}, // % + {0x00,0x00,0x00,0x1C,0x36,0x36,0x1C,0x3B,0x6E,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // & + {0x00,0x30,0x30,0x30,0x60,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ' + {0x00,0x00,0x0C,0x18,0x18,0x30,0x30,0x30,0x30,0x18,0x18,0x0C,0x00,0x00,0x00,0x00}, // ( + {0x00,0x00,0x18,0x0C,0x0C,0x06,0x06,0x06,0x06,0x0C,0x0C,0x18,0x00,0x00,0x00,0x00}, // ) + {0x00,0x00,0x00,0x00,0x42,0x66,0x3C,0xFF,0x3C,0x66,0x42,0x00,0x00,0x00,0x00,0x00}, // * + {0x00,0x00,0x00,0x00,0x18,0x18,0x18,0xFF,0x18,0x18,0x18,0x00,0x00,0x00,0x00,0x00}, // + + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x18,0x30,0x00,0x00}, // , + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // - + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // . + {0x00,0x00,0x01,0x03,0x07,0x0E,0x1C,0x38,0x70,0xE0,0xC0,0x80,0x00,0x00,0x00,0x00}, // / + {0x00,0x00,0x3E,0x63,0x63,0x63,0x6B,0x6B,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 0 + {0x00,0x00,0x0C,0x1C,0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3F,0x00,0x00,0x00,0x00}, // 1 + {0x00,0x00,0x3E,0x63,0x03,0x06,0x0C,0x18,0x30,0x61,0x63,0x7F,0x00,0x00,0x00,0x00}, // 2 + {0x00,0x00,0x3E,0x63,0x03,0x03,0x1E,0x03,0x03,0x03,0x63,0x3E,0x00,0x00,0x00,0x00}, // 3 + {0x00,0x00,0x06,0x0E,0x1E,0x36,0x66,0x66,0x7F,0x06,0x06,0x0F,0x00,0x00,0x00,0x00}, // 4 + {0x00,0x00,0x7F,0x60,0x60,0x60,0x7E,0x03,0x03,0x63,0x73,0x3E,0x00,0x00,0x00,0x00}, // 5 + {0x00,0x00,0x1C,0x30,0x60,0x60,0x7E,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 6 + {0x00,0x00,0x7F,0x63,0x03,0x06,0x06,0x0C,0x0C,0x18,0x18,0x18,0x00,0x00,0x00,0x00}, // 7 + {0x00,0x00,0x3E,0x63,0x63,0x63,0x3E,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // 8 + {0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x3F,0x03,0x03,0x06,0x3C,0x00,0x00,0x00,0x00}, // 9 + {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x00}, // : + {0x00,0x00,0x00,0x00,0x00,0x18,0x18,0x00,0x00,0x00,0x18,0x18,0x18,0x30,0x00,0x00}, // ; + {0x00,0x00,0x00,0x06,0x0C,0x18,0x30,0x60,0x30,0x18,0x0C,0x06,0x00,0x00,0x00,0x00}, // < + {0x00,0x00,0x00,0x00,0x00,0x00,0x7E,0x00,0x00,0x7E,0x00,0x00,0x00,0x00,0x00,0x00}, // = + {0x00,0x00,0x00,0x60,0x30,0x18,0x0C,0x06,0x0C,0x18,0x30,0x60,0x00,0x00,0x00,0x00}, // > + {0x00,0x00,0x3E,0x63,0x63,0x06,0x0C,0x0C,0x0C,0x00,0x0C,0x0C,0x00,0x00,0x00,0x00}, // ? + {0x00,0x00,0x3E,0x63,0x63,0x6F,0x6B,0x6B,0x6E,0x60,0x60,0x3E,0x00,0x00,0x00,0x00}, // @ + {0x00,0x00,0x08,0x1C,0x36,0x63,0x63,0x63,0x7F,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // A + {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x33,0x33,0x33,0x33,0x7E,0x00,0x00,0x00,0x00}, // B + {0x00,0x00,0x1E,0x33,0x61,0x60,0x60,0x60,0x60,0x61,0x33,0x1E,0x00,0x00,0x00,0x00}, // C + {0x00,0x00,0x7C,0x36,0x33,0x33,0x33,0x33,0x33,0x33,0x36,0x7C,0x00,0x00,0x00,0x00}, // D + {0x00,0x00,0x7F,0x33,0x31,0x34,0x3C,0x34,0x30,0x31,0x33,0x7F,0x00,0x00,0x00,0x00}, // E + {0x00,0x00,0x7F,0x33,0x31,0x34,0x3C,0x34,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // F + {0x00,0x00,0x1E,0x33,0x61,0x60,0x60,0x6F,0x63,0x63,0x37,0x1D,0x00,0x00,0x00,0x00}, // G + {0x00,0x00,0x63,0x63,0x63,0x63,0x7F,0x63,0x63,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // H + {0x00,0x00,0x3C,0x18,0x18,0x18,0x18,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // I + {0x00,0x00,0x0F,0x06,0x06,0x06,0x06,0x06,0x06,0x66,0x66,0x3C,0x00,0x00,0x00,0x00}, // J + {0x00,0x00,0x73,0x33,0x36,0x36,0x3C,0x36,0x36,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // K + {0x00,0x00,0x78,0x30,0x30,0x30,0x30,0x30,0x30,0x31,0x33,0x7F,0x00,0x00,0x00,0x00}, // L + {0x00,0x00,0x63,0x77,0x7F,0x6B,0x63,0x63,0x63,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // M + {0x00,0x00,0x63,0x63,0x73,0x7B,0x7F,0x6F,0x67,0x63,0x63,0x63,0x00,0x00,0x00,0x00}, // N + {0x00,0x00,0x1C,0x36,0x63,0x63,0x63,0x63,0x63,0x63,0x36,0x1C,0x00,0x00,0x00,0x00}, // O + {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x30,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // P + {0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x63,0x63,0x6B,0x6F,0x3E,0x06,0x07,0x00,0x00}, // Q + {0x00,0x00,0x7E,0x33,0x33,0x33,0x3E,0x36,0x36,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // R + {0x00,0x00,0x3E,0x63,0x63,0x30,0x1C,0x06,0x03,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // S + {0x00,0x00,0xFF,0xDB,0x99,0x18,0x18,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // T + {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // U + {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x36,0x1C,0x08,0x00,0x00,0x00,0x00}, // V + {0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x6B,0x6B,0x7F,0x36,0x36,0x00,0x00,0x00,0x00}, // W + {0x00,0x00,0xC3,0xC3,0x66,0x3C,0x18,0x18,0x3C,0x66,0xC3,0xC3,0x00,0x00,0x00,0x00}, // X + {0x00,0x00,0xC3,0xC3,0xC3,0x66,0x3C,0x18,0x18,0x18,0x18,0x3C,0x00,0x00,0x00,0x00}, // Y + {0x00,0x00,0x7F,0x63,0x43,0x06,0x0C,0x18,0x30,0x61,0x63,0x7F,0x00,0x00,0x00,0x00}, // Z + {0x00,0x00,0x3C,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x3C,0x00,0x00,0x00,0x00}, // [ + {0x00,0x00,0x80,0xC0,0xE0,0x70,0x38,0x1C,0x0E,0x07,0x03,0x01,0x00,0x00,0x00,0x00}, // backslash + {0x00,0x00,0x3C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x3C,0x00,0x00,0x00,0x00}, // ] + {0x08,0x1C,0x36,0x63,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ^ + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0x00,0x00,0x00}, // _ + {0x18,0x18,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ` + {0x00,0x00,0x00,0x00,0x00,0x3C,0x46,0x06,0x3E,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // a + {0x00,0x00,0x70,0x30,0x30,0x3C,0x36,0x33,0x33,0x33,0x33,0x6E,0x00,0x00,0x00,0x00}, // b + {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x60,0x60,0x60,0x63,0x3E,0x00,0x00,0x00,0x00}, // c + {0x00,0x00,0x0E,0x06,0x06,0x1E,0x36,0x66,0x66,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // d + {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x63,0x7E,0x60,0x63,0x3E,0x00,0x00,0x00,0x00}, // e + {0x00,0x00,0x1C,0x36,0x32,0x30,0x7C,0x30,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // f + {0x00,0x00,0x00,0x00,0x00,0x3B,0x66,0x66,0x66,0x66,0x3E,0x06,0x66,0x3C,0x00,0x00}, // g + {0x00,0x00,0x70,0x30,0x30,0x36,0x3B,0x33,0x33,0x33,0x33,0x73,0x00,0x00,0x00,0x00}, // h + {0x00,0x00,0x0C,0x0C,0x00,0x1C,0x0C,0x0C,0x0C,0x0C,0x0C,0x1E,0x00,0x00,0x00,0x00}, // i + {0x00,0x00,0x06,0x06,0x00,0x0E,0x06,0x06,0x06,0x06,0x06,0x66,0x66,0x3C,0x00,0x00}, // j + {0x00,0x00,0x70,0x30,0x30,0x33,0x33,0x36,0x3C,0x36,0x33,0x73,0x00,0x00,0x00,0x00}, // k + {0x00,0x00,0x1C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x0C,0x1E,0x00,0x00,0x00,0x00}, // l + {0x00,0x00,0x00,0x00,0x00,0x6E,0x7F,0x6B,0x6B,0x6B,0x6B,0x6B,0x00,0x00,0x00,0x00}, // m + {0x00,0x00,0x00,0x00,0x00,0x6E,0x33,0x33,0x33,0x33,0x33,0x33,0x00,0x00,0x00,0x00}, // n + {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x63,0x63,0x63,0x63,0x3E,0x00,0x00,0x00,0x00}, // o + {0x00,0x00,0x00,0x00,0x00,0x6E,0x33,0x33,0x33,0x33,0x3E,0x30,0x30,0x78,0x00,0x00}, // p + {0x00,0x00,0x00,0x00,0x00,0x3B,0x66,0x66,0x66,0x66,0x3E,0x06,0x06,0x0F,0x00,0x00}, // q + {0x00,0x00,0x00,0x00,0x00,0x6E,0x3B,0x33,0x30,0x30,0x30,0x78,0x00,0x00,0x00,0x00}, // r + {0x00,0x00,0x00,0x00,0x00,0x3E,0x63,0x38,0x0E,0x03,0x63,0x3E,0x00,0x00,0x00,0x00}, // s + {0x00,0x00,0x08,0x18,0x18,0x7E,0x18,0x18,0x18,0x18,0x1B,0x0E,0x00,0x00,0x00,0x00}, // t + {0x00,0x00,0x00,0x00,0x00,0x66,0x66,0x66,0x66,0x66,0x66,0x3B,0x00,0x00,0x00,0x00}, // u + {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x36,0x36,0x1C,0x1C,0x08,0x00,0x00,0x00,0x00}, // v + {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x63,0x6B,0x6B,0x7F,0x36,0x00,0x00,0x00,0x00}, // w + {0x00,0x00,0x00,0x00,0x00,0x63,0x36,0x1C,0x1C,0x1C,0x36,0x63,0x00,0x00,0x00,0x00}, // x + {0x00,0x00,0x00,0x00,0x00,0x63,0x63,0x63,0x63,0x63,0x3F,0x03,0x06,0x3C,0x00,0x00}, // y + {0x00,0x00,0x00,0x00,0x00,0x7F,0x66,0x0C,0x18,0x30,0x63,0x7F,0x00,0x00,0x00,0x00}, // z + {0x00,0x00,0x0E,0x18,0x18,0x18,0x70,0x18,0x18,0x18,0x18,0x0E,0x00,0x00,0x00,0x00}, // { + {0x00,0x00,0x18,0x18,0x18,0x18,0x18,0x00,0x18,0x18,0x18,0x18,0x18,0x00,0x00,0x00}, // | + {0x00,0x00,0x70,0x18,0x18,0x18,0x0E,0x18,0x18,0x18,0x18,0x70,0x00,0x00,0x00,0x00}, // } + {0x00,0x00,0x3B,0x6E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, // ~ + {0x00,0x70,0xD8,0xD8,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} // DEL +}; +*/ diff --git a/armsrc/fonts.h b/armsrc/fonts.h index 621a7f56e..5280ca278 100644 --- a/armsrc/fonts.h +++ b/armsrc/fonts.h @@ -1,6 +1,6 @@ -#ifndef __FONTS_H -#define __FONTS_H -extern const char FONT6x8[97][8]; -extern const char FONT8x8F[97][8]; -extern const char FONT8x16[97][16]; -#endif +#ifndef __FONTS_H +#define __FONTS_H +extern const char FONT6x8[97][8]; +extern const char FONT8x8F[97][8]; +extern const char FONT8x16[97][16]; +#endif diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c index 04db41b3c..8ce07dd37 100644 --- a/armsrc/fpgaloader.c +++ b/armsrc/fpgaloader.c @@ -1,419 +1,419 @@ -//----------------------------------------------------------------------------- -// Routines to load the FPGA image, and then to configure the FPGA's major -// mode once it is configured. -// -// Jonathan Westhues, April 2006 -//----------------------------------------------------------------------------- -#include -#include "apps.h" - -//----------------------------------------------------------------------------- -// Set up the Serial Peripheral Interface as master -// Used to write the FPGA config word -// May also be used to write to other SPI attached devices like an LCD -//----------------------------------------------------------------------------- -void SetupSpi(int mode) -{ - // PA10 -> SPI_NCS2 chip select (LCD) - // PA11 -> SPI_NCS0 chip select (FPGA) - // PA12 -> SPI_MISO Master-In Slave-Out - // PA13 -> SPI_MOSI Master-Out Slave-In - // PA14 -> SPI_SPCK Serial Clock - - // Disable PIO control of the following pins, allows use by the SPI peripheral - AT91C_BASE_PIOA->PIO_PDR = - GPIO_NCS0 | - GPIO_NCS2 | - GPIO_MISO | - GPIO_MOSI | - GPIO_SPCK; - - AT91C_BASE_PIOA->PIO_ASR = - GPIO_NCS0 | - GPIO_MISO | - GPIO_MOSI | - GPIO_SPCK; - - AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2; - - //enable the SPI Peripheral clock - AT91C_BASE_PMC->PMC_PCER = (1<SPI_CR = AT91C_SPI_SPIEN; - - switch (mode) { - case SPI_FPGA_MODE: - AT91C_BASE_SPI->SPI_MR = - ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) - (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11) - ( 0 << 7) | // Local Loopback Disabled - ( 1 << 4) | // Mode Fault Detection disabled - ( 0 << 2) | // Chip selects connected directly to peripheral - ( 0 << 1) | // Fixed Peripheral Select - ( 1 << 0); // Master Mode - AT91C_BASE_SPI->SPI_CSR[0] = - ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) - ( 1 << 16) | // Delay Before SPCK (1 MCK period) - ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud - ( 8 << 4) | // Bits per Transfer (16 bits) - ( 0 << 3) | // Chip Select inactive after transfer - ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge - ( 0 << 0); // Clock Polarity inactive state is logic 0 - break; - case SPI_LCD_MODE: - AT91C_BASE_SPI->SPI_MR = - ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) - (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10) - ( 0 << 7) | // Local Loopback Disabled - ( 1 << 4) | // Mode Fault Detection disabled - ( 0 << 2) | // Chip selects connected directly to peripheral - ( 0 << 1) | // Fixed Peripheral Select - ( 1 << 0); // Master Mode - AT91C_BASE_SPI->SPI_CSR[2] = - ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) - ( 1 << 16) | // Delay Before SPCK (1 MCK period) - ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud - ( 1 << 4) | // Bits per Transfer (9 bits) - ( 0 << 3) | // Chip Select inactive after transfer - ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge - ( 0 << 0); // Clock Polarity inactive state is logic 0 - break; - default: // Disable SPI - AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS; - break; - } -} - -//----------------------------------------------------------------------------- -// Set up the synchronous serial port, with the one set of options that we -// always use when we are talking to the FPGA. Both RX and TX are enabled. -//----------------------------------------------------------------------------- -void FpgaSetupSsc(void) -{ - // First configure the GPIOs, and get ourselves a clock. - AT91C_BASE_PIOA->PIO_ASR = - GPIO_SSC_FRAME | - GPIO_SSC_DIN | - GPIO_SSC_DOUT | - GPIO_SSC_CLK; - AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); - - // Now set up the SSC proper, starting from a known state. - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - - // RX clock comes from TX clock, RX starts when TX starts, data changes - // on RX clock rising edge, sampled on falling edge - AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); - - // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync - // pulse, no output sync, start on positive-going edge of sync - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | - AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); - - // clock comes from TK pin, no clock output, outputs change on falling - // edge of TK, start on rising edge of TF - AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | - SSC_CLOCK_MODE_START(5); - - // tx framing is the same as the rx framing - AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; - - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; -} - -//----------------------------------------------------------------------------- -// Set up DMA to receive samples from the FPGA. We will use the PDC, with -// a single buffer as a circular buffer (so that we just chain back to -// ourselves, not to another buffer). The stuff to manipulate those buffers -// is in apps.h, because it should be inlined, for speed. -//----------------------------------------------------------------------------- -void FpgaSetupSscDma(BYTE *buf, int len) -{ - AT91C_BASE_PDC_SSC->PDC_RPR = (DWORD)buf; - AT91C_BASE_PDC_SSC->PDC_RCR = len; - AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)buf; - AT91C_BASE_PDC_SSC->PDC_RNCR = len; - AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; -} - -static void DownloadFPGA_byte(unsigned char w) -{ -#define SEND_BIT(x) { if(w & (1<PIO_OER = GPIO_FPGA_ON; - AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON; - HIGH(GPIO_FPGA_ON); // ensure everything is powered on - - SpinDelay(50); - - LED_D_ON(); - - // These pins are inputs - AT91C_BASE_PIOA->PIO_ODR = - GPIO_FPGA_NINIT | - GPIO_FPGA_DONE; - // PIO controls the following pins - AT91C_BASE_PIOA->PIO_PER = - GPIO_FPGA_NINIT | - GPIO_FPGA_DONE; - // Enable pull-ups - AT91C_BASE_PIOA->PIO_PPUER = - GPIO_FPGA_NINIT | - GPIO_FPGA_DONE; - - // setup initial logic state - HIGH(GPIO_FPGA_NPROGRAM); - LOW(GPIO_FPGA_CCLK); - LOW(GPIO_FPGA_DIN); - // These pins are outputs - AT91C_BASE_PIOA->PIO_OER = - GPIO_FPGA_NPROGRAM | - GPIO_FPGA_CCLK | - GPIO_FPGA_DIN; - - // enter FPGA configuration mode - LOW(GPIO_FPGA_NPROGRAM); - SpinDelay(50); - HIGH(GPIO_FPGA_NPROGRAM); - - i=100000; - // wait for FPGA ready to accept data signal - while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) { - i--; - } - - // crude error indicator, leave both red LEDs on and return - if (i==0){ - LED_C_ON(); - LED_D_ON(); - return; - } - - if(bytereversal) { - /* This is only supported for DWORD aligned images */ - if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) { - i=0; - while(FpgaImageLen-->0) - DownloadFPGA_byte(FpgaImage[(i++)^0x3]); - /* Explanation of the magic in the above line: - * i^0x3 inverts the lower two bits of the integer i, counting backwards - * for each 4 byte increment. The generated sequence of (i++)^3 is - * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp. - */ - } - } else { - while(FpgaImageLen-->0) - DownloadFPGA_byte(*FpgaImage++); - } - - // continue to clock FPGA until ready signal goes high - i=100000; - while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) { - HIGH(GPIO_FPGA_CCLK); - LOW(GPIO_FPGA_CCLK); - } - // crude error indicator, leave both red LEDs on and return - if (i==0){ - LED_C_ON(); - LED_D_ON(); - return; - } - LED_D_OFF(); -} - -static char *bitparse_headers_start; -static char *bitparse_bitstream_end; -static int bitparse_initialized; -/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence - * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01 - * After that the format is 1 byte section type (ASCII character), 2 byte length - * (big endian), bytes content. Except for section 'e' which has 4 bytes - * length. - */ -static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01}; -static int bitparse_init(void * start_address, void *end_address) -{ - bitparse_initialized = 0; - - if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) { - return 0; /* Not matched */ - } else { - bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header); - bitparse_bitstream_end= (char*)end_address; - bitparse_initialized = 1; - return 1; - } -} - -int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length) -{ - char *pos = bitparse_headers_start; - int result = 0; - - if(!bitparse_initialized) return 0; - - while(pos < bitparse_bitstream_end) { - char current_name = *pos++; - unsigned int current_length = 0; - if(current_name < 'a' || current_name > 'e') { - /* Strange section name, abort */ - break; - } - current_length = 0; - switch(current_name) { - case 'e': - /* Four byte length field */ - current_length += (*pos++) << 24; - current_length += (*pos++) << 16; - default: /* Fall through, two byte length field */ - current_length += (*pos++) << 8; - current_length += (*pos++) << 0; - } - - if(current_name != 'e' && current_length > 255) { - /* Maybe a parse error */ - break; - } - - if(current_name == section_name) { - /* Found it */ - *section_start = pos; - *section_length = current_length; - result = 1; - break; - } - - pos += current_length; /* Skip section */ - } - - return result; -} - -//----------------------------------------------------------------------------- -// Find out which FPGA image format is stored in flash, then call DownloadFPGA -// with the right parameters to download the image -//----------------------------------------------------------------------------- -extern char _binary_fpga_bit_start, _binary_fpga_bit_end; -void FpgaDownloadAndGo(void) -{ - /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start - */ - if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) { - /* Successfully initialized the .bit parser. Find the 'e' section and - * send its contents to the FPGA. - */ - char *bitstream_start; - unsigned int bitstream_length; - if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) { - DownloadFPGA(bitstream_start, bitstream_length, 0); - - return; /* All done */ - } - } - - /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF - * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits - * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD - * is still to be transmitted in MSBit first order. Set the invert flag to indicate - * that the DownloadFPGA function should invert every 4 byte sequence when doing - * the bytewise download. - */ - if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 ) - DownloadFPGA((char*)0x102000, 10524*4, 1); -} - -void FpgaGatherVersion(char *dst, int len) -{ - char *fpga_info; - unsigned int fpga_info_len; - dst[0] = 0; - if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) { - strncat(dst, "FPGA image: legacy image without version information", len-1); - } else { - strncat(dst, "FPGA image built", len-1); - /* USB packets only have 48 bytes data payload, so be terse */ -#if 0 - if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { - strncat(dst, " from ", len-1); - strncat(dst, fpga_info, len-1); - } - if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { - strncat(dst, " for ", len-1); - strncat(dst, fpga_info, len-1); - } -#endif - if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { - strncat(dst, " on ", len-1); - strncat(dst, fpga_info, len-1); - } - if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { - strncat(dst, " at ", len-1); - strncat(dst, fpga_info, len-1); - } - } -} - -//----------------------------------------------------------------------------- -// Send a 16 bit command/data pair to the FPGA. -// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0 -// where C is the 4 bit command and D is the 12 bit data -//----------------------------------------------------------------------------- -void FpgaSendCommand(WORD cmd, WORD v) -{ - SetupSpi(SPI_FPGA_MODE); - while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete - AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data -} -//----------------------------------------------------------------------------- -// Write the FPGA setup word (that determines what mode the logic is in, read -// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to -// avoid changing this function's occurence everywhere in the source code. -//----------------------------------------------------------------------------- -void FpgaWriteConfWord(BYTE v) -{ - FpgaSendCommand(FPGA_CMD_SET_CONFREG, v); -} - -//----------------------------------------------------------------------------- -// Set up the CMOS switches that mux the ADC: four switches, independently -// closable, but should only close one at a time. Not an FPGA thing, but -// the samples from the ADC always flow through the FPGA. -//----------------------------------------------------------------------------- -void SetAdcMuxFor(DWORD whichGpio) -{ - AT91C_BASE_PIOA->PIO_OER = - GPIO_MUXSEL_HIPKD | - GPIO_MUXSEL_LOPKD | - GPIO_MUXSEL_LORAW | - GPIO_MUXSEL_HIRAW; - - AT91C_BASE_PIOA->PIO_PER = - GPIO_MUXSEL_HIPKD | - GPIO_MUXSEL_LOPKD | - GPIO_MUXSEL_LORAW | - GPIO_MUXSEL_HIRAW; - - LOW(GPIO_MUXSEL_HIPKD); - LOW(GPIO_MUXSEL_HIRAW); - LOW(GPIO_MUXSEL_LORAW); - LOW(GPIO_MUXSEL_LOPKD); - - HIGH(whichGpio); -} +//----------------------------------------------------------------------------- +// Routines to load the FPGA image, and then to configure the FPGA's major +// mode once it is configured. +// +// Jonathan Westhues, April 2006 +//----------------------------------------------------------------------------- +#include +#include "apps.h" + +//----------------------------------------------------------------------------- +// Set up the Serial Peripheral Interface as master +// Used to write the FPGA config word +// May also be used to write to other SPI attached devices like an LCD +//----------------------------------------------------------------------------- +void SetupSpi(int mode) +{ + // PA10 -> SPI_NCS2 chip select (LCD) + // PA11 -> SPI_NCS0 chip select (FPGA) + // PA12 -> SPI_MISO Master-In Slave-Out + // PA13 -> SPI_MOSI Master-Out Slave-In + // PA14 -> SPI_SPCK Serial Clock + + // Disable PIO control of the following pins, allows use by the SPI peripheral + AT91C_BASE_PIOA->PIO_PDR = + GPIO_NCS0 | + GPIO_NCS2 | + GPIO_MISO | + GPIO_MOSI | + GPIO_SPCK; + + AT91C_BASE_PIOA->PIO_ASR = + GPIO_NCS0 | + GPIO_MISO | + GPIO_MOSI | + GPIO_SPCK; + + AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2; + + //enable the SPI Peripheral clock + AT91C_BASE_PMC->PMC_PCER = (1<SPI_CR = AT91C_SPI_SPIEN; + + switch (mode) { + case SPI_FPGA_MODE: + AT91C_BASE_SPI->SPI_MR = + ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) + (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11) + ( 0 << 7) | // Local Loopback Disabled + ( 1 << 4) | // Mode Fault Detection disabled + ( 0 << 2) | // Chip selects connected directly to peripheral + ( 0 << 1) | // Fixed Peripheral Select + ( 1 << 0); // Master Mode + AT91C_BASE_SPI->SPI_CSR[0] = + ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) + ( 1 << 16) | // Delay Before SPCK (1 MCK period) + ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud + ( 8 << 4) | // Bits per Transfer (16 bits) + ( 0 << 3) | // Chip Select inactive after transfer + ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge + ( 0 << 0); // Clock Polarity inactive state is logic 0 + break; + case SPI_LCD_MODE: + AT91C_BASE_SPI->SPI_MR = + ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods) + (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10) + ( 0 << 7) | // Local Loopback Disabled + ( 1 << 4) | // Mode Fault Detection disabled + ( 0 << 2) | // Chip selects connected directly to peripheral + ( 0 << 1) | // Fixed Peripheral Select + ( 1 << 0); // Master Mode + AT91C_BASE_SPI->SPI_CSR[2] = + ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods) + ( 1 << 16) | // Delay Before SPCK (1 MCK period) + ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud + ( 1 << 4) | // Bits per Transfer (9 bits) + ( 0 << 3) | // Chip Select inactive after transfer + ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge + ( 0 << 0); // Clock Polarity inactive state is logic 0 + break; + default: // Disable SPI + AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS; + break; + } +} + +//----------------------------------------------------------------------------- +// Set up the synchronous serial port, with the one set of options that we +// always use when we are talking to the FPGA. Both RX and TX are enabled. +//----------------------------------------------------------------------------- +void FpgaSetupSsc(void) +{ + // First configure the GPIOs, and get ourselves a clock. + AT91C_BASE_PIOA->PIO_ASR = + GPIO_SSC_FRAME | + GPIO_SSC_DIN | + GPIO_SSC_DOUT | + GPIO_SSC_CLK; + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; + + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC); + + // Now set up the SSC proper, starting from a known state. + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + + // RX clock comes from TX clock, RX starts when TX starts, data changes + // on RX clock rising edge, sampled on falling edge + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1); + + // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync + // pulse, no output sync, start on positive-going edge of sync + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | + AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); + + // clock comes from TK pin, no clock output, outputs change on falling + // edge of TK, start on rising edge of TF + AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | + SSC_CLOCK_MODE_START(5); + + // tx framing is the same as the rx framing + AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR; + + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; +} + +//----------------------------------------------------------------------------- +// Set up DMA to receive samples from the FPGA. We will use the PDC, with +// a single buffer as a circular buffer (so that we just chain back to +// ourselves, not to another buffer). The stuff to manipulate those buffers +// is in apps.h, because it should be inlined, for speed. +//----------------------------------------------------------------------------- +void FpgaSetupSscDma(BYTE *buf, int len) +{ + AT91C_BASE_PDC_SSC->PDC_RPR = (DWORD)buf; + AT91C_BASE_PDC_SSC->PDC_RCR = len; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)buf; + AT91C_BASE_PDC_SSC->PDC_RNCR = len; + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; +} + +static void DownloadFPGA_byte(unsigned char w) +{ +#define SEND_BIT(x) { if(w & (1<PIO_OER = GPIO_FPGA_ON; + AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON; + HIGH(GPIO_FPGA_ON); // ensure everything is powered on + + SpinDelay(50); + + LED_D_ON(); + + // These pins are inputs + AT91C_BASE_PIOA->PIO_ODR = + GPIO_FPGA_NINIT | + GPIO_FPGA_DONE; + // PIO controls the following pins + AT91C_BASE_PIOA->PIO_PER = + GPIO_FPGA_NINIT | + GPIO_FPGA_DONE; + // Enable pull-ups + AT91C_BASE_PIOA->PIO_PPUER = + GPIO_FPGA_NINIT | + GPIO_FPGA_DONE; + + // setup initial logic state + HIGH(GPIO_FPGA_NPROGRAM); + LOW(GPIO_FPGA_CCLK); + LOW(GPIO_FPGA_DIN); + // These pins are outputs + AT91C_BASE_PIOA->PIO_OER = + GPIO_FPGA_NPROGRAM | + GPIO_FPGA_CCLK | + GPIO_FPGA_DIN; + + // enter FPGA configuration mode + LOW(GPIO_FPGA_NPROGRAM); + SpinDelay(50); + HIGH(GPIO_FPGA_NPROGRAM); + + i=100000; + // wait for FPGA ready to accept data signal + while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) { + i--; + } + + // crude error indicator, leave both red LEDs on and return + if (i==0){ + LED_C_ON(); + LED_D_ON(); + return; + } + + if(bytereversal) { + /* This is only supported for DWORD aligned images */ + if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) { + i=0; + while(FpgaImageLen-->0) + DownloadFPGA_byte(FpgaImage[(i++)^0x3]); + /* Explanation of the magic in the above line: + * i^0x3 inverts the lower two bits of the integer i, counting backwards + * for each 4 byte increment. The generated sequence of (i++)^3 is + * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp. + */ + } + } else { + while(FpgaImageLen-->0) + DownloadFPGA_byte(*FpgaImage++); + } + + // continue to clock FPGA until ready signal goes high + i=100000; + while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) { + HIGH(GPIO_FPGA_CCLK); + LOW(GPIO_FPGA_CCLK); + } + // crude error indicator, leave both red LEDs on and return + if (i==0){ + LED_C_ON(); + LED_D_ON(); + return; + } + LED_D_OFF(); +} + +static char *bitparse_headers_start; +static char *bitparse_bitstream_end; +static int bitparse_initialized; +/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence + * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01 + * After that the format is 1 byte section type (ASCII character), 2 byte length + * (big endian), bytes content. Except for section 'e' which has 4 bytes + * length. + */ +static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01}; +static int bitparse_init(void * start_address, void *end_address) +{ + bitparse_initialized = 0; + + if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) { + return 0; /* Not matched */ + } else { + bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header); + bitparse_bitstream_end= (char*)end_address; + bitparse_initialized = 1; + return 1; + } +} + +int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length) +{ + char *pos = bitparse_headers_start; + int result = 0; + + if(!bitparse_initialized) return 0; + + while(pos < bitparse_bitstream_end) { + char current_name = *pos++; + unsigned int current_length = 0; + if(current_name < 'a' || current_name > 'e') { + /* Strange section name, abort */ + break; + } + current_length = 0; + switch(current_name) { + case 'e': + /* Four byte length field */ + current_length += (*pos++) << 24; + current_length += (*pos++) << 16; + default: /* Fall through, two byte length field */ + current_length += (*pos++) << 8; + current_length += (*pos++) << 0; + } + + if(current_name != 'e' && current_length > 255) { + /* Maybe a parse error */ + break; + } + + if(current_name == section_name) { + /* Found it */ + *section_start = pos; + *section_length = current_length; + result = 1; + break; + } + + pos += current_length; /* Skip section */ + } + + return result; +} + +//----------------------------------------------------------------------------- +// Find out which FPGA image format is stored in flash, then call DownloadFPGA +// with the right parameters to download the image +//----------------------------------------------------------------------------- +extern char _binary_fpga_bit_start, _binary_fpga_bit_end; +void FpgaDownloadAndGo(void) +{ + /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start + */ + if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) { + /* Successfully initialized the .bit parser. Find the 'e' section and + * send its contents to the FPGA. + */ + char *bitstream_start; + unsigned int bitstream_length; + if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) { + DownloadFPGA(bitstream_start, bitstream_length, 0); + + return; /* All done */ + } + } + + /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF + * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits + * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD + * is still to be transmitted in MSBit first order. Set the invert flag to indicate + * that the DownloadFPGA function should invert every 4 byte sequence when doing + * the bytewise download. + */ + if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 ) + DownloadFPGA((char*)0x102000, 10524*4, 1); +} + +void FpgaGatherVersion(char *dst, int len) +{ + char *fpga_info; + unsigned int fpga_info_len; + dst[0] = 0; + if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) { + strncat(dst, "FPGA image: legacy image without version information", len-1); + } else { + strncat(dst, "FPGA image built", len-1); + /* USB packets only have 48 bytes data payload, so be terse */ +#if 0 + if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { + strncat(dst, " from ", len-1); + strncat(dst, fpga_info, len-1); + } + if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { + strncat(dst, " for ", len-1); + strncat(dst, fpga_info, len-1); + } +#endif + if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { + strncat(dst, " on ", len-1); + strncat(dst, fpga_info, len-1); + } + if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) { + strncat(dst, " at ", len-1); + strncat(dst, fpga_info, len-1); + } + } +} + +//----------------------------------------------------------------------------- +// Send a 16 bit command/data pair to the FPGA. +// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0 +// where C is the 4 bit command and D is the 12 bit data +//----------------------------------------------------------------------------- +void FpgaSendCommand(WORD cmd, WORD v) +{ + SetupSpi(SPI_FPGA_MODE); + while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete + AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data +} +//----------------------------------------------------------------------------- +// Write the FPGA setup word (that determines what mode the logic is in, read +// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to +// avoid changing this function's occurence everywhere in the source code. +//----------------------------------------------------------------------------- +void FpgaWriteConfWord(BYTE v) +{ + FpgaSendCommand(FPGA_CMD_SET_CONFREG, v); +} + +//----------------------------------------------------------------------------- +// Set up the CMOS switches that mux the ADC: four switches, independently +// closable, but should only close one at a time. Not an FPGA thing, but +// the samples from the ADC always flow through the FPGA. +//----------------------------------------------------------------------------- +void SetAdcMuxFor(DWORD whichGpio) +{ + AT91C_BASE_PIOA->PIO_OER = + GPIO_MUXSEL_HIPKD | + GPIO_MUXSEL_LOPKD | + GPIO_MUXSEL_LORAW | + GPIO_MUXSEL_HIRAW; + + AT91C_BASE_PIOA->PIO_PER = + GPIO_MUXSEL_HIPKD | + GPIO_MUXSEL_LOPKD | + GPIO_MUXSEL_LORAW | + GPIO_MUXSEL_HIRAW; + + LOW(GPIO_MUXSEL_HIPKD); + LOW(GPIO_MUXSEL_HIRAW); + LOW(GPIO_MUXSEL_LORAW); + LOW(GPIO_MUXSEL_LOPKD); + + HIGH(whichGpio); +} diff --git a/armsrc/iso14443.c b/armsrc/iso14443.c index b20d1be93..1543efc9b 100644 --- a/armsrc/iso14443.c +++ b/armsrc/iso14443.c @@ -1,1208 +1,1208 @@ -//----------------------------------------------------------------------------- -// Routines to support ISO 14443. This includes both the reader software and -// the `fake tag' modes. At the moment only the Type B modulation is -// supported. -// Jonathan Westhues, split Nov 2006 -//----------------------------------------------------------------------------- -#include -#include "apps.h" -#include "iso14443crc.h" - - -//static void GetSamplesFor14443(BOOL weTx, int n); - -#define DEMOD_TRACE_SIZE 4096 -#define READER_TAG_BUFFER_SIZE 2048 -#define TAG_READER_BUFFER_SIZE 2048 -#define DMA_BUFFER_SIZE 1024 - -//============================================================================= -// An ISO 14443 Type B tag. We listen for commands from the reader, using -// a UART kind of thing that's implemented in software. When we get a -// frame (i.e., a group of bytes between SOF and EOF), we check the CRC. -// If it's good, then we can do something appropriate with it, and send -// a response. -//============================================================================= - -//----------------------------------------------------------------------------- -// Code up a string of octets at layer 2 (including CRC, we don't generate -// that here) so that they can be transmitted to the reader. Doesn't transmit -// them yet, just leaves them ready to send in ToSend[]. -//----------------------------------------------------------------------------- -static void CodeIso14443bAsTag(const BYTE *cmd, int len) -{ - int i; - - ToSendReset(); - - // Transmit a burst of ones, as the initial thing that lets the - // reader get phase sync. This (TR1) must be > 80/fs, per spec, - // but tag that I've tried (a Paypass) exceeds that by a fair bit, - // so I will too. - for(i = 0; i < 20; i++) { - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - } - - // Send SOF. - for(i = 0; i < 10; i++) { - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - } - for(i = 0; i < 2; i++) { - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - } - - for(i = 0; i < len; i++) { - int j; - BYTE b = cmd[i]; - - // Start bit - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - - // Data bits - for(j = 0; j < 8; j++) { - if(b & 1) { - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - } else { - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - } - b >>= 1; - } - - // Stop bit - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - } - - // Send SOF. - for(i = 0; i < 10; i++) { - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - } - for(i = 0; i < 10; i++) { - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - } - - // Convert from last byte pos to length - ToSendMax++; - - // Add a few more for slop - ToSendMax += 2; -} - -//----------------------------------------------------------------------------- -// The software UART that receives commands from the reader, and its state -// variables. -//----------------------------------------------------------------------------- -static struct { - enum { - STATE_UNSYNCD, - STATE_GOT_FALLING_EDGE_OF_SOF, - STATE_AWAITING_START_BIT, - STATE_RECEIVING_DATA, - STATE_ERROR_WAIT - } state; - WORD shiftReg; - int bitCnt; - int byteCnt; - int byteCntMax; - int posCnt; - BYTE *output; -} Uart; - -/* Receive & handle a bit coming from the reader. - * - * LED handling: - * LED A -> ON once we have received the SOF and are expecting the rest. - * LED A -> OFF once we have received EOF or are in error state or unsynced - * - * Returns: true if we received a EOF - * false if we are still waiting for some more - */ -static BOOL Handle14443UartBit(int bit) -{ - switch(Uart.state) { - case STATE_UNSYNCD: - LED_A_OFF(); - if(!bit) { - // we went low, so this could be the beginning - // of an SOF - Uart.state = STATE_GOT_FALLING_EDGE_OF_SOF; - Uart.posCnt = 0; - Uart.bitCnt = 0; - } - break; - - case STATE_GOT_FALLING_EDGE_OF_SOF: - Uart.posCnt++; - if(Uart.posCnt == 2) { - if(bit) { - if(Uart.bitCnt >= 10) { - // we've seen enough consecutive - // zeros that it's a valid SOF - Uart.posCnt = 0; - Uart.byteCnt = 0; - Uart.state = STATE_AWAITING_START_BIT; - LED_A_ON(); // Indicate we got a valid SOF - } else { - // didn't stay down long enough - // before going high, error - Uart.state = STATE_ERROR_WAIT; - } - } else { - // do nothing, keep waiting - } - Uart.bitCnt++; - } - if(Uart.posCnt >= 4) Uart.posCnt = 0; - if(Uart.bitCnt > 14) { - // Give up if we see too many zeros without - // a one, too. - Uart.state = STATE_ERROR_WAIT; - } - break; - - case STATE_AWAITING_START_BIT: - Uart.posCnt++; - if(bit) { - if(Uart.posCnt > 25) { - // stayed high for too long between - // characters, error - Uart.state = STATE_ERROR_WAIT; - } - } else { - // falling edge, this starts the data byte - Uart.posCnt = 0; - Uart.bitCnt = 0; - Uart.shiftReg = 0; - Uart.state = STATE_RECEIVING_DATA; - LED_A_ON(); // Indicate we're receiving - } - break; - - case STATE_RECEIVING_DATA: - Uart.posCnt++; - if(Uart.posCnt == 2) { - // time to sample a bit - Uart.shiftReg >>= 1; - if(bit) { - Uart.shiftReg |= 0x200; - } - Uart.bitCnt++; - } - if(Uart.posCnt >= 4) { - Uart.posCnt = 0; - } - if(Uart.bitCnt == 10) { - if((Uart.shiftReg & 0x200) && !(Uart.shiftReg & 0x001)) - { - // this is a data byte, with correct - // start and stop bits - Uart.output[Uart.byteCnt] = (Uart.shiftReg >> 1) & 0xff; - Uart.byteCnt++; - - if(Uart.byteCnt >= Uart.byteCntMax) { - // Buffer overflowed, give up - Uart.posCnt = 0; - Uart.state = STATE_ERROR_WAIT; - } else { - // so get the next byte now - Uart.posCnt = 0; - Uart.state = STATE_AWAITING_START_BIT; - } - } else if(Uart.shiftReg == 0x000) { - // this is an EOF byte - LED_A_OFF(); // Finished receiving - return TRUE; - } else { - // this is an error - Uart.posCnt = 0; - Uart.state = STATE_ERROR_WAIT; - } - } - break; - - case STATE_ERROR_WAIT: - // We're all screwed up, so wait a little while - // for whatever went wrong to finish, and then - // start over. - Uart.posCnt++; - if(Uart.posCnt > 10) { - Uart.state = STATE_UNSYNCD; - } - break; - - default: - Uart.state = STATE_UNSYNCD; - break; - } - - if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error - - return FALSE; -} - -//----------------------------------------------------------------------------- -// Receive a command (from the reader to us, where we are the simulated tag), -// and store it in the given buffer, up to the given maximum length. Keeps -// spinning, waiting for a well-framed command, until either we get one -// (returns TRUE) or someone presses the pushbutton on the board (FALSE). -// -// Assume that we're called with the SSC (to the FPGA) and ADC path set -// correctly. -//----------------------------------------------------------------------------- -static BOOL GetIso14443CommandFromReader(BYTE *received, int *len, int maxLen) -{ - BYTE mask; - int i, bit; - - // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); - - - // Now run a `software UART' on the stream of incoming samples. - Uart.output = received; - Uart.byteCntMax = maxLen; - Uart.state = STATE_UNSYNCD; - - for(;;) { - WDT_HIT(); - - if(BUTTON_PRESS()) return FALSE; - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; - - mask = 0x80; - for(i = 0; i < 8; i++, mask >>= 1) { - bit = (b & mask); - if(Handle14443UartBit(bit)) { - *len = Uart.byteCnt; - return TRUE; - } - } - } - } -} - -//----------------------------------------------------------------------------- -// Main loop of simulated tag: receive commands from reader, decide what -// response to send, and send it. -//----------------------------------------------------------------------------- -void SimulateIso14443Tag(void) -{ - static const BYTE cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 }; - static const BYTE response1[] = { - 0x50, 0x82, 0x0d, 0xe1, 0x74, 0x20, 0x38, 0x19, 0x22, - 0x00, 0x21, 0x85, 0x5e, 0xd7 - }; - - BYTE *resp; - int respLen; - - BYTE *resp1 = (((BYTE *)BigBuf) + 800); - int resp1Len; - - BYTE *receivedCmd = (BYTE *)BigBuf; - int len; - - int i; - - int cmdsRecvd = 0; - - memset(receivedCmd, 0x44, 400); - - CodeIso14443bAsTag(response1, sizeof(response1)); - memcpy(resp1, ToSend, ToSendMax); resp1Len = ToSendMax; - - // We need to listen to the high-frequency, peak-detected path. - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - cmdsRecvd = 0; - - for(;;) { - BYTE b1, b2; - - if(!GetIso14443CommandFromReader(receivedCmd, &len, 100)) { - Dbprintf("button pressed, received %d commands", cmdsRecvd); - break; - } - - // Good, look at the command now. - - if(len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len)==0) { - resp = resp1; respLen = resp1Len; - } else { - Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsRecvd); - // And print whether the CRC fails, just for good measure - ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2); - if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) { - // Not so good, try again. - DbpString("+++CRC fail"); - } else { - DbpString("CRC passes"); - } - break; - } - - memset(receivedCmd, 0x44, 32); - - cmdsRecvd++; - - if(cmdsRecvd > 0x30) { - DbpString("many commands later..."); - break; - } - - if(respLen <= 0) continue; - - // Modulate BPSK - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK); - AT91C_BASE_SSC->SSC_THR = 0xff; - FpgaSetupSsc(); - - // Transmit the response. - i = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - BYTE b = resp[i]; - - AT91C_BASE_SSC->SSC_THR = b; - - i++; - if(i > respLen) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; - (void)b; - } - } - } -} - -//============================================================================= -// An ISO 14443 Type B reader. We take layer two commands, code them -// appropriately, and then send them to the tag. We then listen for the -// tag's response, which we leave in the buffer to be demodulated on the -// PC side. -//============================================================================= - -static struct { - enum { - DEMOD_UNSYNCD, - DEMOD_PHASE_REF_TRAINING, - DEMOD_AWAITING_FALLING_EDGE_OF_SOF, - DEMOD_GOT_FALLING_EDGE_OF_SOF, - DEMOD_AWAITING_START_BIT, - DEMOD_RECEIVING_DATA, - DEMOD_ERROR_WAIT - } state; - int bitCount; - int posCount; - int thisBit; - int metric; - int metricN; - WORD shiftReg; - BYTE *output; - int len; - int sumI; - int sumQ; -} Demod; - -/* - * Handles reception of a bit from the tag - * - * LED handling: - * LED C -> ON once we have received the SOF and are expecting the rest. - * LED C -> OFF once we have received EOF or are unsynced - * - * Returns: true if we received a EOF - * false if we are still waiting for some more - * - */ -static BOOL Handle14443SamplesDemod(int ci, int cq) -{ - int v; - - // The soft decision on the bit uses an estimate of just the - // quadrant of the reference angle, not the exact angle. -#define MAKE_SOFT_DECISION() { \ - if(Demod.sumI > 0) { \ - v = ci; \ - } else { \ - v = -ci; \ - } \ - if(Demod.sumQ > 0) { \ - v += cq; \ - } else { \ - v -= cq; \ - } \ - } - - switch(Demod.state) { - case DEMOD_UNSYNCD: - v = ci; - if(v < 0) v = -v; - if(cq > 0) { - v += cq; - } else { - v -= cq; - } - if(v > 40) { - Demod.posCount = 0; - Demod.state = DEMOD_PHASE_REF_TRAINING; - Demod.sumI = 0; - Demod.sumQ = 0; - } - break; - - case DEMOD_PHASE_REF_TRAINING: - if(Demod.posCount < 8) { - Demod.sumI += ci; - Demod.sumQ += cq; - } else if(Demod.posCount > 100) { - // error, waited too long - Demod.state = DEMOD_UNSYNCD; - } else { - MAKE_SOFT_DECISION(); - if(v < 0) { - Demod.state = DEMOD_AWAITING_FALLING_EDGE_OF_SOF; - Demod.posCount = 0; - } - } - Demod.posCount++; - break; - - case DEMOD_AWAITING_FALLING_EDGE_OF_SOF: - MAKE_SOFT_DECISION(); - if(v < 0) { - Demod.state = DEMOD_GOT_FALLING_EDGE_OF_SOF; - Demod.posCount = 0; - } else { - if(Demod.posCount > 100) { - Demod.state = DEMOD_UNSYNCD; - } - } - Demod.posCount++; - break; - - case DEMOD_GOT_FALLING_EDGE_OF_SOF: - MAKE_SOFT_DECISION(); - if(v > 0) { - if(Demod.posCount < 12) { - Demod.state = DEMOD_UNSYNCD; - } else { - LED_C_ON(); // Got SOF - Demod.state = DEMOD_AWAITING_START_BIT; - Demod.posCount = 0; - Demod.len = 0; - Demod.metricN = 0; - Demod.metric = 0; - } - } else { - if(Demod.posCount > 100) { - Demod.state = DEMOD_UNSYNCD; - } - } - Demod.posCount++; - break; - - case DEMOD_AWAITING_START_BIT: - MAKE_SOFT_DECISION(); - if(v > 0) { - if(Demod.posCount > 10) { - Demod.state = DEMOD_UNSYNCD; - } - } else { - Demod.bitCount = 0; - Demod.posCount = 1; - Demod.thisBit = v; - Demod.shiftReg = 0; - Demod.state = DEMOD_RECEIVING_DATA; - } - break; - - case DEMOD_RECEIVING_DATA: - MAKE_SOFT_DECISION(); - if(Demod.posCount == 0) { - Demod.thisBit = v; - Demod.posCount = 1; - } else { - Demod.thisBit += v; - - if(Demod.thisBit > 0) { - Demod.metric += Demod.thisBit; - } else { - Demod.metric -= Demod.thisBit; - } - (Demod.metricN)++; - - Demod.shiftReg >>= 1; - if(Demod.thisBit > 0) { - Demod.shiftReg |= 0x200; - } - - Demod.bitCount++; - if(Demod.bitCount == 10) { - WORD s = Demod.shiftReg; - if((s & 0x200) && !(s & 0x001)) { - BYTE b = (s >> 1); - Demod.output[Demod.len] = b; - Demod.len++; - Demod.state = DEMOD_AWAITING_START_BIT; - } else if(s == 0x000) { - // This is EOF - LED_C_OFF(); - return TRUE; - Demod.state = DEMOD_UNSYNCD; - } else { - Demod.state = DEMOD_UNSYNCD; - } - } - Demod.posCount = 0; - } - break; - - default: - Demod.state = DEMOD_UNSYNCD; - break; - } - - if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized... - return FALSE; -} - -/* - * Demodulate the samples we received from the tag - * weTx: set to 'TRUE' if we behave like a reader - * set to 'FALSE' if we behave like a snooper - * quiet: set to 'TRUE' to disable debug output - */ -static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) -{ - int max = 0; - BOOL gotFrame = FALSE; - -//# define DMA_BUFFER_SIZE 8 - SBYTE *dmaBuf; - - int lastRxCounter; - SBYTE *upTo; - - int ci, cq; - - int samples = 0; - - // Clear out the state of the "UART" that receives from the tag. - memset(BigBuf, 0x44, 400); - Demod.output = (BYTE *)BigBuf; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - // And the UART that receives from the reader - Uart.output = (((BYTE *)BigBuf) + 1024); - Uart.byteCntMax = 100; - Uart.state = STATE_UNSYNCD; - - // Setup for the DMA. - dmaBuf = (SBYTE *)(BigBuf + 32); - upTo = dmaBuf; - lastRxCounter = DMA_BUFFER_SIZE; - FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); - - // Signal field is ON with the appropriate LED: - if (weTx) LED_D_ON(); else LED_D_OFF(); - // And put the FPGA in the appropriate mode - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | - (weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP)); - - for(;;) { - int behindBy = lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR; - if(behindBy > max) max = behindBy; - - while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1)) - > 2) - { - ci = upTo[0]; - cq = upTo[1]; - upTo += 2; - if(upTo - dmaBuf > DMA_BUFFER_SIZE) { - upTo -= DMA_BUFFER_SIZE; - AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo; - AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; - } - lastRxCounter -= 2; - if(lastRxCounter <= 0) { - lastRxCounter += DMA_BUFFER_SIZE; - } - - samples += 2; - - Handle14443UartBit(1); - Handle14443UartBit(1); - - if(Handle14443SamplesDemod(ci, cq)) { - gotFrame = 1; - } - } - - if(samples > 2000) { - break; - } - } - AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; - if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len); -} - -//----------------------------------------------------------------------------- -// Read the tag's response. We just receive a stream of slightly-processed -// samples from the FPGA, which we will later do some signal processing on, -// to get the bits. -//----------------------------------------------------------------------------- -/*static void GetSamplesFor14443(BOOL weTx, int n) -{ - BYTE *dest = (BYTE *)BigBuf; - int c; - - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | - (weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP)); - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - SBYTE b; - b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; - - dest[c++] = (BYTE)b; - - if(c >= n) { - break; - } - } - } -}*/ - -//----------------------------------------------------------------------------- -// Transmit the command (to the tag) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitFor14443(void) -{ - int c; - - FpgaSetupSsc(); - - while(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0xff; - } - - // Signal field is ON with the appropriate Red LED - LED_D_ON(); - // Signal we are transmitting with the Green LED - LED_B_ON(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD); - - for(c = 0; c < 10;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0xff; - c++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = ToSend[c]; - c++; - if(c >= ToSendMax) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - LED_B_OFF(); // Finished sending -} - -//----------------------------------------------------------------------------- -// Code a layer 2 command (string of octets, including CRC) into ToSend[], -// so that it is ready to transmit to the tag using TransmitFor14443(). -//----------------------------------------------------------------------------- -void CodeIso14443bAsReader(const BYTE *cmd, int len) -{ - int i, j; - BYTE b; - - ToSendReset(); - - // Establish initial reference level - for(i = 0; i < 40; i++) { - ToSendStuffBit(1); - } - // Send SOF - for(i = 0; i < 10; i++) { - ToSendStuffBit(0); - } - - for(i = 0; i < len; i++) { - // Stop bits/EGT - ToSendStuffBit(1); - ToSendStuffBit(1); - // Start bit - ToSendStuffBit(0); - // Data bits - b = cmd[i]; - for(j = 0; j < 8; j++) { - if(b & 1) { - ToSendStuffBit(1); - } else { - ToSendStuffBit(0); - } - b >>= 1; - } - } - // Send EOF - ToSendStuffBit(1); - for(i = 0; i < 10; i++) { - ToSendStuffBit(0); - } - for(i = 0; i < 8; i++) { - ToSendStuffBit(1); - } - - // And then a little more, to make sure that the last character makes - // it out before we switch to rx mode. - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } - - // Convert from last character reference to length - ToSendMax++; -} - -//----------------------------------------------------------------------------- -// Read an ISO 14443 tag. We send it some set of commands, and record the -// responses. -// The command name is misleading, it actually decodes the reponse in HEX -// into the output buffer (read the result using hexsamples, not hisamples) -//----------------------------------------------------------------------------- -void AcquireRawAdcSamplesIso14443(DWORD parameter) -{ - BYTE cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 }; - - // Make sure that we start from off, since the tags are stateful; - // confusing things will happen if we don't reset them between reads. - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); - SpinDelay(200); - - CodeIso14443bAsReader(cmd1, sizeof(cmd1)); - TransmitFor14443(); -// LED_A_ON(); - GetSamplesFor14443Demod(TRUE, 2000, FALSE); -// LED_A_OFF(); -} - -//----------------------------------------------------------------------------- -// Read a SRI512 ISO 14443 tag. -// -// SRI512 tags are just simple memory tags, here we're looking at making a dump -// of the contents of the memory. No anticollision algorithm is done, we assume -// we have a single tag in the field. -// -// I tried to be systematic and check every answer of the tag, every CRC, etc... -//----------------------------------------------------------------------------- -void ReadSRI512Iso14443(DWORD parameter) -{ - ReadSTMemoryIso14443(parameter,0x0F); -} -void ReadSRIX4KIso14443(DWORD parameter) -{ - ReadSTMemoryIso14443(parameter,0x7F); -} - -void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast) -{ - BYTE i = 0x00; - - // Make sure that we start from off, since the tags are stateful; - // confusing things will happen if we don't reset them between reads. - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); - SpinDelay(200); - - // First command: wake up the tag using the INITIATE command - BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b}; - CodeIso14443bAsReader(cmd1, sizeof(cmd1)); - TransmitFor14443(); -// LED_A_ON(); - GetSamplesFor14443Demod(TRUE, 2000,TRUE); -// LED_A_OFF(); - - if (Demod.len == 0) { - DbpString("No response from tag"); - return; - } else { - Dbprintf("Randomly generated UID from tag (+ 2 byte CRC): %x %x %x", - Demod.output[0], Demod.output[1],Demod.output[2]); - } - // There is a response, SELECT the uid - DbpString("Now SELECT tag:"); - cmd1[0] = 0x0E; // 0x0E is SELECT - cmd1[1] = Demod.output[0]; - ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); - CodeIso14443bAsReader(cmd1, sizeof(cmd1)); - TransmitFor14443(); -// LED_A_ON(); - GetSamplesFor14443Demod(TRUE, 2000,TRUE); -// LED_A_OFF(); - if (Demod.len != 3) { - Dbprintf("Expected 3 bytes from tag, got %d", Demod.len); - return; - } - // Check the CRC of the answer: - ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]); - if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) { - DbpString("CRC Error reading select response."); - return; - } - // Check response from the tag: should be the same UID as the command we just sent: - if (cmd1[1] != Demod.output[0]) { - Dbprintf("Bad response to SELECT from Tag, aborting: %x %x", cmd1[1], Demod.output[0]); - return; - } - // Tag is now selected, - // First get the tag's UID: - cmd1[0] = 0x0B; - ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]); - CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one - TransmitFor14443(); -// LED_A_ON(); - GetSamplesFor14443Demod(TRUE, 2000,TRUE); -// LED_A_OFF(); - if (Demod.len != 10) { - Dbprintf("Expected 10 bytes from tag, got %d", Demod.len); - return; - } - // The check the CRC of the answer (use cmd1 as temporary variable): - ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]); - if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) { - Dbprintf("CRC Error reading block! - Below: expected, got %x %x", - (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]); - // Do not return;, let's go on... (we should retry, maybe ?) - } - Dbprintf("Tag UID (64 bits): %08x %08x", - (Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], - (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0]); - - // Now loop to read all 16 blocks, address from 0 to 15 - DbpString("Tag memory dump, block 0 to 15"); - cmd1[0] = 0x08; - i = 0x00; - dwLast++; - for (;;) { - if (i == dwLast) { - DbpString("System area block (0xff):"); - i = 0xff; - } - cmd1[1] = i; - ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); - CodeIso14443bAsReader(cmd1, sizeof(cmd1)); - TransmitFor14443(); -// LED_A_ON(); - GetSamplesFor14443Demod(TRUE, 2000,TRUE); -// LED_A_OFF(); - if (Demod.len != 6) { // Check if we got an answer from the tag - DbpString("Expected 6 bytes from tag, got less..."); - return; - } - // The check the CRC of the answer (use cmd1 as temporary variable): - ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]); - if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) { - Dbprintf("CRC Error reading block! - Below: expected, got %x %x", - (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]); - // Do not return;, let's go on... (we should retry, maybe ?) - } - // Now print out the memory location: - Dbprintf("Address=%x, Contents=%x, CRC=%x", i, - (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], - (Demod.output[4]<<8)+Demod.output[5]); - if (i == 0xff) { - break; - } - i++; - } -} - - -//============================================================================= -// Finally, the `sniffer' combines elements from both the reader and -// simulated tag, to show both sides of the conversation. -//============================================================================= - -//----------------------------------------------------------------------------- -// Record the sequence of commands sent by the reader to the tag, with -// triggering so that we start recording at the point that the tag is moved -// near the reader. -//----------------------------------------------------------------------------- -/* - * Memory usage for this function, (within BigBuf) - * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE - * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE - * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE - * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE - */ -void SnoopIso14443(void) -{ - // We won't start recording the frames that we acquire until we trigger; - // a good trigger condition to get started is probably when we see a - // response from the tag. - BOOL triggered = FALSE; - - // The command (reader -> tag) that we're working on receiving. - BYTE *receivedCmd = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE; - // The response (tag -> reader) that we're working on receiving. - BYTE *receivedResponse = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE; - - // As we receive stuff, we copy it from receivedCmd or receivedResponse - // into trace, along with its length and other annotations. - BYTE *trace = (BYTE *)BigBuf; - int traceLen = 0; - - // The DMA buffer, used to stream samples from the FPGA. - SBYTE *dmaBuf = (SBYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE + TAG_READER_BUFFER_SIZE; - int lastRxCounter; - SBYTE *upTo; - int ci, cq; - int maxBehindBy = 0; - - // Count of samples received so far, so that we can include timing - // information in the trace buffer. - int samples = 0; - - // Initialize the trace buffer - memset(trace, 0x44, DEMOD_TRACE_SIZE); - - // Set up the demodulator for tag -> reader responses. - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - // And the reader -> tag commands - memset(&Uart, 0, sizeof(Uart)); - Uart.output = receivedCmd; - Uart.byteCntMax = 100; - Uart.state = STATE_UNSYNCD; - - // Print some debug information about the buffer sizes - Dbprintf("Snooping buffers initialized:"); - Dbprintf(" Trace: %i bytes", DEMOD_TRACE_SIZE); - Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE); - Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE); - Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE); - - // Use a counter for blinking the LED - long ledCount=0; - long ledFlashAt=200000; - - // And put the FPGA in the appropriate mode - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | - FPGA_HF_READER_RX_XCORR_SNOOP); - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - // Setup for the DMA. - FpgaSetupSsc(); - upTo = dmaBuf; - lastRxCounter = DMA_BUFFER_SIZE; - FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); - // And now we loop, receiving samples. - for(;;) { - // Blink the LED while Snooping - ledCount++; - if (ledCount == ledFlashAt) { - LED_D_ON(); - } - if (ledCount >= 2*ledFlashAt) { - LED_D_OFF(); - ledCount=0; - } - - int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & - (DMA_BUFFER_SIZE-1); - if(behindBy > maxBehindBy) { - maxBehindBy = behindBy; - if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not? - Dbprintf("blew circular buffer! behindBy=%x", behindBy); - goto done; - } - } - if(behindBy < 2) continue; - - ci = upTo[0]; - cq = upTo[1]; - upTo += 2; - lastRxCounter -= 2; - if(upTo - dmaBuf > DMA_BUFFER_SIZE) { - upTo -= DMA_BUFFER_SIZE; - lastRxCounter += DMA_BUFFER_SIZE; - AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD) upTo; - AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; - } - - samples += 2; - -#define HANDLE_BIT_IF_BODY \ - if(triggered) { \ - ledFlashAt=30000; \ - trace[traceLen++] = ((samples >> 0) & 0xff); \ - trace[traceLen++] = ((samples >> 8) & 0xff); \ - trace[traceLen++] = ((samples >> 16) & 0xff); \ - trace[traceLen++] = ((samples >> 24) & 0xff); \ - trace[traceLen++] = 0; \ - trace[traceLen++] = 0; \ - trace[traceLen++] = 0; \ - trace[traceLen++] = 0; \ - trace[traceLen++] = Uart.byteCnt; \ - memcpy(trace+traceLen, receivedCmd, Uart.byteCnt); \ - traceLen += Uart.byteCnt; \ - if(traceLen > 1000) break; \ - } \ - /* And ready to receive another command. */ \ - memset(&Uart, 0, sizeof(Uart)); \ - Uart.output = receivedCmd; \ - Uart.byteCntMax = 100; \ - Uart.state = STATE_UNSYNCD; \ - /* And also reset the demod code, which might have been */ \ - /* false-triggered by the commands from the reader. */ \ - memset(&Demod, 0, sizeof(Demod)); \ - Demod.output = receivedResponse; \ - Demod.state = DEMOD_UNSYNCD; \ - - if(Handle14443UartBit(ci & 1)) { - HANDLE_BIT_IF_BODY - } - if(Handle14443UartBit(cq & 1)) { - HANDLE_BIT_IF_BODY - } - - if(Handle14443SamplesDemod(ci, cq)) { - // timestamp, as a count of samples - trace[traceLen++] = ((samples >> 0) & 0xff); - trace[traceLen++] = ((samples >> 8) & 0xff); - trace[traceLen++] = ((samples >> 16) & 0xff); - trace[traceLen++] = 0x80 | ((samples >> 24) & 0xff); - // correlation metric (~signal strength estimate) - if(Demod.metricN != 0) { - Demod.metric /= Demod.metricN; - } - trace[traceLen++] = ((Demod.metric >> 0) & 0xff); - trace[traceLen++] = ((Demod.metric >> 8) & 0xff); - trace[traceLen++] = ((Demod.metric >> 16) & 0xff); - trace[traceLen++] = ((Demod.metric >> 24) & 0xff); - // length - trace[traceLen++] = Demod.len; - memcpy(trace+traceLen, receivedResponse, Demod.len); - traceLen += Demod.len; - if(traceLen > DEMOD_TRACE_SIZE) { - DbpString("Reached trace limit"); - goto done; - } - - triggered = TRUE; - - // And ready to receive another response. - memset(&Demod, 0, sizeof(Demod)); - Demod.output = receivedResponse; - Demod.state = DEMOD_UNSYNCD; - } - WDT_HIT(); - - if(BUTTON_PRESS()) { - DbpString("cancelled"); - goto done; - } - } - -done: - LED_D_OFF(); - AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; - DbpString("Snoop statistics:"); - Dbprintf(" Max behind by: %i", maxBehindBy); - Dbprintf(" Uart State: %x", Uart.state); - Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt); - Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax); - Dbprintf(" Trace length: %i", traceLen); -} +//----------------------------------------------------------------------------- +// Routines to support ISO 14443. This includes both the reader software and +// the `fake tag' modes. At the moment only the Type B modulation is +// supported. +// Jonathan Westhues, split Nov 2006 +//----------------------------------------------------------------------------- +#include +#include "apps.h" +#include "iso14443crc.h" + + +//static void GetSamplesFor14443(BOOL weTx, int n); + +#define DEMOD_TRACE_SIZE 4096 +#define READER_TAG_BUFFER_SIZE 2048 +#define TAG_READER_BUFFER_SIZE 2048 +#define DMA_BUFFER_SIZE 1024 + +//============================================================================= +// An ISO 14443 Type B tag. We listen for commands from the reader, using +// a UART kind of thing that's implemented in software. When we get a +// frame (i.e., a group of bytes between SOF and EOF), we check the CRC. +// If it's good, then we can do something appropriate with it, and send +// a response. +//============================================================================= + +//----------------------------------------------------------------------------- +// Code up a string of octets at layer 2 (including CRC, we don't generate +// that here) so that they can be transmitted to the reader. Doesn't transmit +// them yet, just leaves them ready to send in ToSend[]. +//----------------------------------------------------------------------------- +static void CodeIso14443bAsTag(const BYTE *cmd, int len) +{ + int i; + + ToSendReset(); + + // Transmit a burst of ones, as the initial thing that lets the + // reader get phase sync. This (TR1) must be > 80/fs, per spec, + // but tag that I've tried (a Paypass) exceeds that by a fair bit, + // so I will too. + for(i = 0; i < 20; i++) { + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + } + + // Send SOF. + for(i = 0; i < 10; i++) { + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + } + for(i = 0; i < 2; i++) { + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + } + + for(i = 0; i < len; i++) { + int j; + BYTE b = cmd[i]; + + // Start bit + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + + // Data bits + for(j = 0; j < 8; j++) { + if(b & 1) { + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + } else { + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + } + b >>= 1; + } + + // Stop bit + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + } + + // Send SOF. + for(i = 0; i < 10; i++) { + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + } + for(i = 0; i < 10; i++) { + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + } + + // Convert from last byte pos to length + ToSendMax++; + + // Add a few more for slop + ToSendMax += 2; +} + +//----------------------------------------------------------------------------- +// The software UART that receives commands from the reader, and its state +// variables. +//----------------------------------------------------------------------------- +static struct { + enum { + STATE_UNSYNCD, + STATE_GOT_FALLING_EDGE_OF_SOF, + STATE_AWAITING_START_BIT, + STATE_RECEIVING_DATA, + STATE_ERROR_WAIT + } state; + WORD shiftReg; + int bitCnt; + int byteCnt; + int byteCntMax; + int posCnt; + BYTE *output; +} Uart; + +/* Receive & handle a bit coming from the reader. + * + * LED handling: + * LED A -> ON once we have received the SOF and are expecting the rest. + * LED A -> OFF once we have received EOF or are in error state or unsynced + * + * Returns: true if we received a EOF + * false if we are still waiting for some more + */ +static BOOL Handle14443UartBit(int bit) +{ + switch(Uart.state) { + case STATE_UNSYNCD: + LED_A_OFF(); + if(!bit) { + // we went low, so this could be the beginning + // of an SOF + Uart.state = STATE_GOT_FALLING_EDGE_OF_SOF; + Uart.posCnt = 0; + Uart.bitCnt = 0; + } + break; + + case STATE_GOT_FALLING_EDGE_OF_SOF: + Uart.posCnt++; + if(Uart.posCnt == 2) { + if(bit) { + if(Uart.bitCnt >= 10) { + // we've seen enough consecutive + // zeros that it's a valid SOF + Uart.posCnt = 0; + Uart.byteCnt = 0; + Uart.state = STATE_AWAITING_START_BIT; + LED_A_ON(); // Indicate we got a valid SOF + } else { + // didn't stay down long enough + // before going high, error + Uart.state = STATE_ERROR_WAIT; + } + } else { + // do nothing, keep waiting + } + Uart.bitCnt++; + } + if(Uart.posCnt >= 4) Uart.posCnt = 0; + if(Uart.bitCnt > 14) { + // Give up if we see too many zeros without + // a one, too. + Uart.state = STATE_ERROR_WAIT; + } + break; + + case STATE_AWAITING_START_BIT: + Uart.posCnt++; + if(bit) { + if(Uart.posCnt > 25) { + // stayed high for too long between + // characters, error + Uart.state = STATE_ERROR_WAIT; + } + } else { + // falling edge, this starts the data byte + Uart.posCnt = 0; + Uart.bitCnt = 0; + Uart.shiftReg = 0; + Uart.state = STATE_RECEIVING_DATA; + LED_A_ON(); // Indicate we're receiving + } + break; + + case STATE_RECEIVING_DATA: + Uart.posCnt++; + if(Uart.posCnt == 2) { + // time to sample a bit + Uart.shiftReg >>= 1; + if(bit) { + Uart.shiftReg |= 0x200; + } + Uart.bitCnt++; + } + if(Uart.posCnt >= 4) { + Uart.posCnt = 0; + } + if(Uart.bitCnt == 10) { + if((Uart.shiftReg & 0x200) && !(Uart.shiftReg & 0x001)) + { + // this is a data byte, with correct + // start and stop bits + Uart.output[Uart.byteCnt] = (Uart.shiftReg >> 1) & 0xff; + Uart.byteCnt++; + + if(Uart.byteCnt >= Uart.byteCntMax) { + // Buffer overflowed, give up + Uart.posCnt = 0; + Uart.state = STATE_ERROR_WAIT; + } else { + // so get the next byte now + Uart.posCnt = 0; + Uart.state = STATE_AWAITING_START_BIT; + } + } else if(Uart.shiftReg == 0x000) { + // this is an EOF byte + LED_A_OFF(); // Finished receiving + return TRUE; + } else { + // this is an error + Uart.posCnt = 0; + Uart.state = STATE_ERROR_WAIT; + } + } + break; + + case STATE_ERROR_WAIT: + // We're all screwed up, so wait a little while + // for whatever went wrong to finish, and then + // start over. + Uart.posCnt++; + if(Uart.posCnt > 10) { + Uart.state = STATE_UNSYNCD; + } + break; + + default: + Uart.state = STATE_UNSYNCD; + break; + } + + if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error + + return FALSE; +} + +//----------------------------------------------------------------------------- +// Receive a command (from the reader to us, where we are the simulated tag), +// and store it in the given buffer, up to the given maximum length. Keeps +// spinning, waiting for a well-framed command, until either we get one +// (returns TRUE) or someone presses the pushbutton on the board (FALSE). +// +// Assume that we're called with the SSC (to the FPGA) and ADC path set +// correctly. +//----------------------------------------------------------------------------- +static BOOL GetIso14443CommandFromReader(BYTE *received, int *len, int maxLen) +{ + BYTE mask; + int i, bit; + + // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen + // only, since we are receiving, not transmitting). + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); + + + // Now run a `software UART' on the stream of incoming samples. + Uart.output = received; + Uart.byteCntMax = maxLen; + Uart.state = STATE_UNSYNCD; + + for(;;) { + WDT_HIT(); + + if(BUTTON_PRESS()) return FALSE; + + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; + + mask = 0x80; + for(i = 0; i < 8; i++, mask >>= 1) { + bit = (b & mask); + if(Handle14443UartBit(bit)) { + *len = Uart.byteCnt; + return TRUE; + } + } + } + } +} + +//----------------------------------------------------------------------------- +// Main loop of simulated tag: receive commands from reader, decide what +// response to send, and send it. +//----------------------------------------------------------------------------- +void SimulateIso14443Tag(void) +{ + static const BYTE cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 }; + static const BYTE response1[] = { + 0x50, 0x82, 0x0d, 0xe1, 0x74, 0x20, 0x38, 0x19, 0x22, + 0x00, 0x21, 0x85, 0x5e, 0xd7 + }; + + BYTE *resp; + int respLen; + + BYTE *resp1 = (((BYTE *)BigBuf) + 800); + int resp1Len; + + BYTE *receivedCmd = (BYTE *)BigBuf; + int len; + + int i; + + int cmdsRecvd = 0; + + memset(receivedCmd, 0x44, 400); + + CodeIso14443bAsTag(response1, sizeof(response1)); + memcpy(resp1, ToSend, ToSendMax); resp1Len = ToSendMax; + + // We need to listen to the high-frequency, peak-detected path. + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + cmdsRecvd = 0; + + for(;;) { + BYTE b1, b2; + + if(!GetIso14443CommandFromReader(receivedCmd, &len, 100)) { + Dbprintf("button pressed, received %d commands", cmdsRecvd); + break; + } + + // Good, look at the command now. + + if(len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len)==0) { + resp = resp1; respLen = resp1Len; + } else { + Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsRecvd); + // And print whether the CRC fails, just for good measure + ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2); + if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) { + // Not so good, try again. + DbpString("+++CRC fail"); + } else { + DbpString("CRC passes"); + } + break; + } + + memset(receivedCmd, 0x44, 32); + + cmdsRecvd++; + + if(cmdsRecvd > 0x30) { + DbpString("many commands later..."); + break; + } + + if(respLen <= 0) continue; + + // Modulate BPSK + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK); + AT91C_BASE_SSC->SSC_THR = 0xff; + FpgaSetupSsc(); + + // Transmit the response. + i = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + BYTE b = resp[i]; + + AT91C_BASE_SSC->SSC_THR = b; + + i++; + if(i > respLen) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; + (void)b; + } + } + } +} + +//============================================================================= +// An ISO 14443 Type B reader. We take layer two commands, code them +// appropriately, and then send them to the tag. We then listen for the +// tag's response, which we leave in the buffer to be demodulated on the +// PC side. +//============================================================================= + +static struct { + enum { + DEMOD_UNSYNCD, + DEMOD_PHASE_REF_TRAINING, + DEMOD_AWAITING_FALLING_EDGE_OF_SOF, + DEMOD_GOT_FALLING_EDGE_OF_SOF, + DEMOD_AWAITING_START_BIT, + DEMOD_RECEIVING_DATA, + DEMOD_ERROR_WAIT + } state; + int bitCount; + int posCount; + int thisBit; + int metric; + int metricN; + WORD shiftReg; + BYTE *output; + int len; + int sumI; + int sumQ; +} Demod; + +/* + * Handles reception of a bit from the tag + * + * LED handling: + * LED C -> ON once we have received the SOF and are expecting the rest. + * LED C -> OFF once we have received EOF or are unsynced + * + * Returns: true if we received a EOF + * false if we are still waiting for some more + * + */ +static BOOL Handle14443SamplesDemod(int ci, int cq) +{ + int v; + + // The soft decision on the bit uses an estimate of just the + // quadrant of the reference angle, not the exact angle. +#define MAKE_SOFT_DECISION() { \ + if(Demod.sumI > 0) { \ + v = ci; \ + } else { \ + v = -ci; \ + } \ + if(Demod.sumQ > 0) { \ + v += cq; \ + } else { \ + v -= cq; \ + } \ + } + + switch(Demod.state) { + case DEMOD_UNSYNCD: + v = ci; + if(v < 0) v = -v; + if(cq > 0) { + v += cq; + } else { + v -= cq; + } + if(v > 40) { + Demod.posCount = 0; + Demod.state = DEMOD_PHASE_REF_TRAINING; + Demod.sumI = 0; + Demod.sumQ = 0; + } + break; + + case DEMOD_PHASE_REF_TRAINING: + if(Demod.posCount < 8) { + Demod.sumI += ci; + Demod.sumQ += cq; + } else if(Demod.posCount > 100) { + // error, waited too long + Demod.state = DEMOD_UNSYNCD; + } else { + MAKE_SOFT_DECISION(); + if(v < 0) { + Demod.state = DEMOD_AWAITING_FALLING_EDGE_OF_SOF; + Demod.posCount = 0; + } + } + Demod.posCount++; + break; + + case DEMOD_AWAITING_FALLING_EDGE_OF_SOF: + MAKE_SOFT_DECISION(); + if(v < 0) { + Demod.state = DEMOD_GOT_FALLING_EDGE_OF_SOF; + Demod.posCount = 0; + } else { + if(Demod.posCount > 100) { + Demod.state = DEMOD_UNSYNCD; + } + } + Demod.posCount++; + break; + + case DEMOD_GOT_FALLING_EDGE_OF_SOF: + MAKE_SOFT_DECISION(); + if(v > 0) { + if(Demod.posCount < 12) { + Demod.state = DEMOD_UNSYNCD; + } else { + LED_C_ON(); // Got SOF + Demod.state = DEMOD_AWAITING_START_BIT; + Demod.posCount = 0; + Demod.len = 0; + Demod.metricN = 0; + Demod.metric = 0; + } + } else { + if(Demod.posCount > 100) { + Demod.state = DEMOD_UNSYNCD; + } + } + Demod.posCount++; + break; + + case DEMOD_AWAITING_START_BIT: + MAKE_SOFT_DECISION(); + if(v > 0) { + if(Demod.posCount > 10) { + Demod.state = DEMOD_UNSYNCD; + } + } else { + Demod.bitCount = 0; + Demod.posCount = 1; + Demod.thisBit = v; + Demod.shiftReg = 0; + Demod.state = DEMOD_RECEIVING_DATA; + } + break; + + case DEMOD_RECEIVING_DATA: + MAKE_SOFT_DECISION(); + if(Demod.posCount == 0) { + Demod.thisBit = v; + Demod.posCount = 1; + } else { + Demod.thisBit += v; + + if(Demod.thisBit > 0) { + Demod.metric += Demod.thisBit; + } else { + Demod.metric -= Demod.thisBit; + } + (Demod.metricN)++; + + Demod.shiftReg >>= 1; + if(Demod.thisBit > 0) { + Demod.shiftReg |= 0x200; + } + + Demod.bitCount++; + if(Demod.bitCount == 10) { + WORD s = Demod.shiftReg; + if((s & 0x200) && !(s & 0x001)) { + BYTE b = (s >> 1); + Demod.output[Demod.len] = b; + Demod.len++; + Demod.state = DEMOD_AWAITING_START_BIT; + } else if(s == 0x000) { + // This is EOF + LED_C_OFF(); + return TRUE; + Demod.state = DEMOD_UNSYNCD; + } else { + Demod.state = DEMOD_UNSYNCD; + } + } + Demod.posCount = 0; + } + break; + + default: + Demod.state = DEMOD_UNSYNCD; + break; + } + + if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized... + return FALSE; +} + +/* + * Demodulate the samples we received from the tag + * weTx: set to 'TRUE' if we behave like a reader + * set to 'FALSE' if we behave like a snooper + * quiet: set to 'TRUE' to disable debug output + */ +static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) +{ + int max = 0; + BOOL gotFrame = FALSE; + +//# define DMA_BUFFER_SIZE 8 + SBYTE *dmaBuf; + + int lastRxCounter; + SBYTE *upTo; + + int ci, cq; + + int samples = 0; + + // Clear out the state of the "UART" that receives from the tag. + memset(BigBuf, 0x44, 400); + Demod.output = (BYTE *)BigBuf; + Demod.len = 0; + Demod.state = DEMOD_UNSYNCD; + + // And the UART that receives from the reader + Uart.output = (((BYTE *)BigBuf) + 1024); + Uart.byteCntMax = 100; + Uart.state = STATE_UNSYNCD; + + // Setup for the DMA. + dmaBuf = (SBYTE *)(BigBuf + 32); + upTo = dmaBuf; + lastRxCounter = DMA_BUFFER_SIZE; + FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); + + // Signal field is ON with the appropriate LED: + if (weTx) LED_D_ON(); else LED_D_OFF(); + // And put the FPGA in the appropriate mode + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | + (weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP)); + + for(;;) { + int behindBy = lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR; + if(behindBy > max) max = behindBy; + + while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1)) + > 2) + { + ci = upTo[0]; + cq = upTo[1]; + upTo += 2; + if(upTo - dmaBuf > DMA_BUFFER_SIZE) { + upTo -= DMA_BUFFER_SIZE; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo; + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; + } + lastRxCounter -= 2; + if(lastRxCounter <= 0) { + lastRxCounter += DMA_BUFFER_SIZE; + } + + samples += 2; + + Handle14443UartBit(1); + Handle14443UartBit(1); + + if(Handle14443SamplesDemod(ci, cq)) { + gotFrame = 1; + } + } + + if(samples > 2000) { + break; + } + } + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; + if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len); +} + +//----------------------------------------------------------------------------- +// Read the tag's response. We just receive a stream of slightly-processed +// samples from the FPGA, which we will later do some signal processing on, +// to get the bits. +//----------------------------------------------------------------------------- +/*static void GetSamplesFor14443(BOOL weTx, int n) +{ + BYTE *dest = (BYTE *)BigBuf; + int c; + + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | + (weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP)); + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + SBYTE b; + b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; + + dest[c++] = (BYTE)b; + + if(c >= n) { + break; + } + } + } +}*/ + +//----------------------------------------------------------------------------- +// Transmit the command (to the tag) that was placed in ToSend[]. +//----------------------------------------------------------------------------- +static void TransmitFor14443(void) +{ + int c; + + FpgaSetupSsc(); + + while(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0xff; + } + + // Signal field is ON with the appropriate Red LED + LED_D_ON(); + // Signal we are transmitting with the Green LED + LED_B_ON(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD); + + for(c = 0; c < 10;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0xff; + c++; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = ToSend[c]; + c++; + if(c >= ToSendMax) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + LED_B_OFF(); // Finished sending +} + +//----------------------------------------------------------------------------- +// Code a layer 2 command (string of octets, including CRC) into ToSend[], +// so that it is ready to transmit to the tag using TransmitFor14443(). +//----------------------------------------------------------------------------- +void CodeIso14443bAsReader(const BYTE *cmd, int len) +{ + int i, j; + BYTE b; + + ToSendReset(); + + // Establish initial reference level + for(i = 0; i < 40; i++) { + ToSendStuffBit(1); + } + // Send SOF + for(i = 0; i < 10; i++) { + ToSendStuffBit(0); + } + + for(i = 0; i < len; i++) { + // Stop bits/EGT + ToSendStuffBit(1); + ToSendStuffBit(1); + // Start bit + ToSendStuffBit(0); + // Data bits + b = cmd[i]; + for(j = 0; j < 8; j++) { + if(b & 1) { + ToSendStuffBit(1); + } else { + ToSendStuffBit(0); + } + b >>= 1; + } + } + // Send EOF + ToSendStuffBit(1); + for(i = 0; i < 10; i++) { + ToSendStuffBit(0); + } + for(i = 0; i < 8; i++) { + ToSendStuffBit(1); + } + + // And then a little more, to make sure that the last character makes + // it out before we switch to rx mode. + for(i = 0; i < 24; i++) { + ToSendStuffBit(1); + } + + // Convert from last character reference to length + ToSendMax++; +} + +//----------------------------------------------------------------------------- +// Read an ISO 14443 tag. We send it some set of commands, and record the +// responses. +// The command name is misleading, it actually decodes the reponse in HEX +// into the output buffer (read the result using hexsamples, not hisamples) +//----------------------------------------------------------------------------- +void AcquireRawAdcSamplesIso14443(DWORD parameter) +{ + BYTE cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 }; + + // Make sure that we start from off, since the tags are stateful; + // confusing things will happen if we don't reset them between reads. + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); + SpinDelay(200); + + CodeIso14443bAsReader(cmd1, sizeof(cmd1)); + TransmitFor14443(); +// LED_A_ON(); + GetSamplesFor14443Demod(TRUE, 2000, FALSE); +// LED_A_OFF(); +} + +//----------------------------------------------------------------------------- +// Read a SRI512 ISO 14443 tag. +// +// SRI512 tags are just simple memory tags, here we're looking at making a dump +// of the contents of the memory. No anticollision algorithm is done, we assume +// we have a single tag in the field. +// +// I tried to be systematic and check every answer of the tag, every CRC, etc... +//----------------------------------------------------------------------------- +void ReadSRI512Iso14443(DWORD parameter) +{ + ReadSTMemoryIso14443(parameter,0x0F); +} +void ReadSRIX4KIso14443(DWORD parameter) +{ + ReadSTMemoryIso14443(parameter,0x7F); +} + +void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast) +{ + BYTE i = 0x00; + + // Make sure that we start from off, since the tags are stateful; + // confusing things will happen if we don't reset them between reads. + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); + SpinDelay(200); + + // First command: wake up the tag using the INITIATE command + BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b}; + CodeIso14443bAsReader(cmd1, sizeof(cmd1)); + TransmitFor14443(); +// LED_A_ON(); + GetSamplesFor14443Demod(TRUE, 2000,TRUE); +// LED_A_OFF(); + + if (Demod.len == 0) { + DbpString("No response from tag"); + return; + } else { + Dbprintf("Randomly generated UID from tag (+ 2 byte CRC): %x %x %x", + Demod.output[0], Demod.output[1],Demod.output[2]); + } + // There is a response, SELECT the uid + DbpString("Now SELECT tag:"); + cmd1[0] = 0x0E; // 0x0E is SELECT + cmd1[1] = Demod.output[0]; + ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); + CodeIso14443bAsReader(cmd1, sizeof(cmd1)); + TransmitFor14443(); +// LED_A_ON(); + GetSamplesFor14443Demod(TRUE, 2000,TRUE); +// LED_A_OFF(); + if (Demod.len != 3) { + Dbprintf("Expected 3 bytes from tag, got %d", Demod.len); + return; + } + // Check the CRC of the answer: + ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]); + if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) { + DbpString("CRC Error reading select response."); + return; + } + // Check response from the tag: should be the same UID as the command we just sent: + if (cmd1[1] != Demod.output[0]) { + Dbprintf("Bad response to SELECT from Tag, aborting: %x %x", cmd1[1], Demod.output[0]); + return; + } + // Tag is now selected, + // First get the tag's UID: + cmd1[0] = 0x0B; + ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]); + CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one + TransmitFor14443(); +// LED_A_ON(); + GetSamplesFor14443Demod(TRUE, 2000,TRUE); +// LED_A_OFF(); + if (Demod.len != 10) { + Dbprintf("Expected 10 bytes from tag, got %d", Demod.len); + return; + } + // The check the CRC of the answer (use cmd1 as temporary variable): + ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]); + if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) { + Dbprintf("CRC Error reading block! - Below: expected, got %x %x", + (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]); + // Do not return;, let's go on... (we should retry, maybe ?) + } + Dbprintf("Tag UID (64 bits): %08x %08x", + (Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], + (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0]); + + // Now loop to read all 16 blocks, address from 0 to 15 + DbpString("Tag memory dump, block 0 to 15"); + cmd1[0] = 0x08; + i = 0x00; + dwLast++; + for (;;) { + if (i == dwLast) { + DbpString("System area block (0xff):"); + i = 0xff; + } + cmd1[1] = i; + ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); + CodeIso14443bAsReader(cmd1, sizeof(cmd1)); + TransmitFor14443(); +// LED_A_ON(); + GetSamplesFor14443Demod(TRUE, 2000,TRUE); +// LED_A_OFF(); + if (Demod.len != 6) { // Check if we got an answer from the tag + DbpString("Expected 6 bytes from tag, got less..."); + return; + } + // The check the CRC of the answer (use cmd1 as temporary variable): + ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]); + if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) { + Dbprintf("CRC Error reading block! - Below: expected, got %x %x", + (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]); + // Do not return;, let's go on... (we should retry, maybe ?) + } + // Now print out the memory location: + Dbprintf("Address=%x, Contents=%x, CRC=%x", i, + (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], + (Demod.output[4]<<8)+Demod.output[5]); + if (i == 0xff) { + break; + } + i++; + } +} + + +//============================================================================= +// Finally, the `sniffer' combines elements from both the reader and +// simulated tag, to show both sides of the conversation. +//============================================================================= + +//----------------------------------------------------------------------------- +// Record the sequence of commands sent by the reader to the tag, with +// triggering so that we start recording at the point that the tag is moved +// near the reader. +//----------------------------------------------------------------------------- +/* + * Memory usage for this function, (within BigBuf) + * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE + * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE + * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE + * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE + */ +void SnoopIso14443(void) +{ + // We won't start recording the frames that we acquire until we trigger; + // a good trigger condition to get started is probably when we see a + // response from the tag. + BOOL triggered = FALSE; + + // The command (reader -> tag) that we're working on receiving. + BYTE *receivedCmd = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE; + // The response (tag -> reader) that we're working on receiving. + BYTE *receivedResponse = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE; + + // As we receive stuff, we copy it from receivedCmd or receivedResponse + // into trace, along with its length and other annotations. + BYTE *trace = (BYTE *)BigBuf; + int traceLen = 0; + + // The DMA buffer, used to stream samples from the FPGA. + SBYTE *dmaBuf = (SBYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE + TAG_READER_BUFFER_SIZE; + int lastRxCounter; + SBYTE *upTo; + int ci, cq; + int maxBehindBy = 0; + + // Count of samples received so far, so that we can include timing + // information in the trace buffer. + int samples = 0; + + // Initialize the trace buffer + memset(trace, 0x44, DEMOD_TRACE_SIZE); + + // Set up the demodulator for tag -> reader responses. + Demod.output = receivedResponse; + Demod.len = 0; + Demod.state = DEMOD_UNSYNCD; + + // And the reader -> tag commands + memset(&Uart, 0, sizeof(Uart)); + Uart.output = receivedCmd; + Uart.byteCntMax = 100; + Uart.state = STATE_UNSYNCD; + + // Print some debug information about the buffer sizes + Dbprintf("Snooping buffers initialized:"); + Dbprintf(" Trace: %i bytes", DEMOD_TRACE_SIZE); + Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE); + Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE); + Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE); + + // Use a counter for blinking the LED + long ledCount=0; + long ledFlashAt=200000; + + // And put the FPGA in the appropriate mode + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord( + FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | + FPGA_HF_READER_RX_XCORR_SNOOP); + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + // Setup for the DMA. + FpgaSetupSsc(); + upTo = dmaBuf; + lastRxCounter = DMA_BUFFER_SIZE; + FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); + // And now we loop, receiving samples. + for(;;) { + // Blink the LED while Snooping + ledCount++; + if (ledCount == ledFlashAt) { + LED_D_ON(); + } + if (ledCount >= 2*ledFlashAt) { + LED_D_OFF(); + ledCount=0; + } + + int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & + (DMA_BUFFER_SIZE-1); + if(behindBy > maxBehindBy) { + maxBehindBy = behindBy; + if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not? + Dbprintf("blew circular buffer! behindBy=%x", behindBy); + goto done; + } + } + if(behindBy < 2) continue; + + ci = upTo[0]; + cq = upTo[1]; + upTo += 2; + lastRxCounter -= 2; + if(upTo - dmaBuf > DMA_BUFFER_SIZE) { + upTo -= DMA_BUFFER_SIZE; + lastRxCounter += DMA_BUFFER_SIZE; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD) upTo; + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; + } + + samples += 2; + +#define HANDLE_BIT_IF_BODY \ + if(triggered) { \ + ledFlashAt=30000; \ + trace[traceLen++] = ((samples >> 0) & 0xff); \ + trace[traceLen++] = ((samples >> 8) & 0xff); \ + trace[traceLen++] = ((samples >> 16) & 0xff); \ + trace[traceLen++] = ((samples >> 24) & 0xff); \ + trace[traceLen++] = 0; \ + trace[traceLen++] = 0; \ + trace[traceLen++] = 0; \ + trace[traceLen++] = 0; \ + trace[traceLen++] = Uart.byteCnt; \ + memcpy(trace+traceLen, receivedCmd, Uart.byteCnt); \ + traceLen += Uart.byteCnt; \ + if(traceLen > 1000) break; \ + } \ + /* And ready to receive another command. */ \ + memset(&Uart, 0, sizeof(Uart)); \ + Uart.output = receivedCmd; \ + Uart.byteCntMax = 100; \ + Uart.state = STATE_UNSYNCD; \ + /* And also reset the demod code, which might have been */ \ + /* false-triggered by the commands from the reader. */ \ + memset(&Demod, 0, sizeof(Demod)); \ + Demod.output = receivedResponse; \ + Demod.state = DEMOD_UNSYNCD; \ + + if(Handle14443UartBit(ci & 1)) { + HANDLE_BIT_IF_BODY + } + if(Handle14443UartBit(cq & 1)) { + HANDLE_BIT_IF_BODY + } + + if(Handle14443SamplesDemod(ci, cq)) { + // timestamp, as a count of samples + trace[traceLen++] = ((samples >> 0) & 0xff); + trace[traceLen++] = ((samples >> 8) & 0xff); + trace[traceLen++] = ((samples >> 16) & 0xff); + trace[traceLen++] = 0x80 | ((samples >> 24) & 0xff); + // correlation metric (~signal strength estimate) + if(Demod.metricN != 0) { + Demod.metric /= Demod.metricN; + } + trace[traceLen++] = ((Demod.metric >> 0) & 0xff); + trace[traceLen++] = ((Demod.metric >> 8) & 0xff); + trace[traceLen++] = ((Demod.metric >> 16) & 0xff); + trace[traceLen++] = ((Demod.metric >> 24) & 0xff); + // length + trace[traceLen++] = Demod.len; + memcpy(trace+traceLen, receivedResponse, Demod.len); + traceLen += Demod.len; + if(traceLen > DEMOD_TRACE_SIZE) { + DbpString("Reached trace limit"); + goto done; + } + + triggered = TRUE; + + // And ready to receive another response. + memset(&Demod, 0, sizeof(Demod)); + Demod.output = receivedResponse; + Demod.state = DEMOD_UNSYNCD; + } + WDT_HIT(); + + if(BUTTON_PRESS()) { + DbpString("cancelled"); + goto done; + } + } + +done: + LED_D_OFF(); + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; + DbpString("Snoop statistics:"); + Dbprintf(" Max behind by: %i", maxBehindBy); + Dbprintf(" Uart State: %x", Uart.state); + Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt); + Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax); + Dbprintf(" Trace length: %i", traceLen); +} diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 02d912e7b..ce653f299 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1,1852 +1,1852 @@ -//----------------------------------------------------------------------------- -// Routines to support ISO 14443 type A. -// -// Gerhard de Koning Gans - May 2008 -//----------------------------------------------------------------------------- -#include -#include "apps.h" -#include "iso14443crc.h" - -static BYTE *trace = (BYTE *) BigBuf; -static int traceLen = 0; -static int rsamples = 0; -static BOOL tracing = TRUE; - -typedef enum { - SEC_D = 1, - SEC_E = 2, - SEC_F = 3, - SEC_X = 4, - SEC_Y = 5, - SEC_Z = 6 -} SecType; - -static const BYTE OddByteParity[256] = { - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1 -}; - -// BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT -#define RECV_CMD_OFFSET 3032 -#define RECV_RES_OFFSET 3096 -#define DMA_BUFFER_OFFSET 3160 -#define DMA_BUFFER_SIZE 4096 -#define TRACE_LENGTH 3000 - -//----------------------------------------------------------------------------- -// Generate the parity value for a byte sequence -// -//----------------------------------------------------------------------------- -DWORD GetParity(const BYTE * pbtCmd, int iLen) -{ - int i; - DWORD dwPar = 0; - - // Generate the encrypted data - for (i = 0; i < iLen; i++) { - // Save the encrypted parity bit - dwPar |= ((OddByteParity[pbtCmd[i]]) << i); - } - return dwPar; -} - -static void AppendCrc14443a(BYTE* data, int len) -{ - ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1); -} - -BOOL LogTrace(const BYTE * btBytes, int iLen, int iSamples, DWORD dwParity, BOOL bReader) -{ - // Return when trace is full - if (traceLen >= TRACE_LENGTH) return FALSE; - - // Trace the random, i'm curious - rsamples += iSamples; - trace[traceLen++] = ((rsamples >> 0) & 0xff); - trace[traceLen++] = ((rsamples >> 8) & 0xff); - trace[traceLen++] = ((rsamples >> 16) & 0xff); - trace[traceLen++] = ((rsamples >> 24) & 0xff); - if (!bReader) { - trace[traceLen - 1] |= 0x80; - } - trace[traceLen++] = ((dwParity >> 0) & 0xff); - trace[traceLen++] = ((dwParity >> 8) & 0xff); - trace[traceLen++] = ((dwParity >> 16) & 0xff); - trace[traceLen++] = ((dwParity >> 24) & 0xff); - trace[traceLen++] = iLen; - memcpy(trace + traceLen, btBytes, iLen); - traceLen += iLen; - return TRUE; -} - -BOOL LogTraceInfo(byte_t* data, size_t len) -{ - return LogTrace(data,len,0,GetParity(data,len),TRUE); -} - -//----------------------------------------------------------------------------- -// The software UART that receives commands from the reader, and its state -// variables. -//----------------------------------------------------------------------------- -static struct { - enum { - STATE_UNSYNCD, - STATE_START_OF_COMMUNICATION, - STATE_MILLER_X, - STATE_MILLER_Y, - STATE_MILLER_Z, - STATE_ERROR_WAIT - } state; - WORD shiftReg; - int bitCnt; - int byteCnt; - int byteCntMax; - int posCnt; - int syncBit; - int parityBits; - int samples; - int highCnt; - int bitBuffer; - enum { - DROP_NONE, - DROP_FIRST_HALF, - DROP_SECOND_HALF - } drop; - BYTE *output; -} Uart; - -static BOOL MillerDecoding(int bit) -{ - int error = 0; - int bitright; - - if(!Uart.bitBuffer) { - Uart.bitBuffer = bit ^ 0xFF0; - return FALSE; - } - else { - Uart.bitBuffer <<= 4; - Uart.bitBuffer ^= bit; - } - - BOOL EOC = FALSE; - - if(Uart.state != STATE_UNSYNCD) { - Uart.posCnt++; - - if((Uart.bitBuffer & Uart.syncBit) ^ Uart.syncBit) { - bit = 0x00; - } - else { - bit = 0x01; - } - if(((Uart.bitBuffer << 1) & Uart.syncBit) ^ Uart.syncBit) { - bitright = 0x00; - } - else { - bitright = 0x01; - } - if(bit != bitright) { bit = bitright; } - - if(Uart.posCnt == 1) { - // measurement first half bitperiod - if(!bit) { - Uart.drop = DROP_FIRST_HALF; - } - } - else { - // measurement second half bitperiod - if(!bit & (Uart.drop == DROP_NONE)) { - Uart.drop = DROP_SECOND_HALF; - } - else if(!bit) { - // measured a drop in first and second half - // which should not be possible - Uart.state = STATE_ERROR_WAIT; - error = 0x01; - } - - Uart.posCnt = 0; - - switch(Uart.state) { - case STATE_START_OF_COMMUNICATION: - Uart.shiftReg = 0; - if(Uart.drop == DROP_SECOND_HALF) { - // error, should not happen in SOC - Uart.state = STATE_ERROR_WAIT; - error = 0x02; - } - else { - // correct SOC - Uart.state = STATE_MILLER_Z; - } - break; - - case STATE_MILLER_Z: - Uart.bitCnt++; - Uart.shiftReg >>= 1; - if(Uart.drop == DROP_NONE) { - // logic '0' followed by sequence Y - // end of communication - Uart.state = STATE_UNSYNCD; - EOC = TRUE; - } - // if(Uart.drop == DROP_FIRST_HALF) { - // Uart.state = STATE_MILLER_Z; stay the same - // we see a logic '0' } - if(Uart.drop == DROP_SECOND_HALF) { - // we see a logic '1' - Uart.shiftReg |= 0x100; - Uart.state = STATE_MILLER_X; - } - break; - - case STATE_MILLER_X: - Uart.shiftReg >>= 1; - if(Uart.drop == DROP_NONE) { - // sequence Y, we see a '0' - Uart.state = STATE_MILLER_Y; - Uart.bitCnt++; - } - if(Uart.drop == DROP_FIRST_HALF) { - // Would be STATE_MILLER_Z - // but Z does not follow X, so error - Uart.state = STATE_ERROR_WAIT; - error = 0x03; - } - if(Uart.drop == DROP_SECOND_HALF) { - // We see a '1' and stay in state X - Uart.shiftReg |= 0x100; - Uart.bitCnt++; - } - break; - - case STATE_MILLER_Y: - Uart.bitCnt++; - Uart.shiftReg >>= 1; - if(Uart.drop == DROP_NONE) { - // logic '0' followed by sequence Y - // end of communication - Uart.state = STATE_UNSYNCD; - EOC = TRUE; - } - if(Uart.drop == DROP_FIRST_HALF) { - // we see a '0' - Uart.state = STATE_MILLER_Z; - } - if(Uart.drop == DROP_SECOND_HALF) { - // We see a '1' and go to state X - Uart.shiftReg |= 0x100; - Uart.state = STATE_MILLER_X; - } - break; - - case STATE_ERROR_WAIT: - // That went wrong. Now wait for at least two bit periods - // and try to sync again - if(Uart.drop == DROP_NONE) { - Uart.highCnt = 6; - Uart.state = STATE_UNSYNCD; - } - break; - - default: - Uart.state = STATE_UNSYNCD; - Uart.highCnt = 0; - break; - } - - Uart.drop = DROP_NONE; - - // should have received at least one whole byte... - if((Uart.bitCnt == 2) && EOC && (Uart.byteCnt > 0)) { - return TRUE; - } - - if(Uart.bitCnt == 9) { - Uart.output[Uart.byteCnt] = (Uart.shiftReg & 0xff); - Uart.byteCnt++; - - Uart.parityBits <<= 1; - Uart.parityBits ^= ((Uart.shiftReg >> 8) & 0x01); - - if(EOC) { - // when End of Communication received and - // all data bits processed.. - return TRUE; - } - Uart.bitCnt = 0; - } - - /*if(error) { - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = error & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = (Uart.bitBuffer >> 8) & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = Uart.bitBuffer & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = (Uart.syncBit >> 3) & 0xFF; - Uart.byteCnt++; - Uart.output[Uart.byteCnt] = 0xAA; - Uart.byteCnt++; - return TRUE; - }*/ - } - - } - else { - bit = Uart.bitBuffer & 0xf0; - bit >>= 4; - bit ^= 0x0F; - if(bit) { - // should have been high or at least (4 * 128) / fc - // according to ISO this should be at least (9 * 128 + 20) / fc - if(Uart.highCnt == 8) { - // we went low, so this could be start of communication - // it turns out to be safer to choose a less significant - // syncbit... so we check whether the neighbour also represents the drop - Uart.posCnt = 1; // apparently we are busy with our first half bit period - Uart.syncBit = bit & 8; - Uart.samples = 3; - if(!Uart.syncBit) { Uart.syncBit = bit & 4; Uart.samples = 2; } - else if(bit & 4) { Uart.syncBit = bit & 4; Uart.samples = 2; bit <<= 2; } - if(!Uart.syncBit) { Uart.syncBit = bit & 2; Uart.samples = 1; } - else if(bit & 2) { Uart.syncBit = bit & 2; Uart.samples = 1; bit <<= 1; } - if(!Uart.syncBit) { Uart.syncBit = bit & 1; Uart.samples = 0; - if(Uart.syncBit & (Uart.bitBuffer & 8)) { - Uart.syncBit = 8; - - // the first half bit period is expected in next sample - Uart.posCnt = 0; - Uart.samples = 3; - } - } - else if(bit & 1) { Uart.syncBit = bit & 1; Uart.samples = 0; } - - Uart.syncBit <<= 4; - Uart.state = STATE_START_OF_COMMUNICATION; - Uart.drop = DROP_FIRST_HALF; - Uart.bitCnt = 0; - Uart.byteCnt = 0; - Uart.parityBits = 0; - error = 0; - } - else { - Uart.highCnt = 0; - } - } - else { - if(Uart.highCnt < 8) { - Uart.highCnt++; - } - } - } - - return FALSE; -} - -//============================================================================= -// ISO 14443 Type A - Manchester -//============================================================================= - -static struct { - enum { - DEMOD_UNSYNCD, - DEMOD_START_OF_COMMUNICATION, - DEMOD_MANCHESTER_D, - DEMOD_MANCHESTER_E, - DEMOD_MANCHESTER_F, - DEMOD_ERROR_WAIT - } state; - int bitCount; - int posCount; - int syncBit; - int parityBits; - WORD shiftReg; - int buffer; - int buff; - int samples; - int len; - enum { - SUB_NONE, - SUB_FIRST_HALF, - SUB_SECOND_HALF - } sub; - BYTE *output; -} Demod; - -static BOOL ManchesterDecoding(int v) -{ - int bit; - int modulation; - int error = 0; - - if(!Demod.buff) { - Demod.buff = 1; - Demod.buffer = v; - return FALSE; - } - else { - bit = Demod.buffer; - Demod.buffer = v; - } - - if(Demod.state==DEMOD_UNSYNCD) { - Demod.output[Demod.len] = 0xfa; - Demod.syncBit = 0; - //Demod.samples = 0; - Demod.posCount = 1; // This is the first half bit period, so after syncing handle the second part - if(bit & 0x08) { Demod.syncBit = 0x08; } - if(!Demod.syncBit) { - if(bit & 0x04) { Demod.syncBit = 0x04; } - } - else if(bit & 0x04) { Demod.syncBit = 0x04; bit <<= 4; } - if(!Demod.syncBit) { - if(bit & 0x02) { Demod.syncBit = 0x02; } - } - else if(bit & 0x02) { Demod.syncBit = 0x02; bit <<= 4; } - if(!Demod.syncBit) { - if(bit & 0x01) { Demod.syncBit = 0x01; } - - if(Demod.syncBit & (Demod.buffer & 0x08)) { - Demod.syncBit = 0x08; - - // The first half bitperiod is expected in next sample - Demod.posCount = 0; - Demod.output[Demod.len] = 0xfb; - } - } - else if(bit & 0x01) { Demod.syncBit = 0x01; } - - if(Demod.syncBit) { - Demod.len = 0; - Demod.state = DEMOD_START_OF_COMMUNICATION; - Demod.sub = SUB_FIRST_HALF; - Demod.bitCount = 0; - Demod.shiftReg = 0; - Demod.parityBits = 0; - Demod.samples = 0; - if(Demod.posCount) { - switch(Demod.syncBit) { - case 0x08: Demod.samples = 3; break; - case 0x04: Demod.samples = 2; break; - case 0x02: Demod.samples = 1; break; - case 0x01: Demod.samples = 0; break; - } - } - error = 0; - } - } - else { - //modulation = bit & Demod.syncBit; - modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit; - - Demod.samples += 4; - - if(Demod.posCount==0) { - Demod.posCount = 1; - if(modulation) { - Demod.sub = SUB_FIRST_HALF; - } - else { - Demod.sub = SUB_NONE; - } - } - else { - Demod.posCount = 0; - if(modulation && (Demod.sub == SUB_FIRST_HALF)) { - if(Demod.state!=DEMOD_ERROR_WAIT) { - Demod.state = DEMOD_ERROR_WAIT; - Demod.output[Demod.len] = 0xaa; - error = 0x01; - } - } - else if(modulation) { - Demod.sub = SUB_SECOND_HALF; - } - - switch(Demod.state) { - case DEMOD_START_OF_COMMUNICATION: - if(Demod.sub == SUB_FIRST_HALF) { - Demod.state = DEMOD_MANCHESTER_D; - } - else { - Demod.output[Demod.len] = 0xab; - Demod.state = DEMOD_ERROR_WAIT; - error = 0x02; - } - break; - - case DEMOD_MANCHESTER_D: - case DEMOD_MANCHESTER_E: - if(Demod.sub == SUB_FIRST_HALF) { - Demod.bitCount++; - Demod.shiftReg = (Demod.shiftReg >> 1) ^ 0x100; - Demod.state = DEMOD_MANCHESTER_D; - } - else if(Demod.sub == SUB_SECOND_HALF) { - Demod.bitCount++; - Demod.shiftReg >>= 1; - Demod.state = DEMOD_MANCHESTER_E; - } - else { - Demod.state = DEMOD_MANCHESTER_F; - } - break; - - case DEMOD_MANCHESTER_F: - // Tag response does not need to be a complete byte! - if(Demod.len > 0 || Demod.bitCount > 0) { - if(Demod.bitCount > 0) { - Demod.shiftReg >>= (9 - Demod.bitCount); - Demod.output[Demod.len] = Demod.shiftReg & 0xff; - Demod.len++; - // No parity bit, so just shift a 0 - Demod.parityBits <<= 1; - } - - Demod.state = DEMOD_UNSYNCD; - return TRUE; - } - else { - Demod.output[Demod.len] = 0xad; - Demod.state = DEMOD_ERROR_WAIT; - error = 0x03; - } - break; - - case DEMOD_ERROR_WAIT: - Demod.state = DEMOD_UNSYNCD; - break; - - default: - Demod.output[Demod.len] = 0xdd; - Demod.state = DEMOD_UNSYNCD; - break; - } - - if(Demod.bitCount>=9) { - Demod.output[Demod.len] = Demod.shiftReg & 0xff; - Demod.len++; - - Demod.parityBits <<= 1; - Demod.parityBits ^= ((Demod.shiftReg >> 8) & 0x01); - - Demod.bitCount = 0; - Demod.shiftReg = 0; - } - - /*if(error) { - Demod.output[Demod.len] = 0xBB; - Demod.len++; - Demod.output[Demod.len] = error & 0xFF; - Demod.len++; - Demod.output[Demod.len] = 0xBB; - Demod.len++; - Demod.output[Demod.len] = bit & 0xFF; - Demod.len++; - Demod.output[Demod.len] = Demod.buffer & 0xFF; - Demod.len++; - Demod.output[Demod.len] = Demod.syncBit & 0xFF; - Demod.len++; - Demod.output[Demod.len] = 0xBB; - Demod.len++; - return TRUE; - }*/ - - } - - } // end (state != UNSYNCED) - - return FALSE; -} - -//============================================================================= -// Finally, a `sniffer' for ISO 14443 Type A -// Both sides of communication! -//============================================================================= - -//----------------------------------------------------------------------------- -// Record the sequence of commands sent by the reader to the tag, with -// triggering so that we start recording at the point that the tag is moved -// near the reader. -//----------------------------------------------------------------------------- -void SnoopIso14443a(void) -{ -// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values -// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values -// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values -// #define DMA_BUFFER_SIZE 4096 // original (working as of 21/2/09) values -// #define TRACE_LENGTH 2000 // original (working as of 21/2/09) values - - // We won't start recording the frames that we acquire until we trigger; - // a good trigger condition to get started is probably when we see a - // response from the tag. - BOOL triggered = TRUE; // FALSE to wait first for card - - // The command (reader -> tag) that we're receiving. - // The length of a received command will in most cases be no more than 18 bytes. - // So 32 should be enough! - BYTE *receivedCmd = (((BYTE *)BigBuf) + RECV_CMD_OFFSET); - // The response (tag -> reader) that we're receiving. - BYTE *receivedResponse = (((BYTE *)BigBuf) + RECV_RES_OFFSET); - - // As we receive stuff, we copy it from receivedCmd or receivedResponse - // into trace, along with its length and other annotations. - //BYTE *trace = (BYTE *)BigBuf; - //int traceLen = 0; - - // The DMA buffer, used to stream samples from the FPGA - SBYTE *dmaBuf = ((SBYTE *)BigBuf) + DMA_BUFFER_OFFSET; - int lastRxCounter; - SBYTE *upTo; - int smpl; - int maxBehindBy = 0; - - // Count of samples received so far, so that we can include timing - // information in the trace buffer. - int samples = 0; - int rsamples = 0; - - memset(trace, 0x44, RECV_CMD_OFFSET); - - // Set up the demodulator for tag -> reader responses. - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - // And the reader -> tag commands - memset(&Uart, 0, sizeof(Uart)); - Uart.output = receivedCmd; - Uart.byteCntMax = 32; // was 100 (greg)//////////////////////////////////////////////////////////////////////// - Uart.state = STATE_UNSYNCD; - - // And put the FPGA in the appropriate mode - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER); - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - // Setup for the DMA. - FpgaSetupSsc(); - upTo = dmaBuf; - lastRxCounter = DMA_BUFFER_SIZE; - FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); - - LED_A_ON(); - - // And now we loop, receiving samples. - for(;;) { - WDT_HIT(); - int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & - (DMA_BUFFER_SIZE-1); - if(behindBy > maxBehindBy) { - maxBehindBy = behindBy; - if(behindBy > 400) { - DbpString("blew circular buffer!"); - goto done; - } - } - if(behindBy < 1) continue; - - smpl = upTo[0]; - upTo++; - lastRxCounter -= 1; - if(upTo - dmaBuf > DMA_BUFFER_SIZE) { - upTo -= DMA_BUFFER_SIZE; - lastRxCounter += DMA_BUFFER_SIZE; - AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo; - AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; - } - - samples += 4; -#define HANDLE_BIT_IF_BODY \ - LED_C_ON(); \ - if(triggered) { \ - trace[traceLen++] = ((rsamples >> 0) & 0xff); \ - trace[traceLen++] = ((rsamples >> 8) & 0xff); \ - trace[traceLen++] = ((rsamples >> 16) & 0xff); \ - trace[traceLen++] = ((rsamples >> 24) & 0xff); \ - trace[traceLen++] = ((Uart.parityBits >> 0) & 0xff); \ - trace[traceLen++] = ((Uart.parityBits >> 8) & 0xff); \ - trace[traceLen++] = ((Uart.parityBits >> 16) & 0xff); \ - trace[traceLen++] = ((Uart.parityBits >> 24) & 0xff); \ - trace[traceLen++] = Uart.byteCnt; \ - memcpy(trace+traceLen, receivedCmd, Uart.byteCnt); \ - traceLen += Uart.byteCnt; \ - if(traceLen > TRACE_LENGTH) break; \ - } \ - /* And ready to receive another command. */ \ - Uart.state = STATE_UNSYNCD; \ - /* And also reset the demod code, which might have been */ \ - /* false-triggered by the commands from the reader. */ \ - Demod.state = DEMOD_UNSYNCD; \ - LED_B_OFF(); \ - - if(MillerDecoding((smpl & 0xF0) >> 4)) { - rsamples = samples - Uart.samples; - HANDLE_BIT_IF_BODY - } - if(ManchesterDecoding(smpl & 0x0F)) { - rsamples = samples - Demod.samples; - LED_B_ON(); - - // timestamp, as a count of samples - trace[traceLen++] = ((rsamples >> 0) & 0xff); - trace[traceLen++] = ((rsamples >> 8) & 0xff); - trace[traceLen++] = ((rsamples >> 16) & 0xff); - trace[traceLen++] = 0x80 | ((rsamples >> 24) & 0xff); - trace[traceLen++] = ((Demod.parityBits >> 0) & 0xff); - trace[traceLen++] = ((Demod.parityBits >> 8) & 0xff); - trace[traceLen++] = ((Demod.parityBits >> 16) & 0xff); - trace[traceLen++] = ((Demod.parityBits >> 24) & 0xff); - // length - trace[traceLen++] = Demod.len; - memcpy(trace+traceLen, receivedResponse, Demod.len); - traceLen += Demod.len; - if(traceLen > TRACE_LENGTH) break; - - triggered = TRUE; - - // And ready to receive another response. - memset(&Demod, 0, sizeof(Demod)); - Demod.output = receivedResponse; - Demod.state = DEMOD_UNSYNCD; - LED_C_OFF(); - } - - if(BUTTON_PRESS()) { - DbpString("cancelled_a"); - goto done; - } - } - - DbpString("COMMAND FINISHED"); - - Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); - Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]); - -done: - AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; - Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); - Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]); - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); -} - -// Prepare communication bits to send to FPGA -void Sequence(SecType seq) -{ - ToSendMax++; - switch(seq) { - // CARD TO READER - case SEC_D: - // Sequence D: 11110000 - // modulation with subcarrier during first half - ToSend[ToSendMax] = 0xf0; - break; - case SEC_E: - // Sequence E: 00001111 - // modulation with subcarrier during second half - ToSend[ToSendMax] = 0x0f; - break; - case SEC_F: - // Sequence F: 00000000 - // no modulation with subcarrier - ToSend[ToSendMax] = 0x00; - break; - // READER TO CARD - case SEC_X: - // Sequence X: 00001100 - // drop after half a period - ToSend[ToSendMax] = 0x0c; - break; - case SEC_Y: - default: - // Sequence Y: 00000000 - // no drop - ToSend[ToSendMax] = 0x00; - break; - case SEC_Z: - // Sequence Z: 11000000 - // drop at start - ToSend[ToSendMax] = 0xc0; - break; - } -} - -//----------------------------------------------------------------------------- -// Prepare tag messages -//----------------------------------------------------------------------------- -static void CodeIso14443aAsTag(const BYTE *cmd, int len) -{ - int i; - int oddparity; - - ToSendReset(); - - // Correction bit, might be removed when not needed - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(1); // 1 - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - - // Send startbit - Sequence(SEC_D); - - for(i = 0; i < len; i++) { - int j; - BYTE b = cmd[i]; - - // Data bits - oddparity = 0x01; - for(j = 0; j < 8; j++) { - oddparity ^= (b & 1); - if(b & 1) { - Sequence(SEC_D); - } else { - Sequence(SEC_E); - } - b >>= 1; - } - - // Parity bit - if(oddparity) { - Sequence(SEC_D); - } else { - Sequence(SEC_E); - } - } - - // Send stopbit - Sequence(SEC_F); - - // Flush the buffer in FPGA!! - for(i = 0; i < 5; i++) { - Sequence(SEC_F); - } - - // Convert from last byte pos to length - ToSendMax++; - - // Add a few more for slop - ToSend[ToSendMax++] = 0x00; - ToSend[ToSendMax++] = 0x00; - //ToSendMax += 2; -} - -//----------------------------------------------------------------------------- -// This is to send a NACK kind of answer, its only 3 bits, I know it should be 4 -//----------------------------------------------------------------------------- -static void CodeStrangeAnswer() -{ - int i; - - ToSendReset(); - - // Correction bit, might be removed when not needed - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(1); // 1 - ToSendStuffBit(0); - ToSendStuffBit(0); - ToSendStuffBit(0); - - // Send startbit - Sequence(SEC_D); - - // 0 - Sequence(SEC_E); - - // 0 - Sequence(SEC_E); - - // 1 - Sequence(SEC_D); - - // Send stopbit - Sequence(SEC_F); - - // Flush the buffer in FPGA!! - for(i = 0; i < 5; i++) { - Sequence(SEC_F); - } - - // Convert from last byte pos to length - ToSendMax++; - - // Add a few more for slop - ToSend[ToSendMax++] = 0x00; - ToSend[ToSendMax++] = 0x00; - //ToSendMax += 2; -} - -//----------------------------------------------------------------------------- -// Wait for commands from reader -// Stop when button is pressed -// Or return TRUE when command is captured -//----------------------------------------------------------------------------- -static BOOL GetIso14443aCommandFromReader(BYTE *received, int *len, int maxLen) -{ - // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); - - // Now run a `software UART' on the stream of incoming samples. - Uart.output = received; - Uart.byteCntMax = maxLen; - Uart.state = STATE_UNSYNCD; - - for(;;) { - WDT_HIT(); - - if(BUTTON_PRESS()) return FALSE; - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; - if(MillerDecoding((b & 0xf0) >> 4)) { - *len = Uart.byteCnt; - return TRUE; - } - if(MillerDecoding(b & 0x0f)) { - *len = Uart.byteCnt; - return TRUE; - } - } - } -} - -//----------------------------------------------------------------------------- -// Main loop of simulated tag: receive commands from reader, decide what -// response to send, and send it. -//----------------------------------------------------------------------------- -void SimulateIso14443aTag(int tagType, int TagUid) -{ - // This function contains the tag emulation - - // Prepare protocol messages - // static const BYTE cmd1[] = { 0x26 }; -// static const BYTE response1[] = { 0x02, 0x00 }; // Says: I am Mifare 4k - original line - greg -// - static const BYTE response1[] = { 0x44, 0x03 }; // Says: I am a DESFire Tag, ph33r me -// static const BYTE response1[] = { 0x44, 0x00 }; // Says: I am a ULTRALITE Tag, 0wn me - - // UID response - // static const BYTE cmd2[] = { 0x93, 0x20 }; - //static const BYTE response2[] = { 0x9a, 0xe5, 0xe4, 0x43, 0xd8 }; // original value - greg - - - -// my desfire - static const BYTE response2[] = { 0x88, 0x04, 0x21, 0x3f, 0x4d }; // known uid - note cascade (0x88), 2nd byte (0x04) = NXP/Phillips - - -// When reader selects us during cascade1 it will send cmd3 -//BYTE response3[] = { 0x04, 0x00, 0x00 }; // SAK Select (cascade1) successful response (ULTRALITE) -BYTE response3[] = { 0x24, 0x00, 0x00 }; // SAK Select (cascade1) successful response (DESFire) -ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]); - -// send cascade2 2nd half of UID -static const BYTE response2a[] = { 0x51, 0x48, 0x1d, 0x80, 0x84 }; // uid - cascade2 - 2nd half (4 bytes) of UID+ BCCheck -// NOTE : THE CRC on the above may be wrong as I have obfuscated the actual UID - - -// When reader selects us during cascade2 it will send cmd3a -//BYTE response3a[] = { 0x00, 0x00, 0x00 }; // SAK Select (cascade2) successful response (ULTRALITE) -BYTE response3a[] = { 0x20, 0x00, 0x00 }; // SAK Select (cascade2) successful response (DESFire) -ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); - - static const BYTE response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce - - BYTE *resp; - int respLen; - - // Longest possible response will be 16 bytes + 2 CRC = 18 bytes - // This will need - // 144 data bits (18 * 8) - // 18 parity bits - // 2 Start and stop - // 1 Correction bit (Answer in 1172 or 1236 periods, see FPGA) - // 1 just for the case - // ----------- + - // 166 - // - // 166 bytes, since every bit that needs to be send costs us a byte - // - - - // Respond with card type - BYTE *resp1 = (((BYTE *)BigBuf) + 800); - int resp1Len; - - // Anticollision cascade1 - respond with uid - BYTE *resp2 = (((BYTE *)BigBuf) + 970); - int resp2Len; - - // Anticollision cascade2 - respond with 2nd half of uid if asked - // we're only going to be asked if we set the 1st byte of the UID (during cascade1) to 0x88 - BYTE *resp2a = (((BYTE *)BigBuf) + 1140); - int resp2aLen; - - // Acknowledge select - cascade 1 - BYTE *resp3 = (((BYTE *)BigBuf) + 1310); - int resp3Len; - - // Acknowledge select - cascade 2 - BYTE *resp3a = (((BYTE *)BigBuf) + 1480); - int resp3aLen; - - // Response to a read request - not implemented atm - BYTE *resp4 = (((BYTE *)BigBuf) + 1550); - int resp4Len; - - // Authenticate response - nonce - BYTE *resp5 = (((BYTE *)BigBuf) + 1720); - int resp5Len; - - BYTE *receivedCmd = (BYTE *)BigBuf; - int len; - - int i; - int u; - BYTE b; - - // To control where we are in the protocol - int order = 0; - int lastorder; - - // Just to allow some checks - int happened = 0; - int happened2 = 0; - - int cmdsRecvd = 0; - - BOOL fdt_indicator; - - memset(receivedCmd, 0x44, 400); - - // Prepare the responses of the anticollision phase - // there will be not enough time to do this at the moment the reader sends it REQA - - // Answer to request - CodeIso14443aAsTag(response1, sizeof(response1)); - memcpy(resp1, ToSend, ToSendMax); resp1Len = ToSendMax; - - // Send our UID (cascade 1) - CodeIso14443aAsTag(response2, sizeof(response2)); - memcpy(resp2, ToSend, ToSendMax); resp2Len = ToSendMax; - - // Answer to select (cascade1) - CodeIso14443aAsTag(response3, sizeof(response3)); - memcpy(resp3, ToSend, ToSendMax); resp3Len = ToSendMax; - - // Send the cascade 2 2nd part of the uid - CodeIso14443aAsTag(response2a, sizeof(response2a)); - memcpy(resp2a, ToSend, ToSendMax); resp2aLen = ToSendMax; - - // Answer to select (cascade 2) - CodeIso14443aAsTag(response3a, sizeof(response3a)); - memcpy(resp3a, ToSend, ToSendMax); resp3aLen = ToSendMax; - - // Strange answer is an example of rare message size (3 bits) - CodeStrangeAnswer(); - memcpy(resp4, ToSend, ToSendMax); resp4Len = ToSendMax; - - // Authentication answer (random nonce) - CodeIso14443aAsTag(response5, sizeof(response5)); - memcpy(resp5, ToSend, ToSendMax); resp5Len = ToSendMax; - - // We need to listen to the high-frequency, peak-detected path. - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - cmdsRecvd = 0; - - LED_A_ON(); - for(;;) { - - if(!GetIso14443aCommandFromReader(receivedCmd, &len, 100)) { - DbpString("button press"); - break; - } - // doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated - // Okay, look at the command now. - lastorder = order; - i = 1; // first byte transmitted - if(receivedCmd[0] == 0x26) { - // Received a REQUEST - resp = resp1; respLen = resp1Len; order = 1; - //DbpString("Hello request from reader:"); - } else if(receivedCmd[0] == 0x52) { - // Received a WAKEUP - resp = resp1; respLen = resp1Len; order = 6; -// //DbpString("Wakeup request from reader:"); - - } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // greg - cascade 1 anti-collision - // Received request for UID (cascade 1) - resp = resp2; respLen = resp2Len; order = 2; -// DbpString("UID (cascade 1) request from reader:"); -// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - - } else if(receivedCmd[1] == 0x20 && receivedCmd[0] ==0x95) { // greg - cascade 2 anti-collision - // Received request for UID (cascade 2) - resp = resp2a; respLen = resp2aLen; order = 20; -// DbpString("UID (cascade 2) request from reader:"); -// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - - } else if(receivedCmd[1] == 0x70 && receivedCmd[0] ==0x93) { // greg - cascade 1 select - // Received a SELECT - resp = resp3; respLen = resp3Len; order = 3; -// DbpString("Select (cascade 1) request from reader:"); -// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - - } else if(receivedCmd[1] == 0x70 && receivedCmd[0] ==0x95) { // greg - cascade 2 select - // Received a SELECT - resp = resp3a; respLen = resp3aLen; order = 30; -// DbpString("Select (cascade 2) request from reader:"); -// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - - } else if(receivedCmd[0] == 0x30) { - // Received a READ - resp = resp4; respLen = resp4Len; order = 4; // Do nothing - Dbprintf("Read request from reader: %x %x %x", - receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - - } else if(receivedCmd[0] == 0x50) { - // Received a HALT - resp = resp1; respLen = 0; order = 5; // Do nothing - DbpString("Reader requested we HALT!:"); - - } else if(receivedCmd[0] == 0x60) { - // Received an authentication request - resp = resp5; respLen = resp5Len; order = 7; - Dbprintf("Authenticate request from reader: %x %x %x", - receivedCmd[0], receivedCmd[1], receivedCmd[2]); - - } else if(receivedCmd[0] == 0xE0) { - // Received a RATS request - resp = resp1; respLen = 0;order = 70; - Dbprintf("RATS request from reader: %x %x %x", - receivedCmd[0], receivedCmd[1], receivedCmd[2]); - } else { - // Never seen this command before - Dbprintf("Unknown command received from reader: %x %x %x %x %x %x %x %x %x", - receivedCmd[0], receivedCmd[1], receivedCmd[2], - receivedCmd[3], receivedCmd[3], receivedCmd[4], - receivedCmd[5], receivedCmd[6], receivedCmd[7]); - // Do not respond - resp = resp1; respLen = 0; order = 0; - } - - // Count number of wakeups received after a halt - if(order == 6 && lastorder == 5) { happened++; } - - // Count number of other messages after a halt - if(order != 6 && lastorder == 5) { happened2++; } - - // Look at last parity bit to determine timing of answer - if((Uart.parityBits & 0x01) || receivedCmd[0] == 0x52) { - // 1236, so correction bit needed - i = 0; - } - - memset(receivedCmd, 0x44, 32); - - if(cmdsRecvd > 999) { - DbpString("1000 commands later..."); - break; - } - else { - cmdsRecvd++; - } - - if(respLen <= 0) continue; - - // Modulate Manchester - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD); - AT91C_BASE_SSC->SSC_THR = 0x00; - FpgaSetupSsc(); - - // ### Transmit the response ### - u = 0; - b = 0x00; - fdt_indicator = FALSE; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; - (void)b; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - if(i > respLen) { - b = 0x00; - u++; - } else { - b = resp[i]; - i++; - } - AT91C_BASE_SSC->SSC_THR = b; - - if(u > 4) { - break; - } - } - if(BUTTON_PRESS()) { - break; - } - } - - } - - Dbprintf("%x %x %x", happened, happened2, cmdsRecvd); - LED_A_OFF(); -} - -//----------------------------------------------------------------------------- -// Transmit the command (to the tag) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitFor14443a(const BYTE *cmd, int len, int *samples, int *wait) -{ - int c; - - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - - if (wait) - if(*wait < 10) - *wait = 10; - - for(c = 0; c < *wait;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! - c++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = cmd[c]; - c++; - if(c >= len) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - if (samples) *samples = (c + *wait) << 3; -} - -//----------------------------------------------------------------------------- -// To generate an arbitrary stream from reader -// -//----------------------------------------------------------------------------- -void ArbitraryFromReader(const BYTE *cmd, int parity, int len) -{ - int i; - int j; - int last; - BYTE b; - - ToSendReset(); - - // Start of Communication (Seq. Z) - Sequence(SEC_Z); - last = 0; - - for(i = 0; i < len; i++) { - // Data bits - b = cmd[i]; - for(j = 0; j < 8; j++) { - if(b & 1) { - // Sequence X - Sequence(SEC_X); - last = 1; - } else { - if(last == 0) { - // Sequence Z - Sequence(SEC_Z); - } - else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - } - b >>= 1; - - } - - // Predefined parity bit, the flipper flips when needed, because of flips in byte sent - if(((parity >> (len - i - 1)) & 1)) { - // Sequence X - Sequence(SEC_X); - last = 1; - } else { - if(last == 0) { - // Sequence Z - Sequence(SEC_Z); - } - else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - } - } - - // End of Communication - if(last == 0) { - // Sequence Z - Sequence(SEC_Z); - } - else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - // Sequence Y - Sequence(SEC_Y); - - // Just to be sure! - Sequence(SEC_Y); - Sequence(SEC_Y); - Sequence(SEC_Y); - - // Convert from last character reference to length - ToSendMax++; -} - -//----------------------------------------------------------------------------- -// Code a 7-bit command without parity bit -// This is especially for 0x26 and 0x52 (REQA and WUPA) -//----------------------------------------------------------------------------- -void ShortFrameFromReader(const BYTE bt) -{ - int j; - int last; - BYTE b; - - ToSendReset(); - - // Start of Communication (Seq. Z) - Sequence(SEC_Z); - last = 0; - - b = bt; - for(j = 0; j < 7; j++) { - if(b & 1) { - // Sequence X - Sequence(SEC_X); - last = 1; - } else { - if(last == 0) { - // Sequence Z - Sequence(SEC_Z); - } - else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - } - b >>= 1; - } - - // End of Communication - if(last == 0) { - // Sequence Z - Sequence(SEC_Z); - } - else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - // Sequence Y - Sequence(SEC_Y); - - // Just to be sure! - Sequence(SEC_Y); - Sequence(SEC_Y); - Sequence(SEC_Y); - - // Convert from last character reference to length - ToSendMax++; -} - -//----------------------------------------------------------------------------- -// Prepare reader command to send to FPGA -// -//----------------------------------------------------------------------------- -void CodeIso14443aAsReaderPar(const BYTE * cmd, int len, DWORD dwParity) -{ - int i, j; - int last; - BYTE b; - - ToSendReset(); - - // Start of Communication (Seq. Z) - Sequence(SEC_Z); - last = 0; - - // Generate send structure for the data bits - for (i = 0; i < len; i++) { - // Get the current byte to send - b = cmd[i]; - - for (j = 0; j < 8; j++) { - if (b & 1) { - // Sequence X - Sequence(SEC_X); - last = 1; - } else { - if (last == 0) { - // Sequence Z - Sequence(SEC_Z); - } else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - } - b >>= 1; - } - - // Get the parity bit - if ((dwParity >> i) & 0x01) { - // Sequence X - Sequence(SEC_X); - last = 1; - } else { - if (last == 0) { - // Sequence Z - Sequence(SEC_Z); - } else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - } - } - - // End of Communication - if (last == 0) { - // Sequence Z - Sequence(SEC_Z); - } else { - // Sequence Y - Sequence(SEC_Y); - last = 0; - } - // Sequence Y - Sequence(SEC_Y); - - // Just to be sure! - Sequence(SEC_Y); - Sequence(SEC_Y); - Sequence(SEC_Y); - - // Convert from last character reference to length - ToSendMax++; -} - -//----------------------------------------------------------------------------- -// Wait a certain time for tag response -// If a response is captured return TRUE -// If it takes to long return FALSE -//----------------------------------------------------------------------------- -static BOOL GetIso14443aAnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) //BYTE *buffer -{ - // buffer needs to be 512 bytes - int c; - - // Set FPGA mode to "reader listen mode", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); - - // Now get the answer from the card - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - BYTE b; - if (elapsed) *elapsed = 0; - - c = 0; - for(;;) { - WDT_HIT(); - - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! - if (elapsed) (*elapsed)++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - if(c < 512) { c++; } else { return FALSE; } - b = (BYTE)AT91C_BASE_SSC->SSC_RHR; - if(ManchesterDecoding((b & 0xf0) >> 4)) { - *samples = ((c - 1) << 3) + 4; - return TRUE; - } - if(ManchesterDecoding(b & 0x0f)) { - *samples = c << 3; - return TRUE; - } - } - } -} - -void ReaderTransmitShort(const BYTE* bt) -{ - int wait = 0; - int samples = 0; - - ShortFrameFromReader(*bt); - - // Select the card - TransmitFor14443a(ToSend, ToSendMax, &samples, &wait); - - // Store reader command in buffer - if (tracing) LogTrace(bt,1,0,GetParity(bt,1),TRUE); -} - -void ReaderTransmitPar(BYTE* frame, int len, DWORD par) -{ - int wait = 0; - int samples = 0; - - // This is tied to other size changes - // BYTE* frame_addr = ((BYTE*)BigBuf) + 2024; - CodeIso14443aAsReaderPar(frame,len,par); - - // Select the card - TransmitFor14443a(ToSend, ToSendMax, &samples, &wait); - - // Store reader command in buffer - if (tracing) LogTrace(frame,len,0,par,TRUE); -} - - -void ReaderTransmit(BYTE* frame, int len) -{ - // Generate parity and redirect - ReaderTransmitPar(frame,len,GetParity(frame,len)); -} - -BOOL ReaderReceive(BYTE* receivedAnswer) -{ - int samples = 0; - if (!GetIso14443aAnswerFromTag(receivedAnswer,100,&samples,0)) return FALSE; - if (tracing) LogTrace(receivedAnswer,Demod.len,samples,Demod.parityBits,FALSE); - return TRUE; -} - -//----------------------------------------------------------------------------- -// Read an ISO 14443a tag. Send out commands and store answers. -// -//----------------------------------------------------------------------------- -void ReaderIso14443a(DWORD parameter) -{ - // Anticollision - BYTE wupa[] = { 0x52 }; - BYTE sel_all[] = { 0x93,0x20 }; - BYTE sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - BYTE sel_all_c2[] = { 0x95,0x20 }; - BYTE sel_uid_c2[] = { 0x95,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - - // Mifare AUTH - BYTE mf_auth[] = { 0x60,0x00,0xf5,0x7b }; -// BYTE mf_nr_ar[] = { 0x00,0x00,0x00,0x00 }; - - BYTE* receivedAnswer = (((BYTE *)BigBuf) + 3560); // was 3560 - tied to other size changes - traceLen = 0; - - // Setup SSC - FpgaSetupSsc(); - - // Start from off (no field generated) - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - SpinDelay(200); - - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - - while(traceLen < TRACE_LENGTH) - { - // Broadcast for a card, WUPA (0x52) will force response from all cards in the field - ReaderTransmitShort(wupa); - - // Test if the action was cancelled - if(BUTTON_PRESS()) { - break; - } - - // Receive the ATQA - if (!ReaderReceive(receivedAnswer)) continue; - - // Transmit SELECT_ALL - ReaderTransmit(sel_all,sizeof(sel_all)); - - // Receive the UID - if (!ReaderReceive(receivedAnswer)) continue; - - // Construct SELECT UID command - // First copy the 5 bytes (Mifare Classic) after the 93 70 - memcpy(sel_uid+2,receivedAnswer,5); - // Secondly compute the two CRC bytes at the end - AppendCrc14443a(sel_uid,7); - - // Transmit SELECT_UID - ReaderTransmit(sel_uid,sizeof(sel_uid)); - - // Receive the SAK - if (!ReaderReceive(receivedAnswer)) continue; - - // OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in - // which case we need to make a cascade 2 request and select - this is a long UID - // When the UID is not complete, the 3nd bit (from the right) is set in the SAK. - if (receivedAnswer[0] &= 0x04) - { - // Transmit SELECT_ALL - ReaderTransmit(sel_all_c2,sizeof(sel_all_c2)); - - // Receive the UID - if (!ReaderReceive(receivedAnswer)) continue; - - // Construct SELECT UID command - memcpy(sel_uid_c2+2,receivedAnswer,5); - // Secondly compute the two CRC bytes at the end - AppendCrc14443a(sel_uid_c2,7); - - // Transmit SELECT_UID - ReaderTransmit(sel_uid_c2,sizeof(sel_uid_c2)); - - // Receive the SAK - if (!ReaderReceive(receivedAnswer)) continue; - } - - // Transmit MIFARE_CLASSIC_AUTH - ReaderTransmit(mf_auth,sizeof(mf_auth)); - - // Receive the (16 bit) "random" nonce - if (!ReaderReceive(receivedAnswer)) continue; - } - - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - Dbprintf("%x %x %x", rsamples, 0xCC, 0xCC); - DbpString("ready.."); -} - -//----------------------------------------------------------------------------- -// Read an ISO 14443a tag. Send out commands and store answers. -// -//----------------------------------------------------------------------------- -void ReaderMifare(DWORD parameter) -{ - - // Anticollision - BYTE wupa[] = { 0x52 }; - BYTE sel_all[] = { 0x93,0x20 }; - BYTE sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - - // Mifare AUTH - BYTE mf_auth[] = { 0x60,0x00,0xf5,0x7b }; - BYTE mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - - BYTE* receivedAnswer = (((BYTE *)BigBuf) + 3560); // was 3560 - tied to other size changes - traceLen = 0; - tracing = false; - - // Setup SSC - FpgaSetupSsc(); - - // Start from off (no field generated) - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - SpinDelay(200); - - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - - // Broadcast for a card, WUPA (0x52) will force response from all cards in the field - ReaderTransmitShort(wupa); - // Receive the ATQA - ReaderReceive(receivedAnswer); - // Transmit SELECT_ALL - ReaderTransmit(sel_all,sizeof(sel_all)); - // Receive the UID - ReaderReceive(receivedAnswer); - // Construct SELECT UID command - // First copy the 5 bytes (Mifare Classic) after the 93 70 - memcpy(sel_uid+2,receivedAnswer,5); - // Secondly compute the two CRC bytes at the end - AppendCrc14443a(sel_uid,7); - - byte_t nt_diff = 0; - LED_A_OFF(); - byte_t par = 0; - byte_t par_mask = 0xff; - byte_t par_low = 0; - BOOL led_on = TRUE; - - tracing = FALSE; - byte_t nt[4]; - byte_t nt_attacked[4]; - byte_t par_list[8]; - byte_t ks_list[8]; - num_to_bytes(parameter,4,nt_attacked); - - while(TRUE) - { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - - // Broadcast for a card, WUPA (0x52) will force response from all cards in the field - ReaderTransmitShort(wupa); - - // Test if the action was cancelled - if(BUTTON_PRESS()) { - break; - } - - // Receive the ATQA - if (!ReaderReceive(receivedAnswer)) continue; - - // Transmit SELECT_ALL - ReaderTransmit(sel_all,sizeof(sel_all)); - - // Receive the UID - if (!ReaderReceive(receivedAnswer)) continue; - - // Transmit SELECT_UID - ReaderTransmit(sel_uid,sizeof(sel_uid)); - - // Receive the SAK - if (!ReaderReceive(receivedAnswer)) continue; - - // Transmit MIFARE_CLASSIC_AUTH - ReaderTransmit(mf_auth,sizeof(mf_auth)); - - // Receive the (16 bit) "random" nonce - if (!ReaderReceive(receivedAnswer)) continue; - memcpy(nt,receivedAnswer,4); - - // Transmit reader nonce and reader answer - ReaderTransmitPar(mf_nr_ar,sizeof(mf_nr_ar),par); - - // Receive 4 bit answer - if (ReaderReceive(receivedAnswer)) - { - if (nt_diff == 0) - { - LED_A_ON(); - memcpy(nt_attacked,nt,4); - par_mask = 0xf8; - par_low = par & 0x07; - } - - if (memcmp(nt,nt_attacked,4) != 0) continue; - - led_on = !led_on; - if(led_on) LED_B_ON(); else LED_B_OFF(); - par_list[nt_diff] = par; - ks_list[nt_diff] = receivedAnswer[0]^0x05; - - // Test if the information is complete - if (nt_diff == 0x07) break; - - nt_diff = (nt_diff+1) & 0x07; - mf_nr_ar[3] = nt_diff << 5; - par = par_low; - } else { - if (nt_diff == 0) - { - par++; - } else { - par = (((par>>3)+1) << 3) | par_low; - } - } - } - - LogTraceInfo(sel_uid+2,4); - LogTraceInfo(nt,4); - LogTraceInfo(par_list,8); - LogTraceInfo(ks_list,8); - - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - tracing = TRUE; -} +//----------------------------------------------------------------------------- +// Routines to support ISO 14443 type A. +// +// Gerhard de Koning Gans - May 2008 +//----------------------------------------------------------------------------- +#include +#include "apps.h" +#include "iso14443crc.h" + +static BYTE *trace = (BYTE *) BigBuf; +static int traceLen = 0; +static int rsamples = 0; +static BOOL tracing = TRUE; + +typedef enum { + SEC_D = 1, + SEC_E = 2, + SEC_F = 3, + SEC_X = 4, + SEC_Y = 5, + SEC_Z = 6 +} SecType; + +static const BYTE OddByteParity[256] = { + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1 +}; + +// BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT +#define RECV_CMD_OFFSET 3032 +#define RECV_RES_OFFSET 3096 +#define DMA_BUFFER_OFFSET 3160 +#define DMA_BUFFER_SIZE 4096 +#define TRACE_LENGTH 3000 + +//----------------------------------------------------------------------------- +// Generate the parity value for a byte sequence +// +//----------------------------------------------------------------------------- +DWORD GetParity(const BYTE * pbtCmd, int iLen) +{ + int i; + DWORD dwPar = 0; + + // Generate the encrypted data + for (i = 0; i < iLen; i++) { + // Save the encrypted parity bit + dwPar |= ((OddByteParity[pbtCmd[i]]) << i); + } + return dwPar; +} + +static void AppendCrc14443a(BYTE* data, int len) +{ + ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1); +} + +BOOL LogTrace(const BYTE * btBytes, int iLen, int iSamples, DWORD dwParity, BOOL bReader) +{ + // Return when trace is full + if (traceLen >= TRACE_LENGTH) return FALSE; + + // Trace the random, i'm curious + rsamples += iSamples; + trace[traceLen++] = ((rsamples >> 0) & 0xff); + trace[traceLen++] = ((rsamples >> 8) & 0xff); + trace[traceLen++] = ((rsamples >> 16) & 0xff); + trace[traceLen++] = ((rsamples >> 24) & 0xff); + if (!bReader) { + trace[traceLen - 1] |= 0x80; + } + trace[traceLen++] = ((dwParity >> 0) & 0xff); + trace[traceLen++] = ((dwParity >> 8) & 0xff); + trace[traceLen++] = ((dwParity >> 16) & 0xff); + trace[traceLen++] = ((dwParity >> 24) & 0xff); + trace[traceLen++] = iLen; + memcpy(trace + traceLen, btBytes, iLen); + traceLen += iLen; + return TRUE; +} + +BOOL LogTraceInfo(byte_t* data, size_t len) +{ + return LogTrace(data,len,0,GetParity(data,len),TRUE); +} + +//----------------------------------------------------------------------------- +// The software UART that receives commands from the reader, and its state +// variables. +//----------------------------------------------------------------------------- +static struct { + enum { + STATE_UNSYNCD, + STATE_START_OF_COMMUNICATION, + STATE_MILLER_X, + STATE_MILLER_Y, + STATE_MILLER_Z, + STATE_ERROR_WAIT + } state; + WORD shiftReg; + int bitCnt; + int byteCnt; + int byteCntMax; + int posCnt; + int syncBit; + int parityBits; + int samples; + int highCnt; + int bitBuffer; + enum { + DROP_NONE, + DROP_FIRST_HALF, + DROP_SECOND_HALF + } drop; + BYTE *output; +} Uart; + +static BOOL MillerDecoding(int bit) +{ + int error = 0; + int bitright; + + if(!Uart.bitBuffer) { + Uart.bitBuffer = bit ^ 0xFF0; + return FALSE; + } + else { + Uart.bitBuffer <<= 4; + Uart.bitBuffer ^= bit; + } + + BOOL EOC = FALSE; + + if(Uart.state != STATE_UNSYNCD) { + Uart.posCnt++; + + if((Uart.bitBuffer & Uart.syncBit) ^ Uart.syncBit) { + bit = 0x00; + } + else { + bit = 0x01; + } + if(((Uart.bitBuffer << 1) & Uart.syncBit) ^ Uart.syncBit) { + bitright = 0x00; + } + else { + bitright = 0x01; + } + if(bit != bitright) { bit = bitright; } + + if(Uart.posCnt == 1) { + // measurement first half bitperiod + if(!bit) { + Uart.drop = DROP_FIRST_HALF; + } + } + else { + // measurement second half bitperiod + if(!bit & (Uart.drop == DROP_NONE)) { + Uart.drop = DROP_SECOND_HALF; + } + else if(!bit) { + // measured a drop in first and second half + // which should not be possible + Uart.state = STATE_ERROR_WAIT; + error = 0x01; + } + + Uart.posCnt = 0; + + switch(Uart.state) { + case STATE_START_OF_COMMUNICATION: + Uart.shiftReg = 0; + if(Uart.drop == DROP_SECOND_HALF) { + // error, should not happen in SOC + Uart.state = STATE_ERROR_WAIT; + error = 0x02; + } + else { + // correct SOC + Uart.state = STATE_MILLER_Z; + } + break; + + case STATE_MILLER_Z: + Uart.bitCnt++; + Uart.shiftReg >>= 1; + if(Uart.drop == DROP_NONE) { + // logic '0' followed by sequence Y + // end of communication + Uart.state = STATE_UNSYNCD; + EOC = TRUE; + } + // if(Uart.drop == DROP_FIRST_HALF) { + // Uart.state = STATE_MILLER_Z; stay the same + // we see a logic '0' } + if(Uart.drop == DROP_SECOND_HALF) { + // we see a logic '1' + Uart.shiftReg |= 0x100; + Uart.state = STATE_MILLER_X; + } + break; + + case STATE_MILLER_X: + Uart.shiftReg >>= 1; + if(Uart.drop == DROP_NONE) { + // sequence Y, we see a '0' + Uart.state = STATE_MILLER_Y; + Uart.bitCnt++; + } + if(Uart.drop == DROP_FIRST_HALF) { + // Would be STATE_MILLER_Z + // but Z does not follow X, so error + Uart.state = STATE_ERROR_WAIT; + error = 0x03; + } + if(Uart.drop == DROP_SECOND_HALF) { + // We see a '1' and stay in state X + Uart.shiftReg |= 0x100; + Uart.bitCnt++; + } + break; + + case STATE_MILLER_Y: + Uart.bitCnt++; + Uart.shiftReg >>= 1; + if(Uart.drop == DROP_NONE) { + // logic '0' followed by sequence Y + // end of communication + Uart.state = STATE_UNSYNCD; + EOC = TRUE; + } + if(Uart.drop == DROP_FIRST_HALF) { + // we see a '0' + Uart.state = STATE_MILLER_Z; + } + if(Uart.drop == DROP_SECOND_HALF) { + // We see a '1' and go to state X + Uart.shiftReg |= 0x100; + Uart.state = STATE_MILLER_X; + } + break; + + case STATE_ERROR_WAIT: + // That went wrong. Now wait for at least two bit periods + // and try to sync again + if(Uart.drop == DROP_NONE) { + Uart.highCnt = 6; + Uart.state = STATE_UNSYNCD; + } + break; + + default: + Uart.state = STATE_UNSYNCD; + Uart.highCnt = 0; + break; + } + + Uart.drop = DROP_NONE; + + // should have received at least one whole byte... + if((Uart.bitCnt == 2) && EOC && (Uart.byteCnt > 0)) { + return TRUE; + } + + if(Uart.bitCnt == 9) { + Uart.output[Uart.byteCnt] = (Uart.shiftReg & 0xff); + Uart.byteCnt++; + + Uart.parityBits <<= 1; + Uart.parityBits ^= ((Uart.shiftReg >> 8) & 0x01); + + if(EOC) { + // when End of Communication received and + // all data bits processed.. + return TRUE; + } + Uart.bitCnt = 0; + } + + /*if(error) { + Uart.output[Uart.byteCnt] = 0xAA; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = error & 0xFF; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = 0xAA; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = (Uart.bitBuffer >> 8) & 0xFF; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = Uart.bitBuffer & 0xFF; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = (Uart.syncBit >> 3) & 0xFF; + Uart.byteCnt++; + Uart.output[Uart.byteCnt] = 0xAA; + Uart.byteCnt++; + return TRUE; + }*/ + } + + } + else { + bit = Uart.bitBuffer & 0xf0; + bit >>= 4; + bit ^= 0x0F; + if(bit) { + // should have been high or at least (4 * 128) / fc + // according to ISO this should be at least (9 * 128 + 20) / fc + if(Uart.highCnt == 8) { + // we went low, so this could be start of communication + // it turns out to be safer to choose a less significant + // syncbit... so we check whether the neighbour also represents the drop + Uart.posCnt = 1; // apparently we are busy with our first half bit period + Uart.syncBit = bit & 8; + Uart.samples = 3; + if(!Uart.syncBit) { Uart.syncBit = bit & 4; Uart.samples = 2; } + else if(bit & 4) { Uart.syncBit = bit & 4; Uart.samples = 2; bit <<= 2; } + if(!Uart.syncBit) { Uart.syncBit = bit & 2; Uart.samples = 1; } + else if(bit & 2) { Uart.syncBit = bit & 2; Uart.samples = 1; bit <<= 1; } + if(!Uart.syncBit) { Uart.syncBit = bit & 1; Uart.samples = 0; + if(Uart.syncBit & (Uart.bitBuffer & 8)) { + Uart.syncBit = 8; + + // the first half bit period is expected in next sample + Uart.posCnt = 0; + Uart.samples = 3; + } + } + else if(bit & 1) { Uart.syncBit = bit & 1; Uart.samples = 0; } + + Uart.syncBit <<= 4; + Uart.state = STATE_START_OF_COMMUNICATION; + Uart.drop = DROP_FIRST_HALF; + Uart.bitCnt = 0; + Uart.byteCnt = 0; + Uart.parityBits = 0; + error = 0; + } + else { + Uart.highCnt = 0; + } + } + else { + if(Uart.highCnt < 8) { + Uart.highCnt++; + } + } + } + + return FALSE; +} + +//============================================================================= +// ISO 14443 Type A - Manchester +//============================================================================= + +static struct { + enum { + DEMOD_UNSYNCD, + DEMOD_START_OF_COMMUNICATION, + DEMOD_MANCHESTER_D, + DEMOD_MANCHESTER_E, + DEMOD_MANCHESTER_F, + DEMOD_ERROR_WAIT + } state; + int bitCount; + int posCount; + int syncBit; + int parityBits; + WORD shiftReg; + int buffer; + int buff; + int samples; + int len; + enum { + SUB_NONE, + SUB_FIRST_HALF, + SUB_SECOND_HALF + } sub; + BYTE *output; +} Demod; + +static BOOL ManchesterDecoding(int v) +{ + int bit; + int modulation; + int error = 0; + + if(!Demod.buff) { + Demod.buff = 1; + Demod.buffer = v; + return FALSE; + } + else { + bit = Demod.buffer; + Demod.buffer = v; + } + + if(Demod.state==DEMOD_UNSYNCD) { + Demod.output[Demod.len] = 0xfa; + Demod.syncBit = 0; + //Demod.samples = 0; + Demod.posCount = 1; // This is the first half bit period, so after syncing handle the second part + if(bit & 0x08) { Demod.syncBit = 0x08; } + if(!Demod.syncBit) { + if(bit & 0x04) { Demod.syncBit = 0x04; } + } + else if(bit & 0x04) { Demod.syncBit = 0x04; bit <<= 4; } + if(!Demod.syncBit) { + if(bit & 0x02) { Demod.syncBit = 0x02; } + } + else if(bit & 0x02) { Demod.syncBit = 0x02; bit <<= 4; } + if(!Demod.syncBit) { + if(bit & 0x01) { Demod.syncBit = 0x01; } + + if(Demod.syncBit & (Demod.buffer & 0x08)) { + Demod.syncBit = 0x08; + + // The first half bitperiod is expected in next sample + Demod.posCount = 0; + Demod.output[Demod.len] = 0xfb; + } + } + else if(bit & 0x01) { Demod.syncBit = 0x01; } + + if(Demod.syncBit) { + Demod.len = 0; + Demod.state = DEMOD_START_OF_COMMUNICATION; + Demod.sub = SUB_FIRST_HALF; + Demod.bitCount = 0; + Demod.shiftReg = 0; + Demod.parityBits = 0; + Demod.samples = 0; + if(Demod.posCount) { + switch(Demod.syncBit) { + case 0x08: Demod.samples = 3; break; + case 0x04: Demod.samples = 2; break; + case 0x02: Demod.samples = 1; break; + case 0x01: Demod.samples = 0; break; + } + } + error = 0; + } + } + else { + //modulation = bit & Demod.syncBit; + modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit; + + Demod.samples += 4; + + if(Demod.posCount==0) { + Demod.posCount = 1; + if(modulation) { + Demod.sub = SUB_FIRST_HALF; + } + else { + Demod.sub = SUB_NONE; + } + } + else { + Demod.posCount = 0; + if(modulation && (Demod.sub == SUB_FIRST_HALF)) { + if(Demod.state!=DEMOD_ERROR_WAIT) { + Demod.state = DEMOD_ERROR_WAIT; + Demod.output[Demod.len] = 0xaa; + error = 0x01; + } + } + else if(modulation) { + Demod.sub = SUB_SECOND_HALF; + } + + switch(Demod.state) { + case DEMOD_START_OF_COMMUNICATION: + if(Demod.sub == SUB_FIRST_HALF) { + Demod.state = DEMOD_MANCHESTER_D; + } + else { + Demod.output[Demod.len] = 0xab; + Demod.state = DEMOD_ERROR_WAIT; + error = 0x02; + } + break; + + case DEMOD_MANCHESTER_D: + case DEMOD_MANCHESTER_E: + if(Demod.sub == SUB_FIRST_HALF) { + Demod.bitCount++; + Demod.shiftReg = (Demod.shiftReg >> 1) ^ 0x100; + Demod.state = DEMOD_MANCHESTER_D; + } + else if(Demod.sub == SUB_SECOND_HALF) { + Demod.bitCount++; + Demod.shiftReg >>= 1; + Demod.state = DEMOD_MANCHESTER_E; + } + else { + Demod.state = DEMOD_MANCHESTER_F; + } + break; + + case DEMOD_MANCHESTER_F: + // Tag response does not need to be a complete byte! + if(Demod.len > 0 || Demod.bitCount > 0) { + if(Demod.bitCount > 0) { + Demod.shiftReg >>= (9 - Demod.bitCount); + Demod.output[Demod.len] = Demod.shiftReg & 0xff; + Demod.len++; + // No parity bit, so just shift a 0 + Demod.parityBits <<= 1; + } + + Demod.state = DEMOD_UNSYNCD; + return TRUE; + } + else { + Demod.output[Demod.len] = 0xad; + Demod.state = DEMOD_ERROR_WAIT; + error = 0x03; + } + break; + + case DEMOD_ERROR_WAIT: + Demod.state = DEMOD_UNSYNCD; + break; + + default: + Demod.output[Demod.len] = 0xdd; + Demod.state = DEMOD_UNSYNCD; + break; + } + + if(Demod.bitCount>=9) { + Demod.output[Demod.len] = Demod.shiftReg & 0xff; + Demod.len++; + + Demod.parityBits <<= 1; + Demod.parityBits ^= ((Demod.shiftReg >> 8) & 0x01); + + Demod.bitCount = 0; + Demod.shiftReg = 0; + } + + /*if(error) { + Demod.output[Demod.len] = 0xBB; + Demod.len++; + Demod.output[Demod.len] = error & 0xFF; + Demod.len++; + Demod.output[Demod.len] = 0xBB; + Demod.len++; + Demod.output[Demod.len] = bit & 0xFF; + Demod.len++; + Demod.output[Demod.len] = Demod.buffer & 0xFF; + Demod.len++; + Demod.output[Demod.len] = Demod.syncBit & 0xFF; + Demod.len++; + Demod.output[Demod.len] = 0xBB; + Demod.len++; + return TRUE; + }*/ + + } + + } // end (state != UNSYNCED) + + return FALSE; +} + +//============================================================================= +// Finally, a `sniffer' for ISO 14443 Type A +// Both sides of communication! +//============================================================================= + +//----------------------------------------------------------------------------- +// Record the sequence of commands sent by the reader to the tag, with +// triggering so that we start recording at the point that the tag is moved +// near the reader. +//----------------------------------------------------------------------------- +void SnoopIso14443a(void) +{ +// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values +// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values +// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values +// #define DMA_BUFFER_SIZE 4096 // original (working as of 21/2/09) values +// #define TRACE_LENGTH 2000 // original (working as of 21/2/09) values + + // We won't start recording the frames that we acquire until we trigger; + // a good trigger condition to get started is probably when we see a + // response from the tag. + BOOL triggered = TRUE; // FALSE to wait first for card + + // The command (reader -> tag) that we're receiving. + // The length of a received command will in most cases be no more than 18 bytes. + // So 32 should be enough! + BYTE *receivedCmd = (((BYTE *)BigBuf) + RECV_CMD_OFFSET); + // The response (tag -> reader) that we're receiving. + BYTE *receivedResponse = (((BYTE *)BigBuf) + RECV_RES_OFFSET); + + // As we receive stuff, we copy it from receivedCmd or receivedResponse + // into trace, along with its length and other annotations. + //BYTE *trace = (BYTE *)BigBuf; + //int traceLen = 0; + + // The DMA buffer, used to stream samples from the FPGA + SBYTE *dmaBuf = ((SBYTE *)BigBuf) + DMA_BUFFER_OFFSET; + int lastRxCounter; + SBYTE *upTo; + int smpl; + int maxBehindBy = 0; + + // Count of samples received so far, so that we can include timing + // information in the trace buffer. + int samples = 0; + int rsamples = 0; + + memset(trace, 0x44, RECV_CMD_OFFSET); + + // Set up the demodulator for tag -> reader responses. + Demod.output = receivedResponse; + Demod.len = 0; + Demod.state = DEMOD_UNSYNCD; + + // And the reader -> tag commands + memset(&Uart, 0, sizeof(Uart)); + Uart.output = receivedCmd; + Uart.byteCntMax = 32; // was 100 (greg)//////////////////////////////////////////////////////////////////////// + Uart.state = STATE_UNSYNCD; + + // And put the FPGA in the appropriate mode + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER); + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + // Setup for the DMA. + FpgaSetupSsc(); + upTo = dmaBuf; + lastRxCounter = DMA_BUFFER_SIZE; + FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); + + LED_A_ON(); + + // And now we loop, receiving samples. + for(;;) { + WDT_HIT(); + int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & + (DMA_BUFFER_SIZE-1); + if(behindBy > maxBehindBy) { + maxBehindBy = behindBy; + if(behindBy > 400) { + DbpString("blew circular buffer!"); + goto done; + } + } + if(behindBy < 1) continue; + + smpl = upTo[0]; + upTo++; + lastRxCounter -= 1; + if(upTo - dmaBuf > DMA_BUFFER_SIZE) { + upTo -= DMA_BUFFER_SIZE; + lastRxCounter += DMA_BUFFER_SIZE; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo; + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; + } + + samples += 4; +#define HANDLE_BIT_IF_BODY \ + LED_C_ON(); \ + if(triggered) { \ + trace[traceLen++] = ((rsamples >> 0) & 0xff); \ + trace[traceLen++] = ((rsamples >> 8) & 0xff); \ + trace[traceLen++] = ((rsamples >> 16) & 0xff); \ + trace[traceLen++] = ((rsamples >> 24) & 0xff); \ + trace[traceLen++] = ((Uart.parityBits >> 0) & 0xff); \ + trace[traceLen++] = ((Uart.parityBits >> 8) & 0xff); \ + trace[traceLen++] = ((Uart.parityBits >> 16) & 0xff); \ + trace[traceLen++] = ((Uart.parityBits >> 24) & 0xff); \ + trace[traceLen++] = Uart.byteCnt; \ + memcpy(trace+traceLen, receivedCmd, Uart.byteCnt); \ + traceLen += Uart.byteCnt; \ + if(traceLen > TRACE_LENGTH) break; \ + } \ + /* And ready to receive another command. */ \ + Uart.state = STATE_UNSYNCD; \ + /* And also reset the demod code, which might have been */ \ + /* false-triggered by the commands from the reader. */ \ + Demod.state = DEMOD_UNSYNCD; \ + LED_B_OFF(); \ + + if(MillerDecoding((smpl & 0xF0) >> 4)) { + rsamples = samples - Uart.samples; + HANDLE_BIT_IF_BODY + } + if(ManchesterDecoding(smpl & 0x0F)) { + rsamples = samples - Demod.samples; + LED_B_ON(); + + // timestamp, as a count of samples + trace[traceLen++] = ((rsamples >> 0) & 0xff); + trace[traceLen++] = ((rsamples >> 8) & 0xff); + trace[traceLen++] = ((rsamples >> 16) & 0xff); + trace[traceLen++] = 0x80 | ((rsamples >> 24) & 0xff); + trace[traceLen++] = ((Demod.parityBits >> 0) & 0xff); + trace[traceLen++] = ((Demod.parityBits >> 8) & 0xff); + trace[traceLen++] = ((Demod.parityBits >> 16) & 0xff); + trace[traceLen++] = ((Demod.parityBits >> 24) & 0xff); + // length + trace[traceLen++] = Demod.len; + memcpy(trace+traceLen, receivedResponse, Demod.len); + traceLen += Demod.len; + if(traceLen > TRACE_LENGTH) break; + + triggered = TRUE; + + // And ready to receive another response. + memset(&Demod, 0, sizeof(Demod)); + Demod.output = receivedResponse; + Demod.state = DEMOD_UNSYNCD; + LED_C_OFF(); + } + + if(BUTTON_PRESS()) { + DbpString("cancelled_a"); + goto done; + } + } + + DbpString("COMMAND FINISHED"); + + Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); + Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]); + +done: + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; + Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt); + Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]); + LED_A_OFF(); + LED_B_OFF(); + LED_C_OFF(); + LED_D_OFF(); +} + +// Prepare communication bits to send to FPGA +void Sequence(SecType seq) +{ + ToSendMax++; + switch(seq) { + // CARD TO READER + case SEC_D: + // Sequence D: 11110000 + // modulation with subcarrier during first half + ToSend[ToSendMax] = 0xf0; + break; + case SEC_E: + // Sequence E: 00001111 + // modulation with subcarrier during second half + ToSend[ToSendMax] = 0x0f; + break; + case SEC_F: + // Sequence F: 00000000 + // no modulation with subcarrier + ToSend[ToSendMax] = 0x00; + break; + // READER TO CARD + case SEC_X: + // Sequence X: 00001100 + // drop after half a period + ToSend[ToSendMax] = 0x0c; + break; + case SEC_Y: + default: + // Sequence Y: 00000000 + // no drop + ToSend[ToSendMax] = 0x00; + break; + case SEC_Z: + // Sequence Z: 11000000 + // drop at start + ToSend[ToSendMax] = 0xc0; + break; + } +} + +//----------------------------------------------------------------------------- +// Prepare tag messages +//----------------------------------------------------------------------------- +static void CodeIso14443aAsTag(const BYTE *cmd, int len) +{ + int i; + int oddparity; + + ToSendReset(); + + // Correction bit, might be removed when not needed + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(1); // 1 + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + + // Send startbit + Sequence(SEC_D); + + for(i = 0; i < len; i++) { + int j; + BYTE b = cmd[i]; + + // Data bits + oddparity = 0x01; + for(j = 0; j < 8; j++) { + oddparity ^= (b & 1); + if(b & 1) { + Sequence(SEC_D); + } else { + Sequence(SEC_E); + } + b >>= 1; + } + + // Parity bit + if(oddparity) { + Sequence(SEC_D); + } else { + Sequence(SEC_E); + } + } + + // Send stopbit + Sequence(SEC_F); + + // Flush the buffer in FPGA!! + for(i = 0; i < 5; i++) { + Sequence(SEC_F); + } + + // Convert from last byte pos to length + ToSendMax++; + + // Add a few more for slop + ToSend[ToSendMax++] = 0x00; + ToSend[ToSendMax++] = 0x00; + //ToSendMax += 2; +} + +//----------------------------------------------------------------------------- +// This is to send a NACK kind of answer, its only 3 bits, I know it should be 4 +//----------------------------------------------------------------------------- +static void CodeStrangeAnswer() +{ + int i; + + ToSendReset(); + + // Correction bit, might be removed when not needed + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(1); // 1 + ToSendStuffBit(0); + ToSendStuffBit(0); + ToSendStuffBit(0); + + // Send startbit + Sequence(SEC_D); + + // 0 + Sequence(SEC_E); + + // 0 + Sequence(SEC_E); + + // 1 + Sequence(SEC_D); + + // Send stopbit + Sequence(SEC_F); + + // Flush the buffer in FPGA!! + for(i = 0; i < 5; i++) { + Sequence(SEC_F); + } + + // Convert from last byte pos to length + ToSendMax++; + + // Add a few more for slop + ToSend[ToSendMax++] = 0x00; + ToSend[ToSendMax++] = 0x00; + //ToSendMax += 2; +} + +//----------------------------------------------------------------------------- +// Wait for commands from reader +// Stop when button is pressed +// Or return TRUE when command is captured +//----------------------------------------------------------------------------- +static BOOL GetIso14443aCommandFromReader(BYTE *received, int *len, int maxLen) +{ + // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen + // only, since we are receiving, not transmitting). + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN); + + // Now run a `software UART' on the stream of incoming samples. + Uart.output = received; + Uart.byteCntMax = maxLen; + Uart.state = STATE_UNSYNCD; + + for(;;) { + WDT_HIT(); + + if(BUTTON_PRESS()) return FALSE; + + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; + if(MillerDecoding((b & 0xf0) >> 4)) { + *len = Uart.byteCnt; + return TRUE; + } + if(MillerDecoding(b & 0x0f)) { + *len = Uart.byteCnt; + return TRUE; + } + } + } +} + +//----------------------------------------------------------------------------- +// Main loop of simulated tag: receive commands from reader, decide what +// response to send, and send it. +//----------------------------------------------------------------------------- +void SimulateIso14443aTag(int tagType, int TagUid) +{ + // This function contains the tag emulation + + // Prepare protocol messages + // static const BYTE cmd1[] = { 0x26 }; +// static const BYTE response1[] = { 0x02, 0x00 }; // Says: I am Mifare 4k - original line - greg +// + static const BYTE response1[] = { 0x44, 0x03 }; // Says: I am a DESFire Tag, ph33r me +// static const BYTE response1[] = { 0x44, 0x00 }; // Says: I am a ULTRALITE Tag, 0wn me + + // UID response + // static const BYTE cmd2[] = { 0x93, 0x20 }; + //static const BYTE response2[] = { 0x9a, 0xe5, 0xe4, 0x43, 0xd8 }; // original value - greg + + + +// my desfire + static const BYTE response2[] = { 0x88, 0x04, 0x21, 0x3f, 0x4d }; // known uid - note cascade (0x88), 2nd byte (0x04) = NXP/Phillips + + +// When reader selects us during cascade1 it will send cmd3 +//BYTE response3[] = { 0x04, 0x00, 0x00 }; // SAK Select (cascade1) successful response (ULTRALITE) +BYTE response3[] = { 0x24, 0x00, 0x00 }; // SAK Select (cascade1) successful response (DESFire) +ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]); + +// send cascade2 2nd half of UID +static const BYTE response2a[] = { 0x51, 0x48, 0x1d, 0x80, 0x84 }; // uid - cascade2 - 2nd half (4 bytes) of UID+ BCCheck +// NOTE : THE CRC on the above may be wrong as I have obfuscated the actual UID + + +// When reader selects us during cascade2 it will send cmd3a +//BYTE response3a[] = { 0x00, 0x00, 0x00 }; // SAK Select (cascade2) successful response (ULTRALITE) +BYTE response3a[] = { 0x20, 0x00, 0x00 }; // SAK Select (cascade2) successful response (DESFire) +ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); + + static const BYTE response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce + + BYTE *resp; + int respLen; + + // Longest possible response will be 16 bytes + 2 CRC = 18 bytes + // This will need + // 144 data bits (18 * 8) + // 18 parity bits + // 2 Start and stop + // 1 Correction bit (Answer in 1172 or 1236 periods, see FPGA) + // 1 just for the case + // ----------- + + // 166 + // + // 166 bytes, since every bit that needs to be send costs us a byte + // + + + // Respond with card type + BYTE *resp1 = (((BYTE *)BigBuf) + 800); + int resp1Len; + + // Anticollision cascade1 - respond with uid + BYTE *resp2 = (((BYTE *)BigBuf) + 970); + int resp2Len; + + // Anticollision cascade2 - respond with 2nd half of uid if asked + // we're only going to be asked if we set the 1st byte of the UID (during cascade1) to 0x88 + BYTE *resp2a = (((BYTE *)BigBuf) + 1140); + int resp2aLen; + + // Acknowledge select - cascade 1 + BYTE *resp3 = (((BYTE *)BigBuf) + 1310); + int resp3Len; + + // Acknowledge select - cascade 2 + BYTE *resp3a = (((BYTE *)BigBuf) + 1480); + int resp3aLen; + + // Response to a read request - not implemented atm + BYTE *resp4 = (((BYTE *)BigBuf) + 1550); + int resp4Len; + + // Authenticate response - nonce + BYTE *resp5 = (((BYTE *)BigBuf) + 1720); + int resp5Len; + + BYTE *receivedCmd = (BYTE *)BigBuf; + int len; + + int i; + int u; + BYTE b; + + // To control where we are in the protocol + int order = 0; + int lastorder; + + // Just to allow some checks + int happened = 0; + int happened2 = 0; + + int cmdsRecvd = 0; + + BOOL fdt_indicator; + + memset(receivedCmd, 0x44, 400); + + // Prepare the responses of the anticollision phase + // there will be not enough time to do this at the moment the reader sends it REQA + + // Answer to request + CodeIso14443aAsTag(response1, sizeof(response1)); + memcpy(resp1, ToSend, ToSendMax); resp1Len = ToSendMax; + + // Send our UID (cascade 1) + CodeIso14443aAsTag(response2, sizeof(response2)); + memcpy(resp2, ToSend, ToSendMax); resp2Len = ToSendMax; + + // Answer to select (cascade1) + CodeIso14443aAsTag(response3, sizeof(response3)); + memcpy(resp3, ToSend, ToSendMax); resp3Len = ToSendMax; + + // Send the cascade 2 2nd part of the uid + CodeIso14443aAsTag(response2a, sizeof(response2a)); + memcpy(resp2a, ToSend, ToSendMax); resp2aLen = ToSendMax; + + // Answer to select (cascade 2) + CodeIso14443aAsTag(response3a, sizeof(response3a)); + memcpy(resp3a, ToSend, ToSendMax); resp3aLen = ToSendMax; + + // Strange answer is an example of rare message size (3 bits) + CodeStrangeAnswer(); + memcpy(resp4, ToSend, ToSendMax); resp4Len = ToSendMax; + + // Authentication answer (random nonce) + CodeIso14443aAsTag(response5, sizeof(response5)); + memcpy(resp5, ToSend, ToSendMax); resp5Len = ToSendMax; + + // We need to listen to the high-frequency, peak-detected path. + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + cmdsRecvd = 0; + + LED_A_ON(); + for(;;) { + + if(!GetIso14443aCommandFromReader(receivedCmd, &len, 100)) { + DbpString("button press"); + break; + } + // doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated + // Okay, look at the command now. + lastorder = order; + i = 1; // first byte transmitted + if(receivedCmd[0] == 0x26) { + // Received a REQUEST + resp = resp1; respLen = resp1Len; order = 1; + //DbpString("Hello request from reader:"); + } else if(receivedCmd[0] == 0x52) { + // Received a WAKEUP + resp = resp1; respLen = resp1Len; order = 6; +// //DbpString("Wakeup request from reader:"); + + } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // greg - cascade 1 anti-collision + // Received request for UID (cascade 1) + resp = resp2; respLen = resp2Len; order = 2; +// DbpString("UID (cascade 1) request from reader:"); +// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + + } else if(receivedCmd[1] == 0x20 && receivedCmd[0] ==0x95) { // greg - cascade 2 anti-collision + // Received request for UID (cascade 2) + resp = resp2a; respLen = resp2aLen; order = 20; +// DbpString("UID (cascade 2) request from reader:"); +// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + + } else if(receivedCmd[1] == 0x70 && receivedCmd[0] ==0x93) { // greg - cascade 1 select + // Received a SELECT + resp = resp3; respLen = resp3Len; order = 3; +// DbpString("Select (cascade 1) request from reader:"); +// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + + } else if(receivedCmd[1] == 0x70 && receivedCmd[0] ==0x95) { // greg - cascade 2 select + // Received a SELECT + resp = resp3a; respLen = resp3aLen; order = 30; +// DbpString("Select (cascade 2) request from reader:"); +// DbpIntegers(receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + + } else if(receivedCmd[0] == 0x30) { + // Received a READ + resp = resp4; respLen = resp4Len; order = 4; // Do nothing + Dbprintf("Read request from reader: %x %x %x", + receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + + } else if(receivedCmd[0] == 0x50) { + // Received a HALT + resp = resp1; respLen = 0; order = 5; // Do nothing + DbpString("Reader requested we HALT!:"); + + } else if(receivedCmd[0] == 0x60) { + // Received an authentication request + resp = resp5; respLen = resp5Len; order = 7; + Dbprintf("Authenticate request from reader: %x %x %x", + receivedCmd[0], receivedCmd[1], receivedCmd[2]); + + } else if(receivedCmd[0] == 0xE0) { + // Received a RATS request + resp = resp1; respLen = 0;order = 70; + Dbprintf("RATS request from reader: %x %x %x", + receivedCmd[0], receivedCmd[1], receivedCmd[2]); + } else { + // Never seen this command before + Dbprintf("Unknown command received from reader: %x %x %x %x %x %x %x %x %x", + receivedCmd[0], receivedCmd[1], receivedCmd[2], + receivedCmd[3], receivedCmd[3], receivedCmd[4], + receivedCmd[5], receivedCmd[6], receivedCmd[7]); + // Do not respond + resp = resp1; respLen = 0; order = 0; + } + + // Count number of wakeups received after a halt + if(order == 6 && lastorder == 5) { happened++; } + + // Count number of other messages after a halt + if(order != 6 && lastorder == 5) { happened2++; } + + // Look at last parity bit to determine timing of answer + if((Uart.parityBits & 0x01) || receivedCmd[0] == 0x52) { + // 1236, so correction bit needed + i = 0; + } + + memset(receivedCmd, 0x44, 32); + + if(cmdsRecvd > 999) { + DbpString("1000 commands later..."); + break; + } + else { + cmdsRecvd++; + } + + if(respLen <= 0) continue; + + // Modulate Manchester + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD); + AT91C_BASE_SSC->SSC_THR = 0x00; + FpgaSetupSsc(); + + // ### Transmit the response ### + u = 0; + b = 0x00; + fdt_indicator = FALSE; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; + (void)b; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + if(i > respLen) { + b = 0x00; + u++; + } else { + b = resp[i]; + i++; + } + AT91C_BASE_SSC->SSC_THR = b; + + if(u > 4) { + break; + } + } + if(BUTTON_PRESS()) { + break; + } + } + + } + + Dbprintf("%x %x %x", happened, happened2, cmdsRecvd); + LED_A_OFF(); +} + +//----------------------------------------------------------------------------- +// Transmit the command (to the tag) that was placed in ToSend[]. +//----------------------------------------------------------------------------- +static void TransmitFor14443a(const BYTE *cmd, int len, int *samples, int *wait) +{ + int c; + + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + + if (wait) + if(*wait < 10) + *wait = 10; + + for(c = 0; c < *wait;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! + c++; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = cmd[c]; + c++; + if(c >= len) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + if (samples) *samples = (c + *wait) << 3; +} + +//----------------------------------------------------------------------------- +// To generate an arbitrary stream from reader +// +//----------------------------------------------------------------------------- +void ArbitraryFromReader(const BYTE *cmd, int parity, int len) +{ + int i; + int j; + int last; + BYTE b; + + ToSendReset(); + + // Start of Communication (Seq. Z) + Sequence(SEC_Z); + last = 0; + + for(i = 0; i < len; i++) { + // Data bits + b = cmd[i]; + for(j = 0; j < 8; j++) { + if(b & 1) { + // Sequence X + Sequence(SEC_X); + last = 1; + } else { + if(last == 0) { + // Sequence Z + Sequence(SEC_Z); + } + else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + } + b >>= 1; + + } + + // Predefined parity bit, the flipper flips when needed, because of flips in byte sent + if(((parity >> (len - i - 1)) & 1)) { + // Sequence X + Sequence(SEC_X); + last = 1; + } else { + if(last == 0) { + // Sequence Z + Sequence(SEC_Z); + } + else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + } + } + + // End of Communication + if(last == 0) { + // Sequence Z + Sequence(SEC_Z); + } + else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + // Sequence Y + Sequence(SEC_Y); + + // Just to be sure! + Sequence(SEC_Y); + Sequence(SEC_Y); + Sequence(SEC_Y); + + // Convert from last character reference to length + ToSendMax++; +} + +//----------------------------------------------------------------------------- +// Code a 7-bit command without parity bit +// This is especially for 0x26 and 0x52 (REQA and WUPA) +//----------------------------------------------------------------------------- +void ShortFrameFromReader(const BYTE bt) +{ + int j; + int last; + BYTE b; + + ToSendReset(); + + // Start of Communication (Seq. Z) + Sequence(SEC_Z); + last = 0; + + b = bt; + for(j = 0; j < 7; j++) { + if(b & 1) { + // Sequence X + Sequence(SEC_X); + last = 1; + } else { + if(last == 0) { + // Sequence Z + Sequence(SEC_Z); + } + else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + } + b >>= 1; + } + + // End of Communication + if(last == 0) { + // Sequence Z + Sequence(SEC_Z); + } + else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + // Sequence Y + Sequence(SEC_Y); + + // Just to be sure! + Sequence(SEC_Y); + Sequence(SEC_Y); + Sequence(SEC_Y); + + // Convert from last character reference to length + ToSendMax++; +} + +//----------------------------------------------------------------------------- +// Prepare reader command to send to FPGA +// +//----------------------------------------------------------------------------- +void CodeIso14443aAsReaderPar(const BYTE * cmd, int len, DWORD dwParity) +{ + int i, j; + int last; + BYTE b; + + ToSendReset(); + + // Start of Communication (Seq. Z) + Sequence(SEC_Z); + last = 0; + + // Generate send structure for the data bits + for (i = 0; i < len; i++) { + // Get the current byte to send + b = cmd[i]; + + for (j = 0; j < 8; j++) { + if (b & 1) { + // Sequence X + Sequence(SEC_X); + last = 1; + } else { + if (last == 0) { + // Sequence Z + Sequence(SEC_Z); + } else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + } + b >>= 1; + } + + // Get the parity bit + if ((dwParity >> i) & 0x01) { + // Sequence X + Sequence(SEC_X); + last = 1; + } else { + if (last == 0) { + // Sequence Z + Sequence(SEC_Z); + } else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + } + } + + // End of Communication + if (last == 0) { + // Sequence Z + Sequence(SEC_Z); + } else { + // Sequence Y + Sequence(SEC_Y); + last = 0; + } + // Sequence Y + Sequence(SEC_Y); + + // Just to be sure! + Sequence(SEC_Y); + Sequence(SEC_Y); + Sequence(SEC_Y); + + // Convert from last character reference to length + ToSendMax++; +} + +//----------------------------------------------------------------------------- +// Wait a certain time for tag response +// If a response is captured return TRUE +// If it takes to long return FALSE +//----------------------------------------------------------------------------- +static BOOL GetIso14443aAnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) //BYTE *buffer +{ + // buffer needs to be 512 bytes + int c; + + // Set FPGA mode to "reader listen mode", no modulation (listen + // only, since we are receiving, not transmitting). + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); + + // Now get the answer from the card + Demod.output = receivedResponse; + Demod.len = 0; + Demod.state = DEMOD_UNSYNCD; + + BYTE b; + if (elapsed) *elapsed = 0; + + c = 0; + for(;;) { + WDT_HIT(); + + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! + if (elapsed) (*elapsed)++; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + if(c < 512) { c++; } else { return FALSE; } + b = (BYTE)AT91C_BASE_SSC->SSC_RHR; + if(ManchesterDecoding((b & 0xf0) >> 4)) { + *samples = ((c - 1) << 3) + 4; + return TRUE; + } + if(ManchesterDecoding(b & 0x0f)) { + *samples = c << 3; + return TRUE; + } + } + } +} + +void ReaderTransmitShort(const BYTE* bt) +{ + int wait = 0; + int samples = 0; + + ShortFrameFromReader(*bt); + + // Select the card + TransmitFor14443a(ToSend, ToSendMax, &samples, &wait); + + // Store reader command in buffer + if (tracing) LogTrace(bt,1,0,GetParity(bt,1),TRUE); +} + +void ReaderTransmitPar(BYTE* frame, int len, DWORD par) +{ + int wait = 0; + int samples = 0; + + // This is tied to other size changes + // BYTE* frame_addr = ((BYTE*)BigBuf) + 2024; + CodeIso14443aAsReaderPar(frame,len,par); + + // Select the card + TransmitFor14443a(ToSend, ToSendMax, &samples, &wait); + + // Store reader command in buffer + if (tracing) LogTrace(frame,len,0,par,TRUE); +} + + +void ReaderTransmit(BYTE* frame, int len) +{ + // Generate parity and redirect + ReaderTransmitPar(frame,len,GetParity(frame,len)); +} + +BOOL ReaderReceive(BYTE* receivedAnswer) +{ + int samples = 0; + if (!GetIso14443aAnswerFromTag(receivedAnswer,100,&samples,0)) return FALSE; + if (tracing) LogTrace(receivedAnswer,Demod.len,samples,Demod.parityBits,FALSE); + return TRUE; +} + +//----------------------------------------------------------------------------- +// Read an ISO 14443a tag. Send out commands and store answers. +// +//----------------------------------------------------------------------------- +void ReaderIso14443a(DWORD parameter) +{ + // Anticollision + BYTE wupa[] = { 0x52 }; + BYTE sel_all[] = { 0x93,0x20 }; + BYTE sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + BYTE sel_all_c2[] = { 0x95,0x20 }; + BYTE sel_uid_c2[] = { 0x95,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + // Mifare AUTH + BYTE mf_auth[] = { 0x60,0x00,0xf5,0x7b }; +// BYTE mf_nr_ar[] = { 0x00,0x00,0x00,0x00 }; + + BYTE* receivedAnswer = (((BYTE *)BigBuf) + 3560); // was 3560 - tied to other size changes + traceLen = 0; + + // Setup SSC + FpgaSetupSsc(); + + // Start from off (no field generated) + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + SpinDelay(200); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while(traceLen < TRACE_LENGTH) + { + // Broadcast for a card, WUPA (0x52) will force response from all cards in the field + ReaderTransmitShort(wupa); + + // Test if the action was cancelled + if(BUTTON_PRESS()) { + break; + } + + // Receive the ATQA + if (!ReaderReceive(receivedAnswer)) continue; + + // Transmit SELECT_ALL + ReaderTransmit(sel_all,sizeof(sel_all)); + + // Receive the UID + if (!ReaderReceive(receivedAnswer)) continue; + + // Construct SELECT UID command + // First copy the 5 bytes (Mifare Classic) after the 93 70 + memcpy(sel_uid+2,receivedAnswer,5); + // Secondly compute the two CRC bytes at the end + AppendCrc14443a(sel_uid,7); + + // Transmit SELECT_UID + ReaderTransmit(sel_uid,sizeof(sel_uid)); + + // Receive the SAK + if (!ReaderReceive(receivedAnswer)) continue; + + // OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in + // which case we need to make a cascade 2 request and select - this is a long UID + // When the UID is not complete, the 3nd bit (from the right) is set in the SAK. + if (receivedAnswer[0] &= 0x04) + { + // Transmit SELECT_ALL + ReaderTransmit(sel_all_c2,sizeof(sel_all_c2)); + + // Receive the UID + if (!ReaderReceive(receivedAnswer)) continue; + + // Construct SELECT UID command + memcpy(sel_uid_c2+2,receivedAnswer,5); + // Secondly compute the two CRC bytes at the end + AppendCrc14443a(sel_uid_c2,7); + + // Transmit SELECT_UID + ReaderTransmit(sel_uid_c2,sizeof(sel_uid_c2)); + + // Receive the SAK + if (!ReaderReceive(receivedAnswer)) continue; + } + + // Transmit MIFARE_CLASSIC_AUTH + ReaderTransmit(mf_auth,sizeof(mf_auth)); + + // Receive the (16 bit) "random" nonce + if (!ReaderReceive(receivedAnswer)) continue; + } + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); + Dbprintf("%x %x %x", rsamples, 0xCC, 0xCC); + DbpString("ready.."); +} + +//----------------------------------------------------------------------------- +// Read an ISO 14443a tag. Send out commands and store answers. +// +//----------------------------------------------------------------------------- +void ReaderMifare(DWORD parameter) +{ + + // Anticollision + BYTE wupa[] = { 0x52 }; + BYTE sel_all[] = { 0x93,0x20 }; + BYTE sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + // Mifare AUTH + BYTE mf_auth[] = { 0x60,0x00,0xf5,0x7b }; + BYTE mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + BYTE* receivedAnswer = (((BYTE *)BigBuf) + 3560); // was 3560 - tied to other size changes + traceLen = 0; + tracing = false; + + // Setup SSC + FpgaSetupSsc(); + + // Start from off (no field generated) + // Signal field is off with the appropriate LED + LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + SpinDelay(200); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + // Broadcast for a card, WUPA (0x52) will force response from all cards in the field + ReaderTransmitShort(wupa); + // Receive the ATQA + ReaderReceive(receivedAnswer); + // Transmit SELECT_ALL + ReaderTransmit(sel_all,sizeof(sel_all)); + // Receive the UID + ReaderReceive(receivedAnswer); + // Construct SELECT UID command + // First copy the 5 bytes (Mifare Classic) after the 93 70 + memcpy(sel_uid+2,receivedAnswer,5); + // Secondly compute the two CRC bytes at the end + AppendCrc14443a(sel_uid,7); + + byte_t nt_diff = 0; + LED_A_OFF(); + byte_t par = 0; + byte_t par_mask = 0xff; + byte_t par_low = 0; + BOOL led_on = TRUE; + + tracing = FALSE; + byte_t nt[4]; + byte_t nt_attacked[4]; + byte_t par_list[8]; + byte_t ks_list[8]; + num_to_bytes(parameter,4,nt_attacked); + + while(TRUE) + { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + + // Broadcast for a card, WUPA (0x52) will force response from all cards in the field + ReaderTransmitShort(wupa); + + // Test if the action was cancelled + if(BUTTON_PRESS()) { + break; + } + + // Receive the ATQA + if (!ReaderReceive(receivedAnswer)) continue; + + // Transmit SELECT_ALL + ReaderTransmit(sel_all,sizeof(sel_all)); + + // Receive the UID + if (!ReaderReceive(receivedAnswer)) continue; + + // Transmit SELECT_UID + ReaderTransmit(sel_uid,sizeof(sel_uid)); + + // Receive the SAK + if (!ReaderReceive(receivedAnswer)) continue; + + // Transmit MIFARE_CLASSIC_AUTH + ReaderTransmit(mf_auth,sizeof(mf_auth)); + + // Receive the (16 bit) "random" nonce + if (!ReaderReceive(receivedAnswer)) continue; + memcpy(nt,receivedAnswer,4); + + // Transmit reader nonce and reader answer + ReaderTransmitPar(mf_nr_ar,sizeof(mf_nr_ar),par); + + // Receive 4 bit answer + if (ReaderReceive(receivedAnswer)) + { + if (nt_diff == 0) + { + LED_A_ON(); + memcpy(nt_attacked,nt,4); + par_mask = 0xf8; + par_low = par & 0x07; + } + + if (memcmp(nt,nt_attacked,4) != 0) continue; + + led_on = !led_on; + if(led_on) LED_B_ON(); else LED_B_OFF(); + par_list[nt_diff] = par; + ks_list[nt_diff] = receivedAnswer[0]^0x05; + + // Test if the information is complete + if (nt_diff == 0x07) break; + + nt_diff = (nt_diff+1) & 0x07; + mf_nr_ar[3] = nt_diff << 5; + par = par_low; + } else { + if (nt_diff == 0) + { + par++; + } else { + par = (((par>>3)+1) << 3) | par_low; + } + } + } + + LogTraceInfo(sel_uid+2,4); + LogTraceInfo(nt,4); + LogTraceInfo(par_list,8); + LogTraceInfo(ks_list,8); + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); + tracing = TRUE; +} diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index acace2954..e36baad2a 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -1,1111 +1,1111 @@ -//----------------------------------------------------------------------------- -// Routines to support ISO 15693. This includes both the reader software and -// the `fake tag' modes, but at the moment I've implemented only the reader -// stuff, and that barely. -// Jonathan Westhues, split Nov 2006 - -// Modified by Greg Jones, Jan 2009 to perform modulation onboard in arm rather than on PC -// Also added additional reader commands (SELECT, READ etc.) - -//----------------------------------------------------------------------------- -#include -#include "apps.h" - -// FROM winsrc\prox.h ////////////////////////////////// -#define arraylen(x) (sizeof(x)/sizeof((x)[0])) - -//----------------------------------------------------------------------------- -// Map a sequence of octets (~layer 2 command) into the set of bits to feed -// to the FPGA, to transmit that command to the tag. -//----------------------------------------------------------------------------- - - // The sampling rate is 106.353 ksps/s, for T = 18.8 us - - // SOF defined as - // 1) Unmodulated time of 56.64us - // 2) 24 pulses of 423.75khz - // 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz) - - static const int FrameSOF[] = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - -1, -1, -1, -1, - -1, -1, -1, -1, - 1, 1, 1, 1, - 1, 1, 1, 1 - }; - static const int Logic0[] = { - 1, 1, 1, 1, - 1, 1, 1, 1, - -1, -1, -1, -1, - -1, -1, -1, -1 - }; - static const int Logic1[] = { - -1, -1, -1, -1, - -1, -1, -1, -1, - 1, 1, 1, 1, - 1, 1, 1, 1 - }; - - // EOF defined as - // 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us) - // 2) 24 pulses of 423.75khz - // 3) Unmodulated time of 56.64us - - static const int FrameEOF[] = { - 1, 1, 1, 1, - 1, 1, 1, 1, - -1, -1, -1, -1, - -1, -1, -1, -1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 - }; - -static void CodeIso15693AsReader(BYTE *cmd, int n) -{ - int i, j; - - ToSendReset(); - - // Give it a bit of slack at the beginning - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } - - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - for(i = 0; i < n; i++) { - for(j = 0; j < 8; j += 2) { - int these = (cmd[i] >> j) & 3; - switch(these) { - case 0: - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - break; - case 1: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - break; - case 2: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - break; - case 3: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - break; - } - } - } - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - - // And slack at the end, too. - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } -} - -//----------------------------------------------------------------------------- -// The CRC used by ISO 15693. -//----------------------------------------------------------------------------- -static WORD Crc(BYTE *v, int n) -{ - DWORD reg; - int i, j; - - reg = 0xffff; - for(i = 0; i < n; i++) { - reg = reg ^ ((DWORD)v[i]); - for (j = 0; j < 8; j++) { - if (reg & 0x0001) { - reg = (reg >> 1) ^ 0x8408; - } else { - reg = (reg >> 1); - } - } - } - - return ~reg; -} - -char *strcat(char *dest, const char *src) -{ - size_t dest_len = strlen(dest); - size_t i; - - for (i = 0 ; src[i] != '\0' ; i++) - dest[dest_len + i] = src[i]; - dest[dest_len + i] = '\0'; - - return dest; -} - -////////////////////////////////////////// code to do 'itoa' - -/* reverse: reverse string s in place */ -void reverse(char s[]) -{ - int c, i, j; - - for (i = 0, j = strlen(s)-1; i 0); /* delete it */ - if (sign < 0) - s[i++] = '-'; - s[i] = '\0'; - reverse(s); -} - -//////////////////////////////////////// END 'itoa' CODE - -//----------------------------------------------------------------------------- -// Encode (into the ToSend buffers) an identify request, which is the first -// thing that you must send to a tag to get a response. -//----------------------------------------------------------------------------- -static void BuildIdentifyRequest(void) -{ - BYTE cmd[5]; - - WORD crc; - // one sub-carrier, inventory, 1 slot, fast rate - // AFI is at bit 5 (1<<4) when doing an INVENTORY - cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); - // inventory command code - cmd[1] = 0x01; - // no mask - cmd[2] = 0x00; - //Now the CRC - crc = Crc(cmd, 3); - cmd[3] = crc & 0xff; - cmd[4] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void __attribute__((unused)) BuildSysInfoRequest(BYTE *uid) -{ - BYTE cmd[12]; - - WORD crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit - // System Information command code - cmd[1] = 0x2B; - // UID may be optionally specified here - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; // always e0 (not exactly unique) - //Now the CRC - crc = Crc(cmd, 10); // the crc needs to be calculated over 2 bytes - cmd[10] = crc & 0xff; - cmd[11] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void BuildSelectRequest( BYTE uid[]) -{ - -// uid[6]=0x31; // this is getting ignored - the uid array is not happening... - BYTE cmd[12]; - - WORD crc; - // one sub-carrier, inventory, 1 slot, fast rate - //cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); // INVENTROY FLAGS - cmd[0] = (1 << 4) | (1 << 5) | (1 << 1); // Select and addressed FLAGS - // SELECT command code - cmd[1] = 0x25; - // 64-bit UID -// cmd[2] = uid[0];//0x32; -// cmd[3]= uid[1];//0x4b; -// cmd[4] = uid[2];//0x03; -// cmd[5] = uid[3];//0x01; -// cmd[6] = uid[4];//0x00; -// cmd[7] = uid[5];//0x10; -// cmd[8] = uid[6];//0x05; - cmd[2] = 0x32;// - cmd[3] = 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; // infineon? - - cmd[9]= 0xe0; // always e0 (not exactly unique) - -// DbpIntegers(cmd[8],cmd[7],cmd[6]); - // Now the CRC - crc = Crc(cmd, 10); // the crc needs to be calculated over 10 bytes - cmd[10] = crc & 0xff; - cmd[11] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void __attribute__((unused)) BuildReadBlockRequest(BYTE *uid, BYTE blockNumber ) -{ - BYTE cmd[13]; - - WORD crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 6)| (1 << 5) | (1 << 1); // no SELECT bit - // READ BLOCK command code - cmd[1] = 0x20; - // UID may be optionally specified here - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; // always e0 (not exactly unique) - // Block number to read - cmd[10] = blockNumber;//0x00; - //Now the CRC - crc = Crc(cmd, 11); // the crc needs to be calculated over 2 bytes - cmd[11] = crc & 0xff; - cmd[12] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void __attribute__((unused)) BuildReadMultiBlockRequest(BYTE *uid) -{ - BYTE cmd[14]; - - WORD crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit - // READ Multi BLOCK command code - cmd[1] = 0x23; - // UID may be optionally specified here - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; // always e0 (not exactly unique) - // First Block number to read - cmd[10] = 0x00; - // Number of Blocks to read - cmd[11] = 0x2f; // read quite a few - //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes - cmd[12] = crc & 0xff; - cmd[13] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void __attribute__((unused)) BuildArbitraryRequest(BYTE *uid,BYTE CmdCode) -{ - BYTE cmd[14]; - - WORD crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit - // READ BLOCK command code - cmd[1] = CmdCode; - // UID may be optionally specified here - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; // always e0 (not exactly unique) - // Parameter - cmd[10] = 0x00; - cmd[11] = 0x0a; - -// cmd[12] = 0x00; -// cmd[13] = 0x00; //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes - cmd[12] = crc & 0xff; - cmd[13] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -static void __attribute__((unused)) BuildArbitraryCustomRequest(BYTE uid[], BYTE CmdCode) -{ - BYTE cmd[14]; - - WORD crc; - // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block - // followed by teh block data - // one sub-carrier, inventory, 1 slot, fast rate - cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit - // READ BLOCK command code - cmd[1] = CmdCode; - // UID may be optionally specified here - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; // always e0 (not exactly unique) - // Parameter - cmd[10] = 0x05; // for custom codes this must be manufcturer code - cmd[11] = 0x00; - -// cmd[12] = 0x00; -// cmd[13] = 0x00; //Now the CRC - crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes - cmd[12] = crc & 0xff; - cmd[13] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -///////////////////////////////////////////////////////////////////////// -// Now the VICC>VCD responses when we are simulating a tag -//////////////////////////////////////////////////////////////////// - - static void BuildInventoryResponse(void) -{ - BYTE cmd[12]; - - WORD crc; - // one sub-carrier, inventory, 1 slot, fast rate - // AFI is at bit 5 (1<<4) when doing an INVENTORY - cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1); - cmd[1] = 0; - // 64-bit UID - cmd[2] = 0x32; - cmd[3]= 0x4b; - cmd[4] = 0x03; - cmd[5] = 0x01; - cmd[6] = 0x00; - cmd[7] = 0x10; - cmd[8] = 0x05; - cmd[9]= 0xe0; - //Now the CRC - crc = Crc(cmd, 10); - cmd[10] = crc & 0xff; - cmd[11] = crc >> 8; - - CodeIso15693AsReader(cmd, sizeof(cmd)); -} - -//----------------------------------------------------------------------------- -// Transmit the command (to the tag) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitTo15693Tag(const BYTE *cmd, int len, int *samples, int *wait) -{ - int c; - -// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); - if(*wait < 10) { *wait = 10; } - -// for(c = 0; c < *wait;) { -// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { -// AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! -// c++; -// } -// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { -// volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; -// (void)r; -// } -// WDT_HIT(); -// } - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = cmd[c]; - c++; - if(c >= len) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - *samples = (c + *wait) << 3; -} - -//----------------------------------------------------------------------------- -// Transmit the command (to the reader) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitTo15693Reader(const BYTE *cmd, int len, int *samples, int *wait) -{ - int c; - -// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR); // No requirement to energise my coils - if(*wait < 10) { *wait = 10; } - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = cmd[c]; - c++; - if(c >= len) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - *samples = (c + *wait) << 3; -} - -static int GetIso15693AnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) -{ - int c = 0; - BYTE *dest = (BYTE *)BigBuf; - int getNext = 0; - - SBYTE prev = 0; - -// NOW READ RESPONSE - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads - c = 0; - getNext = FALSE; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - SBYTE b; - b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; - - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates, so every other sample is I, - // every other is Q. We just want power, so abs(I) + abs(Q) is - // close to what we want. - if(getNext) { - SBYTE r; - - if(b < 0) { - r = -b; - } else { - r = b; - } - if(prev < 0) { - r -= prev; - } else { - r += prev; - } - - dest[c++] = (BYTE)r; - - if(c >= 2000) { - break; - } - } else { - prev = b; - } - - getNext = !getNext; - } - } - -////////////////////////////////////////// -/////////// DEMODULATE /////////////////// -////////////////////////////////////////// - - int i, j; - int max = 0, maxPos=0; - - int skip = 4; - -// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL - - // First, correlate for SOF - for(i = 0; i < 100; i++) { - int corr = 0; - for(j = 0; j < arraylen(FrameSOF); j += skip) { - corr += FrameSOF[j]*dest[i+(j/skip)]; - } - if(corr > max) { - max = corr; - maxPos = i; - } - } -// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip)); - - int k = 0; // this will be our return value - - // greg - If correlation is less than 1 then there's little point in continuing - if ((max/(arraylen(FrameSOF)/skip)) >= 1) - { - - i = maxPos + arraylen(FrameSOF)/skip; - - BYTE outBuf[20]; - memset(outBuf, 0, sizeof(outBuf)); - BYTE mask = 0x01; - for(;;) { - int corr0 = 0, corr1 = 0, corrEOF = 0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr0 += Logic0[j]*dest[i+(j/skip)]; - } - for(j = 0; j < arraylen(Logic1); j += skip) { - corr1 += Logic1[j]*dest[i+(j/skip)]; - } - for(j = 0; j < arraylen(FrameEOF); j += skip) { - corrEOF += FrameEOF[j]*dest[i+(j/skip)]; - } - // Even things out by the length of the target waveform. - corr0 *= 4; - corr1 *= 4; - - if(corrEOF > corr1 && corrEOF > corr0) { -// DbpString("EOF at %d", i); - break; - } else if(corr1 > corr0) { - i += arraylen(Logic1)/skip; - outBuf[k] |= mask; - } else { - i += arraylen(Logic0)/skip; - } - mask <<= 1; - if(mask == 0) { - k++; - mask = 0x01; - } - if((i+(int)arraylen(FrameEOF)) >= 2000) { - DbpString("ran off end!"); - break; - } - } - if(mask != 0x01) { - DbpString("error, uneven octet! (discard extra bits!)"); -/// DbpString(" mask=%02x", mask); - } -// BYTE str1 [8]; -// itoa(k,str1); -// strcat(str1," octets read"); - -// DbpString( str1); // DbpString("%d octets", k); - -// for(i = 0; i < k; i+=3) { -// //DbpString("# %2d: %02x ", i, outBuf[i]); -// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]); -// } - - for(i = 0; i < k; i++) { - receivedResponse[i] = outBuf[i]; - } - } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip)) - return k; // return the number of bytes demodulated - -/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2)); - -} - -// Now the GetISO15693 message from sniffing command -static int GetIso15693AnswerFromSniff(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) -{ - int c = 0; - BYTE *dest = (BYTE *)BigBuf; - int getNext = 0; - - SBYTE prev = 0; - -// NOW READ RESPONSE - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads - c = 0; - getNext = FALSE; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - SBYTE b; - b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; - - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates, so every other sample is I, - // every other is Q. We just want power, so abs(I) + abs(Q) is - // close to what we want. - if(getNext) { - SBYTE r; - - if(b < 0) { - r = -b; - } else { - r = b; - } - if(prev < 0) { - r -= prev; - } else { - r += prev; - } - - dest[c++] = (BYTE)r; - - if(c >= 20000) { - break; - } - } else { - prev = b; - } - - getNext = !getNext; - } - } - -////////////////////////////////////////// -/////////// DEMODULATE /////////////////// -////////////////////////////////////////// - - int i, j; - int max = 0, maxPos=0; - - int skip = 4; - -// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL - - // First, correlate for SOF - for(i = 0; i < 19000; i++) { - int corr = 0; - for(j = 0; j < arraylen(FrameSOF); j += skip) { - corr += FrameSOF[j]*dest[i+(j/skip)]; - } - if(corr > max) { - max = corr; - maxPos = i; - } - } -// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip)); - - int k = 0; // this will be our return value - - // greg - If correlation is less than 1 then there's little point in continuing - if ((max/(arraylen(FrameSOF)/skip)) >= 1) // THIS SHOULD BE 1 - { - - i = maxPos + arraylen(FrameSOF)/skip; - - BYTE outBuf[20]; - memset(outBuf, 0, sizeof(outBuf)); - BYTE mask = 0x01; - for(;;) { - int corr0 = 0, corr1 = 0, corrEOF = 0; - for(j = 0; j < arraylen(Logic0); j += skip) { - corr0 += Logic0[j]*dest[i+(j/skip)]; - } - for(j = 0; j < arraylen(Logic1); j += skip) { - corr1 += Logic1[j]*dest[i+(j/skip)]; - } - for(j = 0; j < arraylen(FrameEOF); j += skip) { - corrEOF += FrameEOF[j]*dest[i+(j/skip)]; - } - // Even things out by the length of the target waveform. - corr0 *= 4; - corr1 *= 4; - - if(corrEOF > corr1 && corrEOF > corr0) { -// DbpString("EOF at %d", i); - break; - } else if(corr1 > corr0) { - i += arraylen(Logic1)/skip; - outBuf[k] |= mask; - } else { - i += arraylen(Logic0)/skip; - } - mask <<= 1; - if(mask == 0) { - k++; - mask = 0x01; - } - if((i+(int)arraylen(FrameEOF)) >= 2000) { - DbpString("ran off end!"); - break; - } - } - if(mask != 0x01) { - DbpString("error, uneven octet! (discard extra bits!)"); -/// DbpString(" mask=%02x", mask); - } -// BYTE str1 [8]; -// itoa(k,str1); -// strcat(str1," octets read"); - -// DbpString( str1); // DbpString("%d octets", k); - -// for(i = 0; i < k; i+=3) { -// //DbpString("# %2d: %02x ", i, outBuf[i]); -// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]); -// } - - for(i = 0; i < k; i++) { - receivedResponse[i] = outBuf[i]; - } - } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip)) - return k; // return the number of bytes demodulated - -/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2)); -} - -//----------------------------------------------------------------------------- -// Start to read an ISO 15693 tag. We send an identify request, then wait -// for the response. The response is not demodulated, just left in the buffer -// so that it can be downloaded to a PC and processed there. -//----------------------------------------------------------------------------- -void AcquireRawAdcSamplesIso15693(void) -{ - int c = 0; - BYTE *dest = (BYTE *)BigBuf; - int getNext = 0; - - SBYTE prev = 0; - - BuildIdentifyRequest(); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - // Give the tags time to energize - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - SpinDelay(100); - - // Now send the command - FpgaSetupSsc(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); - - c = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = ToSend[c]; - c++; - if(c == ToSendMax+3) { - break; - } - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - - c = 0; - getNext = FALSE; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x43; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - SBYTE b; - b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; - - // The samples are correlations against I and Q versions of the - // tone that the tag AM-modulates, so every other sample is I, - // every other is Q. We just want power, so abs(I) + abs(Q) is - // close to what we want. - if(getNext) { - SBYTE r; - - if(b < 0) { - r = -b; - } else { - r = b; - } - if(prev < 0) { - r -= prev; - } else { - r += prev; - } - - dest[c++] = (BYTE)r; - - if(c >= 2000) { - break; - } - } else { - prev = b; - } - - getNext = !getNext; - } - } -} - -//----------------------------------------------------------------------------- -// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector -// all demodulation performed in arm rather than host. - greg -//----------------------------------------------------------------------------- -void ReaderIso15693(DWORD parameter) -{ - LED_A_ON(); - LED_B_ON(); - LED_C_OFF(); - LED_D_OFF(); - -//DbpString(parameter); - - //BYTE *answer0 = (((BYTE *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much) - BYTE *answer1 = (((BYTE *)BigBuf) + 3660); // - BYTE *answer2 = (((BYTE *)BigBuf) + 3760); - BYTE *answer3 = (((BYTE *)BigBuf) + 3860); - //BYTE *TagUID= (((BYTE *)BigBuf) + 3960); // where we hold the uid for hi15reader -// int answerLen0 = 0; - int answerLen1 = 0; - int answerLen2 = 0; - int answerLen3 = 0; - - // Blank arrays - memset(BigBuf + 3660, 0, 300); - - // Setup SSC - FpgaSetupSsc(); - - // Start from off (no field generated) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Give the tags time to energize - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); - SpinDelay(200); - - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); - - int samples = 0; - int tsamples = 0; - int wait = 0; - int elapsed = 0; - - // FIRST WE RUN AN INVENTORY TO GET THE TAG UID - // THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME - BYTE TagUID[7]; // where we hold the uid for hi15reader - -// BuildIdentifyRequest(); -// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); -// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 -// // Now wait for a response -// responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ; -// if (responseLen0 >=12) // we should do a better check than this -// { -// // really we should check it is a valid mesg -// // but for now just grab what we think is the uid -// TagUID[0] = receivedAnswer0[2]; -// TagUID[1] = receivedAnswer0[3]; -// TagUID[2] = receivedAnswer0[4]; -// TagUID[3] = receivedAnswer0[5]; -// TagUID[4] = receivedAnswer0[6]; -// TagUID[5] = receivedAnswer0[7]; -// TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code -// DbpIntegers(TagUID[6],TagUID[5],TagUID[4]); -//} - - // Now send the IDENTIFY command - BuildIdentifyRequest(); - //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); - TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 - // Now wait for a response - answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ; - - if (answerLen1 >=12) // we should do a better check than this - { - - TagUID[0] = answer1[2]; - TagUID[1] = answer1[3]; - TagUID[2] = answer1[4]; - TagUID[3] = answer1[5]; - TagUID[4] = answer1[6]; - TagUID[5] = answer1[7]; - TagUID[6] = answer1[8]; // IC Manufacturer code - - // Now send the SELECT command - BuildSelectRequest(TagUID); - TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 - // Now wait for a response - answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed); - - // Now send the MULTI READ command -// BuildArbitraryRequest(*TagUID,parameter); - BuildArbitraryCustomRequest(TagUID,parameter); -// BuildReadBlockRequest(*TagUID,parameter); -// BuildSysInfoRequest(*TagUID); - //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); - TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 - // Now wait for a response - answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ; - - } - - Dbprintf("%d octets read from IDENTIFY request: %x %x %x %x %x %x %x %x %x", answerLen1, - answer1[0], answer1[1], answer1[2], - answer1[3], answer1[4], answer1[5], - answer1[6], answer1[7], answer1[8]); - - Dbprintf("%d octets read from SELECT request: %x %x %x %x %x %x %x %x %x", answerLen2, - answer2[0], answer2[1], answer2[2], - answer2[3], answer2[4], answer2[5], - answer2[6], answer2[7], answer2[8]); - - Dbprintf("%d octets read from XXX request: %x %x %x %x %x %x %x %x %x", answerLen3, - answer3[0], answer3[1], answer3[2], - answer3[3], answer3[4], answer3[5], - answer3[6], answer3[7], answer3[8]); - - -// str2[0]=0; -// for(i = 0; i < responseLen3; i++) { -// itoa(str1,receivedAnswer3[i]); -// strcat(str2,str1); -// } -// DbpString(str2); - - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); -} - -//----------------------------------------------------------------------------- -// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands -// all demodulation performed in arm rather than host. - greg -//----------------------------------------------------------------------------- -void SimTagIso15693(DWORD parameter) -{ - LED_A_ON(); - LED_B_ON(); - LED_C_OFF(); - LED_D_OFF(); - - BYTE *answer1 = (((BYTE *)BigBuf) + 3660); // - int answerLen1 = 0; - - // Blank arrays - memset(answer1, 0, 100); - - // Setup SSC - FpgaSetupSsc(); - - // Start from off (no field generated) - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaSetupSsc(); - - // Give the tags time to energize -// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); // NO GOOD FOR SIM TAG!!!! - SpinDelay(200); - - LED_A_OFF(); - LED_B_OFF(); - LED_C_ON(); - LED_D_OFF(); - - int samples = 0; - int tsamples = 0; - int wait = 0; - int elapsed = 0; - - answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ; - - if (answerLen1 >=1) // we should do a better check than this - { - // Build a suitable reponse to the reader INVENTORY cocmmand - BuildInventoryResponse(); - TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait); - } - - Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1, - answer1[0], answer1[1], answer1[2], - answer1[3], answer1[4], answer1[5], - answer1[6], answer1[7], answer1[8]); - - LED_A_OFF(); - LED_B_OFF(); - LED_C_OFF(); - LED_D_OFF(); -} +//----------------------------------------------------------------------------- +// Routines to support ISO 15693. This includes both the reader software and +// the `fake tag' modes, but at the moment I've implemented only the reader +// stuff, and that barely. +// Jonathan Westhues, split Nov 2006 + +// Modified by Greg Jones, Jan 2009 to perform modulation onboard in arm rather than on PC +// Also added additional reader commands (SELECT, READ etc.) + +//----------------------------------------------------------------------------- +#include +#include "apps.h" + +// FROM winsrc\prox.h ////////////////////////////////// +#define arraylen(x) (sizeof(x)/sizeof((x)[0])) + +//----------------------------------------------------------------------------- +// Map a sequence of octets (~layer 2 command) into the set of bits to feed +// to the FPGA, to transmit that command to the tag. +//----------------------------------------------------------------------------- + + // The sampling rate is 106.353 ksps/s, for T = 18.8 us + + // SOF defined as + // 1) Unmodulated time of 56.64us + // 2) 24 pulses of 423.75khz + // 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz) + + static const int FrameSOF[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, + 1, 1, 1, 1 + }; + static const int Logic0[] = { + 1, 1, 1, 1, + 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1 + }; + static const int Logic1[] = { + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, + 1, 1, 1, 1 + }; + + // EOF defined as + // 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us) + // 2) 24 pulses of 423.75khz + // 3) Unmodulated time of 56.64us + + static const int FrameEOF[] = { + 1, 1, 1, 1, + 1, 1, 1, 1, + -1, -1, -1, -1, + -1, -1, -1, -1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 + }; + +static void CodeIso15693AsReader(BYTE *cmd, int n) +{ + int i, j; + + ToSendReset(); + + // Give it a bit of slack at the beginning + for(i = 0; i < 24; i++) { + ToSendStuffBit(1); + } + + ToSendStuffBit(0); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(0); + ToSendStuffBit(1); + ToSendStuffBit(1); + for(i = 0; i < n; i++) { + for(j = 0; j < 8; j += 2) { + int these = (cmd[i] >> j) & 3; + switch(these) { + case 0: + ToSendStuffBit(1); + ToSendStuffBit(0); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + break; + case 1: + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(0); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + break; + case 2: + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(0); + ToSendStuffBit(1); + ToSendStuffBit(1); + break; + case 3: + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(0); + break; + } + } + } + ToSendStuffBit(1); + ToSendStuffBit(1); + ToSendStuffBit(0); + ToSendStuffBit(1); + + // And slack at the end, too. + for(i = 0; i < 24; i++) { + ToSendStuffBit(1); + } +} + +//----------------------------------------------------------------------------- +// The CRC used by ISO 15693. +//----------------------------------------------------------------------------- +static WORD Crc(BYTE *v, int n) +{ + DWORD reg; + int i, j; + + reg = 0xffff; + for(i = 0; i < n; i++) { + reg = reg ^ ((DWORD)v[i]); + for (j = 0; j < 8; j++) { + if (reg & 0x0001) { + reg = (reg >> 1) ^ 0x8408; + } else { + reg = (reg >> 1); + } + } + } + + return ~reg; +} + +char *strcat(char *dest, const char *src) +{ + size_t dest_len = strlen(dest); + size_t i; + + for (i = 0 ; src[i] != '\0' ; i++) + dest[dest_len + i] = src[i]; + dest[dest_len + i] = '\0'; + + return dest; +} + +////////////////////////////////////////// code to do 'itoa' + +/* reverse: reverse string s in place */ +void reverse(char s[]) +{ + int c, i, j; + + for (i = 0, j = strlen(s)-1; i 0); /* delete it */ + if (sign < 0) + s[i++] = '-'; + s[i] = '\0'; + reverse(s); +} + +//////////////////////////////////////// END 'itoa' CODE + +//----------------------------------------------------------------------------- +// Encode (into the ToSend buffers) an identify request, which is the first +// thing that you must send to a tag to get a response. +//----------------------------------------------------------------------------- +static void BuildIdentifyRequest(void) +{ + BYTE cmd[5]; + + WORD crc; + // one sub-carrier, inventory, 1 slot, fast rate + // AFI is at bit 5 (1<<4) when doing an INVENTORY + cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); + // inventory command code + cmd[1] = 0x01; + // no mask + cmd[2] = 0x00; + //Now the CRC + crc = Crc(cmd, 3); + cmd[3] = crc & 0xff; + cmd[4] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void __attribute__((unused)) BuildSysInfoRequest(BYTE *uid) +{ + BYTE cmd[12]; + + WORD crc; + // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block + // followed by teh block data + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit + // System Information command code + cmd[1] = 0x2B; + // UID may be optionally specified here + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; // always e0 (not exactly unique) + //Now the CRC + crc = Crc(cmd, 10); // the crc needs to be calculated over 2 bytes + cmd[10] = crc & 0xff; + cmd[11] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void BuildSelectRequest( BYTE uid[]) +{ + +// uid[6]=0x31; // this is getting ignored - the uid array is not happening... + BYTE cmd[12]; + + WORD crc; + // one sub-carrier, inventory, 1 slot, fast rate + //cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); // INVENTROY FLAGS + cmd[0] = (1 << 4) | (1 << 5) | (1 << 1); // Select and addressed FLAGS + // SELECT command code + cmd[1] = 0x25; + // 64-bit UID +// cmd[2] = uid[0];//0x32; +// cmd[3]= uid[1];//0x4b; +// cmd[4] = uid[2];//0x03; +// cmd[5] = uid[3];//0x01; +// cmd[6] = uid[4];//0x00; +// cmd[7] = uid[5];//0x10; +// cmd[8] = uid[6];//0x05; + cmd[2] = 0x32;// + cmd[3] = 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; // infineon? + + cmd[9]= 0xe0; // always e0 (not exactly unique) + +// DbpIntegers(cmd[8],cmd[7],cmd[6]); + // Now the CRC + crc = Crc(cmd, 10); // the crc needs to be calculated over 10 bytes + cmd[10] = crc & 0xff; + cmd[11] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void __attribute__((unused)) BuildReadBlockRequest(BYTE *uid, BYTE blockNumber ) +{ + BYTE cmd[13]; + + WORD crc; + // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block + // followed by teh block data + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = (1 << 6)| (1 << 5) | (1 << 1); // no SELECT bit + // READ BLOCK command code + cmd[1] = 0x20; + // UID may be optionally specified here + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; // always e0 (not exactly unique) + // Block number to read + cmd[10] = blockNumber;//0x00; + //Now the CRC + crc = Crc(cmd, 11); // the crc needs to be calculated over 2 bytes + cmd[11] = crc & 0xff; + cmd[12] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void __attribute__((unused)) BuildReadMultiBlockRequest(BYTE *uid) +{ + BYTE cmd[14]; + + WORD crc; + // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block + // followed by teh block data + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit + // READ Multi BLOCK command code + cmd[1] = 0x23; + // UID may be optionally specified here + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; // always e0 (not exactly unique) + // First Block number to read + cmd[10] = 0x00; + // Number of Blocks to read + cmd[11] = 0x2f; // read quite a few + //Now the CRC + crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes + cmd[12] = crc & 0xff; + cmd[13] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void __attribute__((unused)) BuildArbitraryRequest(BYTE *uid,BYTE CmdCode) +{ + BYTE cmd[14]; + + WORD crc; + // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block + // followed by teh block data + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit + // READ BLOCK command code + cmd[1] = CmdCode; + // UID may be optionally specified here + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; // always e0 (not exactly unique) + // Parameter + cmd[10] = 0x00; + cmd[11] = 0x0a; + +// cmd[12] = 0x00; +// cmd[13] = 0x00; //Now the CRC + crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes + cmd[12] = crc & 0xff; + cmd[13] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +static void __attribute__((unused)) BuildArbitraryCustomRequest(BYTE uid[], BYTE CmdCode) +{ + BYTE cmd[14]; + + WORD crc; + // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block + // followed by teh block data + // one sub-carrier, inventory, 1 slot, fast rate + cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit + // READ BLOCK command code + cmd[1] = CmdCode; + // UID may be optionally specified here + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; // always e0 (not exactly unique) + // Parameter + cmd[10] = 0x05; // for custom codes this must be manufcturer code + cmd[11] = 0x00; + +// cmd[12] = 0x00; +// cmd[13] = 0x00; //Now the CRC + crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes + cmd[12] = crc & 0xff; + cmd[13] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +///////////////////////////////////////////////////////////////////////// +// Now the VICC>VCD responses when we are simulating a tag +//////////////////////////////////////////////////////////////////// + + static void BuildInventoryResponse(void) +{ + BYTE cmd[12]; + + WORD crc; + // one sub-carrier, inventory, 1 slot, fast rate + // AFI is at bit 5 (1<<4) when doing an INVENTORY + cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1); + cmd[1] = 0; + // 64-bit UID + cmd[2] = 0x32; + cmd[3]= 0x4b; + cmd[4] = 0x03; + cmd[5] = 0x01; + cmd[6] = 0x00; + cmd[7] = 0x10; + cmd[8] = 0x05; + cmd[9]= 0xe0; + //Now the CRC + crc = Crc(cmd, 10); + cmd[10] = crc & 0xff; + cmd[11] = crc >> 8; + + CodeIso15693AsReader(cmd, sizeof(cmd)); +} + +//----------------------------------------------------------------------------- +// Transmit the command (to the tag) that was placed in ToSend[]. +//----------------------------------------------------------------------------- +static void TransmitTo15693Tag(const BYTE *cmd, int len, int *samples, int *wait) +{ + int c; + +// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); + if(*wait < 10) { *wait = 10; } + +// for(c = 0; c < *wait;) { +// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { +// AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! +// c++; +// } +// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { +// volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; +// (void)r; +// } +// WDT_HIT(); +// } + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = cmd[c]; + c++; + if(c >= len) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + *samples = (c + *wait) << 3; +} + +//----------------------------------------------------------------------------- +// Transmit the command (to the reader) that was placed in ToSend[]. +//----------------------------------------------------------------------------- +static void TransmitTo15693Reader(const BYTE *cmd, int len, int *samples, int *wait) +{ + int c; + +// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR); // No requirement to energise my coils + if(*wait < 10) { *wait = 10; } + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = cmd[c]; + c++; + if(c >= len) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + *samples = (c + *wait) << 3; +} + +static int GetIso15693AnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) +{ + int c = 0; + BYTE *dest = (BYTE *)BigBuf; + int getNext = 0; + + SBYTE prev = 0; + +// NOW READ RESPONSE + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads + c = 0; + getNext = FALSE; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + SBYTE b; + b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; + + // The samples are correlations against I and Q versions of the + // tone that the tag AM-modulates, so every other sample is I, + // every other is Q. We just want power, so abs(I) + abs(Q) is + // close to what we want. + if(getNext) { + SBYTE r; + + if(b < 0) { + r = -b; + } else { + r = b; + } + if(prev < 0) { + r -= prev; + } else { + r += prev; + } + + dest[c++] = (BYTE)r; + + if(c >= 2000) { + break; + } + } else { + prev = b; + } + + getNext = !getNext; + } + } + +////////////////////////////////////////// +/////////// DEMODULATE /////////////////// +////////////////////////////////////////// + + int i, j; + int max = 0, maxPos=0; + + int skip = 4; + +// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL + + // First, correlate for SOF + for(i = 0; i < 100; i++) { + int corr = 0; + for(j = 0; j < arraylen(FrameSOF); j += skip) { + corr += FrameSOF[j]*dest[i+(j/skip)]; + } + if(corr > max) { + max = corr; + maxPos = i; + } + } +// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip)); + + int k = 0; // this will be our return value + + // greg - If correlation is less than 1 then there's little point in continuing + if ((max/(arraylen(FrameSOF)/skip)) >= 1) + { + + i = maxPos + arraylen(FrameSOF)/skip; + + BYTE outBuf[20]; + memset(outBuf, 0, sizeof(outBuf)); + BYTE mask = 0x01; + for(;;) { + int corr0 = 0, corr1 = 0, corrEOF = 0; + for(j = 0; j < arraylen(Logic0); j += skip) { + corr0 += Logic0[j]*dest[i+(j/skip)]; + } + for(j = 0; j < arraylen(Logic1); j += skip) { + corr1 += Logic1[j]*dest[i+(j/skip)]; + } + for(j = 0; j < arraylen(FrameEOF); j += skip) { + corrEOF += FrameEOF[j]*dest[i+(j/skip)]; + } + // Even things out by the length of the target waveform. + corr0 *= 4; + corr1 *= 4; + + if(corrEOF > corr1 && corrEOF > corr0) { +// DbpString("EOF at %d", i); + break; + } else if(corr1 > corr0) { + i += arraylen(Logic1)/skip; + outBuf[k] |= mask; + } else { + i += arraylen(Logic0)/skip; + } + mask <<= 1; + if(mask == 0) { + k++; + mask = 0x01; + } + if((i+(int)arraylen(FrameEOF)) >= 2000) { + DbpString("ran off end!"); + break; + } + } + if(mask != 0x01) { + DbpString("error, uneven octet! (discard extra bits!)"); +/// DbpString(" mask=%02x", mask); + } +// BYTE str1 [8]; +// itoa(k,str1); +// strcat(str1," octets read"); + +// DbpString( str1); // DbpString("%d octets", k); + +// for(i = 0; i < k; i+=3) { +// //DbpString("# %2d: %02x ", i, outBuf[i]); +// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]); +// } + + for(i = 0; i < k; i++) { + receivedResponse[i] = outBuf[i]; + } + } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip)) + return k; // return the number of bytes demodulated + +/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2)); + +} + +// Now the GetISO15693 message from sniffing command +static int GetIso15693AnswerFromSniff(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) +{ + int c = 0; + BYTE *dest = (BYTE *)BigBuf; + int getNext = 0; + + SBYTE prev = 0; + +// NOW READ RESPONSE + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads + c = 0; + getNext = FALSE; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + SBYTE b; + b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; + + // The samples are correlations against I and Q versions of the + // tone that the tag AM-modulates, so every other sample is I, + // every other is Q. We just want power, so abs(I) + abs(Q) is + // close to what we want. + if(getNext) { + SBYTE r; + + if(b < 0) { + r = -b; + } else { + r = b; + } + if(prev < 0) { + r -= prev; + } else { + r += prev; + } + + dest[c++] = (BYTE)r; + + if(c >= 20000) { + break; + } + } else { + prev = b; + } + + getNext = !getNext; + } + } + +////////////////////////////////////////// +/////////// DEMODULATE /////////////////// +////////////////////////////////////////// + + int i, j; + int max = 0, maxPos=0; + + int skip = 4; + +// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL + + // First, correlate for SOF + for(i = 0; i < 19000; i++) { + int corr = 0; + for(j = 0; j < arraylen(FrameSOF); j += skip) { + corr += FrameSOF[j]*dest[i+(j/skip)]; + } + if(corr > max) { + max = corr; + maxPos = i; + } + } +// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip)); + + int k = 0; // this will be our return value + + // greg - If correlation is less than 1 then there's little point in continuing + if ((max/(arraylen(FrameSOF)/skip)) >= 1) // THIS SHOULD BE 1 + { + + i = maxPos + arraylen(FrameSOF)/skip; + + BYTE outBuf[20]; + memset(outBuf, 0, sizeof(outBuf)); + BYTE mask = 0x01; + for(;;) { + int corr0 = 0, corr1 = 0, corrEOF = 0; + for(j = 0; j < arraylen(Logic0); j += skip) { + corr0 += Logic0[j]*dest[i+(j/skip)]; + } + for(j = 0; j < arraylen(Logic1); j += skip) { + corr1 += Logic1[j]*dest[i+(j/skip)]; + } + for(j = 0; j < arraylen(FrameEOF); j += skip) { + corrEOF += FrameEOF[j]*dest[i+(j/skip)]; + } + // Even things out by the length of the target waveform. + corr0 *= 4; + corr1 *= 4; + + if(corrEOF > corr1 && corrEOF > corr0) { +// DbpString("EOF at %d", i); + break; + } else if(corr1 > corr0) { + i += arraylen(Logic1)/skip; + outBuf[k] |= mask; + } else { + i += arraylen(Logic0)/skip; + } + mask <<= 1; + if(mask == 0) { + k++; + mask = 0x01; + } + if((i+(int)arraylen(FrameEOF)) >= 2000) { + DbpString("ran off end!"); + break; + } + } + if(mask != 0x01) { + DbpString("error, uneven octet! (discard extra bits!)"); +/// DbpString(" mask=%02x", mask); + } +// BYTE str1 [8]; +// itoa(k,str1); +// strcat(str1," octets read"); + +// DbpString( str1); // DbpString("%d octets", k); + +// for(i = 0; i < k; i+=3) { +// //DbpString("# %2d: %02x ", i, outBuf[i]); +// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]); +// } + + for(i = 0; i < k; i++) { + receivedResponse[i] = outBuf[i]; + } + } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip)) + return k; // return the number of bytes demodulated + +/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2)); +} + +//----------------------------------------------------------------------------- +// Start to read an ISO 15693 tag. We send an identify request, then wait +// for the response. The response is not demodulated, just left in the buffer +// so that it can be downloaded to a PC and processed there. +//----------------------------------------------------------------------------- +void AcquireRawAdcSamplesIso15693(void) +{ + int c = 0; + BYTE *dest = (BYTE *)BigBuf; + int getNext = 0; + + SBYTE prev = 0; + + BuildIdentifyRequest(); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + // Give the tags time to energize + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + SpinDelay(100); + + // Now send the command + FpgaSetupSsc(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); + + c = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = ToSend[c]; + c++; + if(c == ToSendMax+3) { + break; + } + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; + (void)r; + } + WDT_HIT(); + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + + c = 0; + getNext = FALSE; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + SBYTE b; + b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; + + // The samples are correlations against I and Q versions of the + // tone that the tag AM-modulates, so every other sample is I, + // every other is Q. We just want power, so abs(I) + abs(Q) is + // close to what we want. + if(getNext) { + SBYTE r; + + if(b < 0) { + r = -b; + } else { + r = b; + } + if(prev < 0) { + r -= prev; + } else { + r += prev; + } + + dest[c++] = (BYTE)r; + + if(c >= 2000) { + break; + } + } else { + prev = b; + } + + getNext = !getNext; + } + } +} + +//----------------------------------------------------------------------------- +// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector +// all demodulation performed in arm rather than host. - greg +//----------------------------------------------------------------------------- +void ReaderIso15693(DWORD parameter) +{ + LED_A_ON(); + LED_B_ON(); + LED_C_OFF(); + LED_D_OFF(); + +//DbpString(parameter); + + //BYTE *answer0 = (((BYTE *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much) + BYTE *answer1 = (((BYTE *)BigBuf) + 3660); // + BYTE *answer2 = (((BYTE *)BigBuf) + 3760); + BYTE *answer3 = (((BYTE *)BigBuf) + 3860); + //BYTE *TagUID= (((BYTE *)BigBuf) + 3960); // where we hold the uid for hi15reader +// int answerLen0 = 0; + int answerLen1 = 0; + int answerLen2 = 0; + int answerLen3 = 0; + + // Blank arrays + memset(BigBuf + 3660, 0, 300); + + // Setup SSC + FpgaSetupSsc(); + + // Start from off (no field generated) + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Give the tags time to energize + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); + SpinDelay(200); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + LED_D_OFF(); + + int samples = 0; + int tsamples = 0; + int wait = 0; + int elapsed = 0; + + // FIRST WE RUN AN INVENTORY TO GET THE TAG UID + // THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME + BYTE TagUID[7]; // where we hold the uid for hi15reader + +// BuildIdentifyRequest(); +// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); +// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 +// // Now wait for a response +// responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ; +// if (responseLen0 >=12) // we should do a better check than this +// { +// // really we should check it is a valid mesg +// // but for now just grab what we think is the uid +// TagUID[0] = receivedAnswer0[2]; +// TagUID[1] = receivedAnswer0[3]; +// TagUID[2] = receivedAnswer0[4]; +// TagUID[3] = receivedAnswer0[5]; +// TagUID[4] = receivedAnswer0[6]; +// TagUID[5] = receivedAnswer0[7]; +// TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code +// DbpIntegers(TagUID[6],TagUID[5],TagUID[4]); +//} + + // Now send the IDENTIFY command + BuildIdentifyRequest(); + //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); + TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 + // Now wait for a response + answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ; + + if (answerLen1 >=12) // we should do a better check than this + { + + TagUID[0] = answer1[2]; + TagUID[1] = answer1[3]; + TagUID[2] = answer1[4]; + TagUID[3] = answer1[5]; + TagUID[4] = answer1[6]; + TagUID[5] = answer1[7]; + TagUID[6] = answer1[8]; // IC Manufacturer code + + // Now send the SELECT command + BuildSelectRequest(TagUID); + TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 + // Now wait for a response + answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed); + + // Now send the MULTI READ command +// BuildArbitraryRequest(*TagUID,parameter); + BuildArbitraryCustomRequest(TagUID,parameter); +// BuildReadBlockRequest(*TagUID,parameter); +// BuildSysInfoRequest(*TagUID); + //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait); + TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3 + // Now wait for a response + answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ; + + } + + Dbprintf("%d octets read from IDENTIFY request: %x %x %x %x %x %x %x %x %x", answerLen1, + answer1[0], answer1[1], answer1[2], + answer1[3], answer1[4], answer1[5], + answer1[6], answer1[7], answer1[8]); + + Dbprintf("%d octets read from SELECT request: %x %x %x %x %x %x %x %x %x", answerLen2, + answer2[0], answer2[1], answer2[2], + answer2[3], answer2[4], answer2[5], + answer2[6], answer2[7], answer2[8]); + + Dbprintf("%d octets read from XXX request: %x %x %x %x %x %x %x %x %x", answerLen3, + answer3[0], answer3[1], answer3[2], + answer3[3], answer3[4], answer3[5], + answer3[6], answer3[7], answer3[8]); + + +// str2[0]=0; +// for(i = 0; i < responseLen3; i++) { +// itoa(str1,receivedAnswer3[i]); +// strcat(str2,str1); +// } +// DbpString(str2); + + LED_A_OFF(); + LED_B_OFF(); + LED_C_OFF(); + LED_D_OFF(); +} + +//----------------------------------------------------------------------------- +// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands +// all demodulation performed in arm rather than host. - greg +//----------------------------------------------------------------------------- +void SimTagIso15693(DWORD parameter) +{ + LED_A_ON(); + LED_B_ON(); + LED_C_OFF(); + LED_D_OFF(); + + BYTE *answer1 = (((BYTE *)BigBuf) + 3660); // + int answerLen1 = 0; + + // Blank arrays + memset(answer1, 0, 100); + + // Setup SSC + FpgaSetupSsc(); + + // Start from off (no field generated) + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaSetupSsc(); + + // Give the tags time to energize +// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); // NO GOOD FOR SIM TAG!!!! + SpinDelay(200); + + LED_A_OFF(); + LED_B_OFF(); + LED_C_ON(); + LED_D_OFF(); + + int samples = 0; + int tsamples = 0; + int wait = 0; + int elapsed = 0; + + answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ; + + if (answerLen1 >=1) // we should do a better check than this + { + // Build a suitable reponse to the reader INVENTORY cocmmand + BuildInventoryResponse(); + TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait); + } + + Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1, + answer1[0], answer1[1], answer1[2], + answer1[3], answer1[4], answer1[5], + answer1[6], answer1[7], answer1[8]); + + LED_A_OFF(); + LED_B_OFF(); + LED_C_OFF(); + LED_D_OFF(); +} diff --git a/armsrc/ldscript b/armsrc/ldscript index cc5ce4e02..61eaa5d79 100644 --- a/armsrc/ldscript +++ b/armsrc/ldscript @@ -1,41 +1,41 @@ -INCLUDE ../common/ldscript.common - -ENTRY(Vector) -SECTIONS -{ - .fpgaimage : { - *(fpga_bit.data) - } >fpgaimage - .start : { *(.startos) } >osimage - .text : { - *(.text) - *(.text.*) - *(.eh_frame) - *(.glue_7) - *(.glue_7t) - *(.rodata) - *(.rodata*) - *(.version_information) - } >osimage - __end_of_text__ = .; - - .data : { - __data_start__ = .; - __data_src_start__ = __end_of_text__; - *(.data) - *(.data.*) - __data_end__ = .; - } >ram AT>osimage - - .bss : { - __bss_start__ = .; - *(.bss) - *(.bss.*) - } >ram - . = ALIGN(32 / 8); - __bss_end__ = .; - - .commonarea (NOLOAD) : { - *(.commonarea) - } >commonarea -} +INCLUDE ../common/ldscript.common + +ENTRY(Vector) +SECTIONS +{ + .fpgaimage : { + *(fpga_bit.data) + } >fpgaimage + .start : { *(.startos) } >osimage + .text : { + *(.text) + *(.text.*) + *(.eh_frame) + *(.glue_7) + *(.glue_7t) + *(.rodata) + *(.rodata*) + *(.version_information) + } >osimage + __end_of_text__ = .; + + .data : { + __data_start__ = .; + __data_src_start__ = __end_of_text__; + *(.data) + *(.data.*) + __data_end__ = .; + } >ram AT>osimage + + .bss : { + __bss_start__ = .; + *(.bss) + *(.bss.*) + } >ram + . = ALIGN(32 / 8); + __bss_end__ = .; + + .commonarea (NOLOAD) : { + *(.commonarea) + } >commonarea +} diff --git a/armsrc/lfops.c b/armsrc/lfops.c index a7e1f1df1..14cc33a4a 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1,971 +1,971 @@ -//----------------------------------------------------------------------------- -// Miscellaneous routines for low frequency tag operations. -// Tags supported here so far are Texas Instruments (TI), HID -// Also routines for raw mode reading/simulating of LF waveform -// -//----------------------------------------------------------------------------- -#include -#include "apps.h" -#include "hitag2.h" -#include "crc16.h" - -void AcquireRawAdcSamples125k(BOOL at134khz) -{ - if (at134khz) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - // Now call the acquisition routine - DoAcquisition125k(); -} - -// split into two routines so we can avoid timing issues after sending commands // -void DoAcquisition125k(void) -{ - BYTE *dest = (BYTE *)BigBuf; - int n = sizeof(BigBuf); - int i; - - memset(dest, 0, n); - i = 0; - for(;;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x43; - LED_D_ON(); - } - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; - i++; - LED_D_OFF(); - if (i >= n) break; - } - } - Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", - dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); -} - -void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, BYTE *command) -{ - BOOL at134khz; - - /* Make sure the tag is reset */ - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(2500); - - // see if 'h' was specified - if (command[strlen((char *) command) - 1] == 'h') - at134khz = TRUE; - else - at134khz = FALSE; - - if (at134khz) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - // And a little more time for the tag to fully power up - SpinDelay(2000); - - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - // now modulate the reader field - while(*command != '\0' && *command != ' ') { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - if (at134khz) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - LED_D_ON(); - if(*(command++) == '0') - SpinDelayUs(period_0); - else - SpinDelayUs(period_1); - } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - SpinDelayUs(delay_off); - if (at134khz) - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - else - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - - // now do the read - DoAcquisition125k(); -} - -/* blank r/w tag data stream -...0000000000000000 01111111 -1010101010101010101010101010101010101010101010101010101010101010 -0011010010100001 -01111111 -101010101010101[0]000... - -[5555fe852c5555555555555555fe0000] -*/ -void ReadTItag(void) -{ - // some hardcoded initial params - // when we read a TI tag we sample the zerocross line at 2Mhz - // TI tags modulate a 1 as 16 cycles of 123.2Khz - // TI tags modulate a 0 as 16 cycles of 134.2Khz - #define FSAMPLE 2000000 - #define FREQLO 123200 - #define FREQHI 134200 - - signed char *dest = (signed char *)BigBuf; - int n = sizeof(BigBuf); -// int *dest = GraphBuffer; -// int n = GraphTraceLen; - - // 128 bit shift register [shift3:shift2:shift1:shift0] - DWORD shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; - - int i, cycles=0, samples=0; - // how many sample points fit in 16 cycles of each frequency - DWORD sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; - // when to tell if we're close enough to one freq or another - DWORD threshold = (sampleslo - sampleshi + 1)>>1; - - // TI tags charge at 134.2Khz - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - - // get TI tag data into the buffer - AcquireTiType(); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - - for (i=0; i0) ) { - cycles++; - // after 16 cycles, measure the frequency - if (cycles>15) { - cycles=0; - samples=i-samples; // number of samples in these 16 cycles - - // TI bits are coming to us lsb first so shift them - // right through our 128 bit right shift register - shift0 = (shift0>>1) | (shift1 << 31); - shift1 = (shift1>>1) | (shift2 << 31); - shift2 = (shift2>>1) | (shift3 << 31); - shift3 >>= 1; - - // check if the cycles fall close to the number - // expected for either the low or high frequency - if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { - // low frequency represents a 1 - shift3 |= (1<<31); - } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { - // high frequency represents a 0 - } else { - // probably detected a gay waveform or noise - // use this as gaydar or discard shift register and start again - shift3 = shift2 = shift1 = shift0 = 0; - } - samples = i; - - // for each bit we receive, test if we've detected a valid tag - - // if we see 17 zeroes followed by 6 ones, we might have a tag - // remember the bits are backwards - if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { - // if start and end bytes match, we have a tag so break out of the loop - if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { - cycles = 0xF0B; //use this as a flag (ugly but whatever) - break; - } - } - } - } - } - - // if flag is set we have a tag - if (cycles!=0xF0B) { - DbpString("Info: No valid tag detected."); - } else { - // put 64 bit data into shift1 and shift0 - shift0 = (shift0>>24) | (shift1 << 8); - shift1 = (shift1>>24) | (shift2 << 8); - - // align 16 bit crc into lower half of shift2 - shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; - - // if r/w tag, check ident match - if ( shift3&(1<<15) ) { - DbpString("Info: TI tag is rewriteable"); - // only 15 bits compare, last bit of ident is not valid - if ( ((shift3>>16)^shift0)&0x7fff ) { - DbpString("Error: Ident mismatch!"); - } else { - DbpString("Info: TI tag ident is valid"); - } - } else { - DbpString("Info: TI tag is readonly"); - } - - // WARNING the order of the bytes in which we calc crc below needs checking - // i'm 99% sure the crc algorithm is correct, but it may need to eat the - // bytes in reverse or something - // calculate CRC - DWORD crc=0; - - crc = update_crc16(crc, (shift0)&0xff); - crc = update_crc16(crc, (shift0>>8)&0xff); - crc = update_crc16(crc, (shift0>>16)&0xff); - crc = update_crc16(crc, (shift0>>24)&0xff); - crc = update_crc16(crc, (shift1)&0xff); - crc = update_crc16(crc, (shift1>>8)&0xff); - crc = update_crc16(crc, (shift1>>16)&0xff); - crc = update_crc16(crc, (shift1>>24)&0xff); - - Dbprintf("Info: Tag data: %x%08x, crc=%x", - (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); - if (crc != (shift2&0xffff)) { - Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); - } else { - DbpString("Info: CRC is good"); - } - } -} - -void WriteTIbyte(BYTE b) -{ - int i = 0; - - // modulate 8 bits out to the antenna - for (i=0; i<8; i++) - { - if (b&(1<PIO_PDR = GPIO_SSC_DIN; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; - - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; - AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; - - // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long - // 48/2 = 24 MHz clock must be divided by 12 - AT91C_BASE_SSC->SSC_CMR = 12; - - AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); - AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; - AT91C_BASE_SSC->SSC_TCMR = 0; - AT91C_BASE_SSC->SSC_TFMR = 0; - - LED_D_ON(); - - // modulate antenna - HIGH(GPIO_SSC_DOUT); - - // Charge TI tag for 50ms. - SpinDelay(50); - - // stop modulating antenna and listen - LOW(GPIO_SSC_DOUT); - - LED_D_OFF(); - - i = 0; - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { - BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer - i++; if(i >= TIBUFLEN) break; - } - WDT_HIT(); - } - - // return stolen pin to SSP - AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; - - char *dest = (char *)BigBuf; - n = TIBUFLEN*32; - // unpack buffer - for (i=TIBUFLEN-1; i>=0; i--) { - for (j=0; j<32; j++) { - if(BigBuf[i] & (1 << j)) { - dest[--n] = 1; - } else { - dest[--n] = -1; - } - } - } -} - -// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc -// if crc provided, it will be written with the data verbatim (even if bogus) -// if not provided a valid crc will be computed from the data and written. -void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) -{ - if(crc == 0) { - crc = update_crc16(crc, (idlo)&0xff); - crc = update_crc16(crc, (idlo>>8)&0xff); - crc = update_crc16(crc, (idlo>>16)&0xff); - crc = update_crc16(crc, (idlo>>24)&0xff); - crc = update_crc16(crc, (idhi)&0xff); - crc = update_crc16(crc, (idhi>>8)&0xff); - crc = update_crc16(crc, (idhi>>16)&0xff); - crc = update_crc16(crc, (idhi>>24)&0xff); - } - Dbprintf("Writing to tag: %x%08x, crc=%x", - (unsigned int) idhi, (unsigned int) idlo, crc); - - // TI tags charge at 134.2Khz - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz - // Place FPGA in passthrough mode, in this mode the CROSS_LO line - // connects to SSP_DIN and the SSP_DOUT logic level controls - // whether we're modulating the antenna (high) - // or listening to the antenna (low) - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); - LED_A_ON(); - - // steal this pin from the SSP and use it to control the modulation - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - - // writing algorithm: - // a high bit consists of a field off for 1ms and field on for 1ms - // a low bit consists of a field off for 0.3ms and field on for 1.7ms - // initiate a charge time of 50ms (field on) then immediately start writing bits - // start by writing 0xBB (keyword) and 0xEB (password) - // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) - // finally end with 0x0300 (write frame) - // all data is sent lsb firts - // finish with 15ms programming time - - // modulate antenna - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // charge time - - WriteTIbyte(0xbb); // keyword - WriteTIbyte(0xeb); // password - WriteTIbyte( (idlo )&0xff ); - WriteTIbyte( (idlo>>8 )&0xff ); - WriteTIbyte( (idlo>>16)&0xff ); - WriteTIbyte( (idlo>>24)&0xff ); - WriteTIbyte( (idhi )&0xff ); - WriteTIbyte( (idhi>>8 )&0xff ); - WriteTIbyte( (idhi>>16)&0xff ); - WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo - WriteTIbyte( (crc )&0xff ); // crc lo - WriteTIbyte( (crc>>8 )&0xff ); // crc hi - WriteTIbyte(0x00); // write frame lo - WriteTIbyte(0x03); // write frame hi - HIGH(GPIO_SSC_DOUT); - SpinDelay(50); // programming time - - LED_A_OFF(); - - // get TI tag data into the buffer - AcquireTiType(); - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("Now use tiread to check"); -} - -void SimulateTagLowFrequency(int period, int gap, int ledcontrol) -{ - int i; - BYTE *tab = (BYTE *)BigBuf; - - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR); - - AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; - - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; - -#define SHORT_COIL() LOW(GPIO_SSC_DOUT) -#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) - - i = 0; - for(;;) { - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } - - if (ledcontrol) - LED_D_ON(); - - if(tab[i]) - OPEN_COIL(); - else - SHORT_COIL(); - - if (ledcontrol) - LED_D_OFF(); - - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { - if(BUTTON_PRESS()) { - DbpString("Stopped"); - return; - } - WDT_HIT(); - } - - i++; - if(i == period) { - i = 0; - if (gap) { - SHORT_COIL(); - SpinDelayUs(gap); - } - } - } -} - -/* Provides a framework for bidirectional LF tag communication - * Encoding is currently Hitag2, but the general idea can probably - * be transferred to other encodings. - * - * The new FPGA code will, for the LF simulator mode, give on SSC_FRAME - * (PA15) a thresholded version of the signal from the ADC. Setting the - * ADC path to the low frequency peak detection signal, will enable a - * somewhat reasonable receiver for modulation on the carrier signal - * that is generated by the reader. The signal is low when the reader - * field is switched off, and high when the reader field is active. Due - * to the way that the signal looks like, mostly only the rising edge is - * useful, your mileage may vary. - * - * Neat perk: PA15 can not only be used as a bit-banging GPIO, but is also - * TIOA1, which can be used as the capture input for timer 1. This should - * make it possible to measure the exact edge-to-edge time, without processor - * intervention. - * - * Arguments: divisor is the divisor to be sent to the FPGA (e.g. 95 for 125kHz) - * t0 is the carrier frequency cycle duration in terms of MCK (384 for 125kHz) - * - * The following defines are in carrier periods: - */ -#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ -#define HITAG_T_1_MIN 24 /* T[1] should be 26..30 */ -#define HITAG_T_EOF 40 /* T_EOF should be > 36 */ -#define HITAG_T_WRESP 208 /* T_wresp should be 204..212 */ - -static void hitag_handle_frame(int t0, int frame_len, char *frame); -//#define DEBUG_RA_VALUES 1 -#define DEBUG_FRAME_CONTENTS 1 -void SimulateTagLowFrequencyBidir(int divisor, int t0) -{ -#if DEBUG_RA_VALUES || DEBUG_FRAME_CONTENTS - int i = 0; -#endif - char frame[10]; - int frame_pos=0; - - DbpString("Starting Hitag2 emulator, press button to end"); - hitag2_init(); - - /* Set up simulator mode, frequency divisor which will drive the FPGA - * and analog mux selection. - */ - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - RELAY_OFF(); - - /* Set up Timer 1: - * Capture mode, timer source MCK/2 (TIMER_CLOCK1), TIOA is external trigger, - * external trigger rising edge, load RA on rising edge of TIOA, load RB on rising - * edge of TIOA. Assign PA15 to TIOA1 (peripheral B) - */ - - AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); - AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC1->TC_CMR = TC_CMR_TCCLKS_TIMER_CLOCK1 | - AT91C_TC_ETRGEDG_RISING | - AT91C_TC_ABETRG | - AT91C_TC_LDRA_RISING | - AT91C_TC_LDRB_RISING; - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | - AT91C_TC_SWTRG; - - /* calculate the new value for the carrier period in terms of TC1 values */ - t0 = t0/2; - - int overflow = 0; - while(!BUTTON_PRESS()) { - WDT_HIT(); - if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - int ra = AT91C_BASE_TC1->TC_RA; - if((ra > t0*HITAG_T_EOF) | overflow) ra = t0*HITAG_T_EOF+1; -#if DEBUG_RA_VALUES - if(ra > 255 || overflow) ra = 255; - ((char*)BigBuf)[i] = ra; - i = (i+1) % 8000; -#endif - - if(overflow || (ra > t0*HITAG_T_EOF) || (ra < t0*HITAG_T_0_MIN)) { - /* Ignore */ - } else if(ra >= t0*HITAG_T_1_MIN ) { - /* '1' bit */ - if(frame_pos < 8*sizeof(frame)) { - frame[frame_pos / 8] |= 1<<( 7-(frame_pos%8) ); - frame_pos++; - } - } else if(ra >= t0*HITAG_T_0_MIN) { - /* '0' bit */ - if(frame_pos < 8*sizeof(frame)) { - frame[frame_pos / 8] |= 0<<( 7-(frame_pos%8) ); - frame_pos++; - } - } - - overflow = 0; - LED_D_ON(); - } else { - if(AT91C_BASE_TC1->TC_CV > t0*HITAG_T_EOF) { - /* Minor nuisance: In Capture mode, the timer can not be - * stopped by a Compare C. There's no way to stop the clock - * in software, so we'll just have to note the fact that an - * overflow happened and the next loaded timer value might - * have wrapped. Also, this marks the end of frame, and the - * still running counter can be used to determine the correct - * time for the start of the reply. - */ - overflow = 1; - - if(frame_pos > 0) { - /* Have a frame, do something with it */ -#if DEBUG_FRAME_CONTENTS - ((char*)BigBuf)[i++] = frame_pos; - memcpy( ((char*)BigBuf)+i, frame, 7); - i+=7; - i = i % sizeof(BigBuf); -#endif - hitag_handle_frame(t0, frame_pos, frame); - memset(frame, 0, sizeof(frame)); - } - frame_pos = 0; - - } - LED_D_OFF(); - } - } - DbpString("All done"); -} - -static void hitag_send_bit(int t0, int bit) { - if(bit == 1) { - /* Manchester: Loaded, then unloaded */ - LED_A_ON(); - SHORT_COIL(); - while(AT91C_BASE_TC1->TC_CV < t0*15); - OPEN_COIL(); - while(AT91C_BASE_TC1->TC_CV < t0*31); - LED_A_OFF(); - } else if(bit == 0) { - /* Manchester: Unloaded, then loaded */ - LED_B_ON(); - OPEN_COIL(); - while(AT91C_BASE_TC1->TC_CV < t0*15); - SHORT_COIL(); - while(AT91C_BASE_TC1->TC_CV < t0*31); - LED_B_OFF(); - } - AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset clock for the next bit */ - -} -static void hitag_send_frame(int t0, int frame_len, const char const * frame, int fdt) -{ - OPEN_COIL(); - AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; - - /* Wait for HITAG_T_WRESP carrier periods after the last reader bit, - * not that since the clock counts since the rising edge, but T_wresp is - * with respect to the falling edge, we need to wait actually (T_wresp - T_g) - * periods. The gap time T_g varies (4..10). - */ - while(AT91C_BASE_TC1->TC_CV < t0*(fdt-8)); - - int saved_cmr = AT91C_BASE_TC1->TC_CMR; - AT91C_BASE_TC1->TC_CMR &= ~AT91C_TC_ETRGEDG; /* Disable external trigger for the clock */ - AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset the clock and use it for response timing */ - - int i; - for(i=0; i<5; i++) - hitag_send_bit(t0, 1); /* Start of frame */ - - for(i=0; iTC_CMR = saved_cmr; -} - -/* Callback structure to cleanly separate tag emulation code from the radio layer. */ -static int hitag_cb(const char* response_data, const int response_length, const int fdt, void *cb_cookie) -{ - hitag_send_frame(*(int*)cb_cookie, response_length, response_data, fdt); - return 0; -} -/* Frame length in bits, frame contents in MSBit first format */ -static void hitag_handle_frame(int t0, int frame_len, char *frame) -{ - hitag2_handle_command(frame, frame_len, hitag_cb, &t0); -} - -// compose fc/8 fc/10 waveform -static void fc(int c, int *n) { - BYTE *dest = (BYTE *)BigBuf; - int idx; - - // for when we want an fc8 pattern every 4 logical bits - if(c==0) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples - if(c==8) { - for (idx=0; idx<6; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } - - // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples - if(c==10) { - for (idx=0; idx<5; idx++) { - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=1; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - dest[((*n)++)]=0; - } - } -} - -// prepare a waveform pattern in the buffer based on the ID given then -// simulate a HID tag until the button is pressed -void CmdHIDsimTAG(int hi, int lo, int ledcontrol) -{ - int n=0, i=0; - /* - HID tag bitstream format - The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits - A 1 bit is represented as 6 fc8 and 5 fc10 patterns - A 0 bit is represented as 5 fc10 and 6 fc8 patterns - A fc8 is inserted before every 4 bits - A special start of frame pattern is used consisting a0b0 where a and b are neither 0 - nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) - */ - - if (hi>0xFFF) { - DbpString("Tags can only have 44 bits."); - return; - } - fc(0,&n); - // special start of frame marker containing invalid bit sequences - fc(8, &n); fc(8, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 - fc(10, &n); fc(10, &n); // invalid - fc(8, &n); fc(10, &n); // logical 0 - - WDT_HIT(); - // manchester encode bits 43 to 32 - for (i=11; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((hi>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } - - WDT_HIT(); - // manchester encode bits 31 to 0 - for (i=31; i>=0; i--) { - if ((i%4)==3) fc(0,&n); - if ((lo>>i)&1) { - fc(10, &n); fc(8, &n); // low-high transition - } else { - fc(8, &n); fc(10, &n); // high-low transition - } - } - - if (ledcontrol) - LED_A_ON(); - SimulateTagLowFrequency(n, 0, ledcontrol); - - if (ledcontrol) - LED_A_OFF(); -} - - -// loop to capture raw HID waveform then FSK demodulate the TAG ID from it -void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) -{ - BYTE *dest = (BYTE *)BigBuf; - int m=0, n=0, i=0, idx=0, found=0, lastval=0; - DWORD hi=0, lo=0; - - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); - - // Connect the A/D to the peak-detected low-frequency path. - SetAdcMuxFor(GPIO_MUXSEL_LOPKD); - - // Give it a bit of time for the resonant antenna to settle. - SpinDelay(50); - - // Now set up the SSC to get the ADC samples that are now streaming at us. - FpgaSetupSsc(); - - for(;;) { - WDT_HIT(); - if (ledcontrol) - LED_A_ON(); - if(BUTTON_PRESS()) { - DbpString("Stopped"); - if (ledcontrol) - LED_A_OFF(); - return; - } - - i = 0; - m = sizeof(BigBuf); - memset(dest,128,m); - for(;;) { - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x43; - if (ledcontrol) - LED_D_ON(); - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; - // we don't care about actual value, only if it's more or less than a - // threshold essentially we capture zero crossings for later analysis - if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; - i++; - if (ledcontrol) - LED_D_OFF(); - if(i >= m) { - break; - } - } - } - - // FSK demodulator - - // sync to first lo-hi transition - for( idx=1; idx>1) & 0xFFFF); - /* if we're only looking for one tag */ - if (findone) - { - *high = hi; - *low = lo; - return; - } - hi=0; - lo=0; - found=0; - } - } - if (found) { - if (dest[idx] && (!dest[idx+1]) ) { - hi=(hi<<1)|(lo>>31); - lo=(lo<<1)|0; - } else if ( (!dest[idx]) && dest[idx+1]) { - hi=(hi<<1)|(lo>>31); - lo=(lo<<1)|1; - } else { - found=0; - hi=0; - lo=0; - } - idx++; - } - if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) ) - { - found=1; - idx+=6; - if (found && (hi|lo)) { - Dbprintf("TAG ID: %x%08x (%d)", - (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); - /* if we're only looking for one tag */ - if (findone) - { - *high = hi; - *low = lo; - return; - } - hi=0; - lo=0; - found=0; - } - } - } - WDT_HIT(); - } -} +//----------------------------------------------------------------------------- +// Miscellaneous routines for low frequency tag operations. +// Tags supported here so far are Texas Instruments (TI), HID +// Also routines for raw mode reading/simulating of LF waveform +// +//----------------------------------------------------------------------------- +#include +#include "apps.h" +#include "hitag2.h" +#include "crc16.h" + +void AcquireRawAdcSamples125k(BOOL at134khz) +{ + if (at134khz) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + else + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + + // Give it a bit of time for the resonant antenna to settle. + SpinDelay(50); + + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + // Now call the acquisition routine + DoAcquisition125k(); +} + +// split into two routines so we can avoid timing issues after sending commands // +void DoAcquisition125k(void) +{ + BYTE *dest = (BYTE *)BigBuf; + int n = sizeof(BigBuf); + int i; + + memset(dest, 0, n); + i = 0; + for(;;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x43; + LED_D_ON(); + } + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; + i++; + LED_D_OFF(); + if (i >= n) break; + } + } + Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", + dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); +} + +void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, BYTE *command) +{ + BOOL at134khz; + + /* Make sure the tag is reset */ + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(2500); + + // see if 'h' was specified + if (command[strlen((char *) command) - 1] == 'h') + at134khz = TRUE; + else + at134khz = FALSE; + + if (at134khz) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + else + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + + // Give it a bit of time for the resonant antenna to settle. + SpinDelay(50); + // And a little more time for the tag to fully power up + SpinDelay(2000); + + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + // now modulate the reader field + while(*command != '\0' && *command != ' ') { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + if (at134khz) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + else + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + LED_D_ON(); + if(*(command++) == '0') + SpinDelayUs(period_0); + else + SpinDelayUs(period_1); + } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelayUs(delay_off); + if (at134khz) + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + else + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + + // now do the read + DoAcquisition125k(); +} + +/* blank r/w tag data stream +...0000000000000000 01111111 +1010101010101010101010101010101010101010101010101010101010101010 +0011010010100001 +01111111 +101010101010101[0]000... + +[5555fe852c5555555555555555fe0000] +*/ +void ReadTItag(void) +{ + // some hardcoded initial params + // when we read a TI tag we sample the zerocross line at 2Mhz + // TI tags modulate a 1 as 16 cycles of 123.2Khz + // TI tags modulate a 0 as 16 cycles of 134.2Khz + #define FSAMPLE 2000000 + #define FREQLO 123200 + #define FREQHI 134200 + + signed char *dest = (signed char *)BigBuf; + int n = sizeof(BigBuf); +// int *dest = GraphBuffer; +// int n = GraphTraceLen; + + // 128 bit shift register [shift3:shift2:shift1:shift0] + DWORD shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0; + + int i, cycles=0, samples=0; + // how many sample points fit in 16 cycles of each frequency + DWORD sampleslo = (FSAMPLE<<4)/FREQLO, sampleshi = (FSAMPLE<<4)/FREQHI; + // when to tell if we're close enough to one freq or another + DWORD threshold = (sampleslo - sampleshi + 1)>>1; + + // TI tags charge at 134.2Khz + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + + // get TI tag data into the buffer + AcquireTiType(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + + for (i=0; i0) ) { + cycles++; + // after 16 cycles, measure the frequency + if (cycles>15) { + cycles=0; + samples=i-samples; // number of samples in these 16 cycles + + // TI bits are coming to us lsb first so shift them + // right through our 128 bit right shift register + shift0 = (shift0>>1) | (shift1 << 31); + shift1 = (shift1>>1) | (shift2 << 31); + shift2 = (shift2>>1) | (shift3 << 31); + shift3 >>= 1; + + // check if the cycles fall close to the number + // expected for either the low or high frequency + if ( (samples>(sampleslo-threshold)) && (samples<(sampleslo+threshold)) ) { + // low frequency represents a 1 + shift3 |= (1<<31); + } else if ( (samples>(sampleshi-threshold)) && (samples<(sampleshi+threshold)) ) { + // high frequency represents a 0 + } else { + // probably detected a gay waveform or noise + // use this as gaydar or discard shift register and start again + shift3 = shift2 = shift1 = shift0 = 0; + } + samples = i; + + // for each bit we receive, test if we've detected a valid tag + + // if we see 17 zeroes followed by 6 ones, we might have a tag + // remember the bits are backwards + if ( ((shift0 & 0x7fffff) == 0x7e0000) ) { + // if start and end bytes match, we have a tag so break out of the loop + if ( ((shift0>>16)&0xff) == ((shift3>>8)&0xff) ) { + cycles = 0xF0B; //use this as a flag (ugly but whatever) + break; + } + } + } + } + } + + // if flag is set we have a tag + if (cycles!=0xF0B) { + DbpString("Info: No valid tag detected."); + } else { + // put 64 bit data into shift1 and shift0 + shift0 = (shift0>>24) | (shift1 << 8); + shift1 = (shift1>>24) | (shift2 << 8); + + // align 16 bit crc into lower half of shift2 + shift2 = ((shift2>>24) | (shift3 << 8)) & 0x0ffff; + + // if r/w tag, check ident match + if ( shift3&(1<<15) ) { + DbpString("Info: TI tag is rewriteable"); + // only 15 bits compare, last bit of ident is not valid + if ( ((shift3>>16)^shift0)&0x7fff ) { + DbpString("Error: Ident mismatch!"); + } else { + DbpString("Info: TI tag ident is valid"); + } + } else { + DbpString("Info: TI tag is readonly"); + } + + // WARNING the order of the bytes in which we calc crc below needs checking + // i'm 99% sure the crc algorithm is correct, but it may need to eat the + // bytes in reverse or something + // calculate CRC + DWORD crc=0; + + crc = update_crc16(crc, (shift0)&0xff); + crc = update_crc16(crc, (shift0>>8)&0xff); + crc = update_crc16(crc, (shift0>>16)&0xff); + crc = update_crc16(crc, (shift0>>24)&0xff); + crc = update_crc16(crc, (shift1)&0xff); + crc = update_crc16(crc, (shift1>>8)&0xff); + crc = update_crc16(crc, (shift1>>16)&0xff); + crc = update_crc16(crc, (shift1>>24)&0xff); + + Dbprintf("Info: Tag data: %x%08x, crc=%x", + (unsigned int)shift1, (unsigned int)shift0, (unsigned int)shift2 & 0xFFFF); + if (crc != (shift2&0xffff)) { + Dbprintf("Error: CRC mismatch, expected %x", (unsigned int)crc); + } else { + DbpString("Info: CRC is good"); + } + } +} + +void WriteTIbyte(BYTE b) +{ + int i = 0; + + // modulate 8 bits out to the antenna + for (i=0; i<8; i++) + { + if (b&(1<PIO_PDR = GPIO_SSC_DIN; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN; + + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST; + AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; + + // Sample at 2 Mbit/s, so TI tags are 16.2 vs. 14.9 clocks long + // 48/2 = 24 MHz clock must be divided by 12 + AT91C_BASE_SSC->SSC_CMR = 12; + + AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(0); + AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(32) | AT91C_SSC_MSBF; + AT91C_BASE_SSC->SSC_TCMR = 0; + AT91C_BASE_SSC->SSC_TFMR = 0; + + LED_D_ON(); + + // modulate antenna + HIGH(GPIO_SSC_DOUT); + + // Charge TI tag for 50ms. + SpinDelay(50); + + // stop modulating antenna and listen + LOW(GPIO_SSC_DOUT); + + LED_D_OFF(); + + i = 0; + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { + BigBuf[i] = AT91C_BASE_SSC->SSC_RHR; // store 32 bit values in buffer + i++; if(i >= TIBUFLEN) break; + } + WDT_HIT(); + } + + // return stolen pin to SSP + AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ASR = GPIO_SSC_DIN | GPIO_SSC_DOUT; + + char *dest = (char *)BigBuf; + n = TIBUFLEN*32; + // unpack buffer + for (i=TIBUFLEN-1; i>=0; i--) { + for (j=0; j<32; j++) { + if(BigBuf[i] & (1 << j)) { + dest[--n] = 1; + } else { + dest[--n] = -1; + } + } + } +} + +// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc +// if crc provided, it will be written with the data verbatim (even if bogus) +// if not provided a valid crc will be computed from the data and written. +void WriteTItag(DWORD idhi, DWORD idlo, WORD crc) +{ + if(crc == 0) { + crc = update_crc16(crc, (idlo)&0xff); + crc = update_crc16(crc, (idlo>>8)&0xff); + crc = update_crc16(crc, (idlo>>16)&0xff); + crc = update_crc16(crc, (idlo>>24)&0xff); + crc = update_crc16(crc, (idhi)&0xff); + crc = update_crc16(crc, (idhi>>8)&0xff); + crc = update_crc16(crc, (idhi>>16)&0xff); + crc = update_crc16(crc, (idhi>>24)&0xff); + } + Dbprintf("Writing to tag: %x%08x, crc=%x", + (unsigned int) idhi, (unsigned int) idlo, crc); + + // TI tags charge at 134.2Khz + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz + // Place FPGA in passthrough mode, in this mode the CROSS_LO line + // connects to SSP_DIN and the SSP_DOUT logic level controls + // whether we're modulating the antenna (high) + // or listening to the antenna (low) + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + LED_A_ON(); + + // steal this pin from the SSP and use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + // writing algorithm: + // a high bit consists of a field off for 1ms and field on for 1ms + // a low bit consists of a field off for 0.3ms and field on for 1.7ms + // initiate a charge time of 50ms (field on) then immediately start writing bits + // start by writing 0xBB (keyword) and 0xEB (password) + // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) + // finally end with 0x0300 (write frame) + // all data is sent lsb firts + // finish with 15ms programming time + + // modulate antenna + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // charge time + + WriteTIbyte(0xbb); // keyword + WriteTIbyte(0xeb); // password + WriteTIbyte( (idlo )&0xff ); + WriteTIbyte( (idlo>>8 )&0xff ); + WriteTIbyte( (idlo>>16)&0xff ); + WriteTIbyte( (idlo>>24)&0xff ); + WriteTIbyte( (idhi )&0xff ); + WriteTIbyte( (idhi>>8 )&0xff ); + WriteTIbyte( (idhi>>16)&0xff ); + WriteTIbyte( (idhi>>24)&0xff ); // data hi to lo + WriteTIbyte( (crc )&0xff ); // crc lo + WriteTIbyte( (crc>>8 )&0xff ); // crc hi + WriteTIbyte(0x00); // write frame lo + WriteTIbyte(0x03); // write frame hi + HIGH(GPIO_SSC_DOUT); + SpinDelay(50); // programming time + + LED_A_OFF(); + + // get TI tag data into the buffer + AcquireTiType(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + DbpString("Now use tiread to check"); +} + +void SimulateTagLowFrequency(int period, int gap, int ledcontrol) +{ + int i; + BYTE *tab = (BYTE *)BigBuf; + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR); + + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK; + + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; + +#define SHORT_COIL() LOW(GPIO_SSC_DOUT) +#define OPEN_COIL() HIGH(GPIO_SSC_DOUT) + + i = 0; + for(;;) { + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } + + if (ledcontrol) + LED_D_ON(); + + if(tab[i]) + OPEN_COIL(); + else + SHORT_COIL(); + + if (ledcontrol) + LED_D_OFF(); + + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) { + if(BUTTON_PRESS()) { + DbpString("Stopped"); + return; + } + WDT_HIT(); + } + + i++; + if(i == period) { + i = 0; + if (gap) { + SHORT_COIL(); + SpinDelayUs(gap); + } + } + } +} + +/* Provides a framework for bidirectional LF tag communication + * Encoding is currently Hitag2, but the general idea can probably + * be transferred to other encodings. + * + * The new FPGA code will, for the LF simulator mode, give on SSC_FRAME + * (PA15) a thresholded version of the signal from the ADC. Setting the + * ADC path to the low frequency peak detection signal, will enable a + * somewhat reasonable receiver for modulation on the carrier signal + * that is generated by the reader. The signal is low when the reader + * field is switched off, and high when the reader field is active. Due + * to the way that the signal looks like, mostly only the rising edge is + * useful, your mileage may vary. + * + * Neat perk: PA15 can not only be used as a bit-banging GPIO, but is also + * TIOA1, which can be used as the capture input for timer 1. This should + * make it possible to measure the exact edge-to-edge time, without processor + * intervention. + * + * Arguments: divisor is the divisor to be sent to the FPGA (e.g. 95 for 125kHz) + * t0 is the carrier frequency cycle duration in terms of MCK (384 for 125kHz) + * + * The following defines are in carrier periods: + */ +#define HITAG_T_0_MIN 15 /* T[0] should be 18..22 */ +#define HITAG_T_1_MIN 24 /* T[1] should be 26..30 */ +#define HITAG_T_EOF 40 /* T_EOF should be > 36 */ +#define HITAG_T_WRESP 208 /* T_wresp should be 204..212 */ + +static void hitag_handle_frame(int t0, int frame_len, char *frame); +//#define DEBUG_RA_VALUES 1 +#define DEBUG_FRAME_CONTENTS 1 +void SimulateTagLowFrequencyBidir(int divisor, int t0) +{ +#if DEBUG_RA_VALUES || DEBUG_FRAME_CONTENTS + int i = 0; +#endif + char frame[10]; + int frame_pos=0; + + DbpString("Starting Hitag2 emulator, press button to end"); + hitag2_init(); + + /* Set up simulator mode, frequency divisor which will drive the FPGA + * and analog mux selection. + */ + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR); + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + RELAY_OFF(); + + /* Set up Timer 1: + * Capture mode, timer source MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + * external trigger rising edge, load RA on rising edge of TIOA, load RB on rising + * edge of TIOA. Assign PA15 to TIOA1 (peripheral B) + */ + + AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); + AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC1->TC_CMR = TC_CMR_TCCLKS_TIMER_CLOCK1 | + AT91C_TC_ETRGEDG_RISING | + AT91C_TC_ABETRG | + AT91C_TC_LDRA_RISING | + AT91C_TC_LDRB_RISING; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | + AT91C_TC_SWTRG; + + /* calculate the new value for the carrier period in terms of TC1 values */ + t0 = t0/2; + + int overflow = 0; + while(!BUTTON_PRESS()) { + WDT_HIT(); + if(AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + int ra = AT91C_BASE_TC1->TC_RA; + if((ra > t0*HITAG_T_EOF) | overflow) ra = t0*HITAG_T_EOF+1; +#if DEBUG_RA_VALUES + if(ra > 255 || overflow) ra = 255; + ((char*)BigBuf)[i] = ra; + i = (i+1) % 8000; +#endif + + if(overflow || (ra > t0*HITAG_T_EOF) || (ra < t0*HITAG_T_0_MIN)) { + /* Ignore */ + } else if(ra >= t0*HITAG_T_1_MIN ) { + /* '1' bit */ + if(frame_pos < 8*sizeof(frame)) { + frame[frame_pos / 8] |= 1<<( 7-(frame_pos%8) ); + frame_pos++; + } + } else if(ra >= t0*HITAG_T_0_MIN) { + /* '0' bit */ + if(frame_pos < 8*sizeof(frame)) { + frame[frame_pos / 8] |= 0<<( 7-(frame_pos%8) ); + frame_pos++; + } + } + + overflow = 0; + LED_D_ON(); + } else { + if(AT91C_BASE_TC1->TC_CV > t0*HITAG_T_EOF) { + /* Minor nuisance: In Capture mode, the timer can not be + * stopped by a Compare C. There's no way to stop the clock + * in software, so we'll just have to note the fact that an + * overflow happened and the next loaded timer value might + * have wrapped. Also, this marks the end of frame, and the + * still running counter can be used to determine the correct + * time for the start of the reply. + */ + overflow = 1; + + if(frame_pos > 0) { + /* Have a frame, do something with it */ +#if DEBUG_FRAME_CONTENTS + ((char*)BigBuf)[i++] = frame_pos; + memcpy( ((char*)BigBuf)+i, frame, 7); + i+=7; + i = i % sizeof(BigBuf); +#endif + hitag_handle_frame(t0, frame_pos, frame); + memset(frame, 0, sizeof(frame)); + } + frame_pos = 0; + + } + LED_D_OFF(); + } + } + DbpString("All done"); +} + +static void hitag_send_bit(int t0, int bit) { + if(bit == 1) { + /* Manchester: Loaded, then unloaded */ + LED_A_ON(); + SHORT_COIL(); + while(AT91C_BASE_TC1->TC_CV < t0*15); + OPEN_COIL(); + while(AT91C_BASE_TC1->TC_CV < t0*31); + LED_A_OFF(); + } else if(bit == 0) { + /* Manchester: Unloaded, then loaded */ + LED_B_ON(); + OPEN_COIL(); + while(AT91C_BASE_TC1->TC_CV < t0*15); + SHORT_COIL(); + while(AT91C_BASE_TC1->TC_CV < t0*31); + LED_B_OFF(); + } + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset clock for the next bit */ + +} +static void hitag_send_frame(int t0, int frame_len, const char const * frame, int fdt) +{ + OPEN_COIL(); + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + /* Wait for HITAG_T_WRESP carrier periods after the last reader bit, + * not that since the clock counts since the rising edge, but T_wresp is + * with respect to the falling edge, we need to wait actually (T_wresp - T_g) + * periods. The gap time T_g varies (4..10). + */ + while(AT91C_BASE_TC1->TC_CV < t0*(fdt-8)); + + int saved_cmr = AT91C_BASE_TC1->TC_CMR; + AT91C_BASE_TC1->TC_CMR &= ~AT91C_TC_ETRGEDG; /* Disable external trigger for the clock */ + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; /* Reset the clock and use it for response timing */ + + int i; + for(i=0; i<5; i++) + hitag_send_bit(t0, 1); /* Start of frame */ + + for(i=0; iTC_CMR = saved_cmr; +} + +/* Callback structure to cleanly separate tag emulation code from the radio layer. */ +static int hitag_cb(const char* response_data, const int response_length, const int fdt, void *cb_cookie) +{ + hitag_send_frame(*(int*)cb_cookie, response_length, response_data, fdt); + return 0; +} +/* Frame length in bits, frame contents in MSBit first format */ +static void hitag_handle_frame(int t0, int frame_len, char *frame) +{ + hitag2_handle_command(frame, frame_len, hitag_cb, &t0); +} + +// compose fc/8 fc/10 waveform +static void fc(int c, int *n) { + BYTE *dest = (BYTE *)BigBuf; + int idx; + + // for when we want an fc8 pattern every 4 logical bits + if(c==0) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples + if(c==8) { + for (idx=0; idx<6; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } + + // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples + if(c==10) { + for (idx=0; idx<5; idx++) { + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=1; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + dest[((*n)++)]=0; + } + } +} + +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a HID tag until the button is pressed +void CmdHIDsimTAG(int hi, int lo, int ledcontrol) +{ + int n=0, i=0; + /* + HID tag bitstream format + The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits + A 1 bit is represented as 6 fc8 and 5 fc10 patterns + A 0 bit is represented as 5 fc10 and 6 fc8 patterns + A fc8 is inserted before every 4 bits + A special start of frame pattern is used consisting a0b0 where a and b are neither 0 + nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10) + */ + + if (hi>0xFFF) { + DbpString("Tags can only have 44 bits."); + return; + } + fc(0,&n); + // special start of frame marker containing invalid bit sequences + fc(8, &n); fc(8, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 + fc(10, &n); fc(10, &n); // invalid + fc(8, &n); fc(10, &n); // logical 0 + + WDT_HIT(); + // manchester encode bits 43 to 32 + for (i=11; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((hi>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } + + WDT_HIT(); + // manchester encode bits 31 to 0 + for (i=31; i>=0; i--) { + if ((i%4)==3) fc(0,&n); + if ((lo>>i)&1) { + fc(10, &n); fc(8, &n); // low-high transition + } else { + fc(8, &n); fc(10, &n); // high-low transition + } + } + + if (ledcontrol) + LED_A_ON(); + SimulateTagLowFrequency(n, 0, ledcontrol); + + if (ledcontrol) + LED_A_OFF(); +} + + +// loop to capture raw HID waveform then FSK demodulate the TAG ID from it +void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) +{ + BYTE *dest = (BYTE *)BigBuf; + int m=0, n=0, i=0, idx=0, found=0, lastval=0; + DWORD hi=0, lo=0; + + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER); + + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + + // Give it a bit of time for the resonant antenna to settle. + SpinDelay(50); + + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + + for(;;) { + WDT_HIT(); + if (ledcontrol) + LED_A_ON(); + if(BUTTON_PRESS()) { + DbpString("Stopped"); + if (ledcontrol) + LED_A_OFF(); + return; + } + + i = 0; + m = sizeof(BigBuf); + memset(dest,128,m); + for(;;) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; + if (ledcontrol) + LED_D_ON(); + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + dest[i] = (BYTE)AT91C_BASE_SSC->SSC_RHR; + // we don't care about actual value, only if it's more or less than a + // threshold essentially we capture zero crossings for later analysis + if(dest[i] < 127) dest[i] = 0; else dest[i] = 1; + i++; + if (ledcontrol) + LED_D_OFF(); + if(i >= m) { + break; + } + } + } + + // FSK demodulator + + // sync to first lo-hi transition + for( idx=1; idx>1) & 0xFFFF); + /* if we're only looking for one tag */ + if (findone) + { + *high = hi; + *low = lo; + return; + } + hi=0; + lo=0; + found=0; + } + } + if (found) { + if (dest[idx] && (!dest[idx+1]) ) { + hi=(hi<<1)|(lo>>31); + lo=(lo<<1)|0; + } else if ( (!dest[idx]) && dest[idx+1]) { + hi=(hi<<1)|(lo>>31); + lo=(lo<<1)|1; + } else { + found=0; + hi=0; + lo=0; + } + idx++; + } + if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) ) + { + found=1; + idx+=6; + if (found && (hi|lo)) { + Dbprintf("TAG ID: %x%08x (%d)", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + /* if we're only looking for one tag */ + if (findone) + { + *high = hi; + *low = lo; + return; + } + hi=0; + lo=0; + found=0; + } + } + } + WDT_HIT(); + } +} diff --git a/bootrom/Makefile b/bootrom/Makefile index cae1a079a..f6b16ba3b 100644 --- a/bootrom/Makefile +++ b/bootrom/Makefile @@ -1,39 +1,39 @@ -# Makefile for bootrom, see ../common/Makefile.common for common settings - -# DO NOT use thumb mode in the phase 1 bootloader since that generates a section with glue code -ARMSRC = fromflash.c -THUMBSRC = usb.c bootrom.c -ASMSRC = ram-reset.s flash-reset.s - -## There is a strange bug with the linker: Sometimes it will not emit the glue to call -## BootROM from ARM mode. The symbol is emitted, but the section will be filled with -## zeroes. As a temporary workaround, do not use thumb for the phase 2 bootloader -## -- Henryk Plötz 2009-09-01 -ARMSRC := $(ARMSRC) $(THUMBSRC) -THUMBSRC := - -# stdint.h provided locally until GCC 4.5 becomes C99 compliant -APP_CFLAGS = -I. - -# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC -include ../common/Makefile.common - -all: $(OBJDIR)/bootrom.s19 - -$(OBJDIR)/bootrom.elf: $(VERSIONOBJ) $(ASMOBJ) $(ARMOBJ) $(THUMBOBJ) - $(LD) -g -Tldscript-flash --oformat elf32-littlearm -Map=$(patsubst %.elf,%.map,$@) -o $@ $^ - -clean: - $(DELETE) $(OBJDIR)$(PATHSEP)*.o - $(DELETE) $(OBJDIR)$(PATHSEP)*.elf - $(DELETE) $(OBJDIR)$(PATHSEP)*.s19 - $(DELETE) $(OBJDIR)$(PATHSEP)*.map - $(DELETE) $(OBJDIR)$(PATHSEP)*.d - $(DELETE) version.c - -.PHONY: all clean help -help: - @echo Multi-OS Makefile, you are running on $(DETECTED_OS) - @echo Possible targets: - @echo + all - Make $(OBJDIR)/bootrom.s19, the main bootrom - @echo + clean - Clean $(OBJDIR) +# Makefile for bootrom, see ../common/Makefile.common for common settings + +# DO NOT use thumb mode in the phase 1 bootloader since that generates a section with glue code +ARMSRC = fromflash.c +THUMBSRC = usb.c bootrom.c +ASMSRC = ram-reset.s flash-reset.s + +## There is a strange bug with the linker: Sometimes it will not emit the glue to call +## BootROM from ARM mode. The symbol is emitted, but the section will be filled with +## zeroes. As a temporary workaround, do not use thumb for the phase 2 bootloader +## -- Henryk Plötz 2009-09-01 +ARMSRC := $(ARMSRC) $(THUMBSRC) +THUMBSRC := + +# stdint.h provided locally until GCC 4.5 becomes C99 compliant +APP_CFLAGS = -I. + +# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC +include ../common/Makefile.common + +all: $(OBJDIR)/bootrom.s19 + +$(OBJDIR)/bootrom.elf: $(VERSIONOBJ) $(ASMOBJ) $(ARMOBJ) $(THUMBOBJ) + $(LD) -g -Tldscript-flash --oformat elf32-littlearm -Map=$(patsubst %.elf,%.map,$@) -o $@ $^ + +clean: + $(DELETE) $(OBJDIR)$(PATHSEP)*.o + $(DELETE) $(OBJDIR)$(PATHSEP)*.elf + $(DELETE) $(OBJDIR)$(PATHSEP)*.s19 + $(DELETE) $(OBJDIR)$(PATHSEP)*.map + $(DELETE) $(OBJDIR)$(PATHSEP)*.d + $(DELETE) version.c + +.PHONY: all clean help +help: + @echo Multi-OS Makefile, you are running on $(DETECTED_OS) + @echo Possible targets: + @echo + all - Make $(OBJDIR)/bootrom.s19, the main bootrom + @echo + clean - Clean $(OBJDIR) diff --git a/bootrom/bootrom.c b/bootrom/bootrom.c index c0522dfad..e46297f91 100644 --- a/bootrom/bootrom.c +++ b/bootrom/bootrom.c @@ -1,306 +1,306 @@ -#include - -struct common_area common_area __attribute__((section(".commonarea"))); -unsigned int start_addr, end_addr, bootrom_unlocked; -extern char _bootrom_start, _bootrom_end, _flash_start, _flash_end; - -static void ConfigClocks(void) -{ - // we are using a 16 MHz crystal as the basis for everything - // slow clock runs at 32Khz typical regardless of crystal - - // enable system clock and USB clock - AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK | AT91C_PMC_UDP; - - // enable the clock to the following peripherals - AT91C_BASE_PMC->PMC_PCER = - (1<PMC_MOR = - PMC_MAIN_OSC_ENABLE | - PMC_MAIN_OSC_STARTUP_DELAY(0x50); - - // wait for main oscillator to stabilize - while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_STABILIZED) ) - ; - - // minimum PLL clock frequency is 80 MHz in range 00 (96 here so okay) - // frequency is crystal * multiplier / divisor = 16Mhz * 12 / 2 = 96Mhz - AT91C_BASE_PMC->PMC_PLLR = - PMC_PLL_DIVISOR(2) | - PMC_PLL_COUNT_BEFORE_LOCK(0x50) | - PMC_PLL_FREQUENCY_RANGE(0) | - PMC_PLL_MULTIPLIER(12) | - PMC_PLL_USB_DIVISOR(1); - - // wait for PLL to lock - while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_PLL_LOCK) ) - ; - - // we want a master clock (MCK) to be PLL clock / 2 = 96Mhz / 2 = 48Mhz - // as per datasheet, this register must be programmed in two operations - // when changing to PLL, program the prescaler first then the source - AT91C_BASE_PMC->PMC_MCKR = PMC_CLK_PRESCALE_DIV_2; - - // wait for main clock ready signal - while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_MCK_READY) ) - ; - - // set the source to PLL - AT91C_BASE_PMC->PMC_MCKR = AT91C_PMC_CSS_PLL_CLK | PMC_CLK_PRESCALE_DIV_2; - - // wait for main clock ready signal - while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_MCK_READY) ) - ; -} - -static void Fatal(void) -{ - for(;;); -} - -void UsbPacketReceived(BYTE *packet, int len) -{ - int i, dont_ack=0; - UsbCommand *c = (UsbCommand *)packet; - volatile DWORD *p; - - if(len != sizeof(*c)) { - Fatal(); - } - - switch(c->cmd) { - case CMD_DEVICE_INFO: - dont_ack = 1; - c->cmd = CMD_DEVICE_INFO; - c->arg[0] = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | - DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; - if(common_area.flags.osimage_present) c->arg[0] |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; - UsbSendPacket(packet, len); - break; - - case CMD_SETUP_WRITE: - /* The temporary write buffer of the embedded flash controller is mapped to the - * whole memory region, only the last 8 bits are decoded. - */ - p = (volatile DWORD *)&_flash_start; - for(i = 0; i < 12; i++) { - p[i+c->arg[0]] = c->d.asDwords[i]; - } - break; - - case CMD_FINISH_WRITE: - p = (volatile DWORD *)&_flash_start; - for(i = 0; i < 4; i++) { - p[i+60] = c->d.asDwords[i]; - } - - /* Check that the address that we are supposed to write to is within our allowed region */ - if( ((c->arg[0]+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (c->arg[0] < start_addr) ) { - /* Disallow write */ - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } else { - /* Translate address to flash page and do flash, update here for the 512k part */ - AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY | - MC_FLASH_COMMAND_PAGEN((c->arg[0]-(int)&_flash_start)/AT91C_IFLASH_PAGE_SIZE) | - AT91C_MC_FCMD_START_PROG; - } - - uint32_t sr; - - while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & MC_FLASH_STATUS_READY)) - ; - if(sr & (MC_FLASH_STATUS_LOCKE | MC_FLASH_STATUS_PROGE)) { - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } - break; - - case CMD_HARDWARE_RESET: - USB_D_PLUS_PULLUP_OFF(); - AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; - break; - - case CMD_START_FLASH: - if(c->arg[2] == START_FLASH_MAGIC) bootrom_unlocked = 1; - else bootrom_unlocked = 0; - { - int prot_start = (int)&_bootrom_start; - int prot_end = (int)&_bootrom_end; - int allow_start = (int)&_flash_start; - int allow_end = (int)&_flash_end; - int cmd_start = c->arg[0]; - int cmd_end = c->arg[1]; - - /* Only allow command if the bootrom is unlocked, or the parameters are outside of the protected - * bootrom area. In any case they must be within the flash area. - */ - if( (bootrom_unlocked || ((cmd_start >= prot_end) || (cmd_end < prot_start))) - && (cmd_start >= allow_start) && (cmd_end <= allow_end) ) { - start_addr = cmd_start; - end_addr = cmd_end; - } else { - start_addr = end_addr = 0; - dont_ack = 1; - c->cmd = CMD_NACK; - UsbSendPacket(packet, len); - } - } - break; - - default: - Fatal(); - break; - } - - if(!dont_ack) { - c->cmd = CMD_ACK; - UsbSendPacket(packet, len); - } -} - -static void flash_mode(int externally_entered) -{ - start_addr = 0; - end_addr = 0; - bootrom_unlocked = 0; - - UsbStart(); - for(;;) { - WDT_HIT(); - - UsbPoll(TRUE); - - if(!externally_entered && !BUTTON_PRESS()) { - /* Perform a reset to leave flash mode */ - USB_D_PLUS_PULLUP_OFF(); - LED_B_ON(); - AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; - for(;;); - } - if(externally_entered && BUTTON_PRESS()) { - /* Let the user's button press override the automatic leave */ - externally_entered = 0; - } - } -} - -extern char _osimage_entry; -void BootROM(void) -{ - //------------ - // First set up all the I/O pins; GPIOs configured directly, other ones - // just need to be assigned to the appropriate peripheral. - - // Kill all the pullups, especially the one on USB D+; leave them for - // the unused pins, though. - AT91C_BASE_PIOA->PIO_PPUDR = - GPIO_USB_PU | - GPIO_LED_A | - GPIO_LED_B | - GPIO_LED_C | - GPIO_LED_D | - GPIO_FPGA_DIN | - GPIO_FPGA_DOUT | - GPIO_FPGA_CCLK | - GPIO_FPGA_NINIT | - GPIO_FPGA_NPROGRAM | - GPIO_FPGA_DONE | - GPIO_MUXSEL_HIPKD | - GPIO_MUXSEL_HIRAW | - GPIO_MUXSEL_LOPKD | - GPIO_MUXSEL_LORAW | - GPIO_RELAY | - GPIO_NVDD_ON; - // (and add GPIO_FPGA_ON) - // These pins are outputs - AT91C_BASE_PIOA->PIO_OER = - GPIO_LED_A | - GPIO_LED_B | - GPIO_LED_C | - GPIO_LED_D | - GPIO_RELAY | - GPIO_NVDD_ON; - // PIO controls the following pins - AT91C_BASE_PIOA->PIO_PER = - GPIO_USB_PU | - GPIO_LED_A | - GPIO_LED_B | - GPIO_LED_C | - GPIO_LED_D; - - USB_D_PLUS_PULLUP_OFF(); - LED_D_OFF(); - LED_C_ON(); - LED_B_OFF(); - LED_A_OFF(); - - // if 512K FLASH part - TODO make some defines :) - if ((AT91C_BASE_DBGU->DBGU_CIDR | 0xf00) == 0xa00) { - AT91C_BASE_EFC0->EFC_FMR = - MC_FLASH_MODE_FLASH_WAIT_STATES(1) | - MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48); - AT91C_BASE_EFC1->EFC_FMR = - MC_FLASH_MODE_FLASH_WAIT_STATES(1) | - MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48); - } else { - AT91C_BASE_EFC0->EFC_FMR = - MC_FLASH_MODE_FLASH_WAIT_STATES(0) | - MC_FLASH_MODE_MASTER_CLK_IN_MHZ(48); - } - - // Initialize all system clocks - ConfigClocks(); - - LED_A_ON(); - - int common_area_present = 0; - switch(AT91C_BASE_RSTC->RSTC_RSR & AT91C_RSTC_RSTTYP) { - case AT91C_RSTC_RSTTYP_WATCHDOG: - case AT91C_RSTC_RSTTYP_SOFTWARE: - case AT91C_RSTC_RSTTYP_USER: - /* In these cases the common_area in RAM should be ok, retain it if it's there */ - if(common_area.magic == COMMON_AREA_MAGIC && common_area.version == 1) { - common_area_present = 1; - } - break; - default: /* Otherwise, initialize it from scratch */ - break; - } - - if(!common_area_present){ - /* Common area not ok, initialize it */ - int i; for(i=0; i + +struct common_area common_area __attribute__((section(".commonarea"))); +unsigned int start_addr, end_addr, bootrom_unlocked; +extern char _bootrom_start, _bootrom_end, _flash_start, _flash_end; + +static void ConfigClocks(void) +{ + // we are using a 16 MHz crystal as the basis for everything + // slow clock runs at 32Khz typical regardless of crystal + + // enable system clock and USB clock + AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK | AT91C_PMC_UDP; + + // enable the clock to the following peripherals + AT91C_BASE_PMC->PMC_PCER = + (1<PMC_MOR = + PMC_MAIN_OSC_ENABLE | + PMC_MAIN_OSC_STARTUP_DELAY(0x50); + + // wait for main oscillator to stabilize + while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_STABILIZED) ) + ; + + // minimum PLL clock frequency is 80 MHz in range 00 (96 here so okay) + // frequency is crystal * multiplier / divisor = 16Mhz * 12 / 2 = 96Mhz + AT91C_BASE_PMC->PMC_PLLR = + PMC_PLL_DIVISOR(2) | + PMC_PLL_COUNT_BEFORE_LOCK(0x50) | + PMC_PLL_FREQUENCY_RANGE(0) | + PMC_PLL_MULTIPLIER(12) | + PMC_PLL_USB_DIVISOR(1); + + // wait for PLL to lock + while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_PLL_LOCK) ) + ; + + // we want a master clock (MCK) to be PLL clock / 2 = 96Mhz / 2 = 48Mhz + // as per datasheet, this register must be programmed in two operations + // when changing to PLL, program the prescaler first then the source + AT91C_BASE_PMC->PMC_MCKR = PMC_CLK_PRESCALE_DIV_2; + + // wait for main clock ready signal + while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_MCK_READY) ) + ; + + // set the source to PLL + AT91C_BASE_PMC->PMC_MCKR = AT91C_PMC_CSS_PLL_CLK | PMC_CLK_PRESCALE_DIV_2; + + // wait for main clock ready signal + while ( !(AT91C_BASE_PMC->PMC_SR & PMC_MAIN_OSC_MCK_READY) ) + ; +} + +static void Fatal(void) +{ + for(;;); +} + +void UsbPacketReceived(BYTE *packet, int len) +{ + int i, dont_ack=0; + UsbCommand *c = (UsbCommand *)packet; + volatile DWORD *p; + + if(len != sizeof(*c)) { + Fatal(); + } + + switch(c->cmd) { + case CMD_DEVICE_INFO: + dont_ack = 1; + c->cmd = CMD_DEVICE_INFO; + c->arg[0] = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | + DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; + if(common_area.flags.osimage_present) c->arg[0] |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; + UsbSendPacket(packet, len); + break; + + case CMD_SETUP_WRITE: + /* The temporary write buffer of the embedded flash controller is mapped to the + * whole memory region, only the last 8 bits are decoded. + */ + p = (volatile DWORD *)&_flash_start; + for(i = 0; i < 12; i++) { + p[i+c->arg[0]] = c->d.asDwords[i]; + } + break; + + case CMD_FINISH_WRITE: + p = (volatile DWORD *)&_flash_start; + for(i = 0; i < 4; i++) { + p[i+60] = c->d.asDwords[i]; + } + + /* Check that the address that we are supposed to write to is within our allowed region */ + if( ((c->arg[0]+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (c->arg[0] < start_addr) ) { + /* Disallow write */ + dont_ack = 1; + c->cmd = CMD_NACK; + UsbSendPacket(packet, len); + } else { + /* Translate address to flash page and do flash, update here for the 512k part */ + AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY | + MC_FLASH_COMMAND_PAGEN((c->arg[0]-(int)&_flash_start)/AT91C_IFLASH_PAGE_SIZE) | + AT91C_MC_FCMD_START_PROG; + } + + uint32_t sr; + + while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & MC_FLASH_STATUS_READY)) + ; + if(sr & (MC_FLASH_STATUS_LOCKE | MC_FLASH_STATUS_PROGE)) { + dont_ack = 1; + c->cmd = CMD_NACK; + UsbSendPacket(packet, len); + } + break; + + case CMD_HARDWARE_RESET: + USB_D_PLUS_PULLUP_OFF(); + AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; + break; + + case CMD_START_FLASH: + if(c->arg[2] == START_FLASH_MAGIC) bootrom_unlocked = 1; + else bootrom_unlocked = 0; + { + int prot_start = (int)&_bootrom_start; + int prot_end = (int)&_bootrom_end; + int allow_start = (int)&_flash_start; + int allow_end = (int)&_flash_end; + int cmd_start = c->arg[0]; + int cmd_end = c->arg[1]; + + /* Only allow command if the bootrom is unlocked, or the parameters are outside of the protected + * bootrom area. In any case they must be within the flash area. + */ + if( (bootrom_unlocked || ((cmd_start >= prot_end) || (cmd_end < prot_start))) + && (cmd_start >= allow_start) && (cmd_end <= allow_end) ) { + start_addr = cmd_start; + end_addr = cmd_end; + } else { + start_addr = end_addr = 0; + dont_ack = 1; + c->cmd = CMD_NACK; + UsbSendPacket(packet, len); + } + } + break; + + default: + Fatal(); + break; + } + + if(!dont_ack) { + c->cmd = CMD_ACK; + UsbSendPacket(packet, len); + } +} + +static void flash_mode(int externally_entered) +{ + start_addr = 0; + end_addr = 0; + bootrom_unlocked = 0; + + UsbStart(); + for(;;) { + WDT_HIT(); + + UsbPoll(TRUE); + + if(!externally_entered && !BUTTON_PRESS()) { + /* Perform a reset to leave flash mode */ + USB_D_PLUS_PULLUP_OFF(); + LED_B_ON(); + AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST; + for(;;); + } + if(externally_entered && BUTTON_PRESS()) { + /* Let the user's button press override the automatic leave */ + externally_entered = 0; + } + } +} + +extern char _osimage_entry; +void BootROM(void) +{ + //------------ + // First set up all the I/O pins; GPIOs configured directly, other ones + // just need to be assigned to the appropriate peripheral. + + // Kill all the pullups, especially the one on USB D+; leave them for + // the unused pins, though. + AT91C_BASE_PIOA->PIO_PPUDR = + GPIO_USB_PU | + GPIO_LED_A | + GPIO_LED_B | + GPIO_LED_C | + GPIO_LED_D | + GPIO_FPGA_DIN | + GPIO_FPGA_DOUT | + GPIO_FPGA_CCLK | + GPIO_FPGA_NINIT | + GPIO_FPGA_NPROGRAM | + GPIO_FPGA_DONE | + GPIO_MUXSEL_HIPKD | + GPIO_MUXSEL_HIRAW | + GPIO_MUXSEL_LOPKD | + GPIO_MUXSEL_LORAW | + GPIO_RELAY | + GPIO_NVDD_ON; + // (and add GPIO_FPGA_ON) + // These pins are outputs + AT91C_BASE_PIOA->PIO_OER = + GPIO_LED_A | + GPIO_LED_B | + GPIO_LED_C | + GPIO_LED_D | + GPIO_RELAY | + GPIO_NVDD_ON; + // PIO controls the following pins + AT91C_BASE_PIOA->PIO_PER = + GPIO_USB_PU | + GPIO_LED_A | + GPIO_LED_B | + GPIO_LED_C | + GPIO_LED_D; + + USB_D_PLUS_PULLUP_OFF(); + LED_D_OFF(); + LED_C_ON(); + LED_B_OFF(); + LED_A_OFF(); + + // if 512K FLASH part - TODO make some defines :) + if ((AT91C_BASE_DBGU->DBGU_CIDR | 0xf00) == 0xa00) { + AT91C_BASE_EFC0->EFC_FMR = + MC_FLASH_MODE_FLASH_WAIT_STATES(1) | + MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48); + AT91C_BASE_EFC1->EFC_FMR = + MC_FLASH_MODE_FLASH_WAIT_STATES(1) | + MC_FLASH_MODE_MASTER_CLK_IN_MHZ(0x48); + } else { + AT91C_BASE_EFC0->EFC_FMR = + MC_FLASH_MODE_FLASH_WAIT_STATES(0) | + MC_FLASH_MODE_MASTER_CLK_IN_MHZ(48); + } + + // Initialize all system clocks + ConfigClocks(); + + LED_A_ON(); + + int common_area_present = 0; + switch(AT91C_BASE_RSTC->RSTC_RSR & AT91C_RSTC_RSTTYP) { + case AT91C_RSTC_RSTTYP_WATCHDOG: + case AT91C_RSTC_RSTTYP_SOFTWARE: + case AT91C_RSTC_RSTTYP_USER: + /* In these cases the common_area in RAM should be ok, retain it if it's there */ + if(common_area.magic == COMMON_AREA_MAGIC && common_area.version == 1) { + common_area_present = 1; + } + break; + default: /* Otherwise, initialize it from scratch */ + break; + } + + if(!common_area_present){ + /* Common area not ok, initialize it */ + int i; for(i=0; i - -extern char __bootphase2_src_start__, __bootphase2_start__, __bootphase2_end__; -void __attribute__((section(".bootphase1"))) CopyBootToRAM(void) -{ - int i; - - volatile DWORD *s = (volatile DWORD *)&__bootphase2_src_start__; - volatile DWORD *d = (volatile DWORD *)&__bootphase2_start__; - unsigned int l = (int)&__bootphase2_end__ - (int)&__bootphase2_start__; - - for(i = 0; i < l/sizeof(DWORD); i++) *d++ = *s++; -} +#include + +extern char __bootphase2_src_start__, __bootphase2_start__, __bootphase2_end__; +void __attribute__((section(".bootphase1"))) CopyBootToRAM(void) +{ + int i; + + volatile DWORD *s = (volatile DWORD *)&__bootphase2_src_start__; + volatile DWORD *d = (volatile DWORD *)&__bootphase2_start__; + unsigned int l = (int)&__bootphase2_end__ - (int)&__bootphase2_start__; + + for(i = 0; i < l/sizeof(DWORD); i++) *d++ = *s++; +} diff --git a/bootrom/ldscript-flash b/bootrom/ldscript-flash index ccc0db2ff..0c6371135 100644 --- a/bootrom/ldscript-flash +++ b/bootrom/ldscript-flash @@ -1,53 +1,53 @@ -INCLUDE ../common/ldscript.common - -ENTRY(flashstart) -SECTIONS -{ - . = 0; - - .bootphase1 : { - *(.startup) - *(.bootphase1) - - /* It seems to be impossible to flush align a section at the - end of a memory segment. Instead, we'll put the version_information - wherever the linker wants it, and then put a pointer to the start - of the version information at the end of the section. - -- Henryk Plötz 2009-08-28 */ - - _version_information_start = ABSOLUTE(.); - *(.version_information); - - /* Why doesn't this work even though _bootphase1_version_pointer = 0x1001fc? - . = _bootphase1_version_pointer - ORIGIN(bootphase1); */ - /* This works, apparently it fools the linker into accepting an absolute address */ - . = _bootphase1_version_pointer - ORIGIN(bootphase1) + ORIGIN(bootphase1); - LONG(_version_information_start) - } >bootphase1 - - __bootphase2_src_start__ = ORIGIN(bootphase2); - .bootphase2 : { - __bootphase2_start__ = .; - *(.startphase2) - *(.text) - *(.eh_frame) - *(.glue_7) - *(.glue_7t) - *(.rodata) - *(.data) - . = ALIGN( 32 / 8 ); - __bootphase2_end__ = .; - } >ram AT>bootphase2 - - .bss : { - __bss_start__ = .; - *(.bss) - } >ram - - . = ALIGN( 32 / 8 ); - __bss_end__ = .; - - .commonarea (NOLOAD) : { - *(.commonarea) - } >commonarea -} +INCLUDE ../common/ldscript.common + +ENTRY(flashstart) +SECTIONS +{ + . = 0; + + .bootphase1 : { + *(.startup) + *(.bootphase1) + + /* It seems to be impossible to flush align a section at the + end of a memory segment. Instead, we'll put the version_information + wherever the linker wants it, and then put a pointer to the start + of the version information at the end of the section. + -- Henryk Plötz 2009-08-28 */ + + _version_information_start = ABSOLUTE(.); + *(.version_information); + + /* Why doesn't this work even though _bootphase1_version_pointer = 0x1001fc? + . = _bootphase1_version_pointer - ORIGIN(bootphase1); */ + /* This works, apparently it fools the linker into accepting an absolute address */ + . = _bootphase1_version_pointer - ORIGIN(bootphase1) + ORIGIN(bootphase1); + LONG(_version_information_start) + } >bootphase1 + + __bootphase2_src_start__ = ORIGIN(bootphase2); + .bootphase2 : { + __bootphase2_start__ = .; + *(.startphase2) + *(.text) + *(.eh_frame) + *(.glue_7) + *(.glue_7t) + *(.rodata) + *(.data) + . = ALIGN( 32 / 8 ); + __bootphase2_end__ = .; + } >ram AT>bootphase2 + + .bss : { + __bss_start__ = .; + *(.bss) + } >ram + + . = ALIGN( 32 / 8 ); + __bss_end__ = .; + + .commonarea (NOLOAD) : { + *(.commonarea) + } >commonarea +}