RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-26 17:16:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

text

Browse source
This commit is contained in:
iceman1001 2021-12-31 10:58:25 +01:00
parent bd8a40716c
commit 36086d12dc
2 changed files with 74 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
doc/fpga_arm_notes.md
View file

@ -1,4 +1,25 @@
# Notes on ARM & FPGA comms # Notes on ARM & FPGA communications
<a id="top"></a>
# Table of Contents
- [Notes on ARM & FPGA communications](#notes-on-arm--fpga-communications)
- [Table of Contents](#table-of-contents)
- [INTERFACE FROM THE ARM TO THE FPGA](#interface-from-the-arm-to-the-fpga)
- [FPGA](#fpga)
- [FPGA modes](#fpga-modes)
- [ARM FPGA communications](#arm-fpga-communications)
- [ARM GPIO setup](#arm-gpio-setup)
- [FPGA Setup](#fpga-setup)
- [HARDWARE OVERVIEW](#hardware-overview)
- [ADC (ANALOG TO DIGITAL CONVERTER)](#adc-analog-to-digital-converter)
- [FIELD PROGRAMMABLE GATE ARRAY, FPGA](#field-programmable-gate-array-fpga)
- [MICROCONTROLLER](#microcontroller)
- [](#)
- [To behave like a READER](#to-behave-like-a-reader)
- [To behave like a TAG](#to-behave-like-a-tag)
- [To sniff traffic](#to-sniff-traffic)
- [FPGA purpose](#fpga-purpose)
https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/original_proxmark3/proxmark3.pdf https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/original_proxmark3/proxmark3.pdf
@ -34,6 +55,8 @@ LF analog path (MCP6294 opamp. This has a GBW of 10 MHz), all 'slow' signals.
## FPGA ## FPGA
^[Top](#top)
Since the SPARTAN II is a old outdated FPGA, thus is very limited resource there was a need to split LF and HF functionality into two separate FPGA images. Which are stored in ARM flash memory as bitstreams. Since the SPARTAN II is a old outdated FPGA, thus is very limited resource there was a need to split LF and HF functionality into two separate FPGA images. Which are stored in ARM flash memory as bitstreams.
We swap between these images by flashing fpga from ARM on the go. It takes about 1sec. Hence its usually a bad idea to program your device to continuously execute LF alt HF commands. We swap between these images by flashing fpga from ARM on the go. It takes about 1sec. Hence its usually a bad idea to program your device to continuously execute LF alt HF commands.
@ -50,19 +73,22 @@ In order to save space, these fpga images are LZ4 compressed and included in th
This means we save some precious space on the ARM but its a bit more complex when flashing to fpga since it has to decompress on the fly. This means we save some precious space on the ARM but its a bit more complex when flashing to fpga since it has to decompress on the fly.
### FPGA modes. ### FPGA modes
^[Top](#top)
- Major modes - Major modes
- Minor modes - Minor modes
## ARM FPGA communications. ## ARM FPGA communications
^[Top](#top)
The ARM talks with FPGA over the Synchronous Serial Port (SSC) rx an tx. The ARM talks with FPGA over the Synchronous Serial Port (SSC) rx an tx.
ARM, send a 16bit configuration with fits the select major mode. ARM, send a 16bit configuration with fits the select major mode.
## ARM GPIO setup ## ARM GPIO setup
^[Top](#top)
``` ```
// First configure the GPIOs, and get ourselves a clock. // First configure the GPIOs, and get ourselves a clock.
@ -100,6 +126,8 @@ ARM, send a 16bit configuration with fits the select major mode.
``` ```
## FPGA Setup ## FPGA Setup
^[Top](#top)
// Set up DMA to receive samples from the FPGA. We will use the PDC, with // Set up DMA to receive samples from the FPGA. We will use the PDC, with
// a single buffer as a circular buffer (so that we just chain back to // a single buffer as a circular buffer (so that we just chain back to
@ -107,13 +135,19 @@ ARM, send a 16bit configuration with fits the select major mode.
# HARDWARE OVERVIEW # HARDWARE OVERVIEW
^[Top](#top)
## ADC (ANALOG TO DIGITAL CONVERTER) ## ADC (ANALOG TO DIGITAL CONVERTER)
^[Top](#top)
The analogue signal that comes from the antenna circuit is fed into an 8-bit Analogue to Digital Converter The analogue signal that comes from the antenna circuit is fed into an 8-bit Analogue to Digital Converter
(ADC). This delivers 8 output bits in parallel which represent the current voltage retrieved from the field. (ADC). This delivers 8 output bits in parallel which represent the current voltage retrieved from the field.
## FIELD PROGRAMMABLE GATE ARRAY, FPGA ## FIELD PROGRAMMABLE GATE ARRAY, FPGA
^[Top](#top)
The 8 output pins from the ADC are connected to 8 pins of the Field Programmable Gate Array (FPGA). An The 8 output pins from the ADC are connected to 8 pins of the Field Programmable Gate Array (FPGA). An
FPGA has a great advantage over a normal microcontroller in the sense that it emulates hardware. A FPGA has a great advantage over a normal microcontroller in the sense that it emulates hardware. A
hardware description can be compiled and flashed into an FPGA. hardware description can be compiled and flashed into an FPGA.
@ -141,6 +175,8 @@ FPGA generates an electromagnetic field on power hi and drops the amplitude for
## MICROCONTROLLER ## MICROCONTROLLER
^[Top](#top)
The microcontroller is responsible for the protocol management. It receives the digital encoded signals The microcontroller is responsible for the protocol management. It receives the digital encoded signals
from the FPGA and decodes them. The decoded signals can just be copied to a buffer in the EEPROM from the FPGA and decodes them. The decoded signals can just be copied to a buffer in the EEPROM
memory. Additionally, an answer to the received message can be send by encoding a reply and memory. Additionally, an answer to the received message can be send by encoding a reply and
@ -185,13 +221,17 @@ Problems:
## ##
## To behave like a READER. ## To behave like a READER
^[Top](#top)
By driving all of the buffers LOW, it is possible to make the antenna By driving all of the buffers LOW, it is possible to make the antenna
look to the receive path like a parallel LC circuit; this provides a look to the receive path like a parallel LC circuit; this provides a
high-voltage output signal. This is typically what will be done when we high-voltage output signal. This is typically what will be done when we
are not actively transmitting a carrier (i.e., behaving as a reader). are not actively transmitting a carrier (i.e., behaving as a reader).
## To behave like a TAG ## To behave like a TAG
^[Top](#top)
On the receive side, there are two possibilities, which are selected by On the receive side, there are two possibilities, which are selected by
RLY1. A mechanical relay is used, because the signal from the antenna is RLY1. A mechanical relay is used, because the signal from the antenna is
likely to be more positive or negative than the highest or lowest supply likely to be more positive or negative than the highest or lowest supply
@ -222,10 +262,13 @@ is the master) or its generic synchronous serial port (again, the ARM
is the master). The ARM connects to the outside world over USB. is the master). The ARM connects to the outside world over USB.
## To sniff traffic ## To sniff traffic
^[Top](#top)
## FPGA purpose ## FPGA purpose
^[Top](#top)
Digital signal processing. Digital signal processing.
In short, apply low pass / hi pass filtering, peak detect, correlate signal meaning IQ pair collecting. In short, apply low pass / hi pass filtering, peak detect, correlate signal meaning IQ pair collecting.

26
doc/jooki_notes.md
View file

@ -1,15 +1,35 @@
# Jooki Figurine Notes # Jooki Figurine Notes
<a id="top"></a>
# Table of Contents
- [Jooki Figurine Notes](#jooki-figurine-notes)
- [Table of Contents](#table-of-contents)
- [Jooki proxmark commands](#jooki-proxmark-commands)
- [Decoding NDEF URL parameter](#decoding-ndef-url-parameter)
- [Encoding NDEF record](#encoding-ndef-record)
- [Simulation](#simulation)
- [Cloning to a NTAG213 tag](#cloning-to-a-ntag213-tag)
- [List of known figurine types](#list-of-known-figurine-types)
- NTAG213 (Should be tested if other NTAG2xx work) - NTAG213 (Should be tested if other NTAG2xx work)
- A single NDEF record of type URL - A single NDEF record of type URL
- Physical figurines are Fox, Dragon, Knight, Ghost, Whale, Generic Flat. Than there are variations of those figures with different colors. - Physical figurines are Fox, Dragon, Knight, Ghost, Whale, Generic Flat. Than there are variations of those figures with different colors.
## Jooki proxmark commands ## Jooki proxmark commands
^[Top](#top)
You can `encode`, `decode` a NDEF record, write with `clone` a record to a card or simulate with`sim`. You can `encode`, `decode` a NDEF record, write with `clone` a record to a card or simulate with`sim`.
### Decoding NDEF URL parameter ### Decoding NDEF URL parameter
^[Top](#top)
`hf jooki decode -d g+t07s57aX1bB6tk` `hf jooki decode -d g+t07s57aX1bB6tk`
### Encoding NDEF record ### Encoding NDEF record
^[Top](#top)
You can either use figurine abbreviation arguments: You can either use figurine abbreviation arguments:
``` ```
--dragon --dragon
@ -49,6 +69,8 @@ Output:
Use `-r` parameter to read UID directly from tag. Use `-r` parameter to read UID directly from tag.
### Simulation ### Simulation
^[Top](#top)
To simulate the above figurine use the encoded URL parameter given in `encode` output and type following command into your proxmark: To simulate the above figurine use the encoded URL parameter given in `encode` output and type following command into your proxmark:
`hf jooki sim -b g+t07s57aX1bB6tk` `hf jooki sim -b g+t07s57aX1bB6tk`
@ -56,6 +78,8 @@ To simulate the above figurine use the encoded URL parameter given in `encode` o
If no parameter is given to the simulation command, last loaded dump is used. If no parameter is given to the simulation command, last loaded dump is used.
### Cloning to a NTAG213 tag ### Cloning to a NTAG213 tag
^[Top](#top)
``` ```
hf jooki clone [-h] [-b <base64>] [-d <hex>] [-p <hex>] hf jooki clone [-h] [-b <base64>] [-d <hex>] [-p <hex>]
@ -81,6 +105,8 @@ or use the base64 encoded parameter to clone:
Note: Jooki doesn't like more than one NDEF record, so make sure you just have one. Check with `hf mfu ndefread` Note: Jooki doesn't like more than one NDEF record, so make sure you just have one. Check with `hf mfu ndefread`
### List of known figurine types ### List of known figurine types
^[Top](#top)
`Value`|`Figurine Type`| `Value`|`Figurine Type`|
|------|---------------| |------|---------------|
**01** | Stones | **01** | Stones |