new command "lf snoop" to snoop raw ADC values

fpga/lo_read.v (lf_field): new argument. fpga/fpga_lf.v: modify accordingly. armsrc/apps.h (FPGA_MAJOR_MODE_LF_READER): Rename as FPGA_MAJOR_MODE_LF_ADC. armsrc/apps.h (FPGA_LF_ADC_READER_FIELD): New LF option. armsrc/lfops.c: Modify accordingly. client/cmdlf.c (CmdLFSnoop): New command. armsrc/appmain.c, armsrc/lfops.c, client/cmdlf.h, include/usb_cmd.h: Modify accordingly.
2025-01-27 02:20:14 +08:00 · 2014-06-21 21:33:54 +02:00 · 2014-06-21 21:33:54 +02:00 · b014c96d68
commit b014c96d68
parent fa57f6e12e
9 changed files with 75 additions and 32 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -215,7 +215,7 @@ void MeasureAntennaTuning(void)
 */
  
  	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
 	for (i=255; i>19; i--) {
    WDT_HIT();
 		FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
@ -638,6 +638,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
 			ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
 			break;
+		case CMD_LF_SNOOP_RAW_ADC_SAMPLES:
+			SnoopLFRawAdcSamples(c->arg[0], c->arg[1]);
+			cmd_send(CMD_ACK,0,0,0,0,0);
+			break;
 		case CMD_HID_DEMOD_FSK:
 			CmdHIDdemodFSK(0, 0, 0, 1);					// Demodulate HID tag
 			break;
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -59,7 +59,8 @@ void ToSendStuffBit(int b);
 void ToSendReset(void);
 void ListenReaderField(int limit);
 void AcquireRawAdcSamples125k(int at134khz);
-void DoAcquisition125k(void);
+void SnoopLFRawAdcSamples(int divisor, int trigger_threshold);
+void DoAcquisition125k(int trigger_threshold);
 extern int ToSendMax;
 extern uint8_t ToSend[];
 extern uint32_t BigBuf[];
@ -82,8 +83,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
 #define FPGA_CMD_SET_DIVISOR					(2<<12)
 // Definitions for the FPGA configuration word.
 // LF
-#define FPGA_MAJOR_MODE_LF_READER				(0<<5)
-#define FPGA_MAJOR_MODE_LF_EDGE_DETECT				(1<<5)
+#define FPGA_MAJOR_MODE_LF_ADC					(0<<5)
+#define FPGA_MAJOR_MODE_LF_EDGE_DETECT			(1<<5)
 #define FPGA_MAJOR_MODE_LF_PASSTHRU				(2<<5)
 // HF
 #define FPGA_MAJOR_MODE_HF_READER_TX				(0<<5)
@ -92,6 +93,8 @@ void SetAdcMuxFor(uint32_t whichGpio);
 #define FPGA_MAJOR_MODE_HF_ISO14443A				(3<<5)
 // BOTH
 #define FPGA_MAJOR_MODE_OFF					(7<<5)
+// Options for LF_ADC
+#define FPGA_LF_ADC_READER_FIELD				(1<<0)
 // Options for LF_EDGE_DETECT
 #define FPGA_LF_EDGE_DETECT_READER_FIELD 			(1<<0)
 // Options for the HF reader, tx to tag
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -15,7 +15,7 @@
 #include "crc16.h"
 #include "string.h"

-void AcquireRawAdcSamples125k(int divisor)
+void LFSetupFPGAForADC(int divisor, bool lf_field)
 {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	if ( (divisor == 1) || (divisor < 0) || (divisor > 255) )
@ -25,23 +25,30 @@ void AcquireRawAdcSamples125k(int divisor)
 	else
 		FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor);

-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0));

 	// Connect the A/D to the peak-detected low-frequency path.
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-
 	// Give it a bit of time for the resonant antenna to settle.
 	SpinDelay(50);
-
 	// Now set up the SSC to get the ADC samples that are now streaming at us.
 	FpgaSetupSsc();
+}

-	// Now call the acquisition routine
-	DoAcquisition125k();
+void AcquireRawAdcSamples125k(int divisor)
+{
+	LFSetupFPGAForADC(divisor, true);
+	DoAcquisition125k(-1);
+}
+
+void SnoopLFRawAdcSamples(int divisor, int trigger_threshold)
+{
+	LFSetupFPGAForADC(divisor, false);
+	DoAcquisition125k(trigger_threshold);
 }

 // split into two routines so we can avoid timing issues after sending commands //
-void DoAcquisition125k(void)
+void DoAcquisition125k(int trigger_threshold)
 {
 	uint8_t *dest = (uint8_t *)BigBuf;
 	int n = sizeof(BigBuf);
@ -56,9 +63,12 @@ void DoAcquisition125k(void)
 		}
 		if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
 			dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			i++;
 			LED_D_OFF();
-			if (i >= n) break;
+			if (trigger_threshold != -1 && dest[i] < trigger_threshold)
+				continue;
+			else
+				trigger_threshold = -1;
+			if (++i >= n) break;
 		}
 	}
 	Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...",
@ -85,7 +95,7 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1,
 	else
 		FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz

-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

 	// Give it a bit of time for the resonant antenna to settle.
 	SpinDelay(50);
@ -105,7 +115,7 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1,
 		else
 			FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz

-		FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+		FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
 		LED_D_ON();
 		if(*(command++) == '0')
 			SpinDelayUs(period_0);
@ -120,10 +130,10 @@ void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1,
 	else
 		FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz

-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

 	// now do the read
-	DoAcquisition125k();
+	DoAcquisition125k(-1);
 }

 /* blank r/w tag data stream
@ -609,7 +619,7 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)

 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

 	// Connect the A/D to the peak-detected low-frequency path.
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
@ -823,7 +833,7 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)

 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

 	// Connect the A/D to the peak-detected low-frequency path.
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
@ -1141,7 +1151,7 @@ void T55xxWriteBit(int bit)
 {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
 	if (bit == 0)
 		SpinDelayUs(WRITE_0);
 	else
@ -1157,7 +1167,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod

 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

 	// Give it a bit of time for the resonant antenna to settle.
 	// And for the tag to fully power up
@ -1189,7 +1199,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 	// Now perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
 	// so wait a little more)
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
 	SpinDelay(20);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 }
@ -1211,7 +1221,7 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
  
 	LED_D_ON();
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
  
 	// Give it a bit of time for the resonant antenna to settle.
 	// And for the tag to fully power up
@ -1237,7 +1247,7 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
  
  // Turn field on to read the response
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
  
 	// Now do the acquisition
 	i = 0;
@ -1276,7 +1286,7 @@ void T55xxReadTrace(void){
  
 	LED_D_ON();
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
  
 	// Give it a bit of time for the resonant antenna to settle.
 	// And for the tag to fully power up
@ -1292,7 +1302,7 @@ void T55xxReadTrace(void){
  
  // Turn field on to read the response
 	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
  
 	// Now do the acquisition
 	i = 0;
@ -1983,7 +1993,7 @@ void SendForward(uint8_t fwd_bit_count) {
  //Field on
  FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
  FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+  FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
  
  // Give it a bit of time for the resonant antenna to settle.
  // And for the tag to fully power up
@ -1995,7 +2005,7 @@ void SendForward(uint8_t fwd_bit_count) {
  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
  SpinDelayUs(55*8); //55 cycles off (8us each)for 4305
  FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);//field on
+  FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
  SpinDelayUs(16*8); //16 cycles on (8us each)
  
  // now start writting
@ -2007,7 +2017,7 @@ void SendForward(uint8_t fwd_bit_count) {
      FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
      SpinDelayUs(23*8); //16-4 cycles off (8us each)
      FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-      FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);//field on
+      FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
      SpinDelayUs(9*8); //16 cycles on (8us each)
    }
  }
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -450,6 +450,28 @@ int CmdLFSimManchester(const char *Cmd)
  return 0;
 }

+int CmdLFSnoop(const char *Cmd)
+{
+  UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES};
+  // 'h' means higher-low-frequency, 134 kHz
+  c.arg[0] = 0;
+  c.arg[1] = -1;
+  if (*Cmd == 0) {
+    // empty
+  } else if (*Cmd == 'l') {
+    sscanf(Cmd, "l %"lli, &c.arg[1]);
+  } else if(*Cmd == 'h') {
+    c.arg[0] = 1;
+    sscanf(Cmd, "h %"lli, &c.arg[1]);
+  } else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) {
+    PrintAndLog("use 'snoop' or 'snoop {l,h} [trigger threshold]', or 'snoop <divisor> [trigger threshold]'");
+    return 0;
+  }
+  SendCommand(&c);
+  WaitForResponse(CMD_ACK,NULL);
+  return 0;
+}
+
 int CmdVchDemod(const char *Cmd)
 {
  // Is this the entire sync pattern, or does this also include some
@ -540,6 +562,7 @@ static command_t CommandTable[] =
  {"sim",         CmdLFSim,           0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
  {"simbidir",    CmdLFSimBidir,      0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
  {"simman",      CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},
+  {"snoop",       CmdLFSnoop,         0, "['l'|'h'|<divisor>] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"},
  {"ti",          CmdLFTI,            1, "{ TI RFIDs... }"},
  {"hitag",       CmdLFHitag,         1, "{ Hitag tags and transponders... }"},
  {"vchdemod",    CmdVchDemod,        1, "['clone'] -- Demodulate samples for VeriChip"},
--- a/client/cmdlf.h
+++ b/client/cmdlf.h
@ -21,6 +21,7 @@ int CmdLFRead(const char *Cmd);
 int CmdLFSim(const char *Cmd);
 int CmdLFSimBidir(const char *Cmd);
 int CmdLFSimManchester(const char *Cmd);
+int CmdLFSnoop(const char *Cmd);
 int CmdVchDemod(const char *Cmd);

 #endif
--- a/fpga/fpga_lf.bit
+++ b/fpga/fpga_lf.bit
--- a/fpga/fpga_lf.v
+++ b/fpga/fpga_lf.v
@ -80,7 +80,7 @@ lo_read lr(
 	lr_pwr_lo, lr_pwr_hi, lr_pwr_oe1, lr_pwr_oe2, lr_pwr_oe3, lr_pwr_oe4,
 	adc_d, lr_adc_clk,
 	lr_ssp_frame, lr_ssp_din, lr_ssp_clk,
-	lr_dbg
+	lr_dbg, lf_field
 );

 lo_passthru lp(
--- a/fpga/lo_read.v
+++ b/fpga/lo_read.v
@ -13,7 +13,8 @@ module lo_read(
 	output pwr_oe1, output pwr_oe2, output pwr_oe3, output pwr_oe4,
 	input [7:0] adc_d, output adc_clk,
 	output ssp_frame, output ssp_din, output ssp_clk,
-	output dbg
+	output dbg,
+	input lf_field
 );

 reg [7:0] to_arm_shiftreg;
@ -65,7 +66,7 @@ assign pwr_oe2 = 1'b0;
 assign pwr_oe3 = 1'b0;
 assign pwr_oe4 = 1'b0;
 // this is the antenna driver signal
-assign pwr_lo = pck_divclk;
+assign pwr_lo = lf_field & pck_divclk;
 // ADC clock out of phase with antenna driver
 assign adc_clk = ~pck_divclk;
 // ADC clock also routed to debug pin
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -96,6 +96,7 @@ typedef struct {
 #define CMD_ISO_15693_COMMAND_DONE                                        0x0314
 #define CMD_ISO_15693_FIND_AFI                                            0x0315
 #define CMD_ISO_15693_DEBUG                                               0x0316
+#define CMD_LF_SNOOP_RAW_ADC_SAMPLES                                      0x0317

 // For Hitag2 transponders
 #define CMD_SNOOP_HITAG                                                   0x0370