//----------------------------------------------------------------------------- // Copyright (C) 2020 sirloins based on em4x50 // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of // the license. //----------------------------------------------------------------------------- // Low frequency EM4170 commands //----------------------------------------------------------------------------- #include "fpgaloader.h" #include "ticks.h" #include "dbprint.h" #include "lfadc.h" #include "commonutil.h" #include "em4x70.h" #include "appmain.h" // tear static em4x70_tag_t tag = { 0 }; // EM4170 requires a parity bit on commands, other variants do not. static bool command_parity = true; #define EM4X70_T_TAG_QUARTER_PERIOD 8 #define EM4X70_T_TAG_HALF_PERIOD 16 #define EM4X70_T_TAG_THREE_QUARTER_PERIOD 24 #define EM4X70_T_TAG_FULL_PERIOD 32 #define EM4X70_T_TAG_TWA 128 // Write Access Time #define EM4X70_T_TAG_DIV 224 // Divergency Time #define EM4X70_T_TAG_AUTH 4224 // Authentication Time #define EM4X70_T_TAG_WEE 3072 // EEPROM write Time #define EM4X70_T_TAG_TWALB 128 // Write Access Time of Lock Bits #define EM4X70_T_WAITING_FOR_SNGLLIW 160 // Unsure #define TICKS_PER_FC 12 // 1 fc = 8us, 1.5us per tick = 12 ticks #define EM4X70_MIN_AMPLITUDE 10 // Minimum difference between a high and low signal #define EM4X70_TAG_TOLERANCE 10 #define EM4X70_TAG_WORD 48 /** * These IDs are from the EM4170 datasheet * Some versions of the chip require a fourth * (even) parity bit, others do not */ #define EM4X70_COMMAND_ID 0x01 #define EM4X70_COMMAND_UM1 0x02 #define EM4X70_COMMAND_AUTH 0x03 #define EM4X70_COMMAND_PIN 0x04 #define EM4X70_COMMAND_WRITE 0x05 #define EM4X70_COMMAND_UM2 0x07 static uint8_t gHigh = 0; static uint8_t gLow = 0; #define IS_HIGH(sample) (sample>gLow ? true : false) #define IS_LOW(sample) (sample timeout_ticks) static uint8_t bits2byte(uint8_t *bits, int length); static void bits2bytes(uint8_t *bits, int length, uint8_t *out); static int em4x70_receive(uint8_t *bits); static bool find_listen_window(bool command); static void init_tag(void) { memset(tag.data, 0x00, sizeof(tag.data)/sizeof(tag.data[0])); } static void EM4170_setup_read(void) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); // 50ms for the resonant antenna to settle. SpinDelay(50); // Now set up the SSC to get the ADC samples that are now streaming at us. FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125); // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); // Steal this pin from the SSP (SPI communication channel with fpga) and // use it to control the modulation AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; // Disable modulation at default, which means enable the field LOW(GPIO_SSC_DOUT); // Start the timer StartTicks(); // Watchdog hit WDT_HIT(); } static bool get_signalproperties(void) { // calculate signal properties (mean amplitudes) from measured data: // 32 amplitudes (maximum values) -> mean amplitude value -> gHigh -> gLow bool signal_found = false; int no_periods = 32, pct = 50, noise = 140; // pct originally 75, found 50 was working better for me uint8_t sample_ref = 127; uint8_t sample_max_mean = 0; uint8_t sample_max[no_periods]; uint32_t sample_max_sum = 0; memset(sample_max, 0x00, sizeof(sample_max)); // wait until signal/noise > 1 (max. 32 periods) for (int i = 0; i < TICKS_PER_FC * EM4X70_T_TAG_FULL_PERIOD * no_periods; i++) { // about 2 samples per bit period WaitTicks(TICKS_PER_FC * EM4X70_T_TAG_HALF_PERIOD); if (AT91C_BASE_SSC->SSC_RHR > noise) { signal_found = true; break; } } if (signal_found == false) return false; // calculate mean maximum value of 32 periods, each period has a length of // 3 single "full periods" to eliminate the influence of a listen window for (int i = 0; i < no_periods; i++) { uint32_t start_ticks = GetTicks(); //AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; while (GetTicks() - start_ticks < TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD) { volatile uint8_t sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; if (sample > sample_max[i]) sample_max[i] = sample; } sample_max_sum += sample_max[i]; } sample_max_mean = sample_max_sum / no_periods; // set global envelope variables gHigh = sample_ref + pct * (sample_max_mean - sample_ref) / 100; gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100; // Basic sanity check if(gHigh - gLow < EM4X70_MIN_AMPLITUDE) { return false; } Dbprintf("%s: gHigh %d gLow: %d", __func__, gHigh, gLow); return true; } /** * get_pulse_length * * Times falling edge pulses */ static uint32_t get_pulse_length(void) { uint8_t sample; uint32_t timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; uint32_t start_ticks = GetTicks(); timeout = start_ticks + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; timeout = (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD) + GetTicks(); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; return GetTicks() - start_ticks; } /** * get_pulse_invert_length * * Times rising edge pules * TODO: convert to single function with get_pulse_length() */ static uint32_t get_pulse_invert_length(void) { uint8_t sample; uint32_t timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; uint32_t start_ticks = GetTicks(); timeout = start_ticks + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); do { sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; }while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); if (IS_TIMEOUT(timeout)) return 0; return GetTicks() - start_ticks; } static bool check_pulse_length(uint32_t pl, int length, int margin) { // check if pulse length corresponds to given length //Dbprintf("%s: pulse length %d vs %d", __func__, pl, length * TICKS_PER_FC); return ((pl >= TICKS_PER_FC * (length - margin)) & (pl <= TICKS_PER_FC * (length + margin))); } static void em4x70_send_bit(int bit) { // send single bit according to EM4170 application note and datasheet uint32_t start_ticks = GetTicks(); if (bit == 0) { // disable modulation (drop the field) for 4 cycles of carrier LOW(GPIO_SSC_DOUT); while (GetTicks() - start_ticks <= TICKS_PER_FC * 4); // enable modulation (activates the field) for remaining first // half of bit period HIGH(GPIO_SSC_DOUT); while (GetTicks() - start_ticks <= TICKS_PER_FC * EM4X70_T_TAG_HALF_PERIOD); // disable modulation for second half of bit period LOW(GPIO_SSC_DOUT); while (GetTicks() - start_ticks <= TICKS_PER_FC * EM4X70_T_TAG_FULL_PERIOD); } else { // bit = "1" means disable modulation for full bit period LOW(GPIO_SSC_DOUT); while (GetTicks() - start_ticks <= TICKS_PER_FC * EM4X70_T_TAG_FULL_PERIOD); } } /** * em4x70_send_command */ static void em4170_send_command(uint8_t command) { int parity = 0; int msb_bit = 0; // Non automotive EM4x70 based tags are 3 bits + 1 parity. // So drop the MSB and send a parity bit instead after the command if(command_parity) msb_bit = 1; for (int i = msb_bit; i < 4; i++) { int bit = (command >> (3 - i)) & 1; em4x70_send_bit(bit); parity ^= bit; } if(command_parity) em4x70_send_bit(parity); } static bool find_listen_window(bool command) { int cnt = 0; while(cnt < EM4X70_T_WAITING_FOR_SNGLLIW) { /* 80 ( 64 + 16 ) 80 ( 64 + 16 ) Flip Polarity 96 ( 64 + 32 ) 64 ( 32 + 16 +16 )*/ if (check_pulse_length(get_pulse_invert_length(), 80, EM4X70_TAG_TOLERANCE)) { if (check_pulse_length(get_pulse_invert_length(), 80, EM4X70_TAG_TOLERANCE)) { if (check_pulse_length(get_pulse_length(), 96, EM4X70_TAG_TOLERANCE)) { if (check_pulse_length(get_pulse_length(), 64, EM4X70_TAG_TOLERANCE)) { if(command) { /* Here we are after the 64 duration edge. * em4170 says we need to wait about 48 RF clock cycles. * depends on the delay between tag and us * * I've found between 4-5 quarter periods (32-40) works best */ WaitTicks(TICKS_PER_FC * 5 * EM4X70_T_TAG_QUARTER_PERIOD); // Send RM Command em4x70_send_bit(0); em4x70_send_bit(0); } return true; } } } } cnt++; } return false; } static void bits2bytes(uint8_t *bits, int length, uint8_t *out) { if(length%8 != 0) { Dbprintf("Should have a multiple of 8 bits, was sent %d", length); } int num_bytes = length / 8; // We should have a multiple of 8 here for(int i=1; i <= num_bytes; i++) { out[num_bytes-i] = bits2byte(bits, 8); bits+=8; //Dbprintf("Read: %02X", out[num_bytes-i]); } } static uint8_t bits2byte(uint8_t *bits, int length) { // converts separate bits into a single "byte" uint8_t byte = 0; for (int i = 0; i < length; i++) { byte |= bits[i]; if (i != length - 1) byte <<= 1; } return byte; } /*static void print_array(uint8_t *bits, int len) { if(len%8 != 0) { Dbprintf("Should have a multiple of 8 bits, was sent %d", len); } int num_bytes = len / 8; // We should have a multiple of 8 here uint8_t bytes[8]; for(int i=0;i speed up "lf search" process return find_listen_window(false); } static int em4x70_receive(uint8_t *bits) { uint32_t pl; int bit_pos = 0; uint8_t edge = 0; bool foundheader = false; // Read out the header // 12 Manchester 1's (may miss some during settle period) // 4 Manchester 0's // Skip a few leading 1's as it could be noisy WaitTicks(TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); // wait until we get the transition from 1's to 0's which is 1.5 full windows int pulse_count = 0; while(pulse_count < 12){ pl = get_pulse_invert_length(); pulse_count++; if(check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD, EM4X70_TAG_TOLERANCE)) { foundheader = true; break; } } if(!foundheader) { Dbprintf("Failed to find read header"); return 0; } // Skip next 3 0's, header check consumes the first 0 for(int i = 0; i < 3; i++) { get_pulse_invert_length(); } // identify remaining bits based on pulse lengths // between two listen windows only pulse lengths of 1, 1.5 and 2 are possible while (true) { if(edge) pl = get_pulse_length(); else pl = get_pulse_invert_length(); if (check_pulse_length(pl, EM4X70_T_TAG_FULL_PERIOD, EM4X70_T_TAG_QUARTER_PERIOD)) { // pulse length = 1 bits[bit_pos++] = edge; } else if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD, EM4X70_T_TAG_QUARTER_PERIOD)) { // pulse length = 1.5 -> flip edge detection if(edge) { bits[bit_pos++] = 0; bits[bit_pos++] = 0; edge = 0; } else { bits[bit_pos++] = 1; bits[bit_pos++] = 1; edge = 1; } } else if (check_pulse_length(pl, 2 * EM4X70_T_TAG_FULL_PERIOD, EM4X70_T_TAG_QUARTER_PERIOD)) { // pulse length of 2 if(edge) { bits[bit_pos++] = 0; bits[bit_pos++] = 1; } else { bits[bit_pos++] = 1; bits[bit_pos++] = 0; } } else if ( (edge && check_pulse_length(pl, 3 * EM4X70_T_TAG_FULL_PERIOD, EM4X70_T_TAG_QUARTER_PERIOD)) || (!edge && check_pulse_length(pl, 80, EM4X70_T_TAG_QUARTER_PERIOD))) { // LIW detected (either invert or normal) return --bit_pos; } } return bit_pos; } void em4x70_info(em4x70_data_t *etd) { uint8_t status = 0; // Support tags with and without command parity bits command_parity = etd->parity; init_tag(); EM4170_setup_read(); // Find the Tag if (get_signalproperties() && find_EM4X70_Tag()) { // Read ID, UM1 and UM2 status = em4x70_read_id() && em4x70_read_um1() && em4x70_read_um2(); } StopTicks(); lf_finalize(); reply_ng(CMD_LF_EM4X70_INFO, status, tag.data, sizeof(tag.data)); }