]> git.zerfleddert.de Git - proxmark3-svn/blame - fpga/fpga.v
Improvements/Fixes to 14443 sniffing/snooping
[proxmark3-svn] / fpga / fpga.v
CommitLineData
ba06a4b6 1//-----------------------------------------------------------------------------
2// The FPGA is responsible for interfacing between the A/D, the coil drivers,
3// and the ARM. In the low-frequency modes it passes the data straight
4// through, so that the ARM gets raw A/D samples over the SSP. In the high-
5// frequency modes, the FPGA might perform some demodulation first, to
6// reduce the amount of data that we must send to the ARM.
7//
8// I am not really an FPGA/ASIC designer, so I am sure that a lot of this
9// could be improved.
10//
11// Jonathan Westhues, March 2006
12// Added ISO14443-A support by Gerhard de Koning Gans, April 2008
13//-----------------------------------------------------------------------------
14
15`include "lo_read.v"
16`include "lo_passthru.v"
d19929cb 17`include "lo_edge_detect.v"
ba06a4b6 18`include "hi_read_tx.v"
19`include "hi_read_rx_xcorr.v"
20`include "hi_simulate.v"
21`include "hi_iso14443a.v"
22`include "util.v"
23
24module fpga(
e691fc45 25 spck, miso, mosi, ncs,
26 pck0, ck_1356meg, ck_1356megb,
ba06a4b6 27 pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
28 adc_d, adc_clk, adc_noe,
29 ssp_frame, ssp_din, ssp_dout, ssp_clk,
30 cross_hi, cross_lo,
31 dbg
32);
e691fc45 33 input spck, mosi, ncs;
ba06a4b6 34 output miso;
e691fc45 35 input pck0, ck_1356meg, ck_1356megb;
ba06a4b6 36 output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
37 input [7:0] adc_d;
38 output adc_clk, adc_noe;
39 input ssp_dout;
40 output ssp_frame, ssp_din, ssp_clk;
41 input cross_hi, cross_lo;
42 output dbg;
43
44//assign pck0 = pck0i;
e691fc45 45// IBUFG #(.IOSTANDARD("DEFAULT") ) pck0b(
46// .O(pck0),
47// .I(pck0i)
48// );
ba06a4b6 49//assign spck = spcki;
e691fc45 50// IBUFG #(.IOSTANDARD("DEFAULT") ) spckb(
51 // .O(spck),
52 // .I(spcki)
53// );
54
55
ba06a4b6 56//-----------------------------------------------------------------------------
57// The SPI receiver. This sets up the configuration word, which the rest of
58// the logic looks at to determine how to connect the A/D and the coil
59// drivers (i.e., which section gets it). Also assign some symbolic names
60// to the configuration bits, for use below.
61//-----------------------------------------------------------------------------
62
63reg [15:0] shift_reg;
64reg [7:0] divisor;
65reg [7:0] conf_word;
66
67// We switch modes between transmitting to the 13.56 MHz tag and receiving
68// from it, which means that we must make sure that we can do so without
69// glitching, or else we will glitch the transmitted carrier.
70always @(posedge ncs)
71begin
72 case(shift_reg[15:12])
e691fc45 73 4'b0001: conf_word <= shift_reg[7:0]; // FPGA_CMD_SET_CONFREG
74 4'b0010: divisor <= shift_reg[7:0]; // FPGA_CMD_SET_DIVISOR
ba06a4b6 75 endcase
76end
77
78always @(posedge spck)
79begin
80 if(~ncs)
81 begin
82 shift_reg[15:1] <= shift_reg[14:0];
83 shift_reg[0] <= mosi;
84 end
85end
86
87wire [2:0] major_mode;
88assign major_mode = conf_word[7:5];
89
90// For the low-frequency configuration:
91wire lo_is_125khz;
92assign lo_is_125khz = conf_word[3];
93
94// For the high-frequency transmit configuration: modulation depth, either
95// 100% (just quite driving antenna, steady LOW), or shallower (tri-state
96// some fraction of the buffers)
97wire hi_read_tx_shallow_modulation;
98assign hi_read_tx_shallow_modulation = conf_word[0];
99
100// For the high-frequency receive correlator: frequency against which to
101// correlate.
102wire hi_read_rx_xcorr_848;
103assign hi_read_rx_xcorr_848 = conf_word[0];
104// and whether to drive the coil (reader) or just short it (snooper)
105wire hi_read_rx_xcorr_snoop;
106assign hi_read_rx_xcorr_snoop = conf_word[1];
107
108// Divide the expected subcarrier frequency for hi_read_rx_xcorr by 4
109wire hi_read_rx_xcorr_quarter;
110assign hi_read_rx_xcorr_quarter = conf_word[2];
111
112// For the high-frequency simulated tag: what kind of modulation to use.
113wire [2:0] hi_simulate_mod_type;
114assign hi_simulate_mod_type = conf_word[2:0];
115
d19929cb 116// For the high-frequency simulated tag: what kind of modulation to use.
117wire lf_field;
118assign lf_field = conf_word[0];
119
ba06a4b6 120//-----------------------------------------------------------------------------
121// And then we instantiate the modules corresponding to each of the FPGA's
122// major modes, and use muxes to connect the outputs of the active mode to
123// the output pins.
124//-----------------------------------------------------------------------------
125
126lo_read lr(
127 pck0, ck_1356meg, ck_1356megb,
128 lr_pwr_lo, lr_pwr_hi, lr_pwr_oe1, lr_pwr_oe2, lr_pwr_oe3, lr_pwr_oe4,
129 adc_d, lr_adc_clk,
130 lr_ssp_frame, lr_ssp_din, ssp_dout, lr_ssp_clk,
131 cross_hi, cross_lo,
132 lr_dbg,
133 lo_is_125khz, divisor
134);
135
136lo_passthru lp(
137 pck0, ck_1356meg, ck_1356megb,
138 lp_pwr_lo, lp_pwr_hi, lp_pwr_oe1, lp_pwr_oe2, lp_pwr_oe3, lp_pwr_oe4,
139 adc_d, lp_adc_clk,
140 lp_ssp_frame, lp_ssp_din, ssp_dout, lp_ssp_clk,
141 cross_hi, cross_lo,
142 lp_dbg, divisor
143);
144
d19929cb 145lo_edge_detect ls(
ba06a4b6 146 pck0, ck_1356meg, ck_1356megb,
147 ls_pwr_lo, ls_pwr_hi, ls_pwr_oe1, ls_pwr_oe2, ls_pwr_oe3, ls_pwr_oe4,
148 adc_d, ls_adc_clk,
149 ls_ssp_frame, ls_ssp_din, ssp_dout, ls_ssp_clk,
150 cross_hi, cross_lo,
d19929cb 151 ls_dbg, divisor,
152 lf_field
ba06a4b6 153);
154
155hi_read_tx ht(
156 pck0, ck_1356meg, ck_1356megb,
157 ht_pwr_lo, ht_pwr_hi, ht_pwr_oe1, ht_pwr_oe2, ht_pwr_oe3, ht_pwr_oe4,
158 adc_d, ht_adc_clk,
159 ht_ssp_frame, ht_ssp_din, ssp_dout, ht_ssp_clk,
160 cross_hi, cross_lo,
161 ht_dbg,
162 hi_read_tx_shallow_modulation
163);
164
165hi_read_rx_xcorr hrxc(
166 pck0, ck_1356meg, ck_1356megb,
167 hrxc_pwr_lo, hrxc_pwr_hi, hrxc_pwr_oe1, hrxc_pwr_oe2, hrxc_pwr_oe3, hrxc_pwr_oe4,
168 adc_d, hrxc_adc_clk,
169 hrxc_ssp_frame, hrxc_ssp_din, ssp_dout, hrxc_ssp_clk,
170 cross_hi, cross_lo,
171 hrxc_dbg,
172 hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
173);
174
175hi_simulate hs(
176 pck0, ck_1356meg, ck_1356megb,
177 hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4,
178 adc_d, hs_adc_clk,
179 hs_ssp_frame, hs_ssp_din, ssp_dout, hs_ssp_clk,
180 cross_hi, cross_lo,
181 hs_dbg,
182 hi_simulate_mod_type
183);
184
185hi_iso14443a hisn(
186 pck0, ck_1356meg, ck_1356megb,
187 hisn_pwr_lo, hisn_pwr_hi, hisn_pwr_oe1, hisn_pwr_oe2, hisn_pwr_oe3, hisn_pwr_oe4,
188 adc_d, hisn_adc_clk,
189 hisn_ssp_frame, hisn_ssp_din, ssp_dout, hisn_ssp_clk,
190 cross_hi, cross_lo,
191 hisn_dbg,
192 hi_simulate_mod_type
193);
194
195// Major modes:
196// 000 -- LF reader (generic)
197// 001 -- LF simulated tag (generic)
198// 010 -- HF reader, transmitting to tag; modulation depth selectable
199// 011 -- HF reader, receiving from tag, correlating as it goes; frequency selectable
200// 100 -- HF simulated tag
201// 101 -- HF ISO14443-A
202// 110 -- LF passthrough
203// 111 -- everything off
204
205mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, ls_ssp_clk, ht_ssp_clk, hrxc_ssp_clk, hs_ssp_clk, hisn_ssp_clk, lp_ssp_clk, 1'b0);
206mux8 mux_ssp_din (major_mode, ssp_din, lr_ssp_din, ls_ssp_din, ht_ssp_din, hrxc_ssp_din, hs_ssp_din, hisn_ssp_din, lp_ssp_din, 1'b0);
e691fc45 207mux8 mux_ssp_frame (major_mode, ssp_frame, lr_ssp_frame, ls_ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, lp_ssp_frame, 1'b0);
ba06a4b6 208mux8 mux_pwr_oe1 (major_mode, pwr_oe1, lr_pwr_oe1, ls_pwr_oe1, ht_pwr_oe1, hrxc_pwr_oe1, hs_pwr_oe1, hisn_pwr_oe1, lp_pwr_oe1, 1'b0);
209mux8 mux_pwr_oe2 (major_mode, pwr_oe2, lr_pwr_oe2, ls_pwr_oe2, ht_pwr_oe2, hrxc_pwr_oe2, hs_pwr_oe2, hisn_pwr_oe2, lp_pwr_oe2, 1'b0);
210mux8 mux_pwr_oe3 (major_mode, pwr_oe3, lr_pwr_oe3, ls_pwr_oe3, ht_pwr_oe3, hrxc_pwr_oe3, hs_pwr_oe3, hisn_pwr_oe3, lp_pwr_oe3, 1'b0);
211mux8 mux_pwr_oe4 (major_mode, pwr_oe4, lr_pwr_oe4, ls_pwr_oe4, ht_pwr_oe4, hrxc_pwr_oe4, hs_pwr_oe4, hisn_pwr_oe4, lp_pwr_oe4, 1'b0);
212mux8 mux_pwr_lo (major_mode, pwr_lo, lr_pwr_lo, ls_pwr_lo, ht_pwr_lo, hrxc_pwr_lo, hs_pwr_lo, hisn_pwr_lo, lp_pwr_lo, 1'b0);
213mux8 mux_pwr_hi (major_mode, pwr_hi, lr_pwr_hi, ls_pwr_hi, ht_pwr_hi, hrxc_pwr_hi, hs_pwr_hi, hisn_pwr_hi, lp_pwr_hi, 1'b0);
214mux8 mux_adc_clk (major_mode, adc_clk, lr_adc_clk, ls_adc_clk, ht_adc_clk, hrxc_adc_clk, hs_adc_clk, hisn_adc_clk, lp_adc_clk, 1'b0);
e691fc45 215mux8 mux_dbg (major_mode, dbg, lr_dbg, ls_dbg, ht_dbg, hrxc_dbg, hs_dbg, hisn_dbg, lp_dbg, 1'b0);
ba06a4b6 216
217// In all modes, let the ADC's outputs be enabled.
218assign adc_noe = 1'b0;
219
220endmodule
Impressum, Datenschutz