/*
// Original Timings for reference
+//note startgap must be sent after tag has been powered up for more than 3ms (per T5557 ds)
#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
+#define READ_GAP 15*8
*/
/* Q5 timing datasheet:
* Write_0 Fast Mode | 8*8 | 12*8 | 16*8 |
* Write_1 Fast Mode | 24*8 | 28*8 | 32*8 |
*/
-/*
-//note startgap must be sent after tag has been powered up for more than 3ms (per T5557 ds)
-#define START_GAP 31*8 //31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc) - T5557: 10*8 to 50*8
-#define WRITE_GAP 20*8 //20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc) - T5557: 8*8 to 30*8 typ 50-150us
-#define WRITE_0 18*8 //18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc) - T5557: 16*8 to 31*8 typ 24*8
-#define WRITE_1 50*8 //50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) - T5557: 48*8 to 63*8 typ 54*8 432 for T55x7; 448 for E5550
-
-#define READ_GAP 15*8
-*/
// Structure to hold Timing values. In future will be simplier to add user changable timings.
typedef struct {
// Build Bit Stream to send.
memset (BitStream,0x00,sizeof(BitStream));
- BitStreamLen = 0;
+ BitStreamLen = 0; // Ensure 0 bit index to start.
// Add Leading 0 and 1 of 4 reference bit
if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4))
if (downlink_mode == T55xx_DLMode_LLR)
T55xxWriteBit (T55xx_LongLeadingReference,Timing); // Send Long Leading Start Reference
- if (downlink_mode == T55xx_DLMode_1of4) { // 1 of 4 need to send 2 bits at a time
- for ( i = 0; i < BitStreamLen; i+=2 ) {
+ if ((downlink_mode == T55xx_DLMode_1of4) && (BitStreamLen > 0)) { // 1 of 4 need to send 2 bits at a time
+ for ( i = 0; i < BitStreamLen-1; i+=2 ) {
SendBits = (BitStream[BitStream_Byte(i )] >> (BitStream_Bit(i )) & 1) << 1; // Bit i
SendBits += (BitStream[BitStream_Byte(i+1)] >> (BitStream_Bit(i+1)) & 1); // Bit i+1;
T55xxWriteBit (SendBits & 3,Timing);
// Send T5577 reset command then read stream (see if we can identify the start of the stream)
void T55xxResetRead(void) {
LED_A_ON();
-/*
- //clear buffer now so it does not interfere with timing later
- BigBuf_Clear_keep_EM();
-
- // Set up FPGA, 125kHz
- LFSetupFPGAForADC(95, true);
- StartTicks();
- // make sure tag is fully powered up...
- WaitMS(5);
-
- // Trigger T55x7 in mode.
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- WaitUS(T55xx_Timing_FixedBit.START_GAP);
-
- // reset tag - op code 00
- T55xxWriteBit(0,&T55xx_Timing_FixedBit);
- T55xxWriteBit(0,&T55xx_Timing_FixedBit);
-
- TurnReadLFOn(T55xx_Timing_FixedBit.READ_GAP);
-*/
// send r* 00
uint8_t arg = 0x80; // SendCMD will add correct reference mode based on flags (when added).
// Add in downlink_mode when ready
// arg |= 0x00; // dlmode << 3 (00 default - 08 leading 0 - 10 Fixed - 18 1 of 4 )
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_keep_EM();
+
T55xx_SendCMD (0, 0, 0, arg); //, true);
+ TurnReadLFOn(T55xx_Timing_FixedBit.READ_GAP);
+
// Acquisition
DoPartialAcquisition(0, true, BigBuf_max_traceLen(), 0);
BigBuf_Clear_ext(false);
T55xx_SendCMD (0, Block, Pwd, arg0); //, true);
-
-/*
-// the send has been moved to the above SendCMD Call
-=======
-
- // Set up FPGA, 125kHz to power up the tag
- LFSetupFPGAForADC(95, true);
- StartTicks();
- // make sure tag is fully powered up...
- WaitMS(5);
- // Trigger T55x7 Direct Access Mode with start gap
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- WaitUS(START_GAP);
-
- // Opcode 1[page]
- T55xxWriteBit(1);
- T55xxWriteBit(Page); //Page 0
-
- if (PwdMode) {
- // Send Pwd
- for (i = 0x80000000; i != 0; i >>= 1)
- T55xxWriteBit(Pwd & i);
- }
- // Send a zero bit separation
- T55xxWriteBit(0);
-
- // Send Block number (if direct access mode)
- if (!RegReadMode)
- for (i = 0x04; i != 0; i >>= 1)
- T55xxWriteBit(Block & i);
-
-*/
// Turn field on to read the response
// 137*8 seems to get to the start of data pretty well...
// but we want to go past the start and let the repeating data settle in...
void T55xxWakeUp(uint32_t Pwd){
LED_B_ON();
- /*
- uint32_t i = 0;
- // Set up FPGA, 125kHz
- LFSetupFPGAForADC(95, true);
- StartTicks();
- // make sure tag is fully powered up...
- WaitMS(5);
-
- // Trigger T55x7 Direct Access Mode
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- WaitUS(T55xx_Timing_FixedBit.START_GAP);
-
- // Opcode 10
- T55xxWriteBit(1,&T55xx_Timing_FixedBit);
- T55xxWriteBit(0,&T55xx_Timing_FixedBit); //Page 0
-
- // Send Pwd
- for (i = 0x80000000; i != 0; i >>= 1)
- T55xxWriteBit(Pwd & i,&T55xx_Timing_FixedBit);
-*/
/*
arg bits
xxxxxxx1 0x01 PwdMode
projects / proxmark3-svn / blobdiff