+
+//-----------------------------------------------------------------------------
+// MIFARE sniffer.
+//
+//-----------------------------------------------------------------------------
+void RAMFUNC SniffMifare(uint8_t param) {
+ // param:
+ // bit 0 - trigger from first card answer
+ // bit 1 - trigger from first reader 7-bit request
+
+ LEDsoff();
+ // init trace buffer
+ traceLen = 0;
+ memset(trace, 0x44, TRACE_SIZE);
+
+ // The command (reader -> tag) that we're receiving.
+ // The length of a received command will in most cases be no more than 18 bytes.
+ // So 32 should be enough!
+ uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
+ // The response (tag -> reader) that we're receiving.
+ uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
+
+ // As we receive stuff, we copy it from receivedCmd or receivedResponse
+ // into trace, along with its length and other annotations.
+ //uint8_t *trace = (uint8_t *)BigBuf;
+
+ // The DMA buffer, used to stream samples from the FPGA
+ int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
+ int8_t *data = dmaBuf;
+ int maxDataLen = 0;
+ int dataLen = 0;
+// data = dmaBuf;
+
+ // Set up the demodulator for tag -> reader responses.
+ Demod.output = receivedResponse;
+ Demod.len = 0;
+ Demod.state = DEMOD_UNSYNCD;
+
+ // Set up the demodulator for the reader -> tag commands
+ memset(&Uart, 0, sizeof(Uart));
+ Uart.output = receivedCmd;
+ Uart.byteCntMax = 32; // was 100 (greg)//////////////////
+ Uart.state = STATE_UNSYNCD;
+
+ // Setup for the DMA.
+ FpgaSetupSsc();
+ FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
+
+ // And put the FPGA in the appropriate mode
+ // Signal field is off with the appropriate LED
+ LED_D_OFF();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+ // Count of samples received so far, so that we can include timing
+ // information in the trace buffer.
+ rsamples = 0;
+ // And now we loop, receiving samples.
+ while(true) {
+ if(BUTTON_PRESS()) {
+ DbpString("cancelled by button");
+ goto done;
+ }
+
+ LED_A_ON();
+ WDT_HIT();
+
+ int register readBufDataP = data - dmaBuf;
+ int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
+ if (readBufDataP <= dmaBufDataP){
+ dataLen = dmaBufDataP - readBufDataP;
+ } else {
+ dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP + 1;
+ }
+ // test for length of buffer
+ if(dataLen > maxDataLen) {
+ maxDataLen = dataLen;
+ if(dataLen > 400) {
+ Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
+ goto done;
+ }
+ }
+ if(dataLen < 1) continue;
+
+ // primary buffer was stopped( <-- we lost data!
+ if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
+ AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
+ AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
+ Dbprintf("RxEmpty ERROR!!! %d", dataLen); // temporary
+ }
+ // secondary buffer sets as primary, secondary buffer was stopped
+ if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
+ AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
+ }
+
+ LED_A_OFF();
+
+ rsamples += 4;
+ if(MillerDecoding((data[0] & 0xF0) >> 4)) {
+ LED_C_ON();
+ // check - if there is a short 7bit request from reader
+ if ((Uart.byteCnt == 1) && (Uart.bitCnt = 9)) {
+
+ }
+ if (!LogTrace(receivedCmd, Uart.byteCnt, 0 - Uart.samples, Uart.parityBits, TRUE)) break;
+
+ /* And ready to receive another command. */
+ Uart.state = STATE_UNSYNCD;
+ /* And also reset the demod code, which might have been */
+ /* false-triggered by the commands from the reader. */
+ Demod.state = DEMOD_UNSYNCD;
+ LED_B_OFF();
+ }
+
+ if(ManchesterDecoding(data[0] & 0x0F)) {
+ LED_B_ON();
+
+ if (!LogTrace(receivedResponse, Demod.len, 0 - Demod.samples, Demod.parityBits, FALSE)) break;
+
+ // And ready to receive another response.
+ memset(&Demod, 0, sizeof(Demod));
+ Demod.output = receivedResponse;
+ Demod.state = DEMOD_UNSYNCD;
+ LED_C_OFF();
+ }
+
+ data++;
+ if(data > dmaBuf + DMA_BUFFER_SIZE) {
+ data = dmaBuf;
+ }
+ } // main cycle
+
+ DbpString("COMMAND FINISHED");
+
+done:
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
+ Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.byteCnt=%x", maxDataLen, Uart.state, Uart.byteCnt);
+ Dbprintf("Uart.byteCntMax=%x, traceLen=%x, Uart.output[0]=%x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
+ LEDsoff();
+}
\ No newline at end of file