// the license.
//-----------------------------------------------------------------------------
// Miscellaneous routines for low frequency tag operations.
-// Tags supported here so far are Texas Instruments (TI), HID
+// Tags supported here so far are Texas Instruments (TI), HID, EM4x05, EM410x
// Also routines for raw mode reading/simulating of LF waveform
//-----------------------------------------------------------------------------
#include "lfdemod.h"
#include "lfsampling.h"
#include "protocols.h"
-#include "usb_cdc.h" //test
+#include "usb_cdc.h" // for usb_poll_validate_length
/**
* Function to do a modulation and then get samples.
*/
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint32_t period_1, uint8_t *command)
{
+ // start timer
+ StartTicks();
- int divisor_used = 95; // 125 KHz
- // see if 'h' was specified
+ // use lf config settings
+ sample_config *sc = getSamplingConfig();
- if (command[strlen((char *) command) - 1] == 'h')
- divisor_used = 88; // 134.8 KHz
-
- sample_config sc = { 0,0,1, divisor_used, 0};
- setSamplingConfig(&sc);
-
- /* Make sure the tag is reset */
+ // Make sure the tag is reset
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(2500);
+ WaitMS(2500);
- LFSetupFPGAForADC(sc.divisor, 1);
+ // clear read buffer (after fpga bitstream loaded...)
+ BigBuf_Clear_keep_EM();
- // And a little more time for the tag to fully power up
- SpinDelay(2000);
+ // power on
+ LFSetupFPGAForADC(sc->divisor, 1);
+ // And a little more time for the tag to fully power up
+ WaitMS(2000);
+ // if delay_off = 0 then just bitbang 1 = antenna on 0 = off for respective periods.
+ bool bitbang = delay_off == 0;
// now modulate the reader field
- while(*command != '\0' && *command != ' ') {
+
+ if (bitbang) {
+ // HACK it appears the loop and if statements take up about 7us so adjust waits accordingly...
+ uint8_t hack_cnt = 7;
+ if (period_0 < hack_cnt || period_1 < hack_cnt) {
+ DbpString("Warning periods cannot be less than 7us in bit bang mode");
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LED_D_OFF();
+ return;
+ }
+
+ // hack2 needed--- it appears to take about 8-16us to turn the antenna back on
+ // leading to ~ 1 to 2 125khz samples extra in every off period
+ // so we should test for last 0 before next 1 and reduce period_0 by this extra amount...
+ // but is this time different for every antenna or other hw builds??? more testing needed
+
+ // prime cmd_len to save time comparing strings while modulating
+ int cmd_len = 0;
+ while(command[cmd_len] != '\0' && command[cmd_len] != ' ')
+ cmd_len++;
+
+ int counter = 0;
+ bool off = false;
+ for (counter = 0; counter < cmd_len; counter++) {
+ // if cmd = 0 then turn field off
+ if (command[counter] == '0') {
+ // if field already off leave alone (affects timing otherwise)
+ if (off == false) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LED_D_OFF();
+ off = true;
+ }
+ // note we appear to take about 7us to switch over (or run the if statements/loop...)
+ WaitUS(period_0-hack_cnt);
+ // else if cmd = 1 then turn field on
+ } else {
+ // if field already on leave alone (affects timing otherwise)
+ if (off) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ LED_D_ON();
+ off = false;
+ }
+ // note we appear to take about 7us to switch over (or run the if statements/loop...)
+ WaitUS(period_1-hack_cnt);
+ }
+ }
+ } else { // old mode of cmd read using delay as off period
+ while(*command != '\0' && *command != ' ') {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LED_D_OFF();
+ WaitUS(delay_off);
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc->divisor);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+ LED_D_ON();
+ if(*(command++) == '0') {
+ WaitUS(period_0);
+ } else {
+ WaitUS(period_1);
+ }
+ }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
- SpinDelayUs(delay_off);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
-
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
- LED_D_ON();
- if(*(command++) == '0')
- SpinDelayUs(period_0);
- else
- SpinDelayUs(period_1);
+ WaitUS(delay_off);
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc->divisor);
}
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LED_D_OFF();
- SpinDelayUs(delay_off);
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// now do the read
- DoAcquisition_config(false);
-}
-
+ DoAcquisition_config(false, 0);
+ // Turn off antenna
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ // tell client we are done
+ cmd_send(CMD_ACK,0,0,0,0,0);
+}
/* blank r/w tag data stream
...0000000000000000 01111111
}
}
-
-
void WriteTIbyte(uint8_t b)
{
int i = 0;
// clear buffer
uint32_t *BigBuf = (uint32_t *)BigBuf_get_addr();
- memset(BigBuf,0,BigBuf_max_traceLen()/sizeof(uint32_t));
+ BigBuf_Clear_ext(false);
// Set up the synchronous serial port
AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DIN;
}
}
-
-
-
// arguments: 64bit data split into 32bit idhi:idlo and optional 16bit crc
// if crc provided, it will be written with the data verbatim (even if bogus)
// if not provided a valid crc will be computed from the data and written.
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
{
-
-
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
if(crc == 0) {
crc = update_crc16(crc, (idlo)&0xff);
AcquireTiType();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- DbpString("Now use tiread to check");
+ DbpString("Now use `lf ti read` to check");
}
void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
int i;
uint8_t *tab = BigBuf_get_addr();
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ //note FpgaDownloadAndGo destroys the bigbuf so be sure this is called before now...
+ //FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
- #define SHORT_COIL() LOW(GPIO_SSC_DOUT)
- #define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
+ #define SHORT_COIL() LOW(GPIO_SSC_DOUT)
+ #define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
i = 0;
for(;;) {
//wait until SSC_CLK goes HIGH
+ int ii = 0;
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
- if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
- DbpString("Stopped");
- return;
+ //only check every 1000th time (usb_poll_validate_length on some systems was too slow)
+ if ( ii == 1000 ) {
+ if (BUTTON_PRESS() || usb_poll_validate_length() ) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ DbpString("Stopped");
+ return;
+ }
+ ii=0;
}
WDT_HIT();
+ ii++;
}
if (ledcontrol)
LED_D_ON();
if (ledcontrol)
LED_D_OFF();
+ ii=0;
//wait until SSC_CLK goes LOW
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
- if(BUTTON_PRESS()) {
- DbpString("Stopped");
- return;
+ //only check every 1000th time (usb_poll_validate_length on some systems was too slow)
+ if ( ii == 1000 ) {
+ if (BUTTON_PRESS() || usb_poll_validate_length() ) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ DbpString("Stopped");
+ return;
+ }
+ ii=0;
}
WDT_HIT();
+ ii++;
}
i++;
SpinDelayUs(gap);
}
}
+
}
}
uint8_t wavesPerClock = clock/fc;
uint8_t mod = clock % fc; //modifier
uint8_t modAdj = fc/mod; //how often to apply modifier
- bool modAdjOk = !(fc % mod); //if (fc % mod==0) modAdjOk=TRUE;
+ bool modAdjOk = !(fc % mod); //if (fc % mod==0) modAdjOk=true;
// loop through clock - step field clock
for (uint8_t idx=0; idx < wavesPerClock; idx++){
// put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave)
// prepare a waveform pattern in the buffer based on the ID given then
// simulate a HID tag until the button is pressed
-void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
+void CmdHIDsimTAG(int hi2, int hi, int lo, int ledcontrol)
{
int n=0, i=0;
/*
nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10)
*/
- if (hi>0xFFF) {
- DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags");
+ if (hi2>0x0FFFFFFF) {
+ DbpString("Tags can only have 44 or 84 bits. - USE lf simfsk for larger tags");
return;
}
+ // set LF so we don't kill the bigbuf we are setting with simulation data.
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
fc(0,&n);
// special start of frame marker containing invalid bit sequences
fc(8, &n); fc(8, &n); // invalid
fc(8, &n); fc(10, &n); // logical 0
WDT_HIT();
- // manchester encode bits 43 to 32
- for (i=11; i>=0; i--) {
- if ((i%4)==3) fc(0,&n);
- if ((hi>>i)&1) {
- fc(10, &n); fc(8, &n); // low-high transition
- } else {
- fc(8, &n); fc(10, &n); // high-low transition
+ if (hi2 > 0 || hi > 0xFFF){
+ // manchester encode bits 91 to 64 (91-84 are part of the header)
+ for (i=27; i>=0; i--) {
+ if ((i%4)==3) fc(0,&n);
+ if ((hi2>>i)&1) {
+ fc(10, &n); fc(8, &n); // low-high transition
+ } else {
+ fc(8, &n); fc(10, &n); // high-low transition
+ }
+ }
+ WDT_HIT();
+ // manchester encode bits 63 to 32
+ for (i=31; i>=0; i--) {
+ if ((i%4)==3) fc(0,&n);
+ if ((hi>>i)&1) {
+ fc(10, &n); fc(8, &n); // low-high transition
+ } else {
+ fc(8, &n); fc(10, &n); // high-low transition
+ }
+ }
+ } else {
+ // manchester encode bits 43 to 32
+ for (i=11; i>=0; i--) {
+ if ((i%4)==3) fc(0,&n);
+ if ((hi>>i)&1) {
+ fc(10, &n); fc(8, &n); // low-high transition
+ } else {
+ fc(8, &n); fc(10, &n); // high-low transition
+ }
}
}
uint8_t clk = arg2 & 0xFF;
uint8_t invert = (arg2 >> 8) & 1;
+ // set LF so we don't kill the bigbuf we are setting with simulation data.
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
for (i=0; i<size; i++){
if (BitStream[i] == invert){
fcAll(fcLow, &n, clk, &modCnt);
memset(dest+(*n), c ^ *phase, clock);
*phase ^= 1;
}
+ *n += clock;
+}
+
+static void stAskSimBit(int *n, uint8_t clock) {
+ uint8_t *dest = BigBuf_get_addr();
+ uint8_t halfClk = clock/2;
+ //ST = .5 high .5 low 1.5 high .5 low 1 high
+ memset(dest+(*n), 1, halfClk);
+ memset(dest+(*n) + halfClk, 0, halfClk);
+ memset(dest+(*n) + clock, 1, clock + halfClk);
+ memset(dest+(*n) + clock*2 + halfClk, 0, halfClk);
+ memset(dest+(*n) + clock*3, 1, clock);
+ *n += clock*4;
}
// args clock, ask/man or askraw, invert, transmission separator
uint8_t separator = arg2 & 1;
uint8_t invert = (arg2 >> 8) & 1;
+ // set LF so we don't kill the bigbuf we are setting with simulation data.
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
if (encoding==2){ //biphase
uint8_t phase=0;
for (i=0; i<size; i++){
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
}
- if (BitStream[0]==BitStream[size-1]){ //run a second set inverted to keep phase in check
+ if (phase==1) { //run a second set inverted to keep phase in check
for (i=0; i<size; i++){
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
}
for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert, &n, clk, encoding);
}
- if (encoding==0 && BitStream[0]==BitStream[size-1]){ //run a second set inverted (for biphase phase)
+ if (encoding==0 && BitStream[0]==BitStream[size-1]){ //run a second set inverted (for ask/raw || biphase phase)
for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert^1, &n, clk, encoding);
}
}
}
-
- if (separator==1) Dbprintf("sorry but separator option not yet available");
+ if (separator==1 && encoding == 1)
+ stAskSimBit(&n, clk);
+ else if (separator==1)
+ Dbprintf("sorry but separator option not yet available");
Dbprintf("Simulating with clk: %d, invert: %d, encoding: %d, separator: %d, n: %d",clk, invert, encoding, separator, n);
//DEBUG
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
//i+=16;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
-
- if (ledcontrol)
- LED_A_ON();
+ if (ledcontrol) LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
-
- if (ledcontrol)
- LED_A_OFF();
+ if (ledcontrol) LED_A_OFF();
}
//carrier can be 2,4 or 8
uint8_t carrier = arg1 & 0xFF;
uint8_t invert = arg2 & 0xFF;
uint8_t curPhase = 0;
+ // set LF so we don't kill the bigbuf we are setting with simulation data.
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
for (i=0; i<size; i++){
if (BitStream[i] == curPhase){
- pskSimBit(carrier, &n, clk, &curPhase, FALSE);
+ pskSimBit(carrier, &n, clk, &curPhase, false);
} else {
- pskSimBit(carrier, &n, clk, &curPhase, TRUE);
+ pskSimBit(carrier, &n, clk, &curPhase, true);
}
}
Dbprintf("Simulating with Carrier: %d, clk: %d, invert: %d, n: %d",carrier, clk, invert, n);
//i+=16;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
- if (ledcontrol)
- LED_A_ON();
+ if (ledcontrol) LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
-
- if (ledcontrol)
- LED_A_OFF();
+ if (ledcontrol) LED_A_OFF();
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
-void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
+void CmdHIDdemodFSK(int findone, int *high2, int *high, int *low, int ledcontrol)
{
uint8_t *dest = BigBuf_get_addr();
//const size_t sizeOfBigBuff = BigBuf_max_traceLen();
size_t size;
uint32_t hi2=0, hi=0, lo=0;
int idx=0;
+ int dummyIdx = 0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
- while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
+ //clear read buffer
+ BigBuf_Clear_keep_EM();
+ while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// FSK demodulator
//size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use
size = 50*128*2; //big enough to catch 2 sequences of largest format
- idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo);
+ idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
if (idx>0 && lo>0 && (size==96 || size==192)){
+ uint8_t bitlen = 0;
+ uint32_t fc = 0;
+ uint32_t cardnum = 0;
+ bool decoded = false;
+
// go over previously decoded manchester data and decode into usable tag ID
- if (hi2 != 0){ //extra large HID tags 88/192 bits
- Dbprintf("TAG ID: %x%08x%08x (%d)",
- (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
- }else { //standard HID tags 44/96 bits
- //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd
- uint8_t bitlen = 0;
- uint32_t fc = 0;
- uint32_t cardnum = 0;
- if (((hi>>5)&1) == 1){//if bit 38 is set then < 37 bit format is used
- uint32_t lo2=0;
- lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit
- uint8_t idx3 = 1;
- while(lo2 > 1){ //find last bit set to 1 (format len bit)
- lo2=lo2 >> 1;
- idx3++;
- }
- bitlen = idx3+19;
- fc =0;
- cardnum=0;
- if(bitlen == 26){
- cardnum = (lo>>1)&0xFFFF;
- fc = (lo>>17)&0xFF;
- }
- if(bitlen == 37){
- cardnum = (lo>>1)&0x7FFFF;
- fc = ((hi&0xF)<<12)|(lo>>20);
- }
- if(bitlen == 34){
- cardnum = (lo>>1)&0xFFFF;
- fc= ((hi&1)<<15)|(lo>>17);
- }
- if(bitlen == 35){
- cardnum = (lo>>1)&0xFFFFF;
- fc = ((hi&1)<<11)|(lo>>21);
- }
+ if ((hi2 & 0x000FFFF) != 0){ //extra large HID tags 88/192 bits
+ uint32_t bp = hi2 & 0x000FFFFF;
+ bitlen = 63;
+ while (bp > 0) {
+ bp = bp >> 1;
+ bitlen++;
}
- else { //if bit 38 is not set then 37 bit format is used
- bitlen= 37;
- fc =0;
- cardnum=0;
- if(bitlen==37){
- cardnum = (lo>>1)&0x7FFFF;
- fc = ((hi&0xF)<<12)|(lo>>20);
- }
+ } else if ((hi >> 6) > 0) {
+ uint32_t bp = hi;
+ bitlen = 31;
+ while (bp > 0) {
+ bp = bp >> 1;
+ bitlen++;
+ }
+ } else if (((hi >> 5) & 1) == 0) {
+ bitlen = 37;
+ } else if ((hi & 0x0000001F) > 0 ) {
+ uint32_t bp = (hi & 0x0000001F);
+ bitlen = 31;
+ while (bp > 0) {
+ bp = bp >> 1;
+ bitlen++;
+ }
+ } else {
+ uint32_t bp = lo;
+ bitlen = 0;
+ while (bp > 0) {
+ bp = bp >> 1;
+ bitlen++;
}
- //Dbprintf("TAG ID: %x%08x (%d)",
- // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
- Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d",
- (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF,
- (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
}
+ switch (bitlen){
+ case 26:
+ cardnum = (lo>>1)&0xFFFF;
+ fc = (lo>>17)&0xFF;
+ decoded = true;
+ break;
+ case 35:
+ cardnum = (lo>>1)&0xFFFFF;
+ fc = ((hi&1)<<11)|(lo>>21);
+ decoded = true;
+ break;
+ }
+
+ if (hi2 != 0) //extra large HID tags 88/192 bits
+ Dbprintf("TAG ID: %x%08x%08x (%d)",
+ (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ else
+ Dbprintf("TAG ID: %x%08x (%d)",
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+
+ if (decoded)
+ Dbprintf("Format Len: %dbits - FC: %d - Card: %d",
+ (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
+
if (findone){
if (ledcontrol) LED_A_OFF();
+ *high2 = hi2;
*high = hi;
*low = lo;
- return;
+ break;
}
// reset
}
hi2 = hi = lo = idx = 0;
WDT_HIT();
}
+
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
{
uint8_t *dest = BigBuf_get_addr();
- //const size_t sizeOfBigBuff = BigBuf_max_traceLen();
size_t size;
- int idx=0;
+ int idx=0, dummyIdx=0;
+ //clear read buffer
+ BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
DoAcquisition_default(-1,true);
// FSK demodulator
- //size = sizeOfBigBuff; //variable size will change after demod so re initialize it before use
size = 50*128*2; //big enough to catch 2 sequences of largest format
- idx = AWIDdemodFSK(dest, &size);
+ idx = AWIDdemodFSK(dest, &size, &dummyIdx);
- if (idx>0 && size==96){
- // Index map
- // 0 10 20 30 40 50 60
- // | | | | | | |
- // 01234567 890 1 234 5 678 9 012 3 456 7 890 1 234 5 678 9 012 3 456 7 890 1 234 5 678 9 012 3 - to 96
- // -----------------------------------------------------------------------------
- // 00000001 000 1 110 1 101 1 011 1 101 1 010 0 000 1 000 1 010 0 001 0 110 1 100 0 000 1 000 1
- // premable bbb o bbb o bbw o fff o fff o ffc o ccc o ccc o ccc o ccc o ccc o wxx o xxx o xxx o - to 96
- // |---26 bit---| |-----117----||-------------142-------------|
- // b = format bit len, o = odd parity of last 3 bits
- // f = facility code, c = card number
- // w = wiegand parity
- // (26 bit format shown)
-
- //get raw ID before removing parities
- uint32_t rawLo = bytebits_to_byte(dest+idx+64,32);
- uint32_t rawHi = bytebits_to_byte(dest+idx+32,32);
- uint32_t rawHi2 = bytebits_to_byte(dest+idx,32);
-
- size = removeParity(dest, idx+8, 4, 1, 88);
- // ok valid card found!
-
- // Index map
- // 0 10 20 30 40 50 60
- // | | | | | | |
- // 01234567 8 90123456 7890123456789012 3 456789012345678901234567890123456
- // -----------------------------------------------------------------------------
- // 00011010 1 01110101 0000000010001110 1 000000000000000000000000000000000
- // bbbbbbbb w ffffffff cccccccccccccccc w xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- // |26 bit| |-117--| |-----142------|
- // b = format bit len, o = odd parity of last 3 bits
- // f = facility code, c = card number
- // w = wiegand parity
- // (26 bit format shown)
-
- uint32_t fc = 0;
- uint32_t cardnum = 0;
- uint32_t code1 = 0;
- uint32_t code2 = 0;
- uint8_t fmtLen = bytebits_to_byte(dest,8);
- if (fmtLen==26){
- fc = bytebits_to_byte(dest+9, 8);
- cardnum = bytebits_to_byte(dest+17, 16);
- code1 = bytebits_to_byte(dest+8,fmtLen);
- Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo);
- } else {
- cardnum = bytebits_to_byte(dest+8+(fmtLen-17), 16);
- if (fmtLen>32){
- code1 = bytebits_to_byte(dest+8,fmtLen-32);
- code2 = bytebits_to_byte(dest+8+(fmtLen-32),32);
- Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
- } else{
- code1 = bytebits_to_byte(dest+8,fmtLen);
- Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
- }
- }
- if (findone){
- if (ledcontrol) LED_A_OFF();
- return;
+ if (idx<=0 || size!=96) continue;
+ // Index map
+ // 0 10 20 30 40 50 60
+ // | | | | | | |
+ // 01234567 890 1 234 5 678 9 012 3 456 7 890 1 234 5 678 9 012 3 456 7 890 1 234 5 678 9 012 3 - to 96
+ // -----------------------------------------------------------------------------
+ // 00000001 000 1 110 1 101 1 011 1 101 1 010 0 000 1 000 1 010 0 001 0 110 1 100 0 000 1 000 1
+ // premable bbb o bbb o bbw o fff o fff o ffc o ccc o ccc o ccc o ccc o ccc o wxx o xxx o xxx o - to 96
+ // |---26 bit---| |-----117----||-------------142-------------|
+ // b = format bit len, o = odd parity of last 3 bits
+ // f = facility code, c = card number
+ // w = wiegand parity
+ // (26 bit format shown)
+
+ //get raw ID before removing parities
+ uint32_t rawLo = bytebits_to_byte(dest+idx+64,32);
+ uint32_t rawHi = bytebits_to_byte(dest+idx+32,32);
+ uint32_t rawHi2 = bytebits_to_byte(dest+idx,32);
+
+ size = removeParity(dest, idx+8, 4, 1, 88);
+ if (size != 66) continue;
+ // ok valid card found!
+
+ // Index map
+ // 0 10 20 30 40 50 60
+ // | | | | | | |
+ // 01234567 8 90123456 7890123456789012 3 456789012345678901234567890123456
+ // -----------------------------------------------------------------------------
+ // 00011010 1 01110101 0000000010001110 1 000000000000000000000000000000000
+ // bbbbbbbb w ffffffff cccccccccccccccc w xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ // |26 bit| |-117--| |-----142------|
+ // b = format bit len, o = odd parity of last 3 bits
+ // f = facility code, c = card number
+ // w = wiegand parity
+ // (26 bit format shown)
+
+ uint32_t fc = 0;
+ uint32_t cardnum = 0;
+ uint32_t code1 = 0;
+ uint32_t code2 = 0;
+ uint8_t fmtLen = bytebits_to_byte(dest,8);
+ if (fmtLen==26){
+ fc = bytebits_to_byte(dest+9, 8);
+ cardnum = bytebits_to_byte(dest+17, 16);
+ code1 = bytebits_to_byte(dest+8,fmtLen);
+ Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo);
+ } else {
+ cardnum = bytebits_to_byte(dest+8+(fmtLen-17), 16);
+ if (fmtLen>32){
+ code1 = bytebits_to_byte(dest+8,fmtLen-32);
+ code2 = bytebits_to_byte(dest+8+(fmtLen-32),32);
+ Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
+ } else{
+ code1 = bytebits_to_byte(dest+8,fmtLen);
+ Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
}
- // reset
}
+ if (findone){
+ if (ledcontrol) LED_A_OFF();
+ break;
+ }
+ // reset
idx = 0;
WDT_HIT();
}
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
int clk=0, invert=0, errCnt=0, maxErr=20;
uint32_t hi=0;
uint64_t lo=0;
+ //clear read buffer
+ BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
if (ledcontrol) LED_A_OFF();
*high=lo>>32;
*low=lo & 0xFFFFFFFF;
- return;
+ break;
}
}
WDT_HIT();
hi = lo = size = idx = 0;
clk = invert = errCnt = 0;
}
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
uint8_t version=0;
uint8_t facilitycode=0;
uint16_t number=0;
+ int dummyIdx=0;
+ //clear read buffer
+ BigBuf_Clear_keep_EM();
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
DoAcquisition_default(-1,true);
//fskdemod and get start index
WDT_HIT();
- idx = IOdemodFSK(dest, BigBuf_max_traceLen());
+ idx = IOdemodFSK(dest, BigBuf_max_traceLen(), &dummyIdx);
if (idx<0) continue;
//valid tag found
//LED_A_OFF();
*high=code;
*low=code2;
- return;
+ break;
}
code=code2=0;
version=facilitycode=0;
WDT_HIT();
}
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
/*------------------------------
* T5555/T5557/T5567/T5577 routines
*------------------------------
- */
-
-/* NOTE: T55x7/T5555 configuration register definitions moved to protocols.h */
-
-/*
+ * NOTE: T55x7/T5555 configuration register definitions moved to protocols.h
+ *
* Relevant communication times in microsecond
* To compensate antenna falling times shorten the write times
* and enlarge the gap ones.
#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
-#define READ_GAP 26*8
+#define READ_GAP 15*8
void TurnReadLFOn(int delay) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// Give it a bit of time for the resonant antenna to settle.
- SpinDelayUs(delay); //155*8 //50*8
+ WaitUS(delay); //155*8 //50*8
}
// Write one bit to card
else
TurnReadLFOn(WRITE_1);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(WRITE_GAP);
+ WaitUS(WRITE_GAP);
}
// Send T5577 reset command then read stream (see if we can identify the start of the stream)
void T55xxResetRead(void) {
LED_A_ON();
//clear buffer now so it does not interfere with timing later
- BigBuf_Clear_ext(false);
+ BigBuf_Clear_keep_EM();
// Set up FPGA, 125kHz
LFSetupFPGAForADC(95, true);
-
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
+
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ WaitUS(START_GAP);
// reset tag - op code 00
T55xxWriteBit(0);
T55xxWriteBit(0);
- // Turn field on to read the response
TurnReadLFOn(READ_GAP);
// Acquisition
- doT55x7Acquisition(BigBuf_max_traceLen());
+ DoPartialAcquisition(0, true, BigBuf_max_traceLen(), 0);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
LED_A_ON();
bool PwdMode = arg & 0x1;
uint8_t Page = (arg & 0x2)>>1;
+ bool testMode = arg & 0x4;
uint32_t i = 0;
// Set up FPGA, 125kHz
LFSetupFPGAForADC(95, true);
-
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ WaitUS(START_GAP);
- // Opcode 10
- T55xxWriteBit(1);
- T55xxWriteBit(Page); //Page 0
- if (PwdMode){
+ if (testMode) Dbprintf("TestMODE");
+ // Std Opcode 10
+ T55xxWriteBit(testMode ? 0 : 1);
+ T55xxWriteBit(testMode ? 1 : Page); //Page 0
+
+ if (PwdMode) {
// Send Pwd
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Pwd & i);
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
// so wait a little more)
- TurnReadLFOn(20 * 1000);
+
+ // "there is a clock delay before programming"
+ // - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567
+ // so we should wait 1 clock + 5.6ms then read response?
+ // but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow...
+ if (testMode) {
+ //TESTMODE TIMING TESTS:
+ // <566us does nothing
+ // 566-568 switches between wiping to 0s and doing nothing
+ // 5184 wipes and allows 1 block to be programmed.
+ // indefinite power on wipes and then programs all blocks with bitshifted data sent.
+ TurnReadLFOn(5184);
+
+ } else {
+ TurnReadLFOn(20 * 1000);
//could attempt to do a read to confirm write took
// as the tag should repeat back the new block
// until it is reset, but to confirm it we would
- // need to know the current block 0 config mode
+ // need to know the current block 0 config mode for
+ // modulation clock an other details to demod the response...
+ // response should be (for t55x7) a 0 bit then (ST if on)
+ // block data written in on repeat until reset.
+
+ //DoPartialAcquisition(20, true, 12000);
+ }
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
bool PwdMode = arg0 & 0x1;
uint8_t Page = (arg0 & 0x2) >> 1;
uint32_t i = 0;
- bool RegReadMode = (Block == 0xFF);
+ bool RegReadMode = (Block == 0xFF);//regular read mode
//clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false);
// Set up FPGA, 125kHz to power up the tag
LFSetupFPGAForADC(95, true);
-
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
// Trigger T55x7 Direct Access Mode with start gap
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ WaitUS(START_GAP);
// Opcode 1[page]
T55xxWriteBit(1);
T55xxWriteBit(Block & i);
// Turn field on to read the response
- TurnReadLFOn(READ_GAP);
+ // 137*8 seems to get to the start of data pretty well...
+ // but we want to go past the start and let the repeating data settle in...
+ TurnReadLFOn(210*8);
// Acquisition
- doT55x7Acquisition(12000);
+ // Now do the acquisition
+ DoPartialAcquisition(0, true, 12000, 0);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
// Set up FPGA, 125kHz
LFSetupFPGAForADC(95, true);
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
// Trigger T55x7 Direct Access Mode
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ WaitUS(START_GAP);
// Opcode 10
T55xxWriteBit(1);
void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
// write last block first and config block last (if included)
for (uint8_t i = numblocks+startblock; i > startblock; i--) {
- //Dbprintf("write- Blk: %d, d:%08X",i-1,blockdata[i-1]);
T55xxWriteBlockExt(blockdata[i-1],i-1,0,0);
}
}
-// Copy HID id to card and setup block 0 config
-void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
+// Copy a HID-like card (e.g. HID Proximity, Paradox) to a T55x7 compatible card
+void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, uint8_t preamble) {
uint32_t data[] = {0,0,0,0,0,0,0};
- //int data1=0, data2=0, data3=0, data4=0, data5=0, data6=0; //up to six blocks for long format
uint8_t last_block = 0;
if (longFMT) {
}
// Build the 6 data blocks for supplied 84bit ID
last_block = 6;
- // load preamble (1D) & long format identifier (9E manchester encoded)
- data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF);
+ // load preamble & long format identifier (9E manchester encoded)
+ data[1] = (preamble << 24) | 0x96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF);
// load raw id from hi2, hi, lo to data blocks (manchester encoded)
data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
data[3] = manchesterEncode2Bytes(hi >> 16);
data[4] = manchesterEncode2Bytes(hi & 0xFFFF);
data[5] = manchesterEncode2Bytes(lo >> 16);
data[6] = manchesterEncode2Bytes(lo & 0xFFFF);
- } else {
+ } else {
// Ensure no more than 44 bits supplied
if (hi>0xFFF) {
DbpString("Tags can only have 44 bits.");
// Build the 3 data blocks for supplied 44bit ID
last_block = 3;
// load preamble
- data[1] = 0x1D000000 | (manchesterEncode2Bytes(hi) & 0xFFFFFF);
+ data[1] = (preamble << 24) | (manchesterEncode2Bytes(hi) & 0xFFFFFF);
data[2] = manchesterEncode2Bytes(lo >> 16);
data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
}
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
- //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
- data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
+ //Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
+ data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
//TODO add selection of chip for Q5 or T55x7
- // data[0] = (((32-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
+ // data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);
DbpString("DONE!");
}
+// clone viking tag to T55xx
+void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) {
+ uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2};
+ if (Q5) data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT;
+ // Program the data blocks for supplied ID and the block 0 config
+ WriteT55xx(data, 0, 3);
+ LED_D_OFF();
+ cmd_send(CMD_ACK,0,0,0,0,0);
+}
// Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF
LED_D_ON();
// Write EM410x ID
- uint32_t data[] = {0, id>>32, id & 0xFFFFFFFF};
+ uint32_t data[] = {0, (uint32_t)(id>>32), (uint32_t)(id & 0xFFFFFFFF)};
clock = (card & 0xFF00) >> 8;
clock = (clock == 0) ? 64 : clock;
}
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { //t5555 (Q5)
- clock = (clock-2)>>1; //n = (RF-2)/2
- data[0] = (clock << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
+ data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
}
WriteT55xx(data, 0, 3);
#define FWD_CMD_READ 0x9
#define FWD_CMD_DISABLE 0x5
-
uint8_t forwardLink_data[64]; //array of forwarded bits
uint8_t * forward_ptr; //ptr for forward message preparation
uint8_t fwd_bit_sz; //forwardlink bit counter
// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8);
uint8_t Prepare_Cmd( uint8_t cmd ) {
- //--------------------------------------------------------------------
*forward_ptr++ = 0; //start bit
*forward_ptr++ = 0; //second pause for 4050 code
// prepares address bits
// see EM4469 spec
//====================================================================
-
-//--------------------------------------------------------------------
uint8_t Prepare_Addr( uint8_t addr ) {
- //--------------------------------------------------------------------
register uint8_t line_parity;
// prepares data bits intreleaved with parity bits
// see EM4469 spec
//====================================================================
-
-//--------------------------------------------------------------------
uint8_t Prepare_Data( uint16_t data_low, uint16_t data_hi) {
- //--------------------------------------------------------------------
register uint8_t line_parity;
register uint8_t column_parity;
fwd_write_ptr = forwardLink_data;
fwd_bit_sz = fwd_bit_count;
- LED_D_ON();
-
- // Set up FPGA, 125kHz
+ // Set up FPGA, 125kHz or 95 divisor
LFSetupFPGAForADC(95, true);
// force 1st mod pulse (start gap must be longer for 4305)
fwd_bit_sz--; //prepare next bit modulation
fwd_write_ptr++;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(55*8); //55 cycles off (8us each)for 4305
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ WaitUS(55*8); //55 cycles off (8us each)for 4305 //another reader has 37 here...
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(16*8); //16 cycles on (8us each)
+ WaitUS(18*8); //18 cycles on (8us each)
// now start writting
while(fwd_bit_sz-- > 0) { //prepare next bit modulation
if(((*fwd_write_ptr++) & 1) == 1)
- SpinDelayUs(32*8); //32 cycles at 125Khz (8us each)
+ WaitUS(32*8); //32 cycles at 125Khz (8us each)
else {
//These timings work for 4469/4269/4305 (with the 55*8 above)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(23*8); //16-4 cycles off (8us each)
- FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ WaitUS(23*8); //23 cycles off (8us each)
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(9*8); //16 cycles on (8us each)
+ WaitUS(18*8); //18 cycles on (8us each)
}
}
}
//Wait for command to complete
SpinDelay(20);
-
}
void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
uint8_t fwd_bit_count;
- uint8_t *dest = BigBuf_get_addr();
- uint16_t bufferlength = BigBuf_max_traceLen();
- uint32_t i = 0;
// Clear destination buffer before sending the command
- memset(dest, 0x80, bufferlength);
+ BigBuf_Clear_ext(false);
+ LED_A_ON();
+ StartTicks();
//If password mode do login
if (PwdMode == 1) EM4xLogin(Pwd);
fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
fwd_bit_count += Prepare_Addr( Address );
- // Connect the A/D to the peak-detected low-frequency path.
- SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
- // Now set up the SSC to get the ADC samples that are now streaming at us.
- FpgaSetupSsc();
-
SendForward(fwd_bit_count);
-
+ WaitUS(400);
// Now do the acquisition
- i = 0;
- for(;;) {
- if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
- AT91C_BASE_SSC->SSC_THR = 0x43;
- }
- if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
- dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- i++;
- if (i >= bufferlength) break;
- }
- }
+ DoPartialAcquisition(20, true, 6000, 1000);
+
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ LED_A_OFF();
cmd_send(CMD_ACK,0,0,0,0,0);
- LED_D_OFF();
}
-void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
-
+void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) {
+
+ bool PwdMode = (flag & 0xF);
+ uint8_t Address = (flag >> 8) & 0xFF;
uint8_t fwd_bit_count;
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_ext(false);
+
+ LED_A_ON();
+ StartTicks();
//If password mode do login
- if (PwdMode == 1) EM4xLogin(Pwd);
+ if (PwdMode) EM4xLogin(Pwd);
forward_ptr = forwardLink_data;
fwd_bit_count = Prepare_Cmd( FWD_CMD_WRITE );
SendForward(fwd_bit_count);
//Wait for write to complete
- SpinDelay(20);
+ //SpinDelay(10);
+
+ WaitUS(6500);
+ //Capture response if one exists
+ DoPartialAcquisition(20, true, 6000, 1000);
+
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- LED_D_OFF();
+ LED_A_OFF();
+ cmd_send(CMD_ACK,0,0,0,0,0);
+}
+/*
+Reading a COTAG.
+
+COTAG needs the reader to send a startsequence and the card has an extreme slow datarate.
+because of this, we can "sample" the data signal but we interpreate it to Manchester direct.
+
+READER START SEQUENCE:
+burst 800 us, gap 2.2 msecs
+burst 3.6 msecs gap 2.2 msecs
+burst 800 us gap 2.2 msecs
+pulse 3.6 msecs
+
+This triggers a COTAG tag to response
+*/
+void Cotag(uint32_t arg0) {
+
+#define OFF { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); WaitUS(2035); }
+#define ON(x) { FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); WaitUS((x)); }
+
+ uint8_t rawsignal = arg0 & 0xF;
+
+ LED_A_ON();
+
+ // Switching to LF image on FPGA. This might empty BigBuff
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_ext(false);
+
+ // Set up FPGA, 132kHz to power up the tag
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 89);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+
+ // Connect the A/D to the peak-detected low-frequency path.
+ SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+
+ // Now set up the SSC to get the ADC samples that are now streaming at us.
+ FpgaSetupSsc(FPGA_MAJOR_MODE_LF_ADC);
+
+ // start clock - 1.5ticks is 1us
+ StartTicks();
+
+ //send COTAG start pulse
+ ON(740) OFF
+ ON(3330) OFF
+ ON(740) OFF
+ ON(1000)
+
+ switch(rawsignal) {
+ case 0: doCotagAcquisition(50000); break;
+ case 1: doCotagAcquisitionManchester(); break;
+ case 2: DoAcquisition_config(true, 0); break;
+ }
+
+ // Turn the field off
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ cmd_send(CMD_ACK,0,0,0,0,0);
+ LED_A_OFF();
}
projects / proxmark3-svn / blobdiff