--- /dev/null
+#include "proxmark3.h"
+#include "apps.h"
+#include "BigBuf.h"
+#include "util.h"
+
+static void RAMFUNC optimizedSnoop(void);
+
+static void RAMFUNC optimizedSnoop(void)
+{
+ BigBuf_free();
+ int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
+
+ uint16_t *dest = (uint16_t *)BigBuf_get_addr();
+ uint16_t *destend = dest + n;
+
+ AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
+ // Reading data loop
+ while(dest <= destend)
+ {
+ if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)
+ {
+ *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
+ dest = dest + 1;
+ }
+ }
+ //Resetting Frame mode (First set in fpgaloader.c)
+ AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
+}
+
+void HfSnoop(int samplesToSkip, int triggersToSkip)
+{
+ Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
+ bool trigger_cnt;
+ LED_D_OFF();
+ // Select correct configs
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ // Set up the synchronous serial port
+ FpgaSetupSsc();
+ // connect Demodulated Signal to ADC:
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
+ SpinDelay(100);
+
+ AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
+
+ trigger_cnt = 0;
+ uint16_t r;
+ for(;;) {
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+ r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
+ if (!(trigger_cnt == triggersToSkip) && ( (r >> 8) >= 240))
+ {
+ Dbprintf("Trigger kicked! Value: %d.", r >> 8);
+ trigger_cnt++;
+ break;
+ }
+ }
+ }
+ Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r >> 8);
+ int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
+ while(waitcount != 0) {
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+ waitcount--;
+ }
+ }
+
+ // Snooooop!!!
+ optimizedSnoop();
+
+ DbpString("Done.");
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LED_D_OFF();
+}
+
`include "hi_read_rx_xcorr.v"
`include "hi_simulate.v"
`include "hi_iso14443a.v"
+`include "hi_sniffer.v"
`include "util.v"
module fpga_hf(
hi_simulate_mod_type
);
+hi_sniffer he(
+ pck0, ck_1356meg, ck_1356megb,
+ he_pwr_lo, he_pwr_hi, he_pwr_oe1, he_pwr_oe2, he_pwr_oe3, he_pwr_oe4,
+ adc_d, he_adc_clk,
+ he_ssp_frame, he_ssp_din, ssp_dout, he_ssp_clk,
+ cross_hi, cross_lo,
+ he_dbg,
+ hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
+);
+
// Major modes:
// 000 -- HF reader, transmitting to tag; modulation depth selectable
// 001 -- HF reader, receiving from tag, correlating as it goes; frequency selectable
// 010 -- HF simulated tag
// 011 -- HF ISO14443-A
+// 100 -- HF Snoop
// 111 -- everything off
-mux8 mux_ssp_clk (major_mode, ssp_clk, ht_ssp_clk, hrxc_ssp_clk, hs_ssp_clk, hisn_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_din (major_mode, ssp_din, ht_ssp_din, hrxc_ssp_din, hs_ssp_din, hisn_ssp_din, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_frame (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe1 (major_mode, pwr_oe1, ht_pwr_oe1, hrxc_pwr_oe1, hs_pwr_oe1, hisn_pwr_oe1, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe2 (major_mode, pwr_oe2, ht_pwr_oe2, hrxc_pwr_oe2, hs_pwr_oe2, hisn_pwr_oe2, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe3 (major_mode, pwr_oe3, ht_pwr_oe3, hrxc_pwr_oe3, hs_pwr_oe3, hisn_pwr_oe3, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe4 (major_mode, pwr_oe4, ht_pwr_oe4, hrxc_pwr_oe4, hs_pwr_oe4, hisn_pwr_oe4, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_lo (major_mode, pwr_lo, ht_pwr_lo, hrxc_pwr_lo, hs_pwr_lo, hisn_pwr_lo, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_hi (major_mode, pwr_hi, ht_pwr_hi, hrxc_pwr_hi, hs_pwr_hi, hisn_pwr_hi, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_adc_clk (major_mode, adc_clk, ht_adc_clk, hrxc_adc_clk, hs_adc_clk, hisn_adc_clk, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_dbg (major_mode, dbg, ht_dbg, hrxc_dbg, hs_dbg, hisn_dbg, 1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_clk (major_mode, ssp_clk, ht_ssp_clk, hrxc_ssp_clk, hs_ssp_clk, hisn_ssp_clk, he_ssp_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_din (major_mode, ssp_din, ht_ssp_din, hrxc_ssp_din, hs_ssp_din, hisn_ssp_din, he_ssp_din, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_frame (major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, he_ssp_frame, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe1 (major_mode, pwr_oe1, ht_pwr_oe1, hrxc_pwr_oe1, hs_pwr_oe1, hisn_pwr_oe1, he_pwr_oe1, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe2 (major_mode, pwr_oe2, ht_pwr_oe2, hrxc_pwr_oe2, hs_pwr_oe2, hisn_pwr_oe2, he_pwr_oe2, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe3 (major_mode, pwr_oe3, ht_pwr_oe3, hrxc_pwr_oe3, hs_pwr_oe3, hisn_pwr_oe3, he_pwr_oe3, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe4 (major_mode, pwr_oe4, ht_pwr_oe4, hrxc_pwr_oe4, hs_pwr_oe4, hisn_pwr_oe4, he_pwr_oe4, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_lo (major_mode, pwr_lo, ht_pwr_lo, hrxc_pwr_lo, hs_pwr_lo, hisn_pwr_lo, he_pwr_lo, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_hi (major_mode, pwr_hi, ht_pwr_hi, hrxc_pwr_hi, hs_pwr_hi, hisn_pwr_hi, he_pwr_hi, 1'b0, 1'b0, 1'b0);
+mux8 mux_adc_clk (major_mode, adc_clk, ht_adc_clk, hrxc_adc_clk, hs_adc_clk, hisn_adc_clk, he_adc_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_dbg (major_mode, dbg, ht_dbg, hrxc_dbg, hs_dbg, hisn_dbg, he_dbg, 1'b0, 1'b0, 1'b0);
// In all modes, let the ADC's outputs be enabled.
assign adc_noe = 1'b0;
--- /dev/null
+
+module hi_sniffer(
+ pck0, ck_1356meg, ck_1356megb,
+ pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
+ adc_d, adc_clk,
+ ssp_frame, ssp_din, ssp_dout, ssp_clk,
+ cross_hi, cross_lo,
+ dbg,
+ xcorr_is_848, snoop, xcorr_quarter_freq // not used.
+);
+ input pck0, ck_1356meg, ck_1356megb;
+ output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
+ input [7:0] adc_d;
+ output adc_clk;
+ input ssp_dout;
+ output ssp_frame, ssp_din, ssp_clk;
+ input cross_hi, cross_lo;
+ output dbg;
+ input xcorr_is_848, snoop, xcorr_quarter_freq; // not used.
+
+// We are only snooping, all off.
+assign pwr_hi = 1'b0;// ck_1356megb & (~snoop);
+assign pwr_oe1 = 1'b0;
+assign pwr_oe2 = 1'b0;
+assign pwr_oe3 = 1'b0;
+assign pwr_oe4 = 1'b0;
+
+reg ssp_clk = 1'b0;
+reg ssp_frame;
+reg adc_clk;
+reg [7:0] adc_d_out = 8'd0;
+reg [7:0] ssp_cnt = 8'd0;
+reg [7:0] pck_divider = 8'd0;
+reg ant_lo = 1'b0;
+reg bit_to_send = 1'b0;
+
+always @(ck_1356meg, pck0) // should synthetisize to a mux..
+ begin
+ adc_clk = ck_1356meg;
+ ssp_clk = ~ck_1356meg;
+ end
+
+reg [7:0] cnt_test = 8'd0; // test
+
+always @(posedge pck0)
+begin
+ ant_lo <= 1'b0;
+end
+
+always @(posedge ssp_clk) // ~1356 (hf)
+begin
+ if(ssp_cnt[7:0] == 8'd255) // SSP counter for divides.
+ ssp_cnt[7:0] <= 8'd0;
+ else
+ ssp_cnt <= ssp_cnt + 1;
+
+ if((ssp_cnt[2:0] == 3'b000) && !ant_lo) // To set frame length
+ begin
+ adc_d_out[7:0] = adc_d; // disable for test
+ bit_to_send = adc_d_out[0];
+ ssp_frame <= 1'b1;
+ end
+ else
+ begin
+ adc_d_out[6:0] = adc_d_out[7:1];
+ adc_d_out[7] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
+ bit_to_send = adc_d_out[0];
+ ssp_frame <= 1'b0;
+ end
+end
+
+assign ssp_din = bit_to_send && !ant_lo;//bit_to_send && !ant_lo; // && .. not needed i guess?
+
+assign pwr_lo = ant_lo;
+
+
+endmodule
projects / proxmark3-svn / commitdiff