summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
aa4d9d9)
and LED A, B and C respectively show:
- Receiving from reader
- Transmitting to tag/reader
- Receiving from tag
Also, updated the snoop function to make full use of the DMA buffer, which removes (in my case) all the 'blew DMA buffer' issues.
Last, moved the compilation of iso1443.c to ARM mode (not thumb) to make it faster on my Linux gcc 4.3 version, otherwise the 'blew DMA buffer' issue was systematic.
Also: restored the "indalademod" command which had mysteriously disappeared from the prox.exe (proxmark3) client!
$(OBJDIR)/appmain.o \
$(OBJDIR)/fpga.o \
$(OBJDIR)/iso15693.o \
$(OBJDIR)/appmain.o \
$(OBJDIR)/fpga.o \
$(OBJDIR)/iso15693.o \
-
-OBJFAST = $(OBJDIR)/iso14443a.o
+# To be compiled in ARM mode, not thumb mode: larger but faster
+# Alleviates the 'blew circular buffer' issues somehow...
+OBJFAST = $(OBJDIR)/iso14443.o \
+ $(OBJDIR)/iso14443a.o
OBJFPGA = $(OBJDIR)/fpgaimg.o
OBJFPGA = $(OBJDIR)/fpgaimg.o
\r
#include <proxmark3.h>\r
#include "apps.h"\r
\r
#include <proxmark3.h>\r
#include "apps.h"\r
#include "LCD.h"\r
#endif\r
\r
#include "LCD.h"\r
#endif\r
\r
break;\r
\r
case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control\r
break;\r
\r
case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
+ LED_D_OFF(); // LED D indicates field ON or OFF\r
break;\r
\r
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:\r
break;\r
\r
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:\r
BYTE *output;\r
} Uart;\r
\r
BYTE *output;\r
} Uart;\r
\r
+/* Receive & handle a bit coming from the reader.\r
+ *\r
+ * LED handling:\r
+ * LED A -> ON once we have received the SOF and are expecting the rest.\r
+ * LED A -> OFF once we have received EOF or are in error state or unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ */\r
static BOOL Handle14443UartBit(int bit)\r
{\r
switch(Uart.state) {\r
case STATE_UNSYNCD:\r
static BOOL Handle14443UartBit(int bit)\r
{\r
switch(Uart.state) {\r
case STATE_UNSYNCD:\r
if(!bit) {\r
// we went low, so this could be the beginning\r
// of an SOF\r
if(!bit) {\r
// we went low, so this could be the beginning\r
// of an SOF\r
Uart.posCnt = 0;\r
Uart.byteCnt = 0;\r
Uart.state = STATE_AWAITING_START_BIT;\r
Uart.posCnt = 0;\r
Uart.byteCnt = 0;\r
Uart.state = STATE_AWAITING_START_BIT;\r
+ LED_A_ON(); // Indicate we got a valid SOF\r
} else {\r
// didn't stay down long enough\r
// before going high, error\r
} else {\r
// didn't stay down long enough\r
// before going high, error\r
Uart.bitCnt = 0;\r
Uart.shiftReg = 0;\r
Uart.state = STATE_RECEIVING_DATA;\r
Uart.bitCnt = 0;\r
Uart.shiftReg = 0;\r
Uart.state = STATE_RECEIVING_DATA;\r
+ LED_A_ON(); // Indicate we're receiving\r
}\r
} else if(Uart.shiftReg == 0x000) {\r
// this is an EOF byte\r
}\r
} else if(Uart.shiftReg == 0x000) {\r
// this is an EOF byte\r
+ LED_A_OFF(); // Finished receiving\r
return TRUE;\r
} else {\r
// this is an error\r
return TRUE;\r
} else {\r
// this is an error\r
+ if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error\r
+\r
\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);\r
\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);\r
\r
if(respLen <= 0) continue;\r
\r
// Modulate BPSK\r
if(respLen <= 0) continue;\r
\r
// Modulate BPSK\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);\r
SSC_TRANSMIT_HOLDING = 0xff;\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);\r
SSC_TRANSMIT_HOLDING = 0xff;\r
int sumQ;\r
} Demod;\r
\r
int sumQ;\r
} Demod;\r
\r
+/*\r
+ * Handles reception of a bit from the tag\r
+ *\r
+ * LED handling:\r
+ * LED C -> ON once we have received the SOF and are expecting the rest.\r
+ * LED C -> OFF once we have received EOF or are unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ *
+ */\r
static BOOL Handle14443SamplesDemod(int ci, int cq)\r
{\r
int v;\r
static BOOL Handle14443SamplesDemod(int ci, int cq)\r
{\r
int v;\r
if(Demod.posCount < 12) {\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
if(Demod.posCount < 12) {\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
+ LED_C_ON(); // Got SOF\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
Demod.posCount = 0;\r
Demod.len = 0;\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
Demod.posCount = 0;\r
Demod.len = 0;\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
} else if(s == 0x000) {\r
// This is EOF\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
} else if(s == 0x000) {\r
// This is EOF\r
return TRUE;\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
return TRUE;\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
+ if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized...\r
+/*\r
+ * Demodulate the samples we received from the tag\r
+ * weTx: set to 'TRUE' if we behave like a reader\r
+ * set to 'FALSE' if we behave like a snooper\r
+ * quiet: set to 'TRUE' to disable debug output
+ */\r
static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet)\r
{\r
int max = 0;\r
static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet)\r
{\r
int max = 0;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
\r
+ // Signal field is ON with the appropriate LED:\r
+ if (weTx) LED_D_ON(); else LED_D_OFF();\r
// And put the FPGA in the appropriate mode\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
// And put the FPGA in the appropriate mode\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
int behindBy = lastRxCounter - PDC_RX_COUNTER(SSC_BASE);\r
if(behindBy > max) max = behindBy;\r
\r
int behindBy = lastRxCounter - PDC_RX_COUNTER(SSC_BASE);\r
if(behindBy > max) max = behindBy;\r
\r
while(((lastRxCounter-PDC_RX_COUNTER(SSC_BASE)) & (DMA_BUFFER_SIZE-1))\r
> 2)\r
{\r
while(((lastRxCounter-PDC_RX_COUNTER(SSC_BASE)) & (DMA_BUFFER_SIZE-1))\r
> 2)\r
{\r
\r
if(samples > 2000) {\r
break;\r
\r
if(samples > 2000) {\r
break;\r
SSC_TRANSMIT_HOLDING = 0xff;\r
}\r
\r
SSC_TRANSMIT_HOLDING = 0xff;\r
}\r
\r
+ // Signal field is ON with the appropriate Red LED\r
+ LED_D_ON();\r
+ // Signal we are transmitting with the Green LED\r
+ LED_B_ON();\r
+ FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);\r
\r
for(c = 0; c < 10;) {\r
FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);\r
\r
for(c = 0; c < 10;) {\r
+ LED_B_OFF(); // Finished sending\r
}\r
\r
//-----------------------------------------------------------------------------\r
}\r
\r
//-----------------------------------------------------------------------------\r
\r
// Make sure that we start from off, since the tags are stateful;\r
// confusing things will happen if we don't reset them between reads.\r
\r
// Make sure that we start from off, since the tags are stateful;\r
// confusing things will happen if we don't reset them between reads.\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
SpinDelay(200);\r
\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
GetSamplesFor14443Demod(TRUE, 2000, FALSE);\r
GetSamplesFor14443Demod(TRUE, 2000, FALSE);\r
}\r
//-----------------------------------------------------------------------------\r
// Read a SRI512 ISO 14443 tag.\r
}\r
//-----------------------------------------------------------------------------\r
// Read a SRI512 ISO 14443 tag.\r
// SRI512 tags are just simple memory tags, here we're looking at making a dump
// of the contents of the memory. No anticollision algorithm is done, we assume
// we have a single tag in the field.
// SRI512 tags are just simple memory tags, here we're looking at making a dump
// of the contents of the memory. No anticollision algorithm is done, we assume
// we have a single tag in the field.
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b};\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b};\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
if (Demod.len == 0) {
DbpString("No response from tag");
if (Demod.len == 0) {
DbpString("No response from tag");
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
if (Demod.len != 3) {
DbpString("Expected 3 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
if (Demod.len != 3) {
DbpString("Expected 3 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one\r
TransmitFor14443();\r
ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one\r
TransmitFor14443();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
if (Demod.len != 10) {
DbpString("Expected 10 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
if (Demod.len != 10) {
DbpString("Expected 10 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
if (Demod.len != 6) { // Check if we got an answer from the tag
DbpString("Expected 6 bytes from tag, got less...");
return;
if (Demod.len != 6) { // Check if we got an answer from the tag
DbpString("Expected 6 bytes from tag, got less...");
return;
// triggering so that we start recording at the point that the tag is moved\r
// near the reader.\r
//-----------------------------------------------------------------------------\r
// triggering so that we start recording at the point that the tag is moved\r
// near the reader.\r
//-----------------------------------------------------------------------------\r
+/*\r
+ * Memory usage for this function, (within BigBuf)\r
+ * 0-1023 : Demodulated samples receive (1024 bytes)\r
+ * 1024-1535 : Last Received command, 512 bytes (reader->tag)\r
+ * 1536-2047 : Last Received command, 512 bytes(tag->reader)\r
+ * 2048-2304 : DMA Buffer, 256 bytes (samples)
+ */\r
void SnoopIso14443(void)\r
{\r
// We won't start recording the frames that we acquire until we trigger;\r
void SnoopIso14443(void)\r
{\r
// We won't start recording the frames that we acquire until we trigger;\r
BOOL triggered = FALSE;\r
\r
// The command (reader -> tag) that we're working on receiving.\r
BOOL triggered = FALSE;\r
\r
// The command (reader -> tag) that we're working on receiving.\r
- BYTE *receivedCmd = (((BYTE *)BigBuf) + 1024);\r
+ BYTE *receivedCmd = (BYTE *)(BigBuf) + 1024;\r
// The response (tag -> reader) that we're working on receiving.\r
// The response (tag -> reader) that we're working on receiving.\r
- BYTE *receivedResponse = (((BYTE *)BigBuf) + 1536);\r
+ BYTE *receivedResponse = (BYTE *)(BigBuf) + 1536;\r
\r
// As we receive stuff, we copy it from receivedCmd or receivedResponse\r
// into trace, along with its length and other annotations.\r
\r
// As we receive stuff, we copy it from receivedCmd or receivedResponse\r
// into trace, along with its length and other annotations.\r
int traceLen = 0;\r
\r
// The DMA buffer, used to stream samples from the FPGA.\r
int traceLen = 0;\r
\r
// The DMA buffer, used to stream samples from the FPGA.\r
-//# define DMA_BUFFER_SIZE 256\r
- SBYTE *dmaBuf = ((SBYTE *)BigBuf) + 2048;\r
+ SBYTE *dmaBuf = (SBYTE *)(BigBuf) + 2048;\r
int lastRxCounter;\r
SBYTE *upTo;\r
int ci, cq;\r
int lastRxCounter;\r
SBYTE *upTo;\r
int ci, cq;\r
// information in the trace buffer.\r
int samples = 0;\r
\r
// information in the trace buffer.\r
int samples = 0;\r
\r
- memset(trace, 0x44, 1000);\r
+ // Initialize the trace buffer\r
+ memset(trace, 0x44, 1024);\r
\r
// Set up the demodulator for tag -> reader responses.\r
Demod.output = receivedResponse;\r
\r
// Set up the demodulator for tag -> reader responses.\r
Demod.output = receivedResponse;\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
FPGA_HF_READER_RX_XCORR_SNOOP);\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
FPGA_HF_READER_RX_XCORR_SNOOP);\r
upTo = dmaBuf;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
upTo = dmaBuf;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
// And now we loop, receiving samples.\r
for(;;) {\r
// And now we loop, receiving samples.\r
for(;;) {\r
- int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) &\r
+ int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) &\r
(DMA_BUFFER_SIZE-1);\r
if(behindBy > maxBehindBy) {\r
maxBehindBy = behindBy;\r
(DMA_BUFFER_SIZE-1);\r
if(behindBy > maxBehindBy) {\r
maxBehindBy = behindBy;\r
+ if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not?\r
DbpString("blew circular buffer!");\r
DbpString("blew circular buffer!");\r
+ DbpIntegers(behindBy,0,0);\r
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {\r
upTo -= DMA_BUFFER_SIZE;\r
lastRxCounter += DMA_BUFFER_SIZE;\r
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {\r
upTo -= DMA_BUFFER_SIZE;\r
lastRxCounter += DMA_BUFFER_SIZE;\r
- PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo;\r
+ PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD) upTo;\r
PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE;\r
}\r
\r
PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE;\r
}\r
\r
if(traceLen > 1000) break;\r
\r
triggered = TRUE;\r
if(traceLen > 1000) break;\r
\r
triggered = TRUE;\r
- LED_A_OFF();\r
- LED_B_ON();\r
\r
// And ready to receive another response.\r
memset(&Demod, 0, sizeof(Demod));\r
Demod.output = receivedResponse;\r
Demod.state = DEMOD_UNSYNCD;\r
}\r
\r
// And ready to receive another response.\r
memset(&Demod, 0, sizeof(Demod));\r
Demod.output = receivedResponse;\r
Demod.state = DEMOD_UNSYNCD;\r
}\r
\r
if(BUTTON_PRESS()) {\r
DbpString("cancelled");\r
\r
if(BUTTON_PRESS()) {\r
DbpString("cancelled");\r
DbpIntegers(Uart.byteCntMax, traceLen, 0x23);\r
\r
done:\r
DbpIntegers(Uart.byteCntMax, traceLen, 0x23);\r
\r
done:\r
PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
- LED_A_OFF();\r
- LED_B_OFF();\r
#define RECV_RES_OFFSET 3096\r
#define DMA_BUFFER_OFFSET 3160\r
#define DMA_BUFFER_SIZE 4096\r
#define RECV_RES_OFFSET 3096\r
#define DMA_BUFFER_OFFSET 3160\r
#define DMA_BUFFER_SIZE 4096\r
- #define TRACE_LENGTH 3000 \r
- \r
+ #define TRACE_LENGTH 3000\r
+\r
// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values\r
// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values\r
// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values\r
// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values\r
// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values\r
// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
\r
{\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
{\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);\r
\r
// Now run a `software UART' on the stream of incoming samples.\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);\r
\r
// Now run a `software UART' on the stream of incoming samples.\r
\r
// my desfire\r
static const BYTE response2[] = { 0x88, 0x04, 0x21, 0x3f, 0x4d }; // known uid - note cascade (0x88), 2nd byte (0x04) = NXP/Phillips\r
\r
// my desfire\r
static const BYTE response2[] = { 0x88, 0x04, 0x21, 0x3f, 0x4d }; // known uid - note cascade (0x88), 2nd byte (0x04) = NXP/Phillips\r
// When reader selects us during cascade1 it will send cmd3\r
//BYTE response3[] = { 0x04, 0x00, 0x00 }; // SAK Select (cascade1) successful response (ULTRALITE)\r
BYTE response3[] = { 0x24, 0x00, 0x00 }; // SAK Select (cascade1) successful response (DESFire)\r
// When reader selects us during cascade1 it will send cmd3\r
//BYTE response3[] = { 0x04, 0x00, 0x00 }; // SAK Select (cascade1) successful response (ULTRALITE)\r
BYTE response3[] = { 0x24, 0x00, 0x00 }; // SAK Select (cascade1) successful response (DESFire)\r
//BYTE response3a[] = { 0x00, 0x00, 0x00 }; // SAK Select (cascade2) successful response (ULTRALITE)\r
BYTE response3a[] = { 0x20, 0x00, 0x00 }; // SAK Select (cascade2) successful response (DESFire)\r
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);\r
//BYTE response3a[] = { 0x00, 0x00, 0x00 }; // SAK Select (cascade2) successful response (ULTRALITE)\r
BYTE response3a[] = { 0x20, 0x00, 0x00 }; // SAK Select (cascade2) successful response (DESFire)\r
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);\r
// When reader tries to authenticate\r
// static const BYTE cmd5[] = { 0x60, 0x00, 0xf5, 0x7b };\r
static const BYTE response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce\r
// When reader tries to authenticate\r
// static const BYTE cmd5[] = { 0x60, 0x00, 0xf5, 0x7b };\r
static const BYTE response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce\r
// buffer needs to be 512 bytes\r
int c;\r
\r
// buffer needs to be 512 bytes\r
int c;\r
\r
- // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
+ // Set FPGA mode to "reader listen mode", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// Now get the answer from the card\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// Now get the answer from the card\r
int traceLen = 0;\r
int rsamples = 0;\r
\r
int traceLen = 0;\r
int rsamples = 0;\r
\r
- memset(trace, 0x44, 2000); // was 2000 - tied to oter size chnages \r
+ memset(trace, 0x44, 2000); // was 2000 - tied to oter size chnages\r
// setting it to 3000 causes no tag responses to be detected (2900 is ok)\r
// setting it to 1000 causes no tag responses to be detected\r
\r
// setting it to 3000 causes no tag responses to be detected (2900 is ok)\r
// setting it to 1000 causes no tag responses to be detected\r
\r
FpgaSetupSsc();\r
\r
// Start from off (no field generated)\r
FpgaSetupSsc();\r
\r
// Start from off (no field generated)\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
SpinDelay(200);\r
\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
SpinDelay(200);\r
\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
\r
int samples = 0;\r
int tsamples = 0;\r
\r
int samples = 0;\r
int tsamples = 0;\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
-// OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in \r
+// OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in\r
// which case we need to make a cascade 2 request and select - this is a long UID\r
if (receivedAnswer[0] == 0x88)\r
{\r
// which case we need to make a cascade 2 request and select - this is a long UID\r
if (receivedAnswer[0] == 0x88)\r
{\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
-\r
-\r
-\r
-\r
-\r
- } \r
-\r
- \r
\r
// Secondly compute the two CRC bytes at the end\r
ComputeCrc14443(CRC_14443_A, cmd5, 2, &cmd5[2], &cmd5[3]);\r
\r
// Secondly compute the two CRC bytes at the end\r
ComputeCrc14443(CRC_14443_A, cmd5, 2, &cmd5[2], &cmd5[3]);\r
LED_A_OFF();\r
LED_B_OFF();\r
LED_C_OFF();\r
LED_A_OFF();\r
LED_B_OFF();\r
LED_C_OFF();\r
DbpIntegers(rsamples, 0xCC, 0xCC);\r
DbpString("ready..");\r
}\r
DbpIntegers(rsamples, 0xCC, 0xCC);\r
DbpString("ready..");\r
}\r
{\r
// The sampling rate is 106.353 ksps/s, for T = 18.8 us\r
\r
{\r
// The sampling rate is 106.353 ksps/s, for T = 18.8 us\r
\r
// 1) Unmodulated time of 56.64us\r
// 2) 24 pulses of 423.75khz\r
// 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz)\r
// 1) Unmodulated time of 56.64us\r
// 2) 24 pulses of 423.75khz\r
// 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz)\r
// 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us)\r
// 2) 24 pulses of 423.75khz\r
// 3) Unmodulated time of 56.64us\r
// 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us)\r
// 2) 24 pulses of 423.75khz\r
// 3) Unmodulated time of 56.64us\r
BitStream[bitidx++]=GraphBuffer[i-1];
} else {
// Error
BitStream[bitidx++]=GraphBuffer[i-1];
} else {
// Error
- PrintToScrollback("Warning: Manchester decode error for pulse width detection.");
+ PrintToScrollback("Warning: Manchester decode error for pulse width detection.");
PrintToScrollback("(too many of those messages mean either the stream is not Manchester encoded, or clock is wrong)");
}
}
PrintToScrollback("(too many of those messages mean either the stream is not Manchester encoded, or clock is wrong)");
}
}
"hi14alist", CmdHi14alist,0, "list ISO 14443a history", // ## New list command\r
"hiddemod", CmdHiddemod,1, "HID Prox Card II (not optimal)",\r
"hidfskdemod", CmdHIDdemodFSK,0, "HID FSK demodulator",\r
"hi14alist", CmdHi14alist,0, "list ISO 14443a history", // ## New list command\r
"hiddemod", CmdHiddemod,1, "HID Prox Card II (not optimal)",\r
"hidfskdemod", CmdHIDdemodFSK,0, "HID FSK demodulator",\r
+ "indalademod", CmdIndalademod,0, "demod samples for Indala",\r
"askdemod", Cmdaskdemod,1, "Attempt to demodulate simple ASK tags",\r
"hidsimtag", CmdHIDsimTAG,0, "HID tag simulator",\r
"mandemod", Cmdmanchesterdemod,1, "Try a Manchester demodulation on a binary stream",\r
"askdemod", Cmdaskdemod,1, "Attempt to demodulate simple ASK tags",\r
"hidsimtag", CmdHIDsimTAG,0, "HID tag simulator",\r
"mandemod", Cmdmanchesterdemod,1, "Try a Manchester demodulation on a binary stream",\r