From: pwpiwi <pwpiwi@users.noreply.github.com>
Date: Tue, 2 Jun 2015 20:27:14 +0000 (+0200)
Subject: fixing iso14443b (issue #103):
X-Git-Tag: v2.1.0~1^2~7
X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/5b95953d4227d9af4b5a5f20156b668bba55aac8

fixing iso14443b (issue #103):
- most significant bit of tag data (which happens to be the sign bit)
had been dropped when snooping (FPGA change)
- avoid trying to decode both tag and reader data when snooping (we don't
have the time to do so).
---

diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c
index 8add8f9c..d6595586 100644
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
@@ -158,7 +158,6 @@ static int Handle14443UartBit(int bit)
 {
 	switch(Uart.state) {
 		case STATE_UNSYNCD:
-			LED_A_OFF();
 			if(!bit) {
 				// we went low, so this could be the beginning
 				// of an SOF
@@ -272,8 +271,7 @@ static int Handle14443UartBit(int bit)
 			break;
 	}
 
-	// This row make the error blew circular buffer in hf 14b snoop
-	//if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error
+	if (Uart.state == STATE_UNSYNCD) LED_A_OFF();
 
 	return FALSE;
 }
@@ -1054,17 +1052,17 @@ void ReadSTMemoryIso14443(uint32_t dwLast)
 //-----------------------------------------------------------------------------
 /*
  * Memory usage for this function, (within BigBuf)
- * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE
- * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE
- * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE
- * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DEMOD_DMA_BUFFER_SIZE
+ * Last Received command (reader->tag) - MAX_FRAME_SIZE
+ * Last Received command (tag->reader) - MAX_FRAME_SIZE
+ * DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE
+ * Demodulated samples received - all the rest
  */
 void RAMFUNC SnoopIso14443(void)
 {
 	// We won't start recording the frames that we acquire until we trigger;
 	// a good trigger condition to get started is probably when we see a
 	// response from the tag.
-	int triggered = TRUE;
+	int triggered = TRUE;			// TODO: set and evaluate trigger condition
 
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	BigBuf_free();
@@ -1109,7 +1107,10 @@ void RAMFUNC SnoopIso14443(void)
 	FpgaSetupSscDma((uint8_t*) dmaBuf, DMA_BUFFER_SIZE);
 	uint8_t parity[MAX_PARITY_SIZE];
 	LED_A_ON();
-		
+
+	bool TagIsActive = FALSE;
+	bool ReaderIsActive = FALSE;
+	
 	// And now we loop, receiving samples.
 	for(;;) {
 		int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
@@ -1136,49 +1137,56 @@ void RAMFUNC SnoopIso14443(void)
 
 		samples += 2;
 
-		if(Handle14443UartBit(ci & 1)) {
-			if(triggered && tracing) {
-				GetParity(Uart.output, Uart.byteCnt, parity);
-				LogTrace(Uart.output,Uart.byteCnt,samples, samples,parity,TRUE);
-			}
-			if(Uart.byteCnt==0) Dbprintf("[1] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
+		if (!TagIsActive) {							// no need to try decoding reader data if the tag is sending
+			if(Handle14443UartBit(ci & 0x01)) {
+				if(triggered && tracing) {
+					GetParity(Uart.output, Uart.byteCnt, parity);
+					LogTrace(Uart.output,Uart.byteCnt,samples, samples,parity,TRUE);
+				}
+				if(Uart.byteCnt==0) Dbprintf("[1] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
 
-			/* And ready to receive another command. */
-			UartReset();
-			/* And also reset the demod code, which might have been */
-			/* false-triggered by the commands from the reader. */
-			DemodReset();
-		}
-		if(Handle14443UartBit(cq & 1)) {
-			if(triggered && tracing) {
-				GetParity(Uart.output, Uart.byteCnt, parity);
-				LogTrace(Uart.output,Uart.byteCnt,samples, samples, parity, TRUE);
+				/* And ready to receive another command. */
+				UartReset();
+				/* And also reset the demod code, which might have been */
+				/* false-triggered by the commands from the reader. */
+				DemodReset();
 			}
-			if(Uart.byteCnt==0) Dbprintf("[2] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
+			if(Handle14443UartBit(cq & 0x01)) {
+				if(triggered && tracing) {
+					GetParity(Uart.output, Uart.byteCnt, parity);
+					LogTrace(Uart.output,Uart.byteCnt,samples, samples, parity, TRUE);
+				}
+				if(Uart.byteCnt==0) Dbprintf("[2] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
 
-			/* And ready to receive another command. */
-			UartReset();
-			/* And also reset the demod code, which might have been */
-			/* false-triggered by the commands from the reader. */
-			DemodReset();
+				/* And ready to receive another command. */
+				UartReset();
+				/* And also reset the demod code, which might have been */
+				/* false-triggered by the commands from the reader. */
+				DemodReset();
+			}
+			ReaderIsActive = (Uart.state != STATE_UNSYNCD);
 		}
 
-		if(Handle14443SamplesDemod(ci, cq)) {
+		if(!ReaderIsActive) {						// no need to try decoding tag data if the reader is sending - and we cannot afford the time
+			if(Handle14443SamplesDemod(ci, cq)) {
 
-			//Use samples as a time measurement
-			if(tracing)
-			{
-				uint8_t parity[MAX_PARITY_SIZE];
-				GetParity(Demod.output, Demod.len, parity);
-				LogTrace(Demod.output, Demod.len,samples, samples, parity, FALSE);
-			}
-			triggered = TRUE;
-			LED_A_OFF();
-			LED_B_ON();
+				//Use samples as a time measurement
+				if(tracing)
+				{
+					uint8_t parity[MAX_PARITY_SIZE];
+					GetParity(Demod.output, Demod.len, parity);
+					LogTrace(Demod.output, Demod.len,samples, samples, parity, FALSE);
+				}
+				triggered = TRUE;
+				LED_A_OFF();
+				LED_B_ON();
 
-			// And ready to receive another response.
-			DemodReset();
+				// And ready to receive another response.
+				DemodReset();
+			}
+			TagIsActive = (Demod.state != DEMOD_UNSYNCD);
 		}
+
 		WDT_HIT();
 
 		if(!tracing) {
diff --git a/fpga/fpga_hf.bit b/fpga/fpga_hf.bit
index 20fb2bd4..53078a78 100644
Binary files a/fpga/fpga_hf.bit and b/fpga/fpga_hf.bit differ
diff --git a/fpga/hi_read_rx_xcorr.v b/fpga/hi_read_rx_xcorr.v
index dece2db3..ec6583b2 100644
--- a/fpga/hi_read_rx_xcorr.v
+++ b/fpga/hi_read_rx_xcorr.v
@@ -99,8 +99,10 @@ end
 reg [5:0] corr_i_cnt;
 reg [5:0] corr_q_cnt;
 // And a couple of registers in which to accumulate the correlations.
-reg signed [15:0] corr_i_accum;
-reg signed [15:0] corr_q_accum;
+// we would add at most 32 times adc_d, the result can be held in 13 bits. 
+// Need one additional bit because it can be negative as well
+reg signed [13:0] corr_i_accum;
+reg signed [13:0] corr_q_accum;
 reg signed [7:0] corr_i_out;
 reg signed [7:0] corr_q_out;
 
@@ -114,12 +116,13 @@ begin
     begin
         if(snoop)
         begin
-            corr_i_out <= {corr_i_accum[12:6], after_hysteresis_prev};
-            corr_q_out <= {corr_q_accum[12:6], after_hysteresis};
+			// highest 7 significant bits of tag signal (signed), 1 bit reader signal:
+            corr_i_out <= {corr_i_accum[13:7], after_hysteresis_prev};
+            corr_q_out <= {corr_q_accum[13:7], after_hysteresis};
         end
         else
         begin
-            // Only correlations need to be delivered.
+            // highest 8 significant bits of tag signal
             corr_i_out <= corr_i_accum[13:6];
             corr_q_out <= corr_q_accum[13:6];
         end