[proxmark3-svn] / fpga / hi_simulate.v

//-----------------------------------------------------------------------------
// Pretend to be an ISO 14443 tag. We will do this by alternately short-
// circuiting and open-circuiting the antenna coil, with the tri-state
// pins. 
//
// We communicate over the SSP, as a bitstream (i.e., might as well be
// unframed, though we still generate the word sync signal). The output
// (ARM -> FPGA) tells us whether to modulate or not. The input (FPGA
// -> ARM) is us using the A/D as a fancy comparator; this is with
// (software-added) hysteresis, to undo the high-pass filter.
//
// At this point only Type A is implemented. This means that we are using a
// bit rate of 106 kbit/s, or fc/128. Oversample by 4, which ought to make
// things practical for the ARM (fc/32, 423.8 kbits/s, ~50 kbytes/s)
//
// Jonathan Westhues, October 2006
//-----------------------------------------------------------------------------

module hi_simulate(
    pck0, ck_1356meg, ck_1356megb,
    pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
    adc_d, adc_clk,
    ssp_frame, ssp_din, ssp_dout, ssp_clk,
    cross_hi, cross_lo,
    dbg,
    mod_type
);
    input pck0, ck_1356meg, ck_1356megb;
    output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
    input [7:0] adc_d;
    output adc_clk;
    input ssp_dout;
    output ssp_frame, ssp_din, ssp_clk;
    input cross_hi, cross_lo;
    output dbg;
    input [2:0] mod_type;

// Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can
// always be low.
assign pwr_hi = 1'b0;
assign pwr_lo = 1'b0;

// The comparator with hysteresis on the output from the peak detector.
reg after_hysteresis;
assign adc_clk = ck_1356meg;

always @(negedge adc_clk)
begin
    if(& adc_d[7:5]) after_hysteresis = 1'b1;
    else if(~(| adc_d[7:5])) after_hysteresis = 1'b0;
end


// Divide 13.56 MHz by 32 to produce the SSP_CLK
// The register is bigger to allow higher division factors of up to /128
// FPGA_HF_SIMULATOR_NO_MODULATION		(0<<0) // 0000
// FPGA_HF_SIMULATOR_MODULATE_BPSK		(1<<0) // 0001
// FPGA_HF_SIMULATOR_MODULATE_212K		(2<<0) // 0010
// FPGA_HF_SIMULATOR_MODULATE_424K		(4<<0) // 0100
// FPGA_HF_SIMULATOR_MODULATE_424K_8BIT	0x5    // 0101
reg [10:0] ssp_clk_divider;

always @(posedge adc_clk)
    ssp_clk_divider <= (ssp_clk_divider + 1);

reg ssp_clk;
reg ssp_frame;
always @(negedge adc_clk)
begin
    //If we're in 101, we only need a new bit every 8th carrier bit (53Hz). Otherwise, get next bit at 424Khz
    if(mod_type == 3'b101)
    begin
	if(ssp_clk_divider[7:0] == 8'b00000000)
	    ssp_clk <= 1'b0;
	if(ssp_clk_divider[7:0] == 8'b10000000)
	    ssp_clk <= 1'b1;

    end
    else
    begin
	if(ssp_clk_divider[4:0] == 5'd0)//[4:0] == 5'b00000)
	    ssp_clk <= 1'b1;
	if(ssp_clk_divider[4:0] == 5'd16) //[4:0] == 5'b10000)
	    ssp_clk <= 1'b0;
    end
end


//assign ssp_clk = ssp_clk_divider[4];

// Divide SSP_CLK by 8 to produce the byte framing signal; the phase of
// this is arbitrary, because it's just a bitstream.
// One nasty issue, though: I can't make it work with both rx and tx at
// once. The phase wrt ssp_clk must be changed. 
// TODO to find out why that is and make a better fix.
reg [2:0] ssp_frame_divider_to_arm;
always @(posedge ssp_clk)
    ssp_frame_divider_to_arm <= (ssp_frame_divider_to_arm + 1);
reg [2:0] ssp_frame_divider_from_arm;
always @(negedge ssp_clk)
    ssp_frame_divider_from_arm <= (ssp_frame_divider_from_arm + 1);


always @(ssp_frame_divider_to_arm or ssp_frame_divider_from_arm or mod_type)
    if(mod_type == 3'b000) // not modulating, so listening, to ARM
        ssp_frame = (ssp_frame_divider_to_arm == 3'b000);
    else
	ssp_frame = (ssp_frame_divider_from_arm == 3'b000);

// Synchronize up the after-hysteresis signal, to produce DIN.
reg ssp_din;
always @(posedge ssp_clk)
    ssp_din = after_hysteresis;

// Modulating carrier frequency is fc/16, reuse ssp_clk divider for that
reg modulating_carrier;
always @(mod_type or ssp_clk or ssp_dout)
    if(mod_type == 3'b000)
        modulating_carrier <= 1'b0;                          // no modulation
    else if(mod_type == 3'b001)
        modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK
    else if(mod_type == 3'b010)
	modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off
    else if(mod_type == 3'b100 || mod_type == 3'b101)
	modulating_carrier <= ssp_dout & ssp_clk_divider[4]; // switch 424kHz modulation on/off
    else
        modulating_carrier <= 1'b0;                           // yet unused

// This one is all LF, so doesn't matter
assign pwr_oe2 = modulating_carrier;

// Toggle only one of these, since we are already producing much deeper
// modulation than a real tag would.
assign pwr_oe1 = modulating_carrier;
assign pwr_oe4 = modulating_carrier;

// This one is always on, so that we can watch the carrier.
assign pwr_oe3 = 1'b0;

assign dbg = modulating_carrier;
//reg dbg;
//always @(ssp_dout)
//    dbg <= ssp_dout;

endmodule
Commit	Line	Data
ba06a4b6	1	//-----------------------------------------------------------------------------
	2	// Pretend to be an ISO 14443 tag. We will do this by alternately short-
	3	// circuiting and open-circuiting the antenna coil, with the tri-state
	4	// pins.
	5	//
	6	// We communicate over the SSP, as a bitstream (i.e., might as well be
	7	// unframed, though we still generate the word sync signal). The output
	8	// (ARM -> FPGA) tells us whether to modulate or not. The input (FPGA
	9	// -> ARM) is us using the A/D as a fancy comparator; this is with
	10	// (software-added) hysteresis, to undo the high-pass filter.
	11	//
	12	// At this point only Type A is implemented. This means that we are using a
	13	// bit rate of 106 kbit/s, or fc/128. Oversample by 4, which ought to make
	14	// things practical for the ARM (fc/32, 423.8 kbits/s, ~50 kbytes/s)
	15	//
	16	// Jonathan Westhues, October 2006
	17	//-----------------------------------------------------------------------------
	18
	19	module hi_simulate(
	20	pck0, ck_1356meg, ck_1356megb,
	21	pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
	22	adc_d, adc_clk,
	23	ssp_frame, ssp_din, ssp_dout, ssp_clk,
	24	cross_hi, cross_lo,
	25	dbg,
	26	mod_type
	27	);
	28	input pck0, ck_1356meg, ck_1356megb;
	29	output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
	30	input [7:0] adc_d;
	31	output adc_clk;
	32	input ssp_dout;
	33	output ssp_frame, ssp_din, ssp_clk;
	34	input cross_hi, cross_lo;
	35	output dbg;
	36	input [2:0] mod_type;
	37
	38	// Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can
	39	// always be low.
	40	assign pwr_hi = 1'b0;
	41	assign pwr_lo = 1'b0;
	42
	43	// The comparator with hysteresis on the output from the peak detector.
	44	reg after_hysteresis;
	45	assign adc_clk = ck_1356meg;
	46
	47	always @(negedge adc_clk)
	48	begin
	49	if(& adc_d[7:5]) after_hysteresis = 1'b1;
	50	else if(~(\| adc_d[7:5])) after_hysteresis = 1'b0;
	51	end
	52
645c960f	53
ba06a4b6	54	// Divide 13.56 MHz by 32 to produce the SSP_CLK
ba06a4b6	55	// The register is bigger to allow higher division factors of up to /128
496b6734	56	// FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) // 0000
	57	// FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) // 0001
	58	// FPGA_HF_SIMULATOR_MODULATE_212K (2<<0) // 0010
	59	// FPGA_HF_SIMULATOR_MODULATE_424K (4<<0) // 0100
	60	// FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5 // 0101
645c960f MHS	61	reg [10:0] ssp_clk_divider;
645c960f MHS	62
ba06a4b6	63	always @(posedge adc_clk)
ba06a4b6	64	ssp_clk_divider <= (ssp_clk_divider + 1);
645c960f MHS	65
	66	reg ssp_clk;
	67	reg ssp_frame;
	68	always @(negedge adc_clk)
	69	begin
	70	//If we're in 101, we only need a new bit every 8th carrier bit (53Hz). Otherwise, get next bit at 424Khz
	71	if(mod_type == 3'b101)
	72	begin
	73	if(ssp_clk_divider[7:0] == 8'b00000000)
	74	ssp_clk <= 1'b0;
	75	if(ssp_clk_divider[7:0] == 8'b10000000)
	76	ssp_clk <= 1'b1;
	77
	78	end
	79	else
	80	begin
	81	if(ssp_clk_divider[4:0] == 5'd0)//[4:0] == 5'b00000)
	82	ssp_clk <= 1'b1;
	83	if(ssp_clk_divider[4:0] == 5'd16) //[4:0] == 5'b10000)
	84	ssp_clk <= 1'b0;
	85	end
	86	end
	87
	88
	89	//assign ssp_clk = ssp_clk_divider[4];
ba06a4b6	90
	91	// Divide SSP_CLK by 8 to produce the byte framing signal; the phase of
	92	// this is arbitrary, because it's just a bitstream.
	93	// One nasty issue, though: I can't make it work with both rx and tx at
496b6734	94	// once. The phase wrt ssp_clk must be changed.
496b6734	95	// TODO to find out why that is and make a better fix.
ba06a4b6	96	reg [2:0] ssp_frame_divider_to_arm;
	97	always @(posedge ssp_clk)
	98	ssp_frame_divider_to_arm <= (ssp_frame_divider_to_arm + 1);
	99	reg [2:0] ssp_frame_divider_from_arm;
	100	always @(negedge ssp_clk)
	101	ssp_frame_divider_from_arm <= (ssp_frame_divider_from_arm + 1);
	102
645c960f MHS	103
645c960f MHS	104
ba06a4b6	105	always @(ssp_frame_divider_to_arm or ssp_frame_divider_from_arm or mod_type)
	106	if(mod_type == 3'b000) // not modulating, so listening, to ARM
	107	ssp_frame = (ssp_frame_divider_to_arm == 3'b000);
	108	else
645c960f	109	ssp_frame = (ssp_frame_divider_from_arm == 3'b000);
ba06a4b6	110
	111	// Synchronize up the after-hysteresis signal, to produce DIN.
	112	reg ssp_din;
	113	always @(posedge ssp_clk)
	114	ssp_din = after_hysteresis;
	115
	116	// Modulating carrier frequency is fc/16, reuse ssp_clk divider for that
	117	reg modulating_carrier;
	118	always @(mod_type or ssp_clk or ssp_dout)
	119	if(mod_type == 3'b000)
	120	modulating_carrier <= 1'b0; // no modulation
	121	else if(mod_type == 3'b001)
	122	modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK
	123	else if(mod_type == 3'b010)
12401d8d	124	modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off
645c960f	125	else if(mod_type == 3'b100 \|\| mod_type == 3'b101)
12401d8d	126	modulating_carrier <= ssp_dout & ssp_clk_divider[4]; // switch 424kHz modulation on/off
ba06a4b6	127	else
	128	modulating_carrier <= 1'b0; // yet unused
	129
	130	// This one is all LF, so doesn't matter
	131	assign pwr_oe2 = modulating_carrier;
	132
	133	// Toggle only one of these, since we are already producing much deeper
	134	// modulation than a real tag would.
	135	assign pwr_oe1 = modulating_carrier;
	136	assign pwr_oe4 = modulating_carrier;
	137
	138	// This one is always on, so that we can watch the carrier.
	139	assign pwr_oe3 = 1'b0;
	140
645c960f	141	assign dbg = modulating_carrier;
12401d8d MHS	142	//reg dbg;
	143	//always @(ssp_dout)
	144	// dbg <= ssp_dout;
ba06a4b6	145
ba06a4b6	146	endmodule