[proxmark3-svn] / doc / CHANGES.TXT

################\r
## 2009/04/09 ##\r
################\r
winsrc/gui.cpp\r
	Changes to PaintGraph to create X axis labels that are snapped to a power of two (useful when analysing low freq tags\r
	with cycle times that are a power of two). Also small changes to keep the X axis labels fixed within the graph window\r
	as the width of the graph window is resized.\r
armsrc/apps.h\r
	New defines for FPGA commands FPGA_CMD_SET_CONFREG, FPGA_CMD_SET_DIVISOR_REG\r
armsrc/appmain.c\r
\r
armsrc/fpga.c\r
	FpgaWriteConfWord(data) is now a special case of FpgaSendCommand(FPGA_CMD_SET_CONFREG, data) to avoid changing every\r
	source file containing FpgaWriteConfWord()\r
fpga/fpga.v\r
	Changes to the serial conf word, now takes a 4 bit command and 12 bit data code\r
fpga/lo_read.v\r
	Significant changes to lo_read, it now can be configured with a divisor value to produce a configurable drive clock\r
	for the antenna.\r
	Recompiled FPGA code

################
## 2009/04/09 ##
################

Initial SVN commit plus:
        - Added indala demodulation algorithm - full documentation on https://www.lafargue.name/proxmark3/
        - losim should also be able to simulate an indala tag after indalademod
	- offline mode for the proxmark3 CLI: if no Proxmark is detected, it will
	  still go on, but all commands requiring USB will fail (obviously).
	  A proper implementation would require only enabling offline commands
	  in this mode.


################
## 2009/03/28 ##
################
winsrc/command.cpp
	Added two new LF commands for tag exploration :

   - askdemod: takes 2 arguments, one is the clock rate, one is the modulation
               convention (high mod is 1 or high mod is zero)

               This command demodulates the stream into a binary stream into 
               the trace buffer (0's and 1's)

   - mandemod: manchester decoding of a bitstream: takes a binary stream from
               the trace buffer (see askdemod) and attempts to do manchester decoding
	       to it. One argument: clock rate. Outputs the bitstream to the scrollback buffer.

  Those two helped me to validate that the unknown tag I had was indeed an EM4100 type of tag


################\r
## 2008/12/11 ##\r
################\r
bootrom/bootrom.c\r
	Significant changes to bootloader. Use of Chip ID register to detect if running on a SAM7S512 then configure FLASH\r
	waitstates as per SummoningDark's suggestion for a SAM7S512 or SAM7S256.\r
	Deleted idle loops waiting blindly for clocks to settle and now using status registers to detect when clocks are stable.\r
\r
	*************************\r
	* IMPORTANT INFORMATION *\r
	**************************************************************************************************************************\r
	* With this boot code, the device can now only be flashed if button is held down after power on or a software reset.\r
	* The flash procedure is this:\r
	* Hold down button. Either plug in USB or software reset it. _While_holding_down_button_ (red and yellow LEDs are lit) you can\r
	* issue one or more of the "prox bootrom <file>" "prox fpga <file>" "prox load <file>", be sure to hold button down for the\r
	* entire duration of the flash process. Only release the button when flashing is complete and you want to let the board boot.\r
	* This process may be less convenient but it's safer and avoids "unintentional" flashing of the board.\r
	**************************************************************************************************************************\r
	LED boot sequence now changed, C (red) lights up when boot code jumps from flash to RAM boot code, A (yellow) lights up after\r
	clocks have been initialized, B (green) lights up when jumping from boot code to main code, then D (red led away from the others)\r
	lights up while code is being downloaded to FPGA, then all leds turn off and board is ready for action.\r
\r
	With these changes the board now boots and is ready to use in about 3 seconds. Also since the USB bus is not initialized\r
	twice (once during boot, then again when the main code runs) unless the button is held down at boot, this seems to avoid\r
	the	double USB connect and "USB device not recognized" when device is connected to the USB bus or software reset.\r
\r
################\r
## 2008/12/06 ##\r
################\r
armsrc/fpga.c\r
	Implemented function SetupSpi() to initialize the Serial Peripheral Interface (SPI) in preparation to adding an LCD to the board.\r
	Changed FpgaWriteConfWord() to use the SPI communication now instead of bit banging the serial data to the FPGA.\r
\r
fpga/fpga.v\r
	The FPGA config word serializer required non standard SPI communication (ie for shifting in a 8 bit word, it required a 9th clock\r
	cycle with NCS high to load the word from the shift register to the conf register). This was OK for manually bitbanging it but not\r
	suitable for using SPI comms. The serializer was fixed to load the conf word from the shift register on a NCS lo-hi transition and\r
	not require additional clocking.\r
\r
armsrc/fpgaimg.c\r
	Recompiled FPGA code after changes above.\r
\r
armsrc/LCD.c\r
	LCD driver for PCF8833 based LCDs like those found on Nokia models 2600,2650,3100,3120,5140,6030,6100,6610,7210,7250 maybe\r
	others. These color LCDs have a resolution of 132x132 and a serial interface. They are very cheap like even down to $2/pc\r
	This LCD driver is a straight rip of that found at http://www.sparkfun.com/datasheets/LCD/Jimbo-Nokia-SAM7-Example.zip with\r
	very small changes, mainly to integrate it and make it compile with our codebase. Also comented out the circle subroutines\r
	to keep the code to integer math only.\r
\r
armsrc/fonts.c\r
	Font definition for LCD driver\r
\r
armsrc/appmain.c\r
	Fixed a small bug in CmdHIDdemodFSK (added case 4) which prevented reading some tags. When a logic 0 is immediately followed\r
	by the start of the next transmisson (special pattern) a pattern of 4 bit duration lengths is created.\r
\r
################\r
## 2008/11/27 ##\r
################\r
armsrc/appmain.c\r
	Implemented an HID tag FSK demodulator (CmdHIDdemodFSK) to obtain the tag ID code from the raw sampled waveform.\r
	Implemented CmdHIDsimTAG which takes a 44bit HID tag ID as a hex number then creates the waveform and simulates the tag\r
\r
winsrc/command.cpp\r
	Added command "hidfskdemod" that calls CmdHIDdemodFSK, the ARM FSK demodulator for HID tags.\r
\r
include/usb-cmd.h\r
	New defines CMD_HID_DEMOD_FSK and CMD_HID_SIM_TAG\r
\r
2008/11/25\r
common/iso14443_crc.c\r
	Moved CRC calculation code into this file as it's common to both ARM and Windows side. This file is now included as needed.\r
\r
################\r
## 2008/11/21 ##\r
################\r
armsrc/Makefile\r
	Changes to split up the compilation of the ARM and produce separate S files for the FPGA code and the ARM code.\r
\r
armsrc/appmain.c\r
	Replaced some of the hex value params in FpgaWriteConfWord with more explanatory defines.\r
	Changes to the Tune command as it assumes wrong HF capacitor value (130pF) and produces wrong voltage readings.\r
	Combined some of the integer arithmetic statements to improve accuracy slightly, since the voltage divider ratio is not an integer.\r
	Voltage divider resistor network is 10M/240k = ratio of 41.6666\r
\r
	Originally the calculation was rounding the ratio down to 41\r
		3300 (mV) * 41 * sample_value / 1024\r
	New calculation without rounding error is\r
		3300 (mV) * 41.66666 * sample_value / 1024 => 137500 * sample_value / 1024\r
\r
	New define BUTTON_PRESS() returns status of button\r
\r
armsrc/fpga.c\r
	The current board can only take a X2S30 as there is no larger FPGA in PQFP100 package and\r
	the smaller X2S15 FPGA can't fit the current code. The X2S30 FPGA config is fixed at 336,768 bits\r
	The FPGA code base address and length is hard coded to occupy FLASH region 0x2000 - 0xC470.\r
\r
armsrc/ldscript-fpga\r
	New file to place the FPGA code at FLASH address 0x2000\r
\r
bootrom/Makefile\r
	Slight changes, commented out the generation of byteswapped S file, the other S files are generated in the same section of the makefile now.\r
\r
bootrom/bootrom.c\r
	Changed some thumb code with a one line ARM code which is clearer and more explicit. Processor runs in ARM mode at reset anyway.\r
	Changed jump to RAM address, used to jump to 0x2000 (now FPGA area), now jumps to 0x10000.\r
\r
bootrom/flash-reset.s\r
	Changed name of CMain to CopyBootToRAM. Streamlined reset code, fixed up stack pointer initialization.\r
\r
bootrom/fromflash.c\r
	Removed the whole section of initializing clocks, this is redundant as it's being done once we jump to boot code in RAM\r
	All fromflash.c does now is copy the boot code to ram and jumps to it.\r
\r
bootrom/ram-reset.s\r
	Fixed up stack pointer initialization that caused crash when using "loread"\r
\r
include/at91sam7s128.h\r
	New defines for debug register, lets you identify what processor flavour the code runs on, RAM and FLASH sizes, etc.\r
\r
include/proxmark3.h\r
	New useful defines for relay and button\r
\r
winsrc/Makefile\r
	Added new define /D_CRT_SECURE_NO_WARNINGS to elliminate a _whole bunch_ of bogus compilation warnings\r
\r
winsrc/command.cpp\r
	Changed CmdLosamples to take a numeric argument (number of samples x4 to retrieve from buffer)\r
	New command Quit to exit the program from the GUI command prompt.\r
\r
winsrc/gui.cpp\r
	Fixup compilation warnings.\r
\r
winsrc/prox.cpp\r
	Tidy up printing to stdout, flashing progress now updates on the same line instead of scrolling up.\r
	New command line parameter to load FPGA image to FLASH.\r
Commit	Line	Data
30f2a7d3	1	################\r
	2	## 2009/04/09 ##\r
	3	################\r
	4	winsrc/gui.cpp\r
	5	Changes to PaintGraph to create X axis labels that are snapped to a power of two (useful when analysing low freq tags\r
	6	with cycle times that are a power of two). Also small changes to keep the X axis labels fixed within the graph window\r
	7	as the width of the graph window is resized.\r
	8	armsrc/apps.h\r
	9	New defines for FPGA commands FPGA_CMD_SET_CONFREG, FPGA_CMD_SET_DIVISOR_REG\r
	10	armsrc/appmain.c\r
	11	\r
	12	armsrc/fpga.c\r
	13	FpgaWriteConfWord(data) is now a special case of FpgaSendCommand(FPGA_CMD_SET_CONFREG, data) to avoid changing every\r
	14	source file containing FpgaWriteConfWord()\r
	15	fpga/fpga.v\r
	16	Changes to the serial conf word, now takes a 4 bit command and 12 bit data code\r
	17	fpga/lo_read.v\r
	18	Significant changes to lo_read, it now can be configured with a divisor value to produce a configurable drive clock\r
	19	for the antenna.\r
	20	Recompiled FPGA code
	21
974ba9a2	22	################
	23	## 2009/04/09 ##
	24	################
	25
	26	Initial SVN commit plus:
	27	- Added indala demodulation algorithm - full documentation on https://www.lafargue.name/proxmark3/
	28	- losim should also be able to simulate an indala tag after indalademod
	29	- offline mode for the proxmark3 CLI: if no Proxmark is detected, it will
	30	still go on, but all commands requiring USB will fail (obviously).
	31	A proper implementation would require only enabling offline commands
	32	in this mode.
	33
	34
6658905f	35	################
	36	## 2009/03/28 ##
	37	################
	38	winsrc/command.cpp
	39	Added two new LF commands for tag exploration :
	40
	41	- askdemod: takes 2 arguments, one is the clock rate, one is the modulation
	42	convention (high mod is 1 or high mod is zero)
	43
	44	This command demodulates the stream into a binary stream into
	45	the trace buffer (0's and 1's)
	46
	47	- mandemod: manchester decoding of a bitstream: takes a binary stream from
	48	the trace buffer (see askdemod) and attempts to do manchester decoding
	49	to it. One argument: clock rate. Outputs the bitstream to the scrollback buffer.
	50
	51	Those two helped me to validate that the unknown tag I had was indeed an EM4100 type of tag
	52
	53
	54	################\r
	55	## 2008/12/11 ##\r
	56	################\r
	57	bootrom/bootrom.c\r
	58	Significant changes to bootloader. Use of Chip ID register to detect if running on a SAM7S512 then configure FLASH\r
	59	waitstates as per SummoningDark's suggestion for a SAM7S512 or SAM7S256.\r
	60	Deleted idle loops waiting blindly for clocks to settle and now using status registers to detect when clocks are stable.\r
	61	\r
	62	*************************\r
	63	* IMPORTANT INFORMATION *\r
	64	**************************************************************************************************************************\r
	65	* With this boot code, the device can now only be flashed if button is held down after power on or a software reset.\r
	66	* The flash procedure is this:\r
	67	* Hold down button. Either plug in USB or software reset it. _While_holding_down_button_ (red and yellow LEDs are lit) you can\r
	68	* issue one or more of the "prox bootrom <file>" "prox fpga <file>" "prox load <file>", be sure to hold button down for the\r
	69	* entire duration of the flash process. Only release the button when flashing is complete and you want to let the board boot.\r
	70	* This process may be less convenient but it's safer and avoids "unintentional" flashing of the board.\r
	71	**************************************************************************************************************************\r
	72	LED boot sequence now changed, C (red) lights up when boot code jumps from flash to RAM boot code, A (yellow) lights up after\r
	73	clocks have been initialized, B (green) lights up when jumping from boot code to main code, then D (red led away from the others)\r
	74	lights up while code is being downloaded to FPGA, then all leds turn off and board is ready for action.\r
	75	\r
	76	With these changes the board now boots and is ready to use in about 3 seconds. Also since the USB bus is not initialized\r
	77	twice (once during boot, then again when the main code runs) unless the button is held down at boot, this seems to avoid\r
	78	the double USB connect and "USB device not recognized" when device is connected to the USB bus or software reset.\r
	79	\r
	80	################\r
	81	## 2008/12/06 ##\r
	82	################\r
	83	armsrc/fpga.c\r
	84	Implemented function SetupSpi() to initialize the Serial Peripheral Interface (SPI) in preparation to adding an LCD to the board.\r
	85	Changed FpgaWriteConfWord() to use the SPI communication now instead of bit banging the serial data to the FPGA.\r
	86	\r
	87	fpga/fpga.v\r
	88	The FPGA config word serializer required non standard SPI communication (ie for shifting in a 8 bit word, it required a 9th clock\r
	89	cycle with NCS high to load the word from the shift register to the conf register). This was OK for manually bitbanging it but not\r
	90	suitable for using SPI comms. The serializer was fixed to load the conf word from the shift register on a NCS lo-hi transition and\r
	91	not require additional clocking.\r
	92	\r
	93	armsrc/fpgaimg.c\r
	94	Recompiled FPGA code after changes above.\r
	95	\r
	96	armsrc/LCD.c\r
	97	LCD driver for PCF8833 based LCDs like those found on Nokia models 2600,2650,3100,3120,5140,6030,6100,6610,7210,7250 maybe\r
	98	others. These color LCDs have a resolution of 132x132 and a serial interface. They are very cheap like even down to $2/pc\r
99	This LCD driver is a straight rip of that found at http://www.sparkfun.com/datasheets/LCD/Jimbo-Nokia-SAM7-Example.zip with\r
100	very small changes, mainly to integrate it and make it compile with our codebase. Also comented out the circle subroutines\r
101	to keep the code to integer math only.\r
102	\r
103	armsrc/fonts.c\r
104	Font definition for LCD driver\r
105	\r
106	armsrc/appmain.c\r
107	Fixed a small bug in CmdHIDdemodFSK (added case 4) which prevented reading some tags. When a logic 0 is immediately followed\r
108	by the start of the next transmisson (special pattern) a pattern of 4 bit duration lengths is created.\r
109	\r
110	################\r
111	## 2008/11/27 ##\r
112	################\r
113	armsrc/appmain.c\r
114	Implemented an HID tag FSK demodulator (CmdHIDdemodFSK) to obtain the tag ID code from the raw sampled waveform.\r
115	Implemented CmdHIDsimTAG which takes a 44bit HID tag ID as a hex number then creates the waveform and simulates the tag\r
116	\r
117	winsrc/command.cpp\r
118	Added command "hidfskdemod" that calls CmdHIDdemodFSK, the ARM FSK demodulator for HID tags.\r
119	\r
120	include/usb-cmd.h\r
121	New defines CMD_HID_DEMOD_FSK and CMD_HID_SIM_TAG\r
122	\r
123	2008/11/25\r
124	common/iso14443_crc.c\r
125	Moved CRC calculation code into this file as it's common to both ARM and Windows side. This file is now included as needed.\r
126	\r
127	################\r
128	## 2008/11/21 ##\r
129	################\r
130	armsrc/Makefile\r
131	Changes to split up the compilation of the ARM and produce separate S files for the FPGA code and the ARM code.\r
132	\r
133	armsrc/appmain.c\r
134	Replaced some of the hex value params in FpgaWriteConfWord with more explanatory defines.\r
135	Changes to the Tune command as it assumes wrong HF capacitor value (130pF) and produces wrong voltage readings.\r
136	Combined some of the integer arithmetic statements to improve accuracy slightly, since the voltage divider ratio is not an integer.\r
137	Voltage divider resistor network is 10M/240k = ratio of 41.6666\r
138	\r
139	Originally the calculation was rounding the ratio down to 41\r
140	3300 (mV) * 41 * sample_value / 1024\r
141	New calculation without rounding error is\r
142	3300 (mV) * 41.66666 * sample_value / 1024 => 137500 * sample_value / 1024\r
143	\r
144	New define BUTTON_PRESS() returns status of button\r
145	\r
146	armsrc/fpga.c\r
147	The current board can only take a X2S30 as there is no larger FPGA in PQFP100 package and\r
148	the smaller X2S15 FPGA can't fit the current code. The X2S30 FPGA config is fixed at 336,768 bits\r
149	The FPGA code base address and length is hard coded to occupy FLASH region 0x2000 - 0xC470.\r
150	\r
151	armsrc/ldscript-fpga\r
152	New file to place the FPGA code at FLASH address 0x2000\r
153	\r
154	bootrom/Makefile\r
155	Slight changes, commented out the generation of byteswapped S file, the other S files are generated in the same section of the makefile now.\r
156	\r
157	bootrom/bootrom.c\r
158	Changed some thumb code with a one line ARM code which is clearer and more explicit. Processor runs in ARM mode at reset anyway.\r
159	Changed jump to RAM address, used to jump to 0x2000 (now FPGA area), now jumps to 0x10000.\r
160	\r
161	bootrom/flash-reset.s\r
162	Changed name of CMain to CopyBootToRAM. Streamlined reset code, fixed up stack pointer initialization.\r
163	\r
164	bootrom/fromflash.c\r
165	Removed the whole section of initializing clocks, this is redundant as it's being done once we jump to boot code in RAM\r
166	All fromflash.c does now is copy the boot code to ram and jumps to it.\r
167	\r
168	bootrom/ram-reset.s\r
169	Fixed up stack pointer initialization that caused crash when using "loread"\r
170	\r
171	include/at91sam7s128.h\r
172	New defines for debug register, lets you identify what processor flavour the code runs on, RAM and FLASH sizes, etc.\r
173	\r
174	include/proxmark3.h\r
175	New useful defines for relay and button\r
176	\r
177	winsrc/Makefile\r
178	Added new define /D_CRT_SECURE_NO_WARNINGS to elliminate a _whole bunch_ of bogus compilation warnings\r
179	\r
180	winsrc/command.cpp\r
181	Changed CmdLosamples to take a numeric argument (number of samples x4 to retrieve from buffer)\r
182	New command Quit to exit the program from the GUI command prompt.\r
183	\r
184	winsrc/gui.cpp\r
185	Fixup compilation warnings.\r
186	\r
187	winsrc/prox.cpp\r
188	Tidy up printing to stdout, flashing progress now updates on the same line instead of scrolling up.\r
189	New command line parameter to load FPGA image to FLASH.\r