]>
Commit | Line | Data |
---|---|---|
6658905f | 1 | //----------------------------------------------------------------------------- |
2 | // ISO14443-A support for the Proxmark III | |
3 | // Gerhard de Koning Gans, April 2008 | |
4 | //----------------------------------------------------------------------------- | |
5 | ||
6 | module hi_iso14443a( | |
5ea2a248 | 7 | ck_1356meg, |
6658905f | 8 | pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4, |
9 | adc_d, adc_clk, | |
10 | ssp_frame, ssp_din, ssp_dout, ssp_clk, | |
6658905f | 11 | dbg, |
12 | mod_type | |
13 | ); | |
5ea2a248 | 14 | input ck_1356meg; |
6658905f | 15 | output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4; |
16 | input [7:0] adc_d; | |
17 | output adc_clk; | |
18 | input ssp_dout; | |
19 | output ssp_frame, ssp_din, ssp_clk; | |
6658905f | 20 | output dbg; |
cd028159 | 21 | input [3:0] mod_type; |
6658905f | 22 | |
6658905f | 23 | |
d714d3ef | 24 | wire adc_clk = ck_1356meg; |
25 | ||
6658905f | 26 | |
d714d3ef | 27 | |
28 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
29 | // Reader -> PM3: | |
30 | // detecting and shaping the reader's signal. Reader will modulate the carrier by 100% (signal is either on or off). Use a | |
31 | // hysteresis (Schmitt Trigger) to avoid false triggers during slowly increasing or decreasing carrier amplitudes | |
32 | reg after_hysteresis; | |
6658905f | 33 | reg [11:0] has_been_low_for; |
7bc95e2e | 34 | |
6658905f | 35 | always @(negedge adc_clk) |
36 | begin | |
d714d3ef | 37 | if(adc_d >= 16) after_hysteresis <= 1'b1; // U >= 1,14V -> after_hysteresis = 1 |
38 | else if(adc_d < 8) after_hysteresis <= 1'b0; // U < 1,04V -> after_hysteresis = 0 | |
39 | // Note: was >= 3,53V and <= 1,19V. The new trigger values allow more reliable detection of the first bit | |
40 | // (it might not reach 3,53V due to the high time constant of the high pass filter in the analogue RF part). | |
41 | // In addition, the new values are more in line with ISO14443-2: "The PICC shall detect the ”End of Pause” after the field exceeds | |
42 | // 5% of H_INITIAL and before it exceeds 60% of H_INITIAL." Depending on the signal strength, 60% might well be less than 3,53V. | |
6658905f | 43 | |
6658905f | 44 | |
d714d3ef | 45 | // detecting a loss of reader's field (adc_d < 192 for 4096 clock cycles). If this is the case, |
46 | // set the detected reader signal (after_hysteresis) to '1' (unmodulated) | |
47 | if(adc_d >= 192) | |
6658905f | 48 | begin |
7bc95e2e | 49 | has_been_low_for <= 12'd0; |
6658905f | 50 | end |
51 | else | |
52 | begin | |
53 | if(has_been_low_for == 12'd4095) | |
54 | begin | |
55 | has_been_low_for <= 12'd0; | |
d714d3ef | 56 | after_hysteresis <= 1'b1; |
6658905f | 57 | end |
58 | else | |
7bc95e2e | 59 | begin |
6658905f | 60 | has_been_low_for <= has_been_low_for + 1; |
7bc95e2e | 61 | end |
6658905f | 62 | end |
d714d3ef | 63 | |
6658905f | 64 | end |
65 | ||
7bc95e2e | 66 | |
67 | ||
d714d3ef | 68 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
69 | // Reader -> PM3 | |
70 | // detect when a reader is active (modulating). We assume that the reader is active, if we see the carrier off for at least 8 | |
71 | // carrier cycles. We assume that the reader is inactive, if the carrier stayed high for at least 256 carrier cycles. | |
72 | reg deep_modulation; | |
73 | reg [2:0] deep_counter; | |
74 | reg [8:0] saw_deep_modulation; | |
e691fc45 | 75 | |
d714d3ef | 76 | always @(negedge adc_clk) |
77 | begin | |
78 | if(~(| adc_d[7:0])) // if adc_d == 0 (U <= 0,94V) | |
79 | begin | |
80 | if(deep_counter == 3'd7) // adc_d == 0 for 8 adc_clk ticks -> deep_modulation (by reader) | |
81 | begin | |
82 | deep_modulation <= 1'b1; | |
83 | saw_deep_modulation <= 8'd0; | |
84 | end | |
85 | else | |
86 | deep_counter <= deep_counter + 1; | |
87 | end | |
88 | else | |
89 | begin | |
90 | deep_counter <= 3'd0; | |
91 | if(saw_deep_modulation == 8'd255) // adc_d != 0 for 256 adc_clk ticks -> deep_modulation is over, probably waiting for tag's response | |
92 | deep_modulation <= 1'b0; | |
93 | else | |
94 | saw_deep_modulation <= saw_deep_modulation + 1; | |
95 | end | |
96 | end | |
e691fc45 | 97 | |
6658905f | 98 | |
6658905f | 99 | |
d714d3ef | 100 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
101 | // Tag -> PM3 | |
102 | // filter the input for a tag's signal. The filter box needs the 4 previous input values and is a gaussian derivative filter | |
103 | // for noise reduction and edge detection. | |
104 | // store 4 previous samples: | |
105 | reg [7:0] input_prev_4, input_prev_3, input_prev_2, input_prev_1; | |
30364d27 | 106 | |
6658905f | 107 | always @(negedge adc_clk) |
108 | begin | |
d714d3ef | 109 | input_prev_4 <= input_prev_3; |
110 | input_prev_3 <= input_prev_2; | |
111 | input_prev_2 <= input_prev_1; | |
112 | input_prev_1 <= adc_d; | |
113 | end | |
114 | ||
30364d27 | 115 | // adc_d_filtered = 2*input_prev4 + 1*input_prev3 + 0*input_prev2 - 1*input_prev1 - 2*input |
116 | // = (2*input_prev4 + input_prev3) - (2*input + input_prev1) | |
117 | wire [8:0] input_prev_4_times_2 = input_prev_4 << 1; | |
118 | wire [8:0] adc_d_times_2 = adc_d << 1; | |
119 | ||
120 | wire [9:0] tmp1 = input_prev_4_times_2 + input_prev_3; | |
121 | wire [9:0] tmp2 = adc_d_times_2 + input_prev_1; | |
122 | ||
123 | // convert intermediate signals to signed and calculate the filter output | |
124 | wire signed [10:0] adc_d_filtered = {1'b0, tmp1} - {1'b0, tmp2}; | |
125 | ||
d714d3ef | 126 | |
6658905f | 127 | |
d714d3ef | 128 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
129 | // internal FPGA timing. Maximum required period is 128 carrier clock cycles for a full 8 Bit transfer to ARM. (i.e. we need a | |
130 | // 7 bit counter). Adjust its frequency to external reader's clock when simulating a tag or sniffing. | |
131 | reg pre_after_hysteresis; | |
132 | reg [3:0] reader_falling_edge_time; | |
133 | reg [6:0] negedge_cnt; | |
134 | ||
135 | always @(negedge adc_clk) | |
136 | begin | |
137 | // detect a reader signal's falling edge and remember its timing: | |
138 | pre_after_hysteresis <= after_hysteresis; | |
139 | if (pre_after_hysteresis && ~after_hysteresis) | |
140 | begin | |
141 | reader_falling_edge_time[3:0] <= negedge_cnt[3:0]; | |
142 | end | |
143 | ||
144 | // adjust internal timer counter if necessary: | |
5ea2a248 | 145 | if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation) |
6658905f | 146 | begin |
d714d3ef | 147 | if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time. |
6658905f | 148 | begin |
d714d3ef | 149 | negedge_cnt <= negedge_cnt + 2; // time warp |
150 | end | |
151 | else if (reader_falling_edge_time == 4'd0) // reader signal changes right before sampling. Better sample later next time. | |
152 | begin | |
153 | negedge_cnt <= negedge_cnt; // freeze time | |
6658905f | 154 | end |
155 | else | |
156 | begin | |
d714d3ef | 157 | negedge_cnt <= negedge_cnt + 1; // Continue as usual |
6658905f | 158 | end |
d714d3ef | 159 | reader_falling_edge_time[3:0] <= 4'd8; // adjust only once per detected edge |
6658905f | 160 | end |
d714d3ef | 161 | else if (negedge_cnt == 7'd127) // normal operation: count from 0 to 127 |
6658905f | 162 | begin |
d714d3ef | 163 | negedge_cnt <= 0; |
7bc95e2e | 164 | end |
d714d3ef | 165 | else |
166 | begin | |
167 | negedge_cnt <= negedge_cnt + 1; | |
168 | end | |
169 | end | |
7bc95e2e | 170 | |
d714d3ef | 171 | |
172 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
173 | // Tag -> PM3: | |
174 | // determine best possible time for starting/resetting the modulation detector. | |
175 | reg [3:0] mod_detect_reset_time; | |
176 | ||
177 | always @(negedge adc_clk) | |
178 | begin | |
5ea2a248 | 179 | if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) |
30364d27 | 180 | // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by |
181 | // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks). | |
182 | // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e. | |
183 | // at mod_detect_reset_time+4 and mod_detect_reset_time+12 (-4 ticks). | |
184 | // 9 + 4 + 3 + 7 - 4 = 19. 19 mod 16 = 3 | |
7bc95e2e | 185 | begin |
30364d27 | 186 | mod_detect_reset_time <= 4'd4; |
d714d3ef | 187 | end |
188 | else | |
5ea2a248 | 189 | if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) |
d714d3ef | 190 | begin |
191 | // detect a rising edge of reader's signal and sync modulation detector to the tag's answer: | |
192 | if (~pre_after_hysteresis && after_hysteresis && deep_modulation) | |
193 | // reader signal rising edge detected at negedge_cnt[3:0]. This signal had been delayed | |
194 | // 9 ticks by the RF part + 3 ticks by the A/D converter + 1 tick to assign to after_hysteresis. | |
30364d27 | 195 | // Then the same as above. |
196 | // - 9 - 3 - 1 + 4 + 3 + 7 - 4 = -3 | |
e691fc45 | 197 | begin |
30364d27 | 198 | mod_detect_reset_time <= negedge_cnt[3:0] - 4'd3; |
e691fc45 | 199 | end |
7bc95e2e | 200 | end |
d714d3ef | 201 | end |
202 | ||
203 | ||
204 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
205 | // Tag -> PM3: | |
206 | // modulation detector. Looks for the steepest falling and rising edges within a 16 clock period. If there is both a significant | |
207 | // falling and rising edge (in any order), a modulation is detected. | |
208 | reg signed [10:0] rx_mod_falling_edge_max; | |
209 | reg signed [10:0] rx_mod_rising_edge_max; | |
210 | reg curbit; | |
211 | ||
30364d27 | 212 | `define EDGE_DETECT_THRESHOLD 5 |
213 | ||
d714d3ef | 214 | always @(negedge adc_clk) |
215 | begin | |
216 | if(negedge_cnt[3:0] == mod_detect_reset_time) | |
217 | begin | |
218 | // detect modulation signal: if modulating, there must have been a falling AND a rising edge | |
30364d27 | 219 | if ((rx_mod_falling_edge_max > `EDGE_DETECT_THRESHOLD) && (rx_mod_rising_edge_max < -`EDGE_DETECT_THRESHOLD)) |
d714d3ef | 220 | curbit <= 1'b1; // modulation |
221 | else | |
222 | curbit <= 1'b0; // no modulation | |
223 | // reset modulation detector | |
224 | rx_mod_rising_edge_max <= 0; | |
225 | rx_mod_falling_edge_max <= 0; | |
226 | end | |
227 | else // look for steepest edges (slopes) | |
7bc95e2e | 228 | begin |
229 | if (adc_d_filtered > 0) | |
230 | begin | |
231 | if (adc_d_filtered > rx_mod_falling_edge_max) | |
232 | rx_mod_falling_edge_max <= adc_d_filtered; | |
233 | end | |
234 | else | |
235 | begin | |
30364d27 | 236 | if (adc_d_filtered < rx_mod_rising_edge_max) |
237 | rx_mod_rising_edge_max <= adc_d_filtered; | |
7bc95e2e | 238 | end |
239 | end | |
240 | ||
d714d3ef | 241 | end |
242 | ||
e691fc45 | 243 | |
e691fc45 | 244 | |
d714d3ef | 245 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
246 | // Tag+Reader -> PM3 | |
247 | // sample 4 bits reader data and 4 bits tag data for sniffing | |
248 | reg [3:0] reader_data; | |
249 | reg [3:0] tag_data; | |
250 | ||
251 | always @(negedge adc_clk) | |
252 | begin | |
253 | if(negedge_cnt[3:0] == 4'd0) | |
6658905f | 254 | begin |
d714d3ef | 255 | reader_data[3:0] <= {reader_data[2:0], after_hysteresis}; |
256 | tag_data[3:0] <= {tag_data[2:0], curbit}; | |
257 | end | |
258 | end | |
259 | ||
7bc95e2e | 260 | |
261 | ||
d714d3ef | 262 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
30364d27 | 263 | // PM3 -> Reader: |
d714d3ef | 264 | // a delay line to ensure that we send the (emulated) tag's answer at the correct time according to ISO14443-3 |
265 | reg [31:0] mod_sig_buf; | |
266 | reg [4:0] mod_sig_ptr; | |
267 | reg mod_sig; | |
268 | ||
269 | always @(negedge adc_clk) | |
270 | begin | |
271 | if(negedge_cnt[3:0] == 4'd0) // sample data at rising edge of ssp_clk - ssp_dout changes at the falling edge. | |
7bc95e2e | 272 | begin |
d714d3ef | 273 | mod_sig_buf[31:2] <= mod_sig_buf[30:1]; // shift |
274 | if (~ssp_dout && ~mod_sig_buf[1]) | |
275 | mod_sig_buf[1] <= 1'b0; // delete the correction bit (a single 1 preceded and succeeded by 0) | |
7bc95e2e | 276 | else |
d714d3ef | 277 | mod_sig_buf[1] <= mod_sig_buf[0]; |
278 | mod_sig_buf[0] <= ssp_dout; // add new data to the delay line | |
279 | ||
280 | mod_sig = mod_sig_buf[mod_sig_ptr]; // the delayed signal. | |
7bc95e2e | 281 | end |
d714d3ef | 282 | end |
7bc95e2e | 283 | |
d7aa3739 | 284 | |
285 | ||
d714d3ef | 286 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
30364d27 | 287 | // PM3 -> Reader, internal timing: |
d714d3ef | 288 | // a timer for the 1172 cycles fdt (Frame Delay Time). Start the timer with a rising edge of the reader's signal. |
289 | // set fdt_elapsed when we no longer need to delay data. Set fdt_indicator when we can start sending data. | |
290 | // Note: the FPGA only takes care for the 1172 delay. To achieve an additional 1236-1172=64 ticks delay, the ARM must send | |
291 | // a correction bit (before the start bit). The correction bit will be coded as 00010000, i.e. it adds 4 bits to the | |
292 | // transmission stream, causing the required additional delay. | |
293 | reg [10:0] fdt_counter; | |
294 | reg fdt_indicator, fdt_elapsed; | |
295 | reg [3:0] mod_sig_flip; | |
296 | reg [3:0] sub_carrier_cnt; | |
d7aa3739 | 297 | |
d714d3ef | 298 | // we want to achieve a delay of 1172. The RF part already has delayed the reader signals's rising edge |
299 | // by 9 ticks, the ADC took 3 ticks and there is always a delay of 32 ticks by the mod_sig_buf. Therefore need to | |
300 | // count to 1172 - 9 - 3 - 32 = 1128 | |
301 | `define FDT_COUNT 11'd1128 | |
d7aa3739 | 302 | |
d714d3ef | 303 | // The ARM must not send too early, otherwise the mod_sig_buf will overflow, therefore signal that we are ready |
304 | // with fdt_indicator. The mod_sig_buf can buffer 29 excess data bits, i.e. a maximum delay of 29 * 16 = 464 adc_clk ticks. | |
b35e04a7 | 305 | // fdt_indicator is assigned to sendbit after at least 1 tick, the transfer to ARM needs minimum 8 ticks. Response from |
306 | // ARM could appear at ssp_dout 8 ticks later. | |
307 | // 1128 - 464 - 1 - 8 - 8 = 647 | |
308 | `define FDT_INDICATOR_COUNT 11'd647 | |
309 | // Note: worst case, assignment to sendbit takes 15 ticks more, and transfer to ARM needs 7*16 = 112 ticks more. | |
310 | // When the ARM's response then appears, the fdt_count is already 647 + 15 + 112 = 774, which still allows the ARM a possible | |
311 | // response window of 1128 - 774 = 354 ticks. | |
d7aa3739 | 312 | |
d714d3ef | 313 | // reset on a pause in listen mode. I.e. the counter starts when the pause is over: |
5ea2a248 | 314 | assign fdt_reset = ~after_hysteresis && mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN; |
d714d3ef | 315 | |
316 | always @(negedge adc_clk) | |
317 | begin | |
318 | if (fdt_reset) | |
d7aa3739 | 319 | begin |
d714d3ef | 320 | fdt_counter <= 11'd0; |
321 | fdt_elapsed <= 1'b0; | |
322 | fdt_indicator <= 1'b0; | |
323 | end | |
324 | else | |
325 | begin | |
326 | if(fdt_counter == `FDT_COUNT) | |
327 | begin | |
328 | if(~fdt_elapsed) // just reached fdt. | |
329 | begin | |
330 | mod_sig_flip <= negedge_cnt[3:0]; // start modulation at this time | |
331 | sub_carrier_cnt <= 4'd0; // subcarrier phase in sync with start of modulation | |
332 | fdt_elapsed <= 1'b1; | |
333 | end | |
334 | else | |
335 | begin | |
336 | sub_carrier_cnt <= sub_carrier_cnt + 1; | |
337 | end | |
d7aa3739 | 338 | end |
d7aa3739 | 339 | else |
340 | begin | |
d714d3ef | 341 | fdt_counter <= fdt_counter + 1; |
d7aa3739 | 342 | end |
d7aa3739 | 343 | end |
344 | ||
d714d3ef | 345 | if(fdt_counter == `FDT_INDICATOR_COUNT) fdt_indicator <= 1'b1; |
346 | end | |
347 | ||
d7aa3739 | 348 | |
d714d3ef | 349 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
350 | // PM3 -> Reader or Tag | |
351 | // assign a modulation signal to the antenna. This signal is either a delayed signal (to achieve fdt when sending to a reader) | |
352 | // or undelayed when sending to a tag | |
353 | reg mod_sig_coil; | |
d7aa3739 | 354 | |
d714d3ef | 355 | always @(negedge adc_clk) |
356 | begin | |
5ea2a248 | 357 | if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing |
7bc95e2e | 358 | begin |
d714d3ef | 359 | if(fdt_counter == `FDT_COUNT) |
6658905f | 360 | begin |
d714d3ef | 361 | if(fdt_elapsed) |
7bc95e2e | 362 | begin |
d714d3ef | 363 | if(negedge_cnt[3:0] == mod_sig_flip) mod_sig_coil <= mod_sig; |
7bc95e2e | 364 | end |
6658905f | 365 | else |
7bc95e2e | 366 | begin |
d714d3ef | 367 | mod_sig_coil <= mod_sig; // just reached fdt. Immediately assign signal to coil |
368 | end | |
7bc95e2e | 369 | end |
d714d3ef | 370 | end |
371 | else // other modes: don't delay | |
372 | begin | |
373 | mod_sig_coil <= ssp_dout; | |
374 | end | |
375 | end | |
376 | ||
377 | ||
378 | ||
379 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
380 | // PM3 -> Reader | |
381 | // determine the required delay in the mod_sig_buf (set mod_sig_ptr). | |
382 | reg temp_buffer_reset; | |
383 | ||
384 | always @(negedge adc_clk) | |
385 | begin | |
386 | if(fdt_reset) | |
387 | begin | |
388 | mod_sig_ptr <= 5'd0; | |
389 | temp_buffer_reset = 1'b0; | |
390 | end | |
391 | else | |
392 | begin | |
393 | if(fdt_counter == `FDT_COUNT && ~fdt_elapsed) // if we just reached fdt | |
394 | if(~(| mod_sig_ptr[4:0])) | |
395 | mod_sig_ptr <= 5'd8; // ... but didn't buffer a 1 yet, delay next 1 by n*128 ticks. | |
396 | else | |
397 | temp_buffer_reset = 1'b1; // else no need for further delays. | |
398 | ||
399 | if(negedge_cnt[3:0] == 4'd0) // at rising edge of ssp_clk - ssp_dout changes at the falling edge. | |
6658905f | 400 | begin |
d714d3ef | 401 | if((ssp_dout || (| mod_sig_ptr[4:0])) && ~fdt_elapsed) // buffer a 1 (and all subsequent data) until fdt is reached. |
402 | if (mod_sig_ptr == 5'd31) | |
403 | mod_sig_ptr <= 5'd0; // buffer overflow - data loss. | |
404 | else | |
405 | mod_sig_ptr <= mod_sig_ptr + 1; // increase buffer (= increase delay by 16 adc_clk ticks). mod_sig_ptr always points ahead of first 1. | |
406 | else if(fdt_elapsed && ~temp_buffer_reset) | |
407 | begin | |
408 | // wait for the next 1 after fdt_elapsed before fixing the delay and starting modulation. This ensures that the response can only happen | |
409 | // at intervals of 8 * 16 = 128 adc_clk ticks (as defined in ISO14443-3) | |
410 | if(ssp_dout) | |
411 | temp_buffer_reset = 1'b1; | |
412 | if(mod_sig_ptr == 5'd1) | |
413 | mod_sig_ptr <= 5'd8; // still nothing received, need to go for the next interval | |
414 | else | |
415 | mod_sig_ptr <= mod_sig_ptr - 1; // decrease buffer. | |
416 | end | |
6658905f | 417 | end |
d714d3ef | 418 | end |
419 | end | |
420 | ||
421 | ||
422 | ||
423 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
424 | // FPGA -> ARM communication: | |
425 | // buffer 8 bits data to be sent to ARM. Shift them out bit by bit. | |
426 | reg [7:0] to_arm; | |
427 | ||
428 | always @(negedge adc_clk) | |
429 | begin | |
430 | if (negedge_cnt[5:0] == 6'd63) // fill the buffer | |
7bc95e2e | 431 | begin |
5ea2a248 | 432 | if (mod_type == `FPGA_HF_ISO14443A_SNIFFER) |
6658905f | 433 | begin |
d714d3ef | 434 | if(deep_modulation) // a reader is sending (or there's no field at all) |
435 | begin | |
436 | to_arm <= {reader_data[3:0], 4'b0000}; // don't send tag data | |
437 | end | |
438 | else | |
439 | begin | |
440 | to_arm <= {reader_data[3:0], tag_data[3:0]}; | |
441 | end | |
6658905f | 442 | end |
443 | else | |
444 | begin | |
d714d3ef | 445 | to_arm[7:0] <= {mod_sig_ptr[4:0], mod_sig_flip[3:1]}; // feedback timing information |
6658905f | 446 | end |
d714d3ef | 447 | end |
d7aa3739 | 448 | |
5ea2a248 | 449 | if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed |
6658905f | 450 | begin |
d714d3ef | 451 | // Don't shift if we just loaded new data, obviously. |
452 | if(negedge_cnt[5:0] != 6'd0) | |
6658905f | 453 | begin |
d714d3ef | 454 | to_arm[7:1] <= to_arm[6:0]; |
7bc95e2e | 455 | end |
d714d3ef | 456 | end |
457 | ||
5ea2a248 | 458 | if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER) |
d714d3ef | 459 | begin |
460 | // Don't shift if we just loaded new data, obviously. | |
461 | if(negedge_cnt[6:0] != 7'd0) | |
7bc95e2e | 462 | begin |
d714d3ef | 463 | to_arm[7:1] <= to_arm[6:0]; |
6658905f | 464 | end |
465 | end | |
466 | ||
d714d3ef | 467 | end |
468 | ||
469 | ||
470 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
30364d27 | 471 | // FPGA <-> ARM communication: |
d714d3ef | 472 | // generate a ssp clock and ssp frame signal for the synchronous transfer from/to the ARM |
473 | reg ssp_clk; | |
474 | reg ssp_frame; | |
d714d3ef | 475 | |
476 | always @(negedge adc_clk) | |
477 | begin | |
5ea2a248 | 478 | if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) |
479 | // FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)): | |
6658905f | 480 | begin |
d714d3ef | 481 | if(negedge_cnt[2:0] == 3'd0) |
6658905f | 482 | ssp_clk <= 1'b1; |
d714d3ef | 483 | if(negedge_cnt[2:0] == 3'd4) |
484 | ssp_clk <= 1'b0; | |
6658905f | 485 | |
d714d3ef | 486 | if(negedge_cnt[5:0] == 6'd0) // ssp_frame rising edge indicates start of frame |
487 | ssp_frame <= 1'b1; | |
488 | if(negedge_cnt[5:0] == 6'd8) | |
489 | ssp_frame <= 1'b0; | |
6658905f | 490 | end |
491 | else | |
e691fc45 | 492 | // all other modes (ssp_clk = adc_clk / 16, ssp_frame clock = adc_clk / 128): |
6658905f | 493 | begin |
d714d3ef | 494 | if(negedge_cnt[3:0] == 4'd0) |
495 | ssp_clk <= 1'b1; | |
496 | if(negedge_cnt[3:0] == 4'd8) | |
497 | ssp_clk <= 1'b0; | |
6658905f | 498 | |
5ea2a248 | 499 | if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk |
d714d3ef | 500 | ssp_frame <= 1'b1; |
501 | if(negedge_cnt[6:0] == 7'd23) | |
502 | ssp_frame <= 1'b0; | |
503 | end | |
504 | end | |
6658905f | 505 | |
d714d3ef | 506 | |
507 | ||
508 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
509 | // FPGA -> ARM communication: | |
510 | // select the data to be sent to ARM | |
511 | reg bit_to_arm; | |
512 | reg sendbit; | |
513 | ||
514 | always @(negedge adc_clk) | |
515 | begin | |
516 | if(negedge_cnt[3:0] == 4'd0) | |
517 | begin | |
518 | // What do we communicate to the ARM | |
5ea2a248 | 519 | if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) |
d714d3ef | 520 | sendbit = after_hysteresis; |
5ea2a248 | 521 | else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) |
d714d3ef | 522 | /* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh? |
523 | else */ | |
524 | sendbit = fdt_indicator; | |
5ea2a248 | 525 | else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN) |
d714d3ef | 526 | sendbit = curbit; |
7bc95e2e | 527 | else |
d714d3ef | 528 | sendbit = 1'b0; |
529 | end | |
6658905f | 530 | |
6658905f | 531 | |
5ea2a248 | 532 | if(mod_type == `FPGA_HF_ISO14443A_SNIFFER) |
d714d3ef | 533 | // send sampled reader and tag data: |
534 | bit_to_arm = to_arm[7]; | |
5ea2a248 | 535 | else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset) |
d714d3ef | 536 | // send timing information: |
537 | bit_to_arm = to_arm[7]; | |
538 | else | |
539 | // send data or fdt_indicator | |
540 | bit_to_arm = sendbit; | |
541 | end | |
542 | ||
543 | ||
544 | ||
545 | ||
546 | assign ssp_din = bit_to_arm; | |
e691fc45 | 547 | |
5ea2a248 | 548 | // Subcarrier (adc_clk/16, for FPGA_HF_ISO14443A_TAGSIM_MOD only). |
7bc95e2e | 549 | wire sub_carrier; |
550 | assign sub_carrier = ~sub_carrier_cnt[3]; | |
e691fc45 | 551 | |
5ea2a248 | 552 | // in FPGA_HF_ISO14443A_READER_MOD: drop carrier for mod_sig_coil==1 (pause); in FPGA_HF_ISO14443A_READER_LISTEN: carrier always on; in other modes: carrier always off |
553 | assign pwr_hi = (ck_1356meg & (((mod_type == `FPGA_HF_ISO14443A_READER_MOD) & ~mod_sig_coil) || (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN))); | |
6658905f | 554 | |
6658905f | 555 | |
e691fc45 | 556 | // Enable HF antenna drivers: |
6658905f | 557 | assign pwr_oe1 = 1'b0; |
e691fc45 | 558 | assign pwr_oe3 = 1'b0; |
559 | ||
5ea2a248 | 560 | // FPGA_HF_ISO14443A_TAGSIM_MOD: short circuit antenna with different resistances (modulated by sub_carrier modulated by mod_sig_coil) |
e691fc45 | 561 | // for pwr_oe4 = 1 (tristate): antenna load = 10k || 33 = 32,9 Ohms |
562 | // for pwr_oe4 = 0 (active): antenna load = 10k || 33 || 33 = 16,5 Ohms | |
5ea2a248 | 563 | assign pwr_oe4 = mod_sig_coil & sub_carrier & (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD); |
6658905f | 564 | |
e691fc45 | 565 | // This is all LF, so doesn't matter. |
566 | assign pwr_oe2 = 1'b0; | |
567 | assign pwr_lo = 1'b0; | |
6658905f | 568 | |
569 | ||
570 | assign dbg = negedge_cnt[3]; | |
571 | ||
6658905f | 572 | endmodule |