//-----------------------------------------------------------------------------\r
#include <proxmark3.h>\r
#include "apps.h"\r
-#include "../common/iso14443_crc.c"\r
+#include "iso14443crc.h"\r
\r
\r
//static void GetSamplesFor14443(BOOL weTx, int n);\r
\r
-#define DMA_BUFFER_SIZE 256\r
+#define DEMOD_TRACE_SIZE 4096\r
+#define READER_TAG_BUFFER_SIZE 2048\r
+#define TAG_READER_BUFFER_SIZE 2048\r
+#define DMA_BUFFER_SIZE 1024\r
\r
//=============================================================================\r
// An ISO 14443 Type B tag. We listen for commands from the reader, using\r
BYTE *output;\r
} Uart;\r
\r
+/* Receive & handle a bit coming from the reader.\r
+ *\r
+ * LED handling:\r
+ * LED A -> ON once we have received the SOF and are expecting the rest.\r
+ * LED A -> OFF once we have received EOF or are in error state or unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ */\r
static BOOL Handle14443UartBit(int bit)\r
{\r
switch(Uart.state) {\r
case STATE_UNSYNCD:\r
+ LED_A_OFF();\r
if(!bit) {\r
// we went low, so this could be the beginning\r
// of an SOF\r
Uart.posCnt = 0;\r
Uart.byteCnt = 0;\r
Uart.state = STATE_AWAITING_START_BIT;\r
+ LED_A_ON(); // Indicate we got a valid SOF\r
} else {\r
// didn't stay down long enough\r
// before going high, error\r
Uart.bitCnt = 0;\r
Uart.shiftReg = 0;\r
Uart.state = STATE_RECEIVING_DATA;\r
+ LED_A_ON(); // Indicate we're receiving\r
}\r
break;\r
\r
}\r
} else if(Uart.shiftReg == 0x000) {\r
// this is an EOF byte\r
+ LED_A_OFF(); // Finished receiving\r
return TRUE;\r
} else {\r
// this is an error\r
break;\r
}\r
\r
+ if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error\r
+\r
return FALSE;\r
}\r
\r
\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);\r
\r
\r
if(BUTTON_PRESS()) return FALSE;\r
\r
- if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
- SSC_TRANSMIT_HOLDING = 0x00;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ AT91C_BASE_SSC->SSC_THR = 0x00;\r
}\r
- if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
- BYTE b = (BYTE)SSC_RECEIVE_HOLDING;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
+ BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR;\r
\r
mask = 0x80;\r
for(i = 0; i < 8; i++, mask >>= 1) {\r
BYTE b1, b2;\r
\r
if(!GetIso14443CommandFromReader(receivedCmd, &len, 100)) {\r
- DbpIntegers(cmdsRecvd, 0, 0);\r
- DbpString("button press");\r
- break;\r
+ Dbprintf("button pressed, received %d commands", cmdsRecvd);\r
+ break;\r
}\r
\r
// Good, look at the command now.\r
if(len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len)==0) {\r
resp = resp1; respLen = resp1Len;\r
} else {\r
- DbpString("new cmd from reader:");\r
- DbpIntegers(len, 0x1234, cmdsRecvd);\r
+ Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsRecvd);\r
// And print whether the CRC fails, just for good measure\r
ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);\r
if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {\r
if(respLen <= 0) continue;\r
\r
// Modulate BPSK\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);\r
- SSC_TRANSMIT_HOLDING = 0xff;\r
+ AT91C_BASE_SSC->SSC_THR = 0xff;\r
FpgaSetupSsc();\r
\r
// Transmit the response.\r
i = 0;\r
for(;;) {\r
- if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
BYTE b = resp[i];\r
\r
- SSC_TRANSMIT_HOLDING = b;\r
+ AT91C_BASE_SSC->SSC_THR = b;\r
\r
i++;\r
if(i > respLen) {\r
break;\r
}\r
}\r
- if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
- volatile BYTE b = (BYTE)SSC_RECEIVE_HOLDING;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
+ volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR;\r
(void)b;\r
}\r
}\r
int sumQ;\r
} Demod;\r
\r
+/*\r
+ * Handles reception of a bit from the tag\r
+ *\r
+ * LED handling:\r
+ * LED C -> ON once we have received the SOF and are expecting the rest.\r
+ * LED C -> OFF once we have received EOF or are unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ *\r
+ */\r
static BOOL Handle14443SamplesDemod(int ci, int cq)\r
{\r
int v;\r
if(Demod.posCount < 12) {\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
+ LED_C_ON(); // Got SOF\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
Demod.posCount = 0;\r
Demod.len = 0;\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
} else if(s == 0x000) {\r
// This is EOF\r
+ LED_C_OFF();\r
return TRUE;\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
break;\r
}\r
\r
+ if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized...\r
return FALSE;\r
}\r
\r
+/*\r
+ * Demodulate the samples we received from the tag\r
+ * weTx: set to 'TRUE' if we behave like a reader\r
+ * set to 'FALSE' if we behave like a snooper\r
+ * quiet: set to 'TRUE' to disable debug output\r
+ */\r
static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet)\r
{\r
int max = 0;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
\r
+ // Signal field is ON with the appropriate LED:\r
+ if (weTx) LED_D_ON(); else LED_D_OFF();\r
// And put the FPGA in the appropriate mode\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
(weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP));\r
\r
for(;;) {\r
- int behindBy = lastRxCounter - PDC_RX_COUNTER(SSC_BASE);\r
+ int behindBy = lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR;\r
if(behindBy > max) max = behindBy;\r
\r
- LED_D_ON();\r
- while(((lastRxCounter-PDC_RX_COUNTER(SSC_BASE)) & (DMA_BUFFER_SIZE-1))\r
+ while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1))\r
> 2)\r
{\r
ci = upTo[0];\r
upTo += 2;\r
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {\r
upTo -= DMA_BUFFER_SIZE;\r
- PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo;\r
- PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE;\r
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo;\r
+ AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;\r
}\r
lastRxCounter -= 2;\r
if(lastRxCounter <= 0) {\r
gotFrame = 1;\r
}\r
}\r
- LED_D_OFF();\r
\r
if(samples > 2000) {\r
break;\r
}\r
}\r
- PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
- if (!quiet) DbpIntegers(max, gotFrame, Demod.len);\r
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;\r
+ if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len);\r
}\r
\r
//-----------------------------------------------------------------------------\r
\r
c = 0;\r
for(;;) {\r
- if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
- SSC_TRANSMIT_HOLDING = 0x43;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ AT91C_BASE_SSC->SSC_THR = 0x43;\r
}\r
- if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
SBYTE b;\r
- b = (SBYTE)SSC_RECEIVE_HOLDING;\r
+ b = (SBYTE)AT91C_BASE_SSC->SSC_RHR;\r
\r
dest[c++] = (BYTE)b;\r
\r
\r
FpgaSetupSsc();\r
\r
- while(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
- SSC_TRANSMIT_HOLDING = 0xff;\r
+ while(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ AT91C_BASE_SSC->SSC_THR = 0xff;\r
}\r
\r
- FpgaWriteConfWord(\r
+ // Signal field is ON with the appropriate Red LED\r
+ LED_D_ON();\r
+ // Signal we are transmitting with the Green LED\r
+ LED_B_ON();\r
+ FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);\r
\r
for(c = 0; c < 10;) {\r
- if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
- SSC_TRANSMIT_HOLDING = 0xff;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ AT91C_BASE_SSC->SSC_THR = 0xff;\r
c++;\r
}\r
- if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
- volatile DWORD r = SSC_RECEIVE_HOLDING;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
+ volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;\r
(void)r;\r
}\r
WDT_HIT();\r
\r
c = 0;\r
for(;;) {\r
- if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
- SSC_TRANSMIT_HOLDING = ToSend[c];\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {\r
+ AT91C_BASE_SSC->SSC_THR = ToSend[c];\r
c++;\r
if(c >= ToSendMax) {\r
break;\r
}\r
}\r
- if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
- volatile DWORD r = SSC_RECEIVE_HOLDING;\r
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {\r
+ volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;\r
(void)r;\r
}\r
WDT_HIT();\r
}\r
+ LED_B_OFF(); // Finished sending\r
}\r
\r
//-----------------------------------------------------------------------------\r
\r
//-----------------------------------------------------------------------------\r
// Read an ISO 14443 tag. We send it some set of commands, and record the\r
-// responses.
-// The command name is misleading, it actually decodes the reponse in HEX
+// responses.\r
+// The command name is misleading, it actually decodes the reponse in HEX\r
// into the output buffer (read the result using hexsamples, not hisamples)\r
//-----------------------------------------------------------------------------\r
void AcquireRawAdcSamplesIso14443(DWORD parameter)\r
\r
// Make sure that we start from off, since the tags are stateful;\r
// confusing things will happen if we don't reset them between reads.\r
- LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LED_D_OFF();\r
SpinDelay(200);\r
\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000, FALSE);\r
- LED_A_OFF();\r
+// LED_A_OFF();\r
}\r
-
+\r
//-----------------------------------------------------------------------------\r
// Read a SRI512 ISO 14443 tag.\r
-//
-// SRI512 tags are just simple memory tags, here we're looking at making a dump
-// of the contents of the memory. No anticollision algorithm is done, we assume
-// we have a single tag in the field.
-//
+//\r
+// SRI512 tags are just simple memory tags, here we're looking at making a dump\r
+// of the contents of the memory. No anticollision algorithm is done, we assume\r
+// we have a single tag in the field.\r
+//\r
// I tried to be systematic and check every answer of the tag, every CRC, etc...\r
//-----------------------------------------------------------------------------\r
void ReadSRI512Iso14443(DWORD parameter)\r
{\r
- BYTE i = 0x00;
+ ReadSTMemoryIso14443(parameter,0x0F);\r
+}\r
+void ReadSRIX4KIso14443(DWORD parameter)\r
+{\r
+ ReadSTMemoryIso14443(parameter,0x7F);\r
+}\r
+\r
+void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast)\r
+{\r
+ BYTE i = 0x00;\r
\r
// Make sure that we start from off, since the tags are stateful;\r
// confusing things will happen if we don't reset them between reads.\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
-
+\r
// First command: wake up the tag using the INITIATE command\r
BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b};\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
-
- if (Demod.len == 0) {
- DbpString("No response from tag");
- return;
- } else {
- DbpString("Randomly generated UID from tag (+ 2 byte CRC):");
- DbpIntegers(Demod.output[0], Demod.output[1],Demod.output[2]);
- }
- // There is a response, SELECT the uid
- DbpString("Now SELECT tag:");
- cmd1[0] = 0x0E; // 0x0E is SELECT
- cmd1[1] = Demod.output[0];
+// LED_A_OFF();\r
+\r
+ if (Demod.len == 0) {\r
+ DbpString("No response from tag");\r
+ return;\r
+ } else {\r
+ Dbprintf("Randomly generated UID from tag (+ 2 byte CRC): %x %x %x",\r
+ Demod.output[0], Demod.output[1],Demod.output[2]);\r
+ }\r
+ // There is a response, SELECT the uid\r
+ DbpString("Now SELECT tag:");\r
+ cmd1[0] = 0x0E; // 0x0E is SELECT\r
+ cmd1[1] = Demod.output[0];\r
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
- if (Demod.len != 3) {
- DbpString("Expected 3 bytes from tag, got:");
- DbpIntegers(Demod.len,0x0,0x0);
- return;
- }
- // Check the CRC of the answer:
+// LED_A_OFF();\r
+ if (Demod.len != 3) {\r
+ Dbprintf("Expected 3 bytes from tag, got %d", Demod.len);\r
+ return;\r
+ }\r
+ // Check the CRC of the answer:\r
ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]);\r
if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) {\r
- DbpString("CRC Error reading select response.");
- return;
- }
- // Check response from the tag: should be the same UID as the command we just sent:
- if (cmd1[1] != Demod.output[0]) {
- DbpString("Bad response to SELECT from Tag, aborting:");
- DbpIntegers(cmd1[1],Demod.output[0],0x0);
- return;
- }
- // Tag is now selected,
- // First get the tag's UID:
- cmd1[0] = 0x0B;
- ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
+ DbpString("CRC Error reading select response.");\r
+ return;\r
+ }\r
+ // Check response from the tag: should be the same UID as the command we just sent:\r
+ if (cmd1[1] != Demod.output[0]) {\r
+ Dbprintf("Bad response to SELECT from Tag, aborting: %x %x", cmd1[1], Demod.output[0]);\r
+ return;\r
+ }\r
+ // Tag is now selected,\r
+ // First get the tag's UID:\r
+ cmd1[0] = 0x0B;\r
+ ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);\r
CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
- if (Demod.len != 10) {
- DbpString("Expected 10 bytes from tag, got:");
- DbpIntegers(Demod.len,0x0,0x0);
- return;
- }
- // The check the CRC of the answer (use cmd1 as temporary variable):
+// LED_A_OFF();\r
+ if (Demod.len != 10) {\r
+ Dbprintf("Expected 10 bytes from tag, got %d", Demod.len);\r
+ return;\r
+ }\r
+ // The check the CRC of the answer (use cmd1 as temporary variable):\r
ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]);\r
if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) {\r
- DbpString("CRC Error reading block! - Below: expected, got");
- DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9],0);
- // Do not return;, let's go on... (we should retry, maybe ?)
- }
- DbpString("Tag UID (64 bits):");
- DbpIntegers((Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], 0);
-
- // Now loop to read all 16 blocks, address from 0 to 15
- DbpString("Tag memory dump, block 0 to 15");
- cmd1[0] = 0x08;
- i = 0x00;
- for (;;) {
- if (i == 0x10) {
- DbpString("System area block (0xff):");
- i = 0xff;
- }
- cmd1[1] = i;
+ Dbprintf("CRC Error reading block! - Below: expected, got %x %x",\r
+ (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]);\r
+ // Do not return;, let's go on... (we should retry, maybe ?)\r
+ }\r
+ Dbprintf("Tag UID (64 bits): %08x %08x",\r
+ (Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4],\r
+ (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0]);\r
+\r
+ // Now loop to read all 16 blocks, address from 0 to 15\r
+ DbpString("Tag memory dump, block 0 to 15");\r
+ cmd1[0] = 0x08;\r
+ i = 0x00;\r
+ dwLast++;\r
+ for (;;) {\r
+ if (i == dwLast) {\r
+ DbpString("System area block (0xff):");\r
+ i = 0xff;\r
+ }\r
+ cmd1[1] = i;\r
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();
- if (Demod.len != 6) { // Check if we got an answer from the tag
- DbpString("Expected 6 bytes from tag, got less...");
- return;
- }
- // The check the CRC of the answer (use cmd1 as temporary variable):
+// LED_A_OFF();\r
+ if (Demod.len != 6) { // Check if we got an answer from the tag\r
+ DbpString("Expected 6 bytes from tag, got less...");\r
+ return;\r
+ }\r
+ // The check the CRC of the answer (use cmd1 as temporary variable):\r
ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]);\r
if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) {\r
- DbpString("CRC Error reading block! - Below: expected, got");
- DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5],0);
- // Do not return;, let's go on... (we should retry, maybe ?)
- }
- // Now print out the memory location:
- DbpString("Address , Contents, CRC");
- DbpIntegers(i, (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], (Demod.output[4]<<8)+Demod.output[5]);
- if (i == 0xff) {
- break;
- }
- i++;
- }
+ Dbprintf("CRC Error reading block! - Below: expected, got %x %x",\r
+ (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]);\r
+ // Do not return;, let's go on... (we should retry, maybe ?)\r
+ }\r
+ // Now print out the memory location:\r
+ Dbprintf("Address=%x, Contents=%x, CRC=%x", i,\r
+ (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0],\r
+ (Demod.output[4]<<8)+Demod.output[5]);\r
+ if (i == 0xff) {\r
+ break;\r
+ }\r
+ i++;\r
+ }\r
}\r
-
+\r
\r
//=============================================================================\r
// Finally, the `sniffer' combines elements from both the reader and\r
// triggering so that we start recording at the point that the tag is moved\r
// near the reader.\r
//-----------------------------------------------------------------------------\r
+/*\r
+ * Memory usage for this function, (within BigBuf)\r
+ * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE\r
+ * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE\r
+ * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE\r
+ * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE\r
+ */\r
void SnoopIso14443(void)\r
{\r
// We won't start recording the frames that we acquire until we trigger;\r
BOOL triggered = FALSE;\r
\r
// The command (reader -> tag) that we're working on receiving.\r
- BYTE *receivedCmd = (((BYTE *)BigBuf) + 1024);\r
+ BYTE *receivedCmd = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE;\r
// The response (tag -> reader) that we're working on receiving.\r
- BYTE *receivedResponse = (((BYTE *)BigBuf) + 1536);\r
+ BYTE *receivedResponse = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE;\r
\r
// As we receive stuff, we copy it from receivedCmd or receivedResponse\r
// into trace, along with its length and other annotations.\r
int traceLen = 0;\r
\r
// The DMA buffer, used to stream samples from the FPGA.\r
-//# define DMA_BUFFER_SIZE 256\r
- SBYTE *dmaBuf = ((SBYTE *)BigBuf) + 2048;\r
+ SBYTE *dmaBuf = (SBYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE + TAG_READER_BUFFER_SIZE;\r
int lastRxCounter;\r
SBYTE *upTo;\r
int ci, cq;\r
// information in the trace buffer.\r
int samples = 0;\r
\r
- memset(trace, 0x44, 1000);\r
+ // Initialize the trace buffer\r
+ memset(trace, 0x44, DEMOD_TRACE_SIZE);\r
\r
// Set up the demodulator for tag -> reader responses.\r
Demod.output = receivedResponse;\r
Uart.byteCntMax = 100;\r
Uart.state = STATE_UNSYNCD;\r
\r
+ // Print some debug information about the buffer sizes\r
+ Dbprintf("Snooping buffers initialized:");\r
+ Dbprintf(" Trace: %i bytes", DEMOD_TRACE_SIZE);\r
+ Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE);\r
+ Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE);\r
+ Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE);\r
+ \r
+ // Use a counter for blinking the LED\r
+ long ledCount=0;\r
+ long ledFlashAt=200000;\r
+ \r
// And put the FPGA in the appropriate mode\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
FPGA_HF_READER_RX_XCORR_SNOOP);\r
upTo = dmaBuf;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
-\r
- LED_A_ON();\r
-\r
// And now we loop, receiving samples.\r
for(;;) {\r
- int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) &\r
+ // Blink the LED while Snooping\r
+ ledCount++;\r
+ if (ledCount == ledFlashAt) {\r
+ LED_D_ON();\r
+ }\r
+ if (ledCount >= 2*ledFlashAt) {\r
+ LED_D_OFF();\r
+ ledCount=0;\r
+ }\r
+ \r
+ int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &\r
(DMA_BUFFER_SIZE-1);\r
if(behindBy > maxBehindBy) {\r
maxBehindBy = behindBy;\r
- if(behindBy > 100) {\r
- DbpString("blew circular buffer!");\r
+ if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not?\r
+ Dbprintf("blew circular buffer! behindBy=%x", behindBy);\r
goto done;\r
}\r
}\r
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {\r
upTo -= DMA_BUFFER_SIZE;\r
lastRxCounter += DMA_BUFFER_SIZE;\r
- PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo;\r
- PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE;\r
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD) upTo;\r
+ AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;\r
}\r
\r
samples += 2;\r
\r
#define HANDLE_BIT_IF_BODY \\r
if(triggered) { \\r
+ ledFlashAt=30000; \\r
trace[traceLen++] = ((samples >> 0) & 0xff); \\r
trace[traceLen++] = ((samples >> 8) & 0xff); \\r
trace[traceLen++] = ((samples >> 16) & 0xff); \\r
trace[traceLen++] = Demod.len;\r
memcpy(trace+traceLen, receivedResponse, Demod.len);\r
traceLen += Demod.len;\r
- if(traceLen > 1000) break;\r
+ if(traceLen > DEMOD_TRACE_SIZE) { \r
+ DbpString("Reached trace limit");\r
+ goto done;\r
+ }\r
\r
triggered = TRUE;\r
- LED_A_OFF();\r
- LED_B_ON();\r
\r
// And ready to receive another response.\r
memset(&Demod, 0, sizeof(Demod));\r
Demod.output = receivedResponse;\r
Demod.state = DEMOD_UNSYNCD;\r
}\r
+ WDT_HIT();\r
\r
if(BUTTON_PRESS()) {\r
DbpString("cancelled");\r
}\r
}\r
\r
- DbpString("in done pt");\r
-\r
- DbpIntegers(maxBehindBy, Uart.state, Uart.byteCnt);\r
- DbpIntegers(Uart.byteCntMax, traceLen, 0x23);\r
-\r
done:\r
- PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
- LED_A_OFF();\r
- LED_B_OFF();\r
+ LED_D_OFF();\r
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;\r
+ DbpString("Snoop statistics:");\r
+ Dbprintf(" Max behind by: %i", maxBehindBy);\r
+ Dbprintf(" Uart State: %x", Uart.state);\r
+ Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt);\r
+ Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax);\r
+ Dbprintf(" Trace length: %i", traceLen);\r
}\r